Hey, I just wanted to write this, Pieter you are right, in 4.16 it doesn't work properly, old UEFI VMs work as is but new ones don't start up properly.
Regards, Piotr -----Original Message----- From: Slavka Peleva <slav...@storpool.com.INVALID> Sent: Monday, December 20, 2021 9:03 AM To: users@cloudstack.apache.org Subject: Re: UEFI on KVM silently becomes BIOS mode Hi Pieter, This is a known issue in 4.16 with the missing loader tag in the XML definition. There is a fix that will get in the 4.16.1.0 release - https://github.com/apache/cloudstack/pull/5692 Best regards, Slavka <https://github.com/apache/cloudstack/pull/5692> On Sat, Dec 18, 2021 at 3:15 PM Piotr Pisz <pi...@piszki.pl> wrote: > Hi Pieter, > > > > I run it in CentOS 8: > > > > Cloudstack: > > > > <name>i-4-46-VM</name> > > <uuid>e9c33f2d-7237-4cc1-b466-5d85a04ed549</uuid> > > <description>Other PV Virtio-SCSI (64-bit)</description> > > <cpu mode='host-model'><model fallback='allow'></model><feature > policy='require' name='vmx'/><feature policy='require' > name='vme'/><feature policy='require' name='smx'/></cpu><sysinfo > type='smbios'> > > <system> > > <entry name='manufacturer'>Apache Software Foundation</entry> > > <entry name='product'>CloudStack KVM Hypervisor</entry> > > <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry> > > </system> > > </sysinfo> > > <os> > > <type arch='x86_64' machine='q35'>hvm</type> > > <nvram > template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvr > am/e9c33f2d-7237-4cc1-b466-5d85a04ed549.fd</nvram><boot > dev='cdrom'/> > > <boot dev='hd'/> > > <smbios mode='sysinfo'/> > > </os> > > > > Virsh dump: > > > > <sysinfo type='smbios'> > > <system> > > <entry name='manufacturer'>Apache Software Foundation</entry> > > <entry name='product'>CloudStack KVM Hypervisor</entry> > > <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry> > > </system> > > </sysinfo> > > <os> > > <type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type> > > <boot dev='cdrom'/> > > <boot dev='hd'/> > > <smbios mode='sysinfo'/> > > </os> > > > > Regards, > > Piotr > > > > > > From: Pieter Harvey <pieter.har...@icloud.com.INVALID> > Sent: Friday, December 17, 2021 5:46 PM > To: Pieter Harvey <pieter.har...@icloud.com> > Cc: "users@cloudstack.apache.org" <users@cloudstack.apache.org> > Subject: Re: UEFI on KVM silently becomes BIOS mode > > > > Hi Piotr, > > > > Is there any way to get this debug info (or xml dump) from CloudStack, > what it is creating versus what ends up in virsh? > > > > I think I have configured everything correctly > > 1. cloudstack uefi enabled in database for host (host.uefi.enable) > > 2. host agent has uefi.properties with all paths configured (snippet > below based Ubuntu 20.04.3) > > 3. instance is configured for UEFI (tried both legacy and secure boot) > > > > uefi.properties > > ========== > > guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd > > guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd > > guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd > > guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd > > guest.nvram.path=/var/lib/libvirt/qemu/nvram/ > > > > sudo ls -lh /usr/share/OVMF/ > > ==================== > > -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.fd > > lrwxrwxrwx 1 root root 20 Sep 20 13:11 OVMF_CODE.ms.fd -> > OVMF_CODE.secboot.fd > > -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.secboot.fd > > -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.fd > > -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.ms.fd > > -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.snakeoil.fd > > > > syslog > > ===== > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) uefi.properties file found at > /etc/cloudstack/agent/uefi.properties > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) guest.nvram.template.legacy = /usr/share/OVMF/OVMF_VARS.fd > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) guest.loader.legacy = /usr/share/OVMF/OVMF_CODE.fd > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) guest.nvram.template.secure = /usr/share/OVMF/OVMF_VARS.fd > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) guest.loader.secure =/usr/share/OVMF/OVMF_CODE.secboot.fd > > java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) > (logid:) guest.nvram.path = /var/lib/libvirt/qemu/nvram/ > > > > > > - > > Pieter > > > > On 17 Dec 2021, at 16:15, Piotr Pisz <pi...@piszki.pl <mailto: > pi...@piszki.pl> > wrote: > > > > > > Hi Pieter, > > > > > > > > I have just checked, everything works as expected, maybe you have > something wrongly configured, check according to this: > > > > > > > > https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/ > > > > > > > > Regards, > > > > Piotr > > > > > > > > > > > > From: Pieter Harvey <pieter.har...@icloud.com.INVALID <mailto: > pieter.har...@icloud.com.INVALID> > > > Sent: Friday, December 17, 2021 4:11 PM > > To: "users@cloudstack.apache.org <mailto:users@cloudstack.apache.org> > " < users@cloudstack.apache.org <mailto:users@cloudstack.apache.org> > > > Subject: UEFI on KVM silently becomes BIOS mode > > > > > > > > Hello, > > > > > > > > Maybe it's something wrong with CloudStack, maybe it's my brain but I > have an issue regarding UEFI on CloudStack (4.16) + KVM (Ubuntu 20.04) > > > > > > > > 1. CloudStack Compute node is running, and can boot machines > configured as UEFI in the GUI (secure or legacy). > > > > > > > > 2. When the machine is booted, I check the virsh xml config on the > host and noticed that the machine is still in BIOS mode, even though > CloudStack "thinks" it has deployed a fresh UEFI enabled instance. > > > > > > > > I have configured uefi.properties on the agent and the host is UEFI > enabled in CloudStack but this is the config snippet of a deployed > machine > > > > > > > > <os> > > > > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > > > > <boot dev='cdrom'/> > > > > <boot dev='hd'/> > > > > <smbios mode='sysinfo'/> > > > > </os> > > > > > > > > However what I am expecting to see is: > > > > > > > > <os firmware="efi"> > > > > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > > > > <loader secure="yes"/> > > > > <boot dev='cdrom'/> > > > > <boot dev='hd'/> > > > > <smbios mode='sysinfo'/> > > > > </os> > > > > > > > > So CloudStack has changed the default machine type from 440fx to q35 > but no mention of UEFI or secureboot options in the output XML. > > > > > > > > Any tips to get UEFI and possibly secure boot fully working? > > > > > > > > - > > > > Pieter > > > > > > > > > > > >
