On 8/25/25 22:23, sven.springer--- via Users wrote: > Hi, > > I am a bit lost in which parameters I need to provide to virt-install to > successfully launch an SEV-SNP capable VM. > I already managed to start an SEV and SEV-ES VM via virt-install, and was > also able to start an SEV-SNP VM via qemu-system-x86_64 directly. > > So what I am stuck with is this error message: > > ERROR internal error: QEMU unexpectedly closed the monitor > (vm='debian-vm-1'): 2025-08-22T17:26:25.863482Z qemu-system-x86_64: pflash > with kvm requires KVM readonly memory support > > when using this or variants of this command: > > virt-install \ > --name "$VM_NAME" \ > --noautoconsole \ > --graphics none \ > --import \ > --memory 3072 \ > --vcpus 2 \ > --os-variant "$OS_VARIANT" \ > --network network=default,model=virtio \ > --memtune hard_limit=3407872 \ > --qemu-commandline='-append "root=/dev/vda1 console=ttyS0"' \ > --machine confidential-guest-support=sev0,memory-backend=ram1 \ > --machine=q35 \ > --boot > uefi,loader=/usr/share/ovmf/OVMF.amdsev.fd,loader.stateless=yes,loader.secure=no,loader.type=pflash,kernel="$VMLINUZ",initrd="$INITRD" > \ > --qemu-commandline='-object > memory-backend-memfd,id=ram1,size=8G,share=true,prealloc=false' \ > --disk bus=virtio,path="$OVERLAY_IMG",format=qcow2 \ > --cloud-init user-data="$USER_DATA" \ > --virt-type kvm \ > --launchSecurity > sev-snp,policy=0x30000,cbitpos=51,reducedPhysBits=1,kernelHashes=on \ > --cpu host-passthrough \ > > The issue is not with the images, since with the same ones it works when > going directly via qemu-system-x86_64. > I notice that libvirt is converting the --boot line to -blockdev, instead of > -bios which seems to be the way to go according to > https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771 , so I tried > something like > --qemu-commandline='-bios /usr/share/ovmf/OVMF.amdsev.fd -kernel "$VMLINUZ"' \ > but to no avail. > > Did anyone manage to run a SEV-SNP VM via virt-install, or even just a > libvirt-xml ? I would appreciate any tips or working xml or cli call. >
I think you're hitting a bug that the following patches try to fix: https://lists.libvirt.org/archives/list/de...@lists.libvirt.org/thread/IBI4ZG6YDMW35WIEZVPHIQCVFZ5GMQZZ/ Michal
