Re: [libvirt] On the content of 'nvram' section in /etc/libvirt/qemu.conf

On 4/16/19 12:50 PM, Kashyap Chamarthy wrote:

> There is the /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd file (which comes > with the default UEFI keys enrolled). > > So, the mapping of OVMF binary to VARS file in the earlier mentioned > 'nvram' section should have been: > > /usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd > > Yes? > Unfortunately the qemu.conf comment is not authoritatize. I believe that's the default value hardcoded in libvirt, but it can also be changed with a build time flag, which we do for fedora. The spec file has this change: %if 0%{?fedora} # Nightly edk2.git-ovmf-x64 LOADERS="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd" # Nightly edk2.git-ovmf-ia32 LOADERS="$LOADERS:/usr/share/edk2.git/ovmf-ia32/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-ia32/OVMF_VARS-pure-efi.fd" # Nightly edk2.git-aarch64 LOADERS="$LOADERS:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw" # Nightly edk2.git-arm LOADERS="$LOADERS:/usr/share/edk2.git/arm/QEMU_EFI-pflash.raw:/usr/share/edk2.git/arm/vars-template-pflash.raw" # Fedora edk2-ovmf LOADERS="$LOADERS:/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd" # Fedora edk2-ovmf-ia32 LOADERS="$LOADERS:/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd:/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd" # Fedora edk2-aarch64 LOADERS="$LOADERS:/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw" # Fedora edk2-arm LOADERS="$LOADERS:/usr/share/edk2/arm/QEMU_EFI-pflash.raw:/usr/share/edk2/arm/vars-template-pflash.raw" %define arg_loader_nvram --with-loader-nvram="$LOADERS" %endif So that's 8 pairs that we look for in fedora.

That default commented out value is probably what we use on RHEL with standard RHEL packaging