Re: Question about SEV* guests and automatic firmware selection

Hi All, While investigating an internal bug report, we noticed that a minimal firmware auto-selection configuration along with SEV* fails to find a match. E.g. the following config <domain type="kvm"> <os firmware="efi"> <type arch="x86_64" machine="q35">hvm</type> <boot dev="hd"/> </os> <launchSecurity type="sev"> <policy>0x07</policy> </launchSecurity> ... </domain> Fails with "Unable to find 'efi' firmware that is compatible with the current configuration". A firmware that should match has the following json description { "description": "UEFI firmware for x86_64, with AMD SEV", "interface-types": [ "uefi" ], "mapping": { "device": "flash", "mode": "stateless", "executable": { "filename": "/usr/share/qemu/ovmf-x86_64-sev.bin", "format": "raw" } }, "targets": [ { "architecture": "x86_64", "machines": [ "pc-q35-*" ] } ], "features": [ "acpi-s4", "amd-sev", "amd-sev-es", "amd-sev-snp", "verbose-dynamic" ], "tags": [ ] } Auto-selection works fine if I specify a 'stateless' firmware, e.g. amend the above config with <os firmware="efi"> <type arch="x86_64" machine="q35">hvm</type> <loader stateless="yes"/> <boot dev="hd"/> </os> Being unfamiliar with the firmware auto-selection code, I tried the below naive hack, which only led to test failures and the subsequent runtime error "unable to find any master var store for loader: /usr/share/qemu/ovmf-x86_64-sev.bin". Should auto-selection work with the minimal config, or is it expected that user also specify a stateless firmware?