On Tue, Aug 05, 2025 at 01:18:12AM -0700, Andrea Bolognani wrote:
On Tue, Aug 05, 2025 at 08:08:14AM +0100, Daniel P. Berrangé wrote:
On Mon, Aug 04, 2025 at 02:15:01PM -0600, Jim Fehlig wrote:
On 8/4/25 05:31, Andrea Bolognani wrote:
On Fri, Aug 01, 2025 at 11:39:45AM -0600, Jim Fehlig via Devel wrote:
With this addition, the correct firmware is detected, but it's not properly provided to qemu
internal error: QEMU unexpectedly closed the monitor (vm='sles15sp7-snp'): 2025-08-01T17:11:20.589614Z qemu-system-x86_64: pflash with kvm requires KVM readonly memory support
The pertinent command line pieces being
-blockdev '{"driver":"file","filename":"/usr/share/qemu/ovmf-x86_64-sev.bin","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard": "unmap"}' -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
But for SNP, it needs to be provided as bios, e.g.
-bios /usr/share/qemu/ovmf-x86_64-sev.bin
Are we correctly identifying this firmware in the descriptor file? It's advertised as a "flash" device, although I'm not sure if any of the other "FirmwareDevice" options [1] are appropriate. Perhaps the "FirmwareOSInterface" should be 'bios'?
Adding Michal and Daniel to the conversation so that they can provide some insights. I have zero experience with SEV and no easy access to the relevant hardware.
I don't follow qemu development close enough to know if pflash is now supported with SNP guests. AFAIK, only '-bios' was supported when the initial SNP enablement was merged.
TDX/SNP are strictly -bios only and will remain that way.
Got it.
The TDX descriptor is using device=memory already so it should work correctly today.
Do you have any objections to the idea of separate descriptors for SEV(-ES) (device=flash) and SEV-SNP (device=memory) pointing to the same file? If not, I'll get the edk2 maintainer involved and make it happen.
Possibly we could just switch the existing descriptor, as with newer QEMU IIUC SEV/ES can use either device With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|