Re: [libvirt] [PATCH 0/5] qemu: Use FW descriptors to report FW image paths
On Mon, Aug 05, 2019 at 06:14:20PM +0200, Michal Privoznik wrote:
[...]
Michal Prívozník (5):
virfirmware: Expose and define autoptr for virFirmwareFree
qemu_firmware: Document qemuFirmwareGetSupported
qemu_firmware: Extend qemuFirmwareGetSupported to return FW paths
qemufirmwaretest: Test FW path getting through
qemuFirmwareGetSupported()
qemu: Use FW descriptors to report FW image paths
[...]
Tested-by: Kashyap Chamarthy <kchamart(a)redhat.com>
I've just tested this patchset on Fedora 30. (I too can reproduce the
behaviour Cole saw - duplicate 'secboot' binaries.)
Build libvirt with this:
$> git describe
v5.7.0-107-gb6e6d35f3f
Stop the system libvirt daemons:
$> systemctl stop libvirtd virtlockd virtlogd
Start the daemons built from Git:
$> sudo ./run src/virtlockd &
$> sudo ./run src/virtlogd &
$> sudo ./run src/libvirtd &
Make sure your EDK2/OVMF RPM has the 'secboot' binaries/VARS files:
$> rpm -q edk2-ovmf
edk2-ovmf-20190501stable-3.fc30.noarch
$> rpm -ql edk2-ovmf | grep secboot
/usr/share/OVMF/OVMF_CODE.secboot.fd
/usr/share/OVMF/OVMF_VARS.secboot.fd
/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
(The top two files are a symlink to the bottom two.)
Before invoking domCapabilities API, ensure the relevant firmware
descriptor files for x86_64 have the secboot binary listed:
$> grep CODE.secboot /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json
/usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json
/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json:
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
/usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json: "filename":
"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
Now run 'domcapabilities' (with 'q35'):
$> sudo tools/virsh domcapabilities --machine q35 --arch x86_64
[...]
<os supported='yes'>
<enum name='firmware'>
<value>bios</value>
<value>efi</value>
</enum>
<loader supported='yes'>
<value>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</value>
<value>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</value>
<value>/usr/share/edk2/ovmf/OVMF_CODE.fd</value>
<value>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</value>
<value>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-with-csm.fd</value>
<enum name='type'>
<value>rom</value>
<value>pflash</value>
</enum>
<enum name='readonly'>
<value>yes</value>
<value>no</value>
</enum>
<enum name='secure'>
<value>yes</value>
<value>no</value>
</enum>
</loader>
</os>
[...]
--
/kashyap