On 4/16/19 12:50 PM, Kashyap Chamarthy wrote:
I learnt from Dan Berrangé that the 'nvram' section in `/etc/libvirt/qemu.conf` will now go away in light of all the work done in QEMU ('firmware.json', et al) and libvirt (the firmware auto-selection).
But for my own education, can anyone confirm that the current content of 'nvram' is out of date in terms of mapping of OVMF binaries to their corresponding variable store ("VARS") files?
Let's see what I mean.
On my Fedora 29 box, in `/etc/libvirt/qemu.conf`, I see the following mapping of OVMF binaries to their correspoindg "VARS" file under the 'nvram' section:
#nvram = [ # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" #]
Now let's enumerate the content of 'edk2-ovmf' package:
$> rpm -ql edk2-ovmf /usr/share/OVMF /usr/share/OVMF/OVMF_CODE.fd /usr/share/OVMF/OVMF_CODE.secboot.fd /usr/share/OVMF/OVMF_VARS.fd /usr/share/OVMF/OVMF_VARS.secboot.fd /usr/share/OVMF/UefiShell.iso /usr/share/doc/edk2-ovmf /usr/share/doc/edk2-ovmf/README /usr/share/doc/edk2-ovmf/ovmf-whitepaper-c770f8c.txt /usr/share/edk2 /usr/share/edk2/ovmf /usr/share/edk2/ovmf/EnrollDefaultKeys.efi /usr/share/edk2/ovmf/OVMF_CODE.fd /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd /usr/share/edk2/ovmf/OVMF_VARS.fd /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd /usr/share/edk2/ovmf/Shell.efi /usr/share/edk2/ovmf/UefiShell.iso /usr/share/licenses/edk2-ovmf /usr/share/licenses/edk2-ovmf/LICENSE.openssl /usr/share/licenses/edk2-ovmf/License.txt
There is the /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd file (which comes with the default UEFI keys enrolled).
So, the mapping of OVMF binary to VARS file in the earlier mentioned 'nvram' section should have been:
/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
Yes?
Unfortunately the qemu.conf comment is not authoritatize. I believe that's the default value hardcoded in libvirt, but it can also be changed with a build time flag, which we do for fedora. The spec file has this change: %if 0%{?fedora} # Nightly edk2.git-ovmf-x64 LOADERS="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd" # Nightly edk2.git-ovmf-ia32 LOADERS="$LOADERS:/usr/share/edk2.git/ovmf-ia32/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-ia32/OVMF_VARS-pure-efi.fd" # Nightly edk2.git-aarch64 LOADERS="$LOADERS:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw" # Nightly edk2.git-arm LOADERS="$LOADERS:/usr/share/edk2.git/arm/QEMU_EFI-pflash.raw:/usr/share/edk2.git/arm/vars-template-pflash.raw" # Fedora edk2-ovmf LOADERS="$LOADERS:/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd" # Fedora edk2-ovmf-ia32 LOADERS="$LOADERS:/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd:/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd" # Fedora edk2-aarch64 LOADERS="$LOADERS:/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw" # Fedora edk2-arm LOADERS="$LOADERS:/usr/share/edk2/arm/QEMU_EFI-pflash.raw:/usr/share/edk2/arm/vars-template-pflash.raw" %define arg_loader_nvram --with-loader-nvram="$LOADERS" %endif So that's 8 pairs that we look for in fedora. That default commented out value is probably what we use on RHEL with standard RHEL packaging - Cole