On Mon, Aug 25, 2025 at 05:12:57PM -0600, Jim Fehlig wrote:
On 8/25/25 10:19, Andrea Bolognani via Devel wrote:
One of the new test cases demonstrates how firmware autoselection doesn't currently work correctly for domains using SEV-SNP: the descriptor for a suitable firmware exists, and yet it doesn't get picked up.
But the descriptor is incorrect. Autoselection using current git master works fine with a proper descriptor for SNP.
It's true, the current descriptor for SEV-SNP is incorrect as it causes libvirt to use pflash instead of rom. But the fact that libvirt will ignore the current descriptor unless <loader stateless='yes'/> is present in the domain configuration, as demonstrated by the test case that I'm adding in this patch, is a problem of its own, and indeed the one that you reported in the first place ;) So yes, we need to fix both issues, the one in libvirt and the one in the descriptors. Solving the latter first would merely sweep the former under the carpet, not make it go away.
IMO, we need to fix the descriptors (patches 8 and 9) before adding more tests with invalid config.
I'm doing things in this order deliberately. Adding a failing test establishes the current baseline for the functionality, so that when the fix is applied you can see the improvement reflected directly in the test suite, confirming its effectiveness. Adding tests after the fact only demonstrates that the feature now works, not that it was broken beforehand.
+-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ +-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
Writable pflash is not compatible with SEV(-ES) guests.
Is that so? According to https://libvirt.org/kbase/launch_security_sev.html a stateless firmware is only a requirement if boot measurements are desired, which IIUC is not necessarily always the case. In fact, the full XML example at the bottom of that document is using stateful firmware. To be clear, I'm tentatively in favor of moving towards a world in which stateless firmware is used consistently across the board for SEV guests, but we need to ensure that we don't cause disruption for existing users in the process. -- Andrea Bolognani / Red Hat / Virtualization