These changes are not in the Fedora edk2 packages, not even in tentative form, and are just a suggestion of how we could potentially move things forward. The idea is to stop advertising SEV(-ES) support in the descriptors for regular edk2 builds, thus forcing the SEV-specific stateless build to be used. This arguably makes more sense, but it's unclear whether removing the combination could have negative impact on certain use cases. --- .../share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json | 2 -- .../share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json | 2 -- .../usr/share/qemu/firmware/90-combined.json | 1 - .../firmware-auto-efi-sev.x86_64-latest+amdsev.args | 5 ++--- .../firmware-auto-efi-sev.x86_64-latest+amdsev.xml | 3 +-- 5 files changed, 3 insertions(+), 10 deletions(-) diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json index d64735f477..bb11f5febd 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json @@ -26,8 +26,6 @@ ], "features": [ "acpi-s3", - "amd-sev", - "amd-sev-es", "verbose-dynamic" ], "tags": [ diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json index 050853e2b8..bb8ea4c07a 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json @@ -26,8 +26,6 @@ ], "features": [ "acpi-s3", - "amd-sev", - "amd-sev-es", "verbose-dynamic" ], "tags": [ diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json index 8ecac440b4..a788a3fc40 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json @@ -21,7 +21,6 @@ ], "features": [ "acpi-s3", - "amd-sev", "enrolled-keys", "requires-smm", "secure-boot", diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args index 550ac52b8a..a0ede6ca92 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args @@ -10,10 +10,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \ --machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ -accel kvm \ -cpu qemu64 \ -m size=1048576k \ diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml index cbfdcdeee3..35db3dc7c3 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml @@ -10,8 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader> - <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram> + <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> -- 2.51.0