On 8/27/25 09:33, Andrea Bolognani wrote:
On Mon, Aug 25, 2025 at 11:05:02AM -0600, Jim Fehlig wrote:
On 8/20/25 09:12, Andrea Bolognani wrote:
On Thu, Aug 14, 2025 at 03:07:10PM -0600, Jim Fehlig wrote:
On 8/13/25 09:01, Andrea Bolognani wrote:
Can you be more specific about the issue you're experiencing for SEV(-ES) guests?
I'm seeing the same issue we were trying to solve for SNP guests with this series
ERROR operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
Please share the debug output showing what happens during the firmware selection process. That will tell us why the amdsev.json descriptor is not considered suitable. I'm really surprised by this because things seem to work correctly in the context of the test suite, but clearly there's something going on.
Debug output attached. I've also attached the amdsev.json equivalent I'm using for testing. And for completeness, here's the virt-install command
virt-install --virt-type kvm --hvm --arch x86_64 --name sev-es-temp --vcpus 2,maxvcpus=4 --memory 2048,maxmemory=4096 --memtune hard_limit=4563402 --boot uefi --disk path=/vm_images/jim/images/sev-temp/disk0.qcow2,size=60,format=qcow2 --network bridge=br0,model=virtio --location http://blabla/install/sles15sp7/x86_64 --autoconsole text --extra-args "console=ttyS0,115200n8" --extra-args "textmode=1" --graphics vnc --serial pty --launchSecurity sev,policy=0x03 --machine q35 --events on_reboot=destroy
Here are the relevant bits from the log:
... qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' len=464 qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-ovmf-x86_64-sev.json' len=570 qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-seabios-256k.json' len=664 ... qemuFirmwareMatchDomain:1361 : Domain requires SEV, firmware '/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' doesn't support it qemuFirmwareMatchDomain:1311 : Discarding loader without split flash qemuFirmwareMatchDomain:1182 : No matching interface in '/usr/share/qemu/firmware/50-seabios-256k.json' ...
So 50-ovmf-x86_64-sev.json is discarded because it advertises a stateless firmware, while libvirt assumes that you want a stateful one. Patch 05/10 from the v2 series should address this very problem by making a stateless firmware eligible for this scenario.
Nod. It's spread across threads and responses therein, but I've mentioned the patch works great for me :-).
Can you please try applying that series and checking whether that makes the issue go away?
I applied the full series on recent master and can verify autoselection works for SEV, SEV-ES and SEV-SNP guests. I wasn't able to verify TDX since the hardware is occupied ATM, but it should work fine. The TDX descriptor advertises the type as 'memory', and in my testing libvirt already correctly handled autoselection for that firmware device type. Regards, Jim