12:23 a.m.
This is to enable SEV builds of UEFI which provide only a single CODE.fd
file, with not VARS.fd.
Daniel P. Berrangé (2):
conf: support stateless UEFI firmware
qemu: support use of stateless EFI firmware
docs/formatdomain.rst | 9 +++-
src/conf/domain_conf.c | 9 ++++
src/conf/domain_conf.h | 1 +
src/conf/domain_validate.c | 26 ++++++++++
src/conf/schemas/domaincommon.rng | 5 ++
src/qemu/qemu_domain.c | 3 +-
src/qemu/qemu_firmware.c | 48 +++++++++++--------
...-auto-bios-not-stateless.x86_64-latest.err | 1 +
.../firmware-auto-bios-not-stateless.xml | 18 +++++++
...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++
.../firmware-auto-bios-stateless.xml | 18 +++++++
...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-auto-efi-stateless.xml | 18 +++++++
.../firmware-manual-bios-not-stateless.err | 1 +
.../firmware-manual-bios-not-stateless.xml | 15 ++++++
.../firmware-manual-bios-stateless.args | 30 ++++++++++++
.../firmware-manual-bios-stateless.xml | 15 ++++++
...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
.../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++
...nvram-template-stateless.x86_64-latest.err | 1 +
...re-manual-efi-nvram-template-stateless.xml | 19 ++++++++
...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-manual-efi-stateless.xml | 18 +++++++
tests/qemuxml2argvtest.c | 10 ++++
...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++
.../firmware-manual-bios-stateless.xml | 25 ++++++++++
.../firmware-manual-bios.xml | 25 ++++++++++
tests/qemuxml2xmltest.c | 3 ++
28 files changed, 451 insertions(+), 21 deletions(-)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
--
2.36.1
12:23 a.m.
New subject: [libvirt PATCH 1/2] conf: support stateless UEFI firmware
Normally when an UEFI firmware is marked as read-only, an associated
NVRAM file will be created. Some builds of UEFI firmware, however, wish
to remain stateless and so will be read-only, but never have any NVRAM
file. To represent this concept a 'stateless' tristate bool attribute
is introduced on the <loader/> element.
There are rather a large number of permutations to consider.
With default firmware selection
* <os/>
=> Historic default, no change
* <os>
<loader stateless='yes'/>
</os>
=> Explicit version of historic default, no change
* <os>
<loader stateless='no'/>
</os>
=> Invalid, bios is always stateless
With manual legacy BIOS selection
* <os>
<loader>/path/to/seabios</loader>
...
</os>
=> Historic default, no change
* <os>
<loader stateless='yes'>/path/to/seabios</loader>
...
</os>
=> Explicit version of historic default, no change
* <os>
<loader stateless='no'>/path/to/seabios</loader>
...
</os>
=> Invalid, bios is always stateless
With manual UEFI selection
* <os>
<loader type='pflash'>/path/to/edk2</loader>
...
</os>
=> Historic default, no change
* <os>
<loader type='pflash'
stateless='yes'>/path/to/edk2</loader>
...
</os>
=> Skip auto-filling NVRAM / template
* <os>
<loader type='pflash'
stateless='no'>/path/to/edk2</loader>
...
</os>
=> Explicit version of historic default, no change
With automatic firmware selection
* <os firmware='bios'/>
=> Historic default, no change
* <os firmware='bios'>
<loader stateless='yes'/>
</os>
=> Explicit version of historic default, no change
* <os firmware='bios'>
<loader stateless='no'/>
</os>
=> Invalid, bios is always stateless
* <os firmware='uefi'/>
=> Historic default, no change
* <os firmware='uefi'>
<loader stateless='yes'/>
</os>
=> Skip auto-filling NVRAM / template
* <os firmware='uefi'>
<loader stateless='no'/>
</os>
=> Explicit version of historic default, no change
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatdomain.rst | 9 ++++-
src/conf/domain_conf.c | 9 +++++
src/conf/domain_conf.h | 1 +
src/conf/domain_validate.c | 26 ++++++++++++++
src/conf/schemas/domaincommon.rng | 5 +++
...-auto-bios-not-stateless.x86_64-latest.err | 1 +
.../firmware-auto-bios-not-stateless.xml | 18 ++++++++++
...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++++++
.../firmware-auto-bios-stateless.xml | 18 ++++++++++
.../firmware-manual-bios-not-stateless.err | 1 +
.../firmware-manual-bios-not-stateless.xml | 15 ++++++++
.../firmware-manual-bios-stateless.args | 30 ++++++++++++++++
.../firmware-manual-bios-stateless.xml | 15 ++++++++
...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
.../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++++++
...nvram-template-stateless.x86_64-latest.err | 1 +
...re-manual-efi-nvram-template-stateless.xml | 19 +++++++++++
tests/qemuxml2argvtest.c | 8 +++++
...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++++++++
.../firmware-manual-bios-stateless.xml | 25 ++++++++++++++
.../firmware-manual-bios.xml | 25 ++++++++++++++
tests/qemuxml2xmltest.c | 3 ++
22 files changed, 316 insertions(+), 1 deletion(-)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3ea094e64c..4199abfd1a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -242,7 +242,11 @@ harddisk, cdrom, network) determining where to obtain/find the boot
image.
firmwares may implement the Secure boot feature. Attribute ``secure`` can be
used to tell the hypervisor that the firmware is capable of Secure Boot feature.
It cannot be used to enable or disable the feature itself in the firmware.
- :since:`Since 2.1.0`
+ :since:`Since 2.1.0`. If the loader is marked as read-only, then with UEFI it
+ is assumed that there will be a writable NVRAM available. In some cases,
+ however, it may be desirable for the loader to run without any NVRAM, discarding
+ any config changes on shutdown. The ``stateless`` flag can be used to control
+ this behaviour, when set to ``no`` NVRAM will never be created.
``nvram``
Some UEFI firmwares may want to use a non-volatile memory to store some
variables. In the host, this is represented as a file and the absolute path
@@ -262,6 +266,9 @@ harddisk, cdrom, network) determining where to obtain/find the boot
image.
**Note:** ``network`` backed NVRAM the variables are not instantiated from
the ``template`` and it's user's responsibility to provide a valid NVRAM
image.
+ It is not valid to provide this element if the loader is marked as
+ stateless.
+
``boot``
The ``dev`` attribute takes one of the values "fd", "hd",
"cdrom" or
"network" and is used to specify the next boot device to consider. The
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c7564e3a3a..e85cc1f809 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -16682,6 +16682,10 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
&loader->secure) < 0)
return -1;
+ if (virXMLPropTristateBool(loaderNode, "stateless", VIR_XML_PROP_NONE,
+ &loader->stateless) < 0)
+ return -1;
+
return 0;
}
@@ -25888,6 +25892,11 @@ virDomainLoaderDefFormat(virBuffer *buf,
virBufferAsprintf(&loaderAttrBuf, " type='%s'",
virDomainLoaderTypeToString(loader->type));
+ if (loader->stateless != VIR_TRISTATE_BOOL_ABSENT) {
+ virBufferAsprintf(&loaderAttrBuf, " stateless='%s'",
+ virTristateBoolTypeToString(loader->stateless));
+ }
+
virBufferEscapeString(&loaderChildBuf, "%s", loader->path);
virXMLFormatElementInternal(buf, "loader", &loaderAttrBuf,
&loaderChildBuf, false, false);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 90de50c12f..060c395943 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2266,6 +2266,7 @@ struct _virDomainLoaderDef {
virTristateBool readonly;
virDomainLoader type;
virTristateBool secure;
+ virTristateBool stateless;
virStorageSource *nvram;
bool newStyleNVRAM;
char *nvramTemplate; /* user override of path to master nvram */
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 814922cd46..cfd868fafa 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1672,6 +1672,32 @@ virDomainDefOSValidate(const virDomainDef *def,
}
}
+ if (loader->stateless == VIR_TRISTATE_BOOL_YES) {
+ if (loader->nvramTemplate) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("NVRAM template is not permitted when loader is
stateless"));
+ return -1;
+ }
+
+ if (loader->nvram) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("NVRAM is not permitted when loader is
stateless"));
+ return -1;
+ }
+ } else if (loader->stateless == VIR_TRISTATE_BOOL_NO) {
+ if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
+ if (def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Only pflash loader type permits NVRAM"));
+ return -1;
+ }
+ } else if (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Only EFI firmware permits NVRAM"));
+ return -1;
+ }
+ }
+
return 0;
}
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 2f07c25430..aaecf795c6 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -320,6 +320,11 @@
</choice>
</attribute>
</optional>
+ <optional>
+ <attribute name="stateless">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
<optional>
<ref name="absFilePath"/>
</optional>
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
new file mode 100644
index 0000000000..b058f970a4
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
@@ -0,0 +1 @@
+Only EFI firmware permits NVRAM
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
new file mode 100644
index 0000000000..b2c8fc1122
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='bios'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader stateless='no'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
new file mode 100644
index 0000000000..1d45a8cfba
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
@@ -0,0 +1,32 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram \
+-accel kvm \
+-cpu qemu64 \
+-bios /usr/share/seabios/bios-256k.bin \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
new file mode 100644
index 0000000000..4847951346
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='bios'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader stateless='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
new file mode 100644
index 0000000000..188a5a4180
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
@@ -0,0 +1 @@
+Only pflash loader type permits NVRAM
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
new file mode 100644
index 0000000000..b60878ca0b
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
@@ -0,0 +1,15 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <loader stateless='no'>/usr/share/seabios/bios.bin</loader>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i386</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
new file mode 100644
index 0000000000..e1cb064b71
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
@@ -0,0 +1,30 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-test-bios \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-test-bios/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-test-bios/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i386 \
+-name guest=test-bios,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test-bios/master-key.aes
\
+-machine pc,usb=off,dump-guest-core=off \
+-accel tcg \
+-bios /usr/share/seabios/bios.bin \
+-m 1024 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 362d1fc1-df7d-193e-5c18-49a71bd1da66 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
new file mode 100644
index 0000000000..9d6f4e4c83
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
@@ -0,0 +1,15 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <loader stateless='yes'>/usr/share/seabios/bios.bin</loader>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i386</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
new file mode 100644
index 0000000000..de8db3763d
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
@@ -0,0 +1 @@
+NVRAM is not permitted when loader is stateless
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
new file mode 100644
index 0000000000..717712e89b
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
@@ -0,0 +1,21 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <loader stateless='yes' readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
+ <nvram type='file'>
+ <source file='/var/lib/libvirt/nvram/guest_VARS.fd'/>
+ </nvram>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git
a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
new file mode 100644
index 0000000000..95ec794c17
--- /dev/null
+++
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
@@ -0,0 +1 @@
+NVRAM template is not permitted when loader is stateless
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
new file mode 100644
index 0000000000..a6d7079b78
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
@@ -0,0 +1,19 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <loader stateless='yes' readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
+ <nvram template="/usr/share/OVMF/OVMF_VARS.fd"/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index b2da42cb1f..57d5f3e1c1 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1190,6 +1190,10 @@ mymain(void)
DO_TEST("firmware-manual-bios",
QEMU_CAPS_DEVICE_ISA_SERIAL);
+ DO_TEST("firmware-manual-bios-stateless",
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
+ DO_TEST_PARSE_ERROR("firmware-manual-bios-not-stateless",
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
DO_TEST_NOCAPS("firmware-manual-efi");
DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-efi-no-path");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-features");
@@ -1202,10 +1206,12 @@ mymain(void)
QEMU_CAPS_ICH9_AHCI,
QEMU_CAPS_VIRTIO_SCSI);
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
+
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-stateless");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-nvram-network-iscsi",
"4.1.0");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-stateless");
/* Make sure all combinations of ACPI and UEFI behave as expected */
DO_TEST_NOCAPS("firmware-manual-efi-acpi-aarch64");
@@ -1218,6 +1224,8 @@ mymain(void)
DO_TEST_NOCAPS("firmware-manual-noefi-noacpi-q35");
DO_TEST_CAPS_LATEST("firmware-auto-bios");
+ DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
new file mode 100644
index 0000000000..f1b5516ce4
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
@@ -0,0 +1,34 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='bios'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader stateless='yes'/>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
b/tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
new file mode 100644
index 0000000000..de5ecb96dc
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
@@ -0,0 +1,25 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <loader type='rom'
stateless='yes'>/usr/share/seabios/bios.bin</loader>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i386</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-bios.xml
b/tests/qemuxml2xmloutdata/firmware-manual-bios.xml
new file mode 100644
index 0000000000..75bb6038ca
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-manual-bios.xml
@@ -0,0 +1,25 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <loader type='rom'>/usr/share/seabios/bios.bin</loader>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i386</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 68e5041bfd..8cac50c767 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1067,12 +1067,15 @@ mymain(void)
DO_TEST("numatune-hmat", QEMU_CAPS_NUMA_HMAT,
QEMU_CAPS_OBJECT_MEMORY_RAM);
DO_TEST_CAPS_LATEST("numatune-memnode-restrictive-mode");
+ DO_TEST_NOCAPS("firmware-manual-bios");
+ DO_TEST_NOCAPS("firmware-manual-bios-stateless");
DO_TEST_NOCAPS("firmware-manual-efi");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
DO_TEST_CAPS_LATEST("firmware-auto-bios");
+ DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
--
2.36.1
9:40 p.m.
New subject: [libvirt PATCH 1/2] conf: support stateless UEFI firmware
On 7/22/22 18:23, Daniel P. Berrangé wrote:
Normally when an UEFI firmware is marked as read-only, an associated
NVRAM file will be created. Some builds of UEFI firmware, however, wish
to remain stateless and so will be read-only, but never have any NVRAM
file. To represent this concept a 'stateless' tristate bool attribute
is introduced on the <loader/> element.
There are rather a large number of permutations to consider.
With default firmware selection
* <os/>
=> Historic default, no change
* <os>
<loader stateless='yes'/>
</os>
=> Explicit version of historic default, no change
* <os>
<loader stateless='no'/>
</os>
=> Invalid, bios is always stateless
With manual legacy BIOS selection
* <os>
<loader>/path/to/seabios</loader>
...
</os>
=> Historic default, no change
* <os>
<loader stateless='yes'>/path/to/seabios</loader>
...
</os>
=> Explicit version of historic default, no change
* <os>
<loader stateless='no'>/path/to/seabios</loader>
...
</os>
=> Invalid, bios is always stateless
With manual UEFI selection
* <os>
<loader type='pflash'>/path/to/edk2</loader>
...
</os>
=> Historic default, no change
* <os>
<loader type='pflash'
stateless='yes'>/path/to/edk2</loader>
...
</os>
=> Skip auto-filling NVRAM / template
* <os>
<loader type='pflash'
stateless='no'>/path/to/edk2</loader>
...
</os>
=> Explicit version of historic default, no change
With automatic firmware selection
* <os firmware='bios'/>
=> Historic default, no change
* <os firmware='bios'>
<loader stateless='yes'/>
</os>
=> Explicit version of historic default, no change
* <os firmware='bios'>
<loader stateless='no'/>
</os>
=> Invalid, bios is always stateless
* <os firmware='uefi'/>
=> Historic default, no change
* <os firmware='uefi'>
<loader stateless='yes'/>
</os>
=> Skip auto-filling NVRAM / template
* <os firmware='uefi'>
<loader stateless='no'/>
</os>
=> Explicit version of historic default, no change
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatdomain.rst | 9 ++++-
src/conf/domain_conf.c | 9 +++++
src/conf/domain_conf.h | 1 +
src/conf/domain_validate.c | 26 ++++++++++++++
src/conf/schemas/domaincommon.rng | 5 +++
...-auto-bios-not-stateless.x86_64-latest.err | 1 +
.../firmware-auto-bios-not-stateless.xml | 18 ++++++++++
...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++++++
.../firmware-auto-bios-stateless.xml | 18 ++++++++++
.../firmware-manual-bios-not-stateless.err | 1 +
.../firmware-manual-bios-not-stateless.xml | 15 ++++++++
.../firmware-manual-bios-stateless.args | 30 ++++++++++++++++
.../firmware-manual-bios-stateless.xml | 15 ++++++++
...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
.../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++++++
...nvram-template-stateless.x86_64-latest.err | 1 +
...re-manual-efi-nvram-template-stateless.xml | 19 +++++++++++
tests/qemuxml2argvtest.c | 8 +++++
...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++++++++
.../firmware-manual-bios-stateless.xml | 25 ++++++++++++++
.../firmware-manual-bios.xml | 25 ++++++++++++++
tests/qemuxml2xmltest.c | 3 ++
22 files changed, 316 insertions(+), 1 deletion(-)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3ea094e64c..4199abfd1a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -242,7 +242,11 @@ harddisk, cdrom, network) determining where to obtain/find the boot
image.
firmwares may implement the Secure boot feature. Attribute ``secure`` can be
used to tell the hypervisor that the firmware is capable of Secure Boot feature.
It cannot be used to enable or disable the feature itself in the firmware.
- :since:`Since 2.1.0`
+ :since:`Since 2.1.0`. If the loader is marked as read-only, then with UEFI it
+ is assumed that there will be a writable NVRAM available. In some cases,
+ however, it may be desirable for the loader to run without any NVRAM, discarding
+ any config changes on shutdown. The ``stateless`` flag can be used to control
+ this behaviour, when set to ``no`` NVRAM will never be created.
The ``stateless` flag (:since:since 8.6.0) can be used ...
Or something among those lines, to make it obvious when the attribute
was added.
``nvram``
Some UEFI firmwares may want to use a non-volatile memory to store some
variables. In the host, this is represented as a file and the absolute path
Michal
9:47 p.m.
New subject: [libvirt PATCH 1/2] conf: support stateless UEFI firmware
Apologies for this feedback coming very late - not just post-merge
but also extremely close to release.
On Fri, Jul 22, 2022 at 05:23:16PM +0100, Daniel P. Berrangé wrote:
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3ea094e64c..4199abfd1a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -242,7 +242,11 @@ harddisk, cdrom, network) determining where to obtain/find the boot
image.
firmwares may implement the Secure boot feature. Attribute ``secure`` can be
used to tell the hypervisor that the firmware is capable of Secure Boot feature.
It cannot be used to enable or disable the feature itself in the firmware.
- :since:`Since 2.1.0`
+ :since:`Since 2.1.0`. If the loader is marked as read-only, then with UEFI it
+ is assumed that there will be a writable NVRAM available. In some cases,
+ however, it may be desirable for the loader to run without any NVRAM, discarding
+ any config changes on shutdown. The ``stateless`` flag can be used to control
+ this behaviour, when set to ``no`` NVRAM will never be created.
Isn't the actual behavior the opposite of what you're describing
here? That is, stateless=yes is what causes the NVRAM file to not be
created.
+++ b/src/conf/domain_validate.c
@@ -1672,6 +1672,32 @@ virDomainDefOSValidate(const virDomainDef *def,
}
}
+ if (loader->stateless == VIR_TRISTATE_BOOL_YES) {
+ if (loader->nvramTemplate) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("NVRAM template is not permitted when loader is
stateless"));
+ return -1;
+ }
+
+ if (loader->nvram) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("NVRAM is not permitted when loader is
stateless"));
+ return -1;
+ }
+ } else if (loader->stateless == VIR_TRISTATE_BOOL_NO) {
+ if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
+ if (def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Only pflash loader type permits NVRAM"));
+ return -1;
+ }
+ } else if (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Only EFI firmware permits NVRAM"));
+ return -1;
+ }
These last two error messages could be improved IMO.
Consider the firmware-auto-bios-not-stateless test case, where the
input configuration looks like
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader stateless='no'/>
</os>
In this case, printing out
Only EFI firmware permits NVRAM
is a bit confusing, since the user has not directly mentioned NVRAM
anywhere. Something along the lines of
virReportError(VIR_ERR_XML_DETAIL,
_("Firmware type '%s' only supports stateless
operations"),
virDomainOsDefFirmwareTypeToString(def->os.firmware));
would be more understandable and actionable, I think.
--
Andrea Bolognani / Red Hat / Virtualization
12:23 a.m.
New subject: [libvirt PATCH 2/2] qemu: support use of stateless EFI firmware
When the <loader stateless='yes'/> attribute is set, the QEMU driver
needs to do three things
- Avoid looking for an NVRAM template
- Avoid auto-populating an <nvram/> path
- Find firmware descriptors with mode=stateless instead of mode=split
Note, the first thing happens automatically when we solve the second
thing.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_domain.c | 3 +-
src/qemu/qemu_firmware.c | 48 +++++++++++--------
...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-auto-efi-stateless.xml | 18 +++++++
...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-manual-efi-stateless.xml | 18 +++++++
tests/qemuxml2argvtest.c | 2 +
7 files changed, 135 insertions(+), 20 deletions(-)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 7df8041adf..b02ffc9a2e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4683,7 +4683,8 @@ qemuDomainDefPostParse(virDomainDef *def,
}
if (virDomainDefHasOldStyleROUEFI(def) &&
- !def->os.loader->nvram) {
+ !def->os.loader->nvram &&
+ def->os.loader->stateless != VIR_TRISTATE_BOOL_YES) {
def->os.loader->nvram = virStorageSourceNew();
def->os.loader->nvram->type = VIR_STORAGE_TYPE_FILE;
def->os.loader->nvram->format = VIR_STORAGE_FILE_RAW;
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index c477b45d62..eb7abb0b32 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1110,10 +1110,18 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
return false;
}
- if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_FLASH &&
- fw->mapping.data.flash.mode != QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
- VIR_DEBUG("Discarding loader without split flash");
- return false;
+ if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_FLASH) {
+ if (def->os.loader && def->os.loader->stateless ==
VIR_TRISTATE_BOOL_YES) {
+ if (fw->mapping.data.flash.mode != QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+ VIR_DEBUG("Discarding loader without stateless flash");
+ return false;
+ }
+ } else {
+ if (fw->mapping.data.flash.mode != QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
+ VIR_DEBUG("Discarding loader without split flash");
+ return false;
+ }
+ }
}
if (def->sec) {
@@ -1175,27 +1183,29 @@ qemuFirmwareEnableFeatures(virQEMUDriver *driver,
VIR_FREE(def->os.loader->path);
def->os.loader->path = g_strdup(flash->executable.filename);
- if (STRNEQ(flash->nvram_template.format, "raw")) {
- virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
- _("unsupported nvram template format
'%s'"),
- flash->nvram_template.format);
- return -1;
- }
+ if (flash->mode == QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
+ if (STRNEQ(flash->nvram_template.format, "raw")) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+ _("unsupported nvram template format
'%s'"),
+ flash->nvram_template.format);
+ return -1;
+ }
- VIR_FREE(def->os.loader->nvramTemplate);
- def->os.loader->nvramTemplate =
g_strdup(flash->nvram_template.filename);
+ VIR_FREE(def->os.loader->nvramTemplate);
+ def->os.loader->nvramTemplate =
g_strdup(flash->nvram_template.filename);
- if (!def->os.loader->nvram) {
- def->os.loader->nvram = virStorageSourceNew();
- def->os.loader->nvram->type = VIR_STORAGE_TYPE_FILE;
- def->os.loader->nvram->format = VIR_STORAGE_FILE_RAW;
- qemuDomainNVRAMPathFormat(cfg, def,
&def->os.loader->nvram->path);
+ if (!def->os.loader->nvram) {
+ def->os.loader->nvram = virStorageSourceNew();
+ def->os.loader->nvram->type = VIR_STORAGE_TYPE_FILE;
+ def->os.loader->nvram->format = VIR_STORAGE_FILE_RAW;
+ qemuDomainNVRAMPathFormat(cfg, def,
&def->os.loader->nvram->path);
+ }
}
VIR_DEBUG("decided on firmware '%s' template '%s' NVRAM
'%s'",
def->os.loader->path,
- def->os.loader->nvramTemplate,
- def->os.loader->nvram->path);
+ NULLSTR(def->os.loader->nvramTemplate),
+ NULLSTR(def->os.loader->nvram ?
def->os.loader->nvram->path : NULL));
break;
case QEMU_FIRMWARE_DEVICE_KERNEL:
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
new file mode 100644
index 0000000000..89f733761e
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
@@ -0,0 +1,33 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF.sev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-machine
pc-q35-4.0,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram
\
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
new file mode 100644
index 0000000000..1be0f4fd96
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader stateless='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
new file mode 100644
index 0000000000..fa4a677ce9
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
@@ -0,0 +1,33 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-test-bios \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-test-bios/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-test-bios/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=test-bios,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-test-bios/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-machine
pc,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,memory-backend=pc.ram \
+-accel tcg \
+-cpu qemu64 \
+-m 1024 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 362d1fc1-df7d-193e-5c18-49a71bd1da66 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
new file mode 100644
index 0000000000..6f2a4963b1
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
@@ -0,0 +1,18 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <loader readonly='yes' type='pflash'
stateless='yes'>/usr/share/OVMF/OVMF_CODE.fd</loader>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 57d5f3e1c1..b72d61c3bc 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1205,6 +1205,7 @@ mymain(void)
QEMU_CAPS_DEVICE_IOH3420,
QEMU_CAPS_ICH9_AHCI,
QEMU_CAPS_VIRTIO_SCSI);
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-stateless");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-stateless");
DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
@@ -1228,6 +1229,7 @@ mymain(void)
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-loader-insecure");
--
2.36.1
9:48 p.m.
New subject: [libvirt PATCH 2/2] qemu: support use of stateless EFI firmware
On Fri, Jul 22, 2022 at 05:23:17PM +0100, Daniel P. Berrangé wrote:
VIR_DEBUG("decided on firmware '%s' template
'%s' NVRAM '%s'",
def->os.loader->path,
- def->os.loader->nvramTemplate,
- def->os.loader->nvram->path);
+ NULLSTR(def->os.loader->nvramTemplate),
+ NULLSTR(def->os.loader->nvram ?
def->os.loader->nvram->path : NULL));
It would be nice to reflect in the live XML whether or not a
stateless firmware has been picked. Something along the lines of the
hastily thrown together, very lightly tested diff below should do the
trick.
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index eb7abb0b32..68d562285e 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1200,6 +1200,9 @@ qemuFirmwareEnableFeatures(virQEMUDriver *driver,
def->os.loader->nvram->format = VIR_STORAGE_FILE_RAW;
qemuDomainNVRAMPathFormat(cfg, def,
&def->os.loader->nvram->path);
}
+ def->os.loader->stateless = VIR_TRISTATE_BOOL_NO;
+ } else if (flash->mode == QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+ def->os.loader->stateless = VIR_TRISTATE_BOOL_YES;
}
VIR_DEBUG("decided on firmware '%s' template '%s' NVRAM
'%s'",
--
Andrea Bolognani / Red Hat / Virtualization
9:40 p.m.
On 7/22/22 18:23, Daniel P. Berrangé wrote:
This is to enable SEV builds of UEFI which provide only a single
CODE.fd
file, with not VARS.fd.
Daniel P. Berrangé (2):
conf: support stateless UEFI firmware
qemu: support use of stateless EFI firmware
docs/formatdomain.rst | 9 +++-
src/conf/domain_conf.c | 9 ++++
src/conf/domain_conf.h | 1 +
src/conf/domain_validate.c | 26 ++++++++++
src/conf/schemas/domaincommon.rng | 5 ++
src/qemu/qemu_domain.c | 3 +-
src/qemu/qemu_firmware.c | 48 +++++++++++--------
...-auto-bios-not-stateless.x86_64-latest.err | 1 +
.../firmware-auto-bios-not-stateless.xml | 18 +++++++
...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++
.../firmware-auto-bios-stateless.xml | 18 +++++++
...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-auto-efi-stateless.xml | 18 +++++++
.../firmware-manual-bios-not-stateless.err | 1 +
.../firmware-manual-bios-not-stateless.xml | 15 ++++++
.../firmware-manual-bios-stateless.args | 30 ++++++++++++
.../firmware-manual-bios-stateless.xml | 15 ++++++
...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
.../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++
...nvram-template-stateless.x86_64-latest.err | 1 +
...re-manual-efi-nvram-template-stateless.xml | 19 ++++++++
...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
.../firmware-manual-efi-stateless.xml | 18 +++++++
tests/qemuxml2argvtest.c | 10 ++++
...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++
.../firmware-manual-bios-stateless.xml | 25 ++++++++++
.../firmware-manual-bios.xml | 25 ++++++++++
tests/qemuxml2xmltest.c | 3 ++
28 files changed, 451 insertions(+), 21 deletions(-)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
10:16 p.m.
On Mon, Jul 25, 2022 at 03:40:41PM +0200, Michal Prívozník wrote:
On 7/22/22 18:23, Daniel P. Berrangé wrote:
> This is to enable SEV builds of UEFI which provide only a single CODE.fd
> file, with not VARS.fd.
>
> Daniel P. Berrangé (2):
> conf: support stateless UEFI firmware
> qemu: support use of stateless EFI firmware
>
> docs/formatdomain.rst | 9 +++-
> src/conf/domain_conf.c | 9 ++++
> src/conf/domain_conf.h | 1 +
> src/conf/domain_validate.c | 26 ++++++++++
> src/conf/schemas/domaincommon.rng | 5 ++
> src/qemu/qemu_domain.c | 3 +-
> src/qemu/qemu_firmware.c | 48 +++++++++++--------
> ...-auto-bios-not-stateless.x86_64-latest.err | 1 +
> .../firmware-auto-bios-not-stateless.xml | 18 +++++++
> ...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++
> .../firmware-auto-bios-stateless.xml | 18 +++++++
> ...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
> .../firmware-auto-efi-stateless.xml | 18 +++++++
> .../firmware-manual-bios-not-stateless.err | 1 +
> .../firmware-manual-bios-not-stateless.xml | 15 ++++++
> .../firmware-manual-bios-stateless.args | 30 ++++++++++++
> .../firmware-manual-bios-stateless.xml | 15 ++++++
> ...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
> .../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++
> ...nvram-template-stateless.x86_64-latest.err | 1 +
> ...re-manual-efi-nvram-template-stateless.xml | 19 ++++++++
> ...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
> .../firmware-manual-efi-stateless.xml | 18 +++++++
> tests/qemuxml2argvtest.c | 10 ++++
> ...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++
> .../firmware-manual-bios-stateless.xml | 25 ++++++++++
> .../firmware-manual-bios.xml | 25 ++++++++++
> tests/qemuxml2xmltest.c | 3 ++
> 28 files changed, 451 insertions(+), 21 deletions(-)
> create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
> create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
> create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
> create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
>
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
ANy objection to me pushing this now, or wait until after freeze is
over ?
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
10:31 p.m.
On 7/26/22 16:16, Daniel P. Berrangé wrote:
On Mon, Jul 25, 2022 at 03:40:41PM +0200, Michal Prívozník wrote:
> On 7/22/22 18:23, Daniel P. Berrangé wrote:
>> This is to enable SEV builds of UEFI which provide only a single CODE.fd
>> file, with not VARS.fd.
>>
>> Daniel P. Berrangé (2):
>> conf: support stateless UEFI firmware
>> qemu: support use of stateless EFI firmware
>>
>> docs/formatdomain.rst | 9 +++-
>> src/conf/domain_conf.c | 9 ++++
>> src/conf/domain_conf.h | 1 +
>> src/conf/domain_validate.c | 26 ++++++++++
>> src/conf/schemas/domaincommon.rng | 5 ++
>> src/qemu/qemu_domain.c | 3 +-
>> src/qemu/qemu_firmware.c | 48 +++++++++++--------
>> ...-auto-bios-not-stateless.x86_64-latest.err | 1 +
>> .../firmware-auto-bios-not-stateless.xml | 18 +++++++
>> ...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++
>> .../firmware-auto-bios-stateless.xml | 18 +++++++
>> ...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
>> .../firmware-auto-efi-stateless.xml | 18 +++++++
>> .../firmware-manual-bios-not-stateless.err | 1 +
>> .../firmware-manual-bios-not-stateless.xml | 15 ++++++
>> .../firmware-manual-bios-stateless.args | 30 ++++++++++++
>> .../firmware-manual-bios-stateless.xml | 15 ++++++
>> ...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
>> .../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++
>> ...nvram-template-stateless.x86_64-latest.err | 1 +
>> ...re-manual-efi-nvram-template-stateless.xml | 19 ++++++++
>> ...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
>> .../firmware-manual-efi-stateless.xml | 18 +++++++
>> tests/qemuxml2argvtest.c | 10 ++++
>> ...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++
>> .../firmware-manual-bios-stateless.xml | 25 ++++++++++
>> .../firmware-manual-bios.xml | 25 ++++++++++
>> tests/qemuxml2xmltest.c | 3 ++
>> 28 files changed, 451 insertions(+), 21 deletions(-)
>> create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
>> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
>> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
>> create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
>> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
>> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
>> create mode 100644
tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.args
>> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
>> create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
>> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
>> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
>>
>
> Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
ANy objection to me pushing this now, or wait until after freeze is
over ?
Yeah, this is safe for freeze.
Michal
9:48 p.m.
On Fri, Jul 22, 2022 at 05:23:15PM +0100, Daniel P. Berrangé wrote:
This is to enable SEV builds of UEFI which provide only a single
CODE.fd
file, with not VARS.fd.
This is a significant enough user-visible change that a NEWS entry
for it would be warranted.
--
Andrea Bolognani / Red Hat / Virtualization
812
days inactive
819
days old
9 comments
3 participants
participants (3)
-
Andrea Bolognani -
Daniel P. Berrangé -
Michal Prívozník