Removing all unnecessary devices and elements makes it easier to focus on the actual purpose of these tests (configuring the SEV-specific bits). Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com> --- ...urity-sev-direct.x86_64-latest+amdsev.args | 3 -- ...curity-sev-direct.x86_64-latest+amdsev.xml | 13 +----- ...nch-security-sev-direct.x86_64-latest.args | 3 -- ...unch-security-sev-direct.x86_64-latest.xml | 13 +----- .../launch-security-sev-direct.xml | 17 +------ ...ng-platform-info.x86_64-latest+amdsev.args | 3 -- ...ing-platform-info.x86_64-latest+amdsev.xml | 13 +----- ...nch-security-sev-missing-platform-info.xml | 18 +------- ...security-sev-snp.x86_64-latest+amdsev.args | 6 --- ...-security-sev-snp.x86_64-latest+amdsev.xml | 27 +----------- ...launch-security-sev-snp.x86_64-latest.args | 6 --- .../launch-security-sev-snp.x86_64-latest.xml | 27 +----------- .../launch-security-sev-snp.xml | 44 +------------------ ...nch-security-sev.x86_64-latest+amdsev.args | 3 -- ...unch-security-sev.x86_64-latest+amdsev.xml | 13 +----- tests/qemuxmlconfdata/launch-security-sev.xml | 18 +------- 16 files changed, 10 insertions(+), 217 deletions(-) diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.args index 33f820f5ad..909e88b0b9 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.args @@ -30,9 +30,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -initrd /initrd \ -append runme \ -shim /shim \ --device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/session.base64","kernel-hashes":true}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml index dea8236540..01ca8fe012 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest+amdsev.xml @@ -21,18 +21,7 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0' model='piix3-uhci'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> - <controller type='ide' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='pci' index='0' model='pci-root'/> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args index 33f820f5ad..909e88b0b9 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.args @@ -30,9 +30,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -initrd /initrd \ -append runme \ -shim /shim \ --device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/session.base64","kernel-hashes":true}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml index dea8236540..01ca8fe012 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.x86_64-latest.xml @@ -21,18 +21,7 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0' model='piix3-uhci'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> - <controller type='ide' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='pci' index='0' model='pci-root'/> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev-direct.xml b/tests/qemuxmlconfdata/launch-security-sev-direct.xml index 76277b6278..7b4908c7d4 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-direct.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-direct.xml @@ -2,7 +2,6 @@ <name>QEMUGuest1</name> <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>219100</memory> - <currentMemory unit='KiB'>219100</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64' machine='pc'>hvm</type> @@ -11,23 +10,9 @@ <cmdline>runme</cmdline> <shim>/shim</shim> </os> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0'/> - <controller type='ide' index='0'/> - <controller type='pci' index='0' model='pci-root'/> - <input type='mouse' bus='ps2'/> - <input type='keyboard' bus='ps2'/> + <controller type='usb' model='none'/> <memballoon model='none'/> </devices> <launchSecurity type='sev' kernelHashes='yes'> diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args index cbbda6345f..0270316a67 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args @@ -26,9 +26,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -rtc base=utc \ -no-shutdown \ -boot strict=on \ --device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":51,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/session.base64"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml index 6a0048aeae..6e7119c34e 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml @@ -17,18 +17,7 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0' model='piix3-uhci'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> - <controller type='ide' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='pci' index='0' model='pci-root'/> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.xml b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.xml index b4f3eb4998..cef48ec3c7 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.xml @@ -2,29 +2,13 @@ <name>QEMUGuest1</name> <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>219100</memory> - <currentMemory unit='KiB'>219100</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64' machine='pc'>hvm</type> - <boot dev='hd'/> </os> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0'/> - <controller type='ide' index='0'/> - <controller type='pci' index='0' model='pci-root'/> - <input type='mouse' bus='ps2'/> - <input type='keyboard' bus='ps2'/> + <controller type='usb' model='none'/> <memballoon model='none'/> </devices> <launchSecurity type='sev'> diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args index b3bc7fcf04..d849eb88e0 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args @@ -28,12 +28,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -rtc base=utc \ -no-shutdown \ -boot strict=on \ --device '{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}' \ --device '{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}' \ --device '{"driver":"pcie-root-port","port":10,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x1.0x2"}' \ --device '{"driver":"qemu-xhci","id":"usb","bus":"pci.1","addr":"0x0"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"virtio-blk-pci","bus":"pci.2","addr":"0x0","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -global ICH9-LPC.noreboot=off \ -watchdog-action reset \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml index d9bf146993..a0487b021e 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml @@ -15,8 +15,6 @@ </os> <features> <acpi/> - <apic/> - <pae/> </features> <cpu mode='custom' match='exact' check='none'> <model fallback='forbid'>qemu64</model> @@ -27,34 +25,11 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='vda' bus='virtio'/> - <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> - </disk> - <controller type='usb' index='0' model='qemu-xhci'> - <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='sata' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='pci' index='0' model='pcie-root'/> - <controller type='pci' index='1' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='1' port='0x8'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> - </controller> - <controller type='pci' index='2' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='2' port='0x9'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> - <controller type='pci' index='3' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='3' port='0xa'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <audio id='1' type='none'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args index b3bc7fcf04..d849eb88e0 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args @@ -28,12 +28,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -rtc base=utc \ -no-shutdown \ -boot strict=on \ --device '{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}' \ --device '{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}' \ --device '{"driver":"pcie-root-port","port":10,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x1.0x2"}' \ --device '{"driver":"qemu-xhci","id":"usb","bus":"pci.1","addr":"0x0"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"virtio-blk-pci","bus":"pci.2","addr":"0x0","drive":"libvirt-1-storage","id":"virtio-disk0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -global ICH9-LPC.noreboot=off \ -watchdog-action reset \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml index d9bf146993..a0487b021e 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml @@ -15,8 +15,6 @@ </os> <features> <acpi/> - <apic/> - <pae/> </features> <cpu mode='custom' match='exact' check='none'> <model fallback='forbid'>qemu64</model> @@ -27,34 +25,11 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='vda' bus='virtio'/> - <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> - </disk> - <controller type='usb' index='0' model='qemu-xhci'> - <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='sata' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='pci' index='0' model='pcie-root'/> - <controller type='pci' index='1' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='1' port='0x8'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> - </controller> - <controller type='pci' index='2' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='2' port='0x9'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> - <controller type='pci' index='3' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='3' port='0xa'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <audio id='1' type='none'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.xml index 408198674e..d62ed0d05d 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.xml @@ -2,59 +2,17 @@ <name>QEMUGuest1</name> <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>219100</memory> - <currentMemory unit='KiB'>219100</currentMemory> <vcpu placement='static'>1</vcpu> <os firmware='efi'> <type arch='x86_64' machine='pc-q35-8.2'>hvm</type> <loader stateless='yes'/> - <boot dev='hd'/> </os> <features> <acpi/> - <apic/> - <pae/> </features> - <cpu mode='custom' match='exact' check='none'> - <model fallback='forbid'>qemu64</model> - </cpu> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='vda' bus='virtio'/> - <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> - </disk> - <controller type='usb' index='0' model='qemu-xhci'> - <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> - </controller> - <controller type='sata' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> - </controller> - <controller type='pci' index='0' model='pcie-root'/> - <controller type='pci' index='1' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='1' port='0x8'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> - </controller> - <controller type='pci' index='2' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='2' port='0x9'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> - <controller type='pci' index='3' model='pcie-root-port'> - <model name='pcie-root-port'/> - <target chassis='3' port='0xa'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> - <input type='mouse' bus='ps2'/> - <input type='keyboard' bus='ps2'/> - <audio id='1' type='none'/> - <watchdog model='itco' action='reset'/> + <controller type='usb' model='none'/> <memballoon model='none'/> </devices> <launchSecurity type='sev-snp' authorKey='yes' vcek='no'> diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args index a71b08e4da..452648e252 100644 --- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args @@ -26,9 +26,6 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -rtc base=utc \ -no-shutdown \ -boot strict=on \ --device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ --blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ --device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/session.base64"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml index a3ee54ed44..eca1c1de75 100644 --- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml @@ -17,18 +17,7 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0' model='piix3-uhci'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> - </controller> - <controller type='ide' index='0'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> - </controller> + <controller type='usb' index='0' model='none'/> <controller type='pci' index='0' model='pci-root'/> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> diff --git a/tests/qemuxmlconfdata/launch-security-sev.xml b/tests/qemuxmlconfdata/launch-security-sev.xml index 51967071f7..3c4cbe4344 100644 --- a/tests/qemuxmlconfdata/launch-security-sev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev.xml @@ -2,29 +2,13 @@ <name>QEMUGuest1</name> <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>219100</memory> - <currentMemory unit='KiB'>219100</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64' machine='pc'>hvm</type> - <boot dev='hd'/> </os> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type='block' device='disk'> - <driver name='qemu' type='raw'/> - <source dev='/dev/HostVG/QEMUGuest1'/> - <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> - </disk> - <controller type='usb' index='0'/> - <controller type='ide' index='0'/> - <controller type='pci' index='0' model='pci-root'/> - <input type='mouse' bus='ps2'/> - <input type='keyboard' bus='ps2'/> + <controller type='usb' model='none'/> <memballoon model='none'/> </devices> <launchSecurity type='sev'> -- 2.51.0

One of the new test cases demonstrates how firmware autoselection doesn't currently work correctly for domains using SEV-SNP: the descriptor for a suitable firmware exists, and yet it doesn't get picked up. Another test cases shows that, while firmware autoselection succeeds for non-SNP SEV domains, the results are not the expected ones: the generic (stateful) edk2 build is used instead of the SEV-specific (stateless) one. Finally, one test case provides coverage for the uncommon scenario of stateful firmware being explicitly requested by the user. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- ...-auto-efi-sev-snp.x86_64-latest+amdsev.err | 1 + ...-auto-efi-sev-snp.x86_64-latest+amdsev.xml | 38 ++++++++++++++++ .../firmware-auto-efi-sev-snp.xml | 20 +++++++++ ...efi-sev-stateful.x86_64-latest+amdsev.args | 37 ++++++++++++++++ ...-efi-sev-stateful.x86_64-latest+amdsev.xml | 43 +++++++++++++++++++ .../firmware-auto-efi-sev-stateful.xml | 21 +++++++++ ...are-auto-efi-sev.x86_64-latest+amdsev.args | 37 ++++++++++++++++ ...ware-auto-efi-sev.x86_64-latest+amdsev.xml | 43 +++++++++++++++++++ .../qemuxmlconfdata/firmware-auto-efi-sev.xml | 20 +++++++++ tests/qemuxmlconftest.c | 15 +++++++ 10 files changed, 275 insertions(+) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.err create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.args create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev.xml diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.err b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.err new file mode 100644 index 0000000000..3edb2b3451 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.err @@ -0,0 +1 @@ +operation failed: Unable to find 'efi' firmware that is compatible with the current configuration diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml new file mode 100644 index 0000000000..81ac7888ea --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml @@ -0,0 +1,38 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <loader format='raw'/> + <boot dev='hd'/> + </os> + <features> + <acpi/> + </features> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pcie-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <watchdog model='itco' action='reset'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev-snp'> + <policy>0x00030000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml new file mode 100644 index 0000000000..4bb363d07a --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml @@ -0,0 +1,20 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + </os> + <features> + <acpi/> + </features> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' model='none'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev-snp'> + <policy>0x30000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.args new file mode 100644 index 0000000000..550ac52b8a --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.args @@ -0,0 +1,37 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/var/lib/libvirt/qemu/domain--1-guest \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \ +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \ +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=guest,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ +-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ +-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \ +-accel kvm \ +-cpu qemu64 \ +-m size=1048576k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-boot strict=on \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-global ICH9-LPC.noreboot=off \ +-watchdog-action reset \ +-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":51,"reduced-phys-bits":1,"policy":196608}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.xml new file mode 100644 index 0000000000..b9a9ba8aa8 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.x86_64-latest+amdsev.xml @@ -0,0 +1,43 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <firmware> + <feature enabled='no' name='enrolled-keys'/> + <feature enabled='no' name='secure-boot'/> + </firmware> + <loader readonly='yes' type='pflash' stateless='no' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader> + <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram> + <boot dev='hd'/> + </os> + <features> + <acpi/> + </features> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pcie-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <watchdog model='itco' action='reset'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev'> + <policy>0x30000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.xml new file mode 100644 index 0000000000..d6195f60e2 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-stateful.xml @@ -0,0 +1,21 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <loader stateless='no'/> + </os> + <features> + <acpi/> + </features> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' model='none'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev'> + <policy>0x30000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args new file mode 100644 index 0000000000..550ac52b8a --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args @@ -0,0 +1,37 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/var/lib/libvirt/qemu/domain--1-guest \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \ +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \ +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=guest,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ +-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ +-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \ +-accel kvm \ +-cpu qemu64 \ +-m size=1048576k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-boot strict=on \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-global ICH9-LPC.noreboot=off \ +-watchdog-action reset \ +-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":51,"reduced-phys-bits":1,"policy":196608}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml new file mode 100644 index 0000000000..cbfdcdeee3 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml @@ -0,0 +1,43 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <firmware> + <feature enabled='no' name='enrolled-keys'/> + <feature enabled='no' name='secure-boot'/> + </firmware> + <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader> + <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram> + <boot dev='hd'/> + </os> + <features> + <acpi/> + </features> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pcie-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <watchdog model='itco' action='reset'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev'> + <policy>0x30000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.xml new file mode 100644 index 0000000000..69e0c2bd51 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.xml @@ -0,0 +1,20 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + </os> + <features> + <acpi/> + </features> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' model='none'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev'> + <policy>0x30000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index 171a6f1c78..4d1d3e5f60 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -1477,6 +1477,21 @@ mymain(void) DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64"); DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch"); + DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-auto-efi-sev", "x86_64", + ARG_CAPS_VARIANT, "+amdsev", + ARG_END); + DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-auto-efi-sev-snp", "x86_64", + ARG_FLAGS, FLAG_EXPECT_FAILURE, + ARG_CAPS_VARIANT, "+amdsev", + ARG_END); + + /* Use of stateful firmware for SEV is uncommon, since it + * conflicts with boot measurements, but it's still possible for + * the user to explicitly request it */ + DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-auto-efi-sev-stateful", "x86_64", + ARG_CAPS_VARIANT, "+amdsev", + ARG_END); + DO_TEST_CAPS_LATEST("clock-utc"); DO_TEST_CAPS_LATEST("clock-localtime"); DO_TEST_CAPS_LATEST("clock-localtime-basis-localtime"); -- 2.51.0

Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- NEWS.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 1b8e188f5e..847dcb390b 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -36,6 +36,11 @@ v11.8.0 (unreleased) * **Bug fixes** + * qemu: Fix selection of stateless/combined firmware + + A stateless firmware will now be correctly chosen when appropriate, + e.g. for domains configured to use SEV-SNP. + v11.7.0 (2025-09-01) ==================== -- 2.51.0

Based on proposed changes in the Fedora edk2 package: https://src.fedoraproject.org/rpms/edk2/pull-request/14 A new firmware descriptor exists for the stateful SEV use case, and the regular edk2 descriptor no longer advertises support for SEV/SEV-ES. Additionally, all stateless SEV use cases are now using the rom loader instead of the pflash one. --- .../share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json | 8 ++------ .../30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json | 3 +-- .../firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json | 3 +-- .../qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json | 3 +-- .../qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json | 3 +-- .../share/qemu/firmware/50-edk2-aarch64-qcow2.json | 4 +--- .../usr/share/qemu/firmware/50-edk2-loongarch64.json | 2 ++ .../qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json | 5 +---- .../usr/share/qemu/firmware/50-edk2-riscv-qcow2.json | 4 +--- .../usr/share/qemu/firmware/51-edk2-aarch64-raw.json | 4 +--- .../qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json | 5 +---- .../qemu/firmware/52-edk2-aarch64-verbose-qcow2.json | 3 +-- .../qemu/firmware/53-edk2-aarch64-verbose-raw.json | 3 +-- .../share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json | 11 +++-------- .../qemu/firmware/60-edk2-ovmf-x64-inteltdx.json | 1 - ...osb.json => 61-edk2-ovmf-x64-amdsev-stateful.json} | 7 ++----- .../usr/share/qemu/firmware/90-combined.json | 1 - tests/qemufirmwaretest.c | 2 ++ ...irmware-auto-efi-sev-snp.x86_64-latest+amdsev.args | 5 ++--- ...firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml | 2 +- .../firmware-auto-efi-sev.x86_64-latest+amdsev.args | 6 ++---- .../firmware-auto-efi-sev.x86_64-latest+amdsev.xml | 3 +-- .../firmware-auto-efi-stateless.x86_64-latest.args | 5 ++--- .../firmware-auto-efi-stateless.x86_64-latest.xml | 2 +- ...ev-missing-platform-info.x86_64-latest+amdsev.args | 5 ++--- ...sev-missing-platform-info.x86_64-latest+amdsev.xml | 2 +- .../launch-security-sev-snp.x86_64-latest+amdsev.args | 5 ++--- .../launch-security-sev-snp.x86_64-latest+amdsev.xml | 2 +- .../launch-security-sev-snp.x86_64-latest.args | 5 ++--- .../launch-security-sev-snp.x86_64-latest.xml | 2 +- .../launch-security-sev.x86_64-latest+amdsev.args | 5 ++--- .../launch-security-sev.x86_64-latest+amdsev.xml | 2 +- 32 files changed, 43 insertions(+), 80 deletions(-) copy tests/qemufirmwaredata/usr/share/qemu/firmware/{51-edk2-ovmf-2m-raw-x64-nosb.json => 61-edk2-ovmf-x64-amdsev-stateful.json} (81%) diff --git a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json index d83d394ba7..e53e1213e6 100644 --- a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json +++ b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json @@ -3,12 +3,8 @@ "uefi" ], "mapping": { - "device": "flash", - "mode": "stateless", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd", - "format": "raw" - } + "device": "memory", + "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd" }, "targets": [ { diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json index e709223313..b899d104e0 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2", "format": "qcow2" @@ -31,6 +31,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json index 2ed45362c4..61eb80ca20 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", "format": "raw" @@ -31,6 +31,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json index 655dd42ef1..89da929062 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2", "format": "qcow2" @@ -30,6 +30,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json index 06b3ece89a..0b61f44956 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", "format": "raw" @@ -30,6 +30,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json index 79f64a11a3..39a9073f8e 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2", "format": "qcow2" @@ -24,9 +24,7 @@ } ], "features": [ - ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json index c5a7ec5f7b..96e4d82a8f 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json @@ -24,5 +24,7 @@ } ], "features": [ + ], + "tags": [ ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json index d64735f477..85cc1f78d1 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2", "format": "qcow2" @@ -26,11 +26,8 @@ ], "features": [ "acpi-s3", - "amd-sev", - "amd-sev-es", "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json index eb1930da49..19ef29a2cd 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2", "format": "qcow2" @@ -25,9 +25,7 @@ } ], "features": [ - ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json index cabbd396ea..f567a41933 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw", "format": "raw" @@ -24,9 +24,7 @@ } ], "features": [ - ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json index 050853e2b8..f1a7f97253 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd", "format": "raw" @@ -26,11 +26,8 @@ ], "features": [ "acpi-s3", - "amd-sev", - "amd-sev-es", "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json index 4173102967..02bc53862f 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2", "format": "qcow2" @@ -27,6 +27,5 @@ "verbose-static" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json index ec69d19858..59439af322 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json @@ -5,7 +5,7 @@ ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw", "format": "raw" @@ -27,6 +27,5 @@ "verbose-static" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json index 9a561bc7eb..5c8bfc0ffd 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json @@ -1,15 +1,11 @@ { - "description": "OVMF with SEV-ES support", + "description": "OVMF with SEV + SEV-ES + SEV-SNP support", "interface-types": [ "uefi" ], "mapping": { - "device": "flash", - "mode": "stateless", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd", - "format": "raw" - } + "device": "memory", + "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd" }, "targets": [ { @@ -26,6 +22,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json index 445eb70e03..52323b2a04 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json @@ -22,6 +22,5 @@ "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json similarity index 81% copy from tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json copy to tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json index 050853e2b8..f1194a3d37 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json @@ -1,11 +1,11 @@ { - "description": "OVMF without SB+SMM, empty varstore", + "description": "OVMF with SEV + SEV-ES support, stateful", "interface-types": [ "uefi" ], "mapping": { "device": "flash", - "mode" : "split", + "mode": "split", "executable": { "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd", "format": "raw" @@ -19,18 +19,15 @@ { "architecture": "x86_64", "machines": [ - "pc-i440fx-*", "pc-q35-*" ] } ], "features": [ - "acpi-s3", "amd-sev", "amd-sev-es", "verbose-dynamic" ], "tags": [ - ] } diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json index 8ecac440b4..a788a3fc40 100644 --- a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json @@ -21,7 +21,6 @@ ], "features": [ "acpi-s3", - "amd-sev", "enrolled-keys", "requires-smm", "secure-boot", diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c index a4fb5c9b9c..dfb7d18f5d 100644 --- a/tests/qemufirmwaretest.c +++ b/tests/qemufirmwaretest.c @@ -101,6 +101,7 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED) SYSCONFDIR "/qemu/firmware/59-combined.json", PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json", PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json", + PREFIX "/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json", PREFIX "/share/qemu/firmware/90-combined.json", PREFIX "/share/qemu/firmware/91-bios.json", PREFIX "/share/qemu/firmware/93-invalid.json", @@ -280,6 +281,7 @@ mymain(void) DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json"); DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json"); DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json"); + DO_PARSE_TEST("usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json"); DO_PARSE_TEST("usr/share/qemu/firmware/90-combined.json"); DO_PARSE_TEST("usr/share/qemu/firmware/91-bios.json"); DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-invalid.json"); diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args index 99350f600c..624039d1a2 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=1048576k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml index 6ea58f3361..10a1a3a22d 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args index 550ac52b8a..2529f9c069 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args @@ -10,12 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \ --machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=1048576k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml index cbfdcdeee3..96468a6943 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml @@ -10,8 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader> - <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram> + <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args index 0c0caf2468..9bb122c04a 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args +++ b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -name guest=guest,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=1048576k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml index 3fead35a66..da15c12e61 100644 --- a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args index 6e076cec63..a751ac70c8 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=219136k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml index d0f8ed031d..d3c4aca1a0 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args index d849eb88e0..f8bc8a71fe 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=219136k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml index a0487b021e..f57f3f2b68 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args index d849eb88e0..f8bc8a71fe 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=219136k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml index a0487b021e..f57f3f2b68 100644 --- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args index b62961f974..51a92dc47c 100644 --- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args +++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args @@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ -name guest=QEMUGuest1,debug-threads=on \ -S \ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \ --blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ --machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \ -accel kvm \ -cpu qemu64 \ +-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \ -m size=219136k \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \ -overcommit mem-lock=off \ diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml index b7ec804058..9f46eec07d 100644 --- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml +++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml @@ -10,7 +10,7 @@ <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> - <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> <boot dev='hd'/> </os> <features> -- 2.51.0