New subject: [PATCH 01/29] schemas: Drop pflashFormat

29 Dec 2025

      This series makes it possible to use Secure Boot with aarch64 VMs.

https://issues.redhat.com/browse/RHEL-82645

It needs a prerequisite series[1] to be applied first.

Note that, while I consider the entire series to be ready for review,
there are two patches that are marked as DONOTMERGE: that's because
they respectively implement support for a JSON firmware descriptor
syntax extension that has not yet been approved, and import into the
tree firmware descriptor that are not yet part of the Fedora edk2
package. The latter depends on the former, of course, for which
patches have been posted[2] to the QEMU mailing list.

[1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/N2ETT...
[2] https://mail.gnu.org/archive/html/qemu-devel/2025-12/msg03462.html

Andrea Bolognani (29):
  schemas: Drop pflashFormat
  schemas: Introduce firmware(Loader|Nvram)Formats
  schemas: Allow JSON format for NVRAM
  conf: Introduce VIR_STORAGE_FILE_JSON
  conf: Allow JSON format for NVRAM in the parser
  qemu_firmware: Rename qemuFirmwareFlashFile to qemuFirmwareFile
  qemu_firmware: Use qemuFirmwareFile in qemuFirmwareMappingMemory
  DONOTMERGE: qemu_firmware: Support extended syntax for ROM firmware
    descriptors
  qemu_firmware: Report NVRAM template path for ROMs
  qemu_firmware: Fill in more information for ROMs
  qemu_firmware: Don't skip EnsureNVRAM() for ROMs
  qemu_firmware: Parse host-uefi-vars firmware feature
  qemu_firmware: Split sanity check
  qemu_firmware: Consider host-uefi-vars feature in sanity check
  tests: Add firmware-manual-efi-qemuvars-q35
  tests: Add firmware-manual-efi-qemuvars-aarch64
  tests: Add firmware-manual-efi-qemuvars-nvram-network-nbd
  tests: Add firmware-auto-efi-enrolled-keys-aarch64
  tests: Add firmware-auto-efi-format-nvram-json
  qemu_capabilities: Introduce QEMU_CAPS_DEVICE_UEFI_VARS
  qemu: Validate presence of uefi-vars device
  qemu: Don't allow remote locations for JSON format NVRAM
  qemu_firmware: Generate correct name for JSON format NVRAM
  qemu_firmware: Update matching logic for ROMs
  qemu_firmware: Require host-uefi-vars feature for JSON NVRAM
  qemu_firmware: Allow JSON format for NVRAM
  DONOTMERGE: tests: Add firmware descriptors for uefi-vars builds
  qemu_command: Use uefi-vars device where appropriate
  news: Document support for uefi-vars device and firmwares

 NEWS.rst                                      |  10 +
 src/conf/domain_conf.c                        |   6 +-
 src/conf/schemas/domaincommon.rng             |  22 +-
 src/conf/storage_source_conf.c                |   2 +-
 src/conf/storage_source_conf.h                |   1 +
 src/qemu/qemu_block.c                         |   2 +
 src/qemu/qemu_capabilities.c                  |   3 +
 src/qemu/qemu_capabilities.h                  |   1 +
 src/qemu/qemu_command.c                       |  36 ++
 src/qemu/qemu_firmware.c                      | 353 +++++++++++++++---
 src/qemu/qemu_validate.c                      |  13 +
 .../caps_10.0.0_aarch64.xml                   |   1 +
 .../caps_10.0.0_x86_64+amdsev.xml             |   1 +
 .../caps_10.0.0_x86_64.xml                    |   1 +
 .../caps_10.1.0_s390x.xml                     |   1 +
 .../caps_10.1.0_x86_64+inteltdx.xml           |   1 +
 .../caps_10.1.0_x86_64.xml                    |   1 +
 .../caps_10.2.0_x86_64+mshv.xml               |   1 +
 .../caps_10.2.0_x86_64.xml                    |   1 +
 ...tdx.json => 50-edk2-ovmf-x64-microvm.json} |  12 +-
 .../firmware/60-edk2-ovmf-x64-inteltdx.json   |   6 +-
 .../out/usr/share/qemu/firmware/91-bios.json  |  33 ++
 ...70-edk2-ovmf-qemuvars-x64-sb-enrolled.json |  35 ++
 .../70-edk2-qemuvars-aarch64-sb-enrolled.json |  33 ++
 tests/qemufirmwaretest.c                      |  10 +-
 ...ware-auto-bios-stateless.x86_64-latest.xml |   2 +-
 .../firmware-auto-bios.x86_64-latest.xml      |   2 +-
 ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err |   1 +
 ...-enrolled-keys-aarch64.aarch64-latest.args |  32 ++
 ...i-enrolled-keys-aarch64.aarch64-latest.xml |  32 ++
 ...irmware-auto-efi-enrolled-keys-aarch64.xml |  20 +
 ...uto-efi-format-nvram-json.x86_64-8.2.0.err |   1 +
 ...o-efi-format-nvram-json.x86_64-latest.args |  35 ++
 ...o-efi-format-nvram-json.x86_64-latest.xml} |  11 +-
 .../firmware-auto-efi-format-nvram-json.xml   |  18 +
 ...l-efi-qemuvars-aarch64.aarch64-latest.args |  33 ++
 ...l-efi-qemuvars-aarch64.aarch64-latest.xml} |  24 +-
 .../firmware-manual-efi-qemuvars-aarch64.xml  |  19 +
 ...muvars-nvram-network-nbd.x86_64-latest.err |   1 +
 ...-manual-efi-qemuvars-nvram-network-nbd.xml |  23 ++
 ...manual-efi-qemuvars-q35.x86_64-latest.args |  35 ++
 ...manual-efi-qemuvars-q35.x86_64-latest.xml} |  11 +-
 .../firmware-manual-efi-qemuvars-q35.xml      |  19 +
 ...-manual-efi-tdx.x86_64-latest+inteltdx.xml |   2 +-
 tests/qemuxmlconftest.c                       |   8 +
 .../storagepoolcapsschemadata/poolcaps-fs.xml |   5 +
 .../poolcaps-full.xml                         |   5 +
 .../out/qcow2-qcow2_qcow2-qcow2_qcow2-auto    |   2 +-
 .../out/qcow2-qcow2_qcow2-qcow2_raw-auto      |   2 +-
 .../out/qcow2-qcow2_qcow2-qcow2_raw-raw       |   2 +-
 tests/virstoragetestdata/out/qcow2-symlinks   |   2 +-
 .../out/qcow2datafile-qcow2_qcow2-datafile    |   2 +-
 52 files changed, 824 insertions(+), 111 deletions(-)
 copy tests/qemufirmwaredata/out/usr/share/qemu/firmware/{60-edk2-ovmf-x64-inteltdx.json => 50-edk2-ovmf-x64-microvm.json} (56%)
 create mode 100644 tests/qemufirmwaredata/out/usr/share/qemu/firmware/91-bios.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-json.x86_64-8.2.0.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-json.x86_64-latest.args
 copy tests/qemuxmlconfdata/{firmware-auto-bios-stateless.x86_64-latest.xml => firmware-auto-efi-format-nvram-json.x86_64-latest.xml} (71%)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-json.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-aarch64.aarch64-latest.args
 copy tests/qemuxmlconfdata/{firmware-auto-bios.x86_64-latest.xml => firmware-manual-efi-qemuvars-aarch64.aarch64-latest.xml} (52%)
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-aarch64.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-nvram-network-nbd.x86_64-latest.err
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-nvram-network-nbd.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-q35.x86_64-latest.args
 copy tests/qemuxmlconfdata/{firmware-auto-bios-stateless.x86_64-latest.xml => firmware-manual-efi-qemuvars-q35.x86_64-latest.xml} (74%)
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-qemuvars-q35.xml

-- 
2.52.0

[PATCH 00/29] qemu: Implement support for uefi-vars device and firmwares

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Daniel P. Berrangé

Andrea Bolognani

Daniel P. Berrangé

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Daniel P. Berrangé

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Andrea Bolognani

Michal Prívozník

tags

participants (3)