11:14 a.m.
The main motivation behind this series was making it as simple as
possible ("one click") to enable Secure Boot for a VM.
In the process I ended up fixing, improving and cleaning up various
parts of the firmware selection interface.
GitLab branch: https://gitlab.com/abologna/libvirt/-/commits/firmware
Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/571485540
Andrea Bolognani (28):
tests: Remove firmware bits from unrelated tests
tests: Use firmware autoselection on aarch64
tests: Drop bios-nvram-os-interleave test
tests: Rename and reorganize firmware tests
tests: Use minimal hardware for firmware tests
tests: Don't set NVRAM path manually
tests: Don't use loader.secure=no with firmware autoselection
tests: Add more firmware tests
conf: Move virDomainLoaderDefParseXML()
conf: Rename virDomainLoaderDefParseXMLNvram()
conf: Move setting type for NVRAM source
conf: Move nvramTemplate parsing
conf: Handle NVRAM in virDomainLoaderDefParseXML()
conf: Rename virDomainLoaderDefParseXML() argument
conf: Use nodes in virDomainLoaderDefParseXMLNvram()
conf: Always parse NVRAM path if present
conf: Enable secure-boot when enrolled-keys is enabled
conf: Add return value to virDomainDefPostParseOs()
conf: Reject enrolled-keys=yes with secure-boot=no
conf: Always parse all firmware information
conf: Refactor virDomainDefOSValidate()
conf: Validate firmware configuration more thoroughly
conf: Always parse firmware features
conf: Reject features when using manual firmware selection
qemu_firmware: Enable loader.secure when requires-smm
qemu_firmware: enrolled-keys requires secure-boot
docs: Add kbase page for Secure Boot
NEWS: Document improvements to firmware autoselection
NEWS.rst | 5 +
docs/kbase/index.rst | 3 +
docs/kbase/meson.build | 1 +
docs/kbase/secureboot.rst | 102 ++++++++++
src/conf/domain_conf.c | 182 ++++++++++--------
src/conf/domain_validate.c | 83 ++++++--
src/qemu/qemu_firmware.c | 16 +-
tests/qemusecuritytest.c | 6 +-
.../aarch64-os-firmware-efi.xml | 31 ---
.../bios-nvram-os-interleave.xml | 40 ----
.../bios-nvram-rw-implicit.xml | 35 ----
tests/qemuxml2argvdata/bios-nvram-rw.xml | 35 ----
tests/qemuxml2argvdata/bios-nvram-secure.xml | 35 ----
tests/qemuxml2argvdata/bios.xml | 37 ----
...firmware-auto-bios-nvram.x86_64-latest.err | 1 +
.../firmware-auto-bios-nvram.xml | 18 ++
... => firmware-auto-bios.x86_64-latest.args} | 12 +-
tests/qemuxml2argvdata/firmware-auto-bios.xml | 17 ++
...ware-auto-efi-aarch64.aarch64-latest.args} | 6 +-
...uefi.xml => firmware-auto-efi-aarch64.xml} | 12 +-
...enrolled-keys-no-secboot.x86_64-latest.err | 1 +
...ware-auto-efi-enrolled-keys-no-secboot.xml | 21 ++
...auto-efi-enrolled-keys.x86_64-latest.args} | 14 +-
.../firmware-auto-efi-enrolled-keys.xml | 20 ++
...auto-efi-loader-insecure.x86_64-latest.err | 1 +
.../firmware-auto-efi-loader-insecure.xml | 18 ++
...are-auto-efi-loader-path.x86_64-latest.err | 1 +
.../firmware-auto-efi-loader-path.xml | 18 ++
...auto-efi-loader-secure.x86_64-latest.args} | 15 +-
.../firmware-auto-efi-loader-secure.xml | 18 ++
...o-efi-no-enrolled-keys.x86_64-latest.args} | 3 -
.../firmware-auto-efi-no-enrolled-keys.xml | 20 ++
...re-auto-efi-no-secboot.x86_64-latest.args} | 3 -
.../firmware-auto-efi-no-secboot.xml | 20 ++
...irmware-auto-efi-nvram.x86_64-latest.args} | 10 +-
.../firmware-auto-efi-nvram.xml | 18 ++
...mware-auto-efi-secboot.x86_64-latest.args} | 8 +-
.../firmware-auto-efi-secboot.xml | 20 ++
...s => firmware-auto-efi.x86_64-latest.args} | 8 +-
tests/qemuxml2argvdata/firmware-auto-efi.xml | 17 ++
...anual-bios-rw-implicit.x86_64-latest.args} | 8 +-
...l => firmware-manual-bios-rw-implicit.xml} | 7 +-
...irmware-manual-bios-rw.x86_64-latest.args} | 8 +-
...o-path.xml => firmware-manual-bios-rw.xml} | 7 +-
.../{bios.args => firmware-manual-bios.args} | 11 +-
.../qemuxml2argvdata/firmware-manual-bios.xml | 15 ++
... => firmware-manual-efi-acpi-aarch64.args} | 1 -
...l => firmware-manual-efi-acpi-aarch64.xml} | 4 +-
...args => firmware-manual-efi-acpi-q35.args} | 1 -
...i.xml => firmware-manual-efi-acpi-q35.xml} | 4 +-
...ware-manual-efi-features.x86_64-latest.err | 1 +
...e.xml => firmware-manual-efi-features.xml} | 12 +-
...th.err => firmware-manual-efi-no-path.err} | 0
...th.xml => firmware-manual-efi-no-path.xml} | 5 +-
...> firmware-manual-efi-noacpi-aarch64.args} | 1 -
...=> firmware-manual-efi-noacpi-aarch64.xml} | 4 +-
...err => firmware-manual-efi-noacpi-q35.err} | 0
...xml => firmware-manual-efi-noacpi-q35.xml} | 4 +-
...-manual-efi-nvram-file.x86_64-latest.args} | 4 +-
...xml => firmware-manual-efi-nvram-file.xml} | 6 +-
...-efi-nvram-network-iscsi.x86_64-4.1.0.err} | 0
...fi-nvram-network-iscsi.x86_64-latest.args} | 4 +-
...rmware-manual-efi-nvram-network-iscsi.xml} | 9 +-
...-efi-nvram-network-nbd.x86_64-latest.args} | 4 +-
...firmware-manual-efi-nvram-network-nbd.xml} | 9 +-
...ual-efi-nvram-template.x86_64-latest.args} | 4 +-
...=> firmware-manual-efi-nvram-template.xml} | 6 +-
...e.args => firmware-manual-efi-secure.args} | 9 +-
...efi.xml => firmware-manual-efi-secure.xml} | 11 +-
...os-nvram.args => firmware-manual-efi.args} | 7 +-
...m-template.xml => firmware-manual-efi.xml} | 8 +-
...=> firmware-manual-noefi-acpi-aarch64.err} | 0
...=> firmware-manual-noefi-acpi-aarch64.xml} | 7 +-
...gs => firmware-manual-noefi-acpi-q35.args} | 4 -
...xml => firmware-manual-noefi-acpi-q35.xml} | 7 +-
...firmware-manual-noefi-noacpi-aarch64.args} | 4 -
... firmware-manual-noefi-noacpi-aarch64.xml} | 7 +-
... => firmware-manual-noefi-noacpi-q35.args} | 4 -
...l => firmware-manual-noefi-noacpi-q35.xml} | 7 +-
tests/qemuxml2argvdata/os-firmware-bios.xml | 68 -------
.../os-firmware-efi-secboot.xml | 68 -------
tests/qemuxml2argvdata/os-firmware-efi.xml | 68 -------
.../pci-bridge-many-disks.args | 1 -
.../pci-bridge-many-disks.xml | 1 -
.../virtio-iommu-aarch64.aarch64-latest.args | 2 +-
.../qemuxml2argvdata/virtio-iommu-aarch64.xml | 6 +-
tests/qemuxml2argvtest.c | 61 +++---
.../bios-nvram-os-interleave.xml | 52 -----
tests/qemuxml2xmloutdata/bios-nvram.xml | 44 -----
.../firmware-auto-bios.x86_64-latest.xml} | 23 +--
...mware-auto-efi-aarch64.aarch64-latest.xml} | 12 +-
...-auto-efi-enrolled-keys.x86_64-latest.xml} | 21 +-
...-auto-efi-loader-secure.x86_64-latest.xml} | 22 +--
...to-efi-no-enrolled-keys.x86_64-latest.xml} | 18 +-
...are-auto-efi-no-secboot.x86_64-latest.xml} | 20 +-
...firmware-auto-efi-nvram.x86_64-latest.xml} | 22 +--
...rmware-auto-efi-secboot.x86_64-latest.xml} | 20 +-
.../firmware-auto-efi.x86_64-latest.xml} | 21 +-
...e-manual-efi-nvram-file.x86_64-latest.xml} | 9 +-
...efi-nvram-network-iscsi.x86_64-latest.xml} | 11 +-
...l-efi-nvram-network-nbd.x86_64-latest.xml} | 11 +-
.../firmware-manual-efi.xml} | 15 +-
.../os-firmware-bios.x86_64-latest.xml | 72 -------
...are-efi-no-enrolled-keys.x86_64-latest.xml | 1 -
.../os-firmware-efi-secboot.x86_64-latest.xml | 72 -------
.../os-firmware-efi.x86_64-latest.xml | 72 -------
.../pci-bridge-many-disks.xml | 1 -
.../virtio-iommu-aarch64.aarch64-latest.xml | 6 +-
tests/qemuxml2xmltest.c | 25 +--
109 files changed, 708 insertions(+), 1282 deletions(-)
create mode 100644 docs/kbase/secureboot.rst
delete mode 100644 tests/qemuxml2argvdata/aarch64-os-firmware-efi.xml
delete mode 100644 tests/qemuxml2argvdata/bios-nvram-os-interleave.xml
delete mode 100644 tests/qemuxml2argvdata/bios-nvram-rw-implicit.xml
delete mode 100644 tests/qemuxml2argvdata/bios-nvram-rw.xml
delete mode 100644 tests/qemuxml2argvdata/bios-nvram-secure.xml
delete mode 100644 tests/qemuxml2argvdata/bios.xml
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-nvram.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-nvram.xml
rename tests/qemuxml2argvdata/{os-firmware-bios.x86_64-latest.args =>
firmware-auto-bios.x86_64-latest.args} (55%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios.xml
rename tests/qemuxml2argvdata/{aarch64-os-firmware-efi.aarch64-latest.args =>
firmware-auto-efi-aarch64.aarch64-latest.args} (91%)
copy tests/qemuxml2argvdata/{aarch64-acpi-uefi.xml => firmware-auto-efi-aarch64.xml}
(53%)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml
rename tests/qemuxml2argvdata/{os-firmware-efi-secboot.x86_64-latest.args =>
firmware-auto-efi-enrolled-keys.x86_64-latest.args} (60%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path.xml
rename tests/qemuxml2argvdata/{os-firmware-efi.x86_64-latest.args =>
firmware-auto-efi-loader-secure.x86_64-latest.args} (59%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
copy tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi-no-enrolled-keys.x86_64-latest.args} (84%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
copy tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi-no-secboot.x86_64-latest.args} (84%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.xml
copy tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi-nvram.x86_64-latest.args} (65%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-nvram.xml
copy tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi-secboot.x86_64-latest.args} (73%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-secboot.xml
rename tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi.x86_64-latest.args} (73%)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi.xml
rename tests/qemuxml2argvdata/{bios-nvram-rw.x86_64-latest.args =>
firmware-manual-bios-rw-implicit.x86_64-latest.args} (68%)
copy tests/qemuxml2argvdata/{bios-nvram-no-path.xml =>
firmware-manual-bios-rw-implicit.xml} (70%)
rename tests/qemuxml2argvdata/{bios-nvram-rw-implicit.x86_64-latest.args =>
firmware-manual-bios-rw.x86_64-latest.args} (68%)
copy tests/qemuxml2argvdata/{bios-nvram-no-path.xml => firmware-manual-bios-rw.xml}
(68%)
rename tests/qemuxml2argvdata/{bios.args => firmware-manual-bios.args} (65%)
create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios.xml
rename tests/qemuxml2argvdata/{aarch64-acpi-uefi.args =>
firmware-manual-efi-acpi-aarch64.args} (98%)
rename tests/qemuxml2argvdata/{aarch64-acpi-uefi.xml =>
firmware-manual-efi-acpi-aarch64.xml} (89%)
rename tests/qemuxml2argvdata/{q35-acpi-uefi.args =>
firmware-manual-efi-acpi-q35.args} (98%)
copy tests/qemuxml2argvdata/{q35-acpi-uefi.xml => firmware-manual-efi-acpi-q35.xml}
(90%)
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-features.x86_64-latest.err
copy tests/qemuxml2argvdata/{bios-nvram-template.xml =>
firmware-manual-efi-features.xml} (67%)
rename tests/qemuxml2argvdata/{bios-nvram-no-path.err =>
firmware-manual-efi-no-path.err} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-no-path.xml =>
firmware-manual-efi-no-path.xml} (79%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-uefi.args =>
firmware-manual-efi-noacpi-aarch64.args} (98%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-uefi.xml =>
firmware-manual-efi-noacpi-aarch64.xml} (88%)
rename tests/qemuxml2argvdata/{q35-noacpi-uefi.err =>
firmware-manual-efi-noacpi-q35.err} (100%)
rename tests/qemuxml2argvdata/{q35-noacpi-uefi.xml =>
firmware-manual-efi-noacpi-q35.xml} (89%)
rename tests/qemuxml2argvdata/{bios-nvram-file.x86_64-latest.args =>
firmware-manual-efi-nvram-file.x86_64-latest.args} (89%)
rename tests/qemuxml2argvdata/{bios-nvram-file.xml =>
firmware-manual-efi-nvram-file.xml} (81%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.x86_64-4.1.0.err =>
firmware-manual-efi-nvram-network-iscsi.x86_64-4.1.0.err} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.x86_64-latest.args =>
firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args} (91%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.xml =>
firmware-manual-efi-nvram-network-iscsi.xml} (76%)
rename tests/qemuxml2argvdata/{bios-nvram-network-nbd.x86_64-latest.args =>
firmware-manual-efi-nvram-network-nbd.x86_64-latest.args} (89%)
rename tests/qemuxml2argvdata/{bios-nvram-network-nbd.xml =>
firmware-manual-efi-nvram-network-nbd.xml} (72%)
rename tests/qemuxml2argvdata/{bios-nvram-template.x86_64-latest.args =>
firmware-manual-efi-nvram-template.x86_64-latest.args} (89%)
copy tests/qemuxml2argvdata/{bios-nvram-template.xml =>
firmware-manual-efi-nvram-template.xml} (79%)
rename tests/qemuxml2argvdata/{bios-nvram-secure.args =>
firmware-manual-efi-secure.args} (67%)
rename tests/qemuxml2argvdata/{q35-acpi-uefi.xml => firmware-manual-efi-secure.xml}
(60%)
rename tests/qemuxml2argvdata/{bios-nvram.args => firmware-manual-efi.args} (76%)
rename tests/qemuxml2argvdata/{bios-nvram-template.xml => firmware-manual-efi.xml}
(71%)
rename tests/qemuxml2argvdata/{aarch64-acpi-nouefi.err =>
firmware-manual-noefi-acpi-aarch64.err} (100%)
rename tests/qemuxml2argvdata/{aarch64-acpi-nouefi.xml =>
firmware-manual-noefi-acpi-aarch64.xml} (61%)
rename tests/qemuxml2argvdata/{q35-acpi-nouefi.args =>
firmware-manual-noefi-acpi-q35.args} (84%)
rename tests/qemuxml2argvdata/{q35-acpi-nouefi.xml =>
firmware-manual-noefi-acpi-q35.xml} (63%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-nouefi.args =>
firmware-manual-noefi-noacpi-aarch64.args} (83%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-nouefi.xml =>
firmware-manual-noefi-noacpi-aarch64.xml} (59%)
rename tests/qemuxml2argvdata/{q35-noacpi-nouefi.args =>
firmware-manual-noefi-noacpi-q35.args} (84%)
rename tests/qemuxml2argvdata/{q35-noacpi-nouefi.xml =>
firmware-manual-noefi-noacpi-q35.xml} (60%)
delete mode 100644 tests/qemuxml2argvdata/os-firmware-bios.xml
delete mode 100644 tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
delete mode 100644 tests/qemuxml2argvdata/os-firmware-efi.xml
delete mode 100644 tests/qemuxml2xmloutdata/bios-nvram-os-interleave.xml
delete mode 100644 tests/qemuxml2xmloutdata/bios-nvram.xml
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml} (55%)
rename tests/qemuxml2xmloutdata/{aarch64-os-firmware-efi.aarch64-latest.xml =>
firmware-auto-efi-aarch64.aarch64-latest.xml} (71%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml} (58%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml} (57%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml} (61%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-no-secboot.x86_64-latest.xml} (58%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml} (57%)
copy tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi-secboot.x86_64-latest.xml} (58%)
rename tests/{qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml =>
qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml} (57%)
rename tests/qemuxml2xmloutdata/{bios-nvram-file.x86_64-latest.xml =>
firmware-manual-efi-nvram-file.x86_64-latest.xml} (75%)
rename tests/qemuxml2xmloutdata/{bios-nvram-network-iscsi.x86_64-latest.xml =>
firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml} (76%)
rename tests/qemuxml2xmloutdata/{bios-nvram-network-nbd.x86_64-latest.xml =>
firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml} (74%)
rename tests/{qemuxml2argvdata/bios-nvram.xml =>
qemuxml2xmloutdata/firmware-manual-efi.xml} (65%)
delete mode 100644 tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
delete mode 120000
tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
delete mode 100644 tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
delete mode 100644 tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 01/28] tests: Remove firmware bits from unrelated tests
The pci-bridge-many-disks test case is not related to firmware
handling at all, so we can trim it without losing any coverage.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
tests/qemuxml2argvdata/pci-bridge-many-disks.args | 1 -
tests/qemuxml2argvdata/pci-bridge-many-disks.xml | 1 -
tests/qemuxml2xmloutdata/pci-bridge-many-disks.xml | 1 -
3 files changed, 3 deletions(-)
diff --git a/tests/qemuxml2argvdata/pci-bridge-many-disks.args
b/tests/qemuxml2argvdata/pci-bridge-many-disks.args
index 4c98d395af..9fdb261fb8 100644
--- a/tests/qemuxml2argvdata/pci-bridge-many-disks.args
+++ b/tests/qemuxml2argvdata/pci-bridge-many-disks.args
@@ -14,7 +14,6 @@ QEMU_AUDIO_DRV=none \
-machine pc,usb=off,dump-guest-core=off \
-accel tcg \
-cpu qemu64,kvmclock=off \
--bios /usr/share/seabios/bios.bin \
-m 3907 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
diff --git a/tests/qemuxml2argvdata/pci-bridge-many-disks.xml
b/tests/qemuxml2argvdata/pci-bridge-many-disks.xml
index 5000574073..1eac85f092 100644
--- a/tests/qemuxml2argvdata/pci-bridge-many-disks.xml
+++ b/tests/qemuxml2argvdata/pci-bridge-many-disks.xml
@@ -5,7 +5,6 @@
<currentMemory unit='KiB'>4000000</currentMemory>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
- <loader>/usr/share/seabios/bios.bin</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxml2xmloutdata/pci-bridge-many-disks.xml
b/tests/qemuxml2xmloutdata/pci-bridge-many-disks.xml
index 9584c81ae9..12caf1fb9c 100644
--- a/tests/qemuxml2xmloutdata/pci-bridge-many-disks.xml
+++ b/tests/qemuxml2xmloutdata/pci-bridge-many-disks.xml
@@ -6,7 +6,6 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
- <loader type='rom'>/usr/share/seabios/bios.bin</loader>
<boot dev='hd'/>
</os>
<features>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 02/28] tests: Use firmware autoselection on aarch64
This simplifies the test data without negatively impacting test
coverage.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
.../virtio-iommu-aarch64.aarch64-latest.args | 2 +-
tests/qemuxml2argvdata/virtio-iommu-aarch64.xml | 6 ++----
.../virtio-iommu-aarch64.aarch64-latest.xml | 6 ++----
3 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args
b/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args
index a9e45ab87f..9c1de8ae9b 100644
--- a/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args
+++ b/tests/qemuxml2argvdata/virtio-iommu-aarch64.aarch64-latest.args
@@ -14,7 +14,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-guest/.config \
-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
--machine
virt,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram
\
+-machine
virt-6.0,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram
\
-accel tcg \
-cpu cortex-a15 \
-m 1024 \
diff --git a/tests/qemuxml2argvdata/virtio-iommu-aarch64.xml
b/tests/qemuxml2argvdata/virtio-iommu-aarch64.xml
index 3e89cb2dac..8d252bfcf9 100644
--- a/tests/qemuxml2argvdata/virtio-iommu-aarch64.xml
+++ b/tests/qemuxml2argvdata/virtio-iommu-aarch64.xml
@@ -3,10 +3,8 @@
<uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
<memory unit='KiB'>1048576</memory>
<vcpu placement='static'>1</vcpu>
- <os>
- <type arch='aarch64' machine='virt'>hvm</type>
- <loader readonly='yes'
type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
- <nvram>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+ <os firmware='efi'>
+ <type arch='aarch64' machine='virt-6.0'>hvm</type>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml
b/tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml
index c6560e9a91..19b881ce31 100644
--- a/tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml
+++ b/tests/qemuxml2xmloutdata/virtio-iommu-aarch64.aarch64-latest.xml
@@ -4,10 +4,8 @@
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
- <os>
- <type arch='aarch64' machine='virt'>hvm</type>
- <loader readonly='yes'
type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
- <nvram>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+ <os firmware='efi'>
+ <type arch='aarch64' machine='virt-6.0'>hvm</type>
<boot dev='hd'/>
</os>
<features>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 03/28] tests: Drop bios-nvram-os-interleave test
This was introduced in
commit 5882064084a733a661759f8f3461f7cbc259175e
Author: Martin Kletzander <mkletzan(a)redhat.com>
Date: Wed Feb 25 15:45:26 2015 +0100
tests: Add test for os interleaving
to ensure a recent change in the schema was behaving correctly.
Seven years later, it no longer seems very useful to keep it
around.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
.../bios-nvram-os-interleave.xml | 40 --------------
.../bios-nvram-os-interleave.xml | 52 -------------------
tests/qemuxml2xmltest.c | 1 -
3 files changed, 93 deletions(-)
delete mode 100644 tests/qemuxml2argvdata/bios-nvram-os-interleave.xml
delete mode 100644 tests/qemuxml2xmloutdata/bios-nvram-os-interleave.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-os-interleave.xml
b/tests/qemuxml2argvdata/bios-nvram-os-interleave.xml
deleted file mode 100644
index d6c86c661c..0000000000
--- a/tests/qemuxml2argvdata/bios-nvram-os-interleave.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<domain type='qemu'>
- <name>test-bios</name>
- <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
- <memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <type arch='x86_64' machine='pc'>hvm</type>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
- </os>
- <features>
- <acpi/>
- </features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <controller type='pci' index='0' model='pci-root'/>
- <serial type='pty'>
- <target port='0'/>
- </serial>
- <console type='pty'>
- <target type='serial' port='0'/>
- </console>
- <input type='tablet' bus='usb'/>
- <memballoon model='virtio'/>
- </devices>
-</domain>
diff --git a/tests/qemuxml2xmloutdata/bios-nvram-os-interleave.xml
b/tests/qemuxml2xmloutdata/bios-nvram-os-interleave.xml
deleted file mode 100644
index 6a40866b0b..0000000000
--- a/tests/qemuxml2xmloutdata/bios-nvram-os-interleave.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<domain type='qemu'>
- <name>test-bios</name>
- <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
- <memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
- <vcpu placement='static'>1</vcpu>
- <os>
- <type arch='x86_64' machine='pc'>hvm</type>
- <loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
- </os>
- <features>
- <acpi/>
- </features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <devices>
- <emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <driver name='qemu' type='raw'/>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
- </controller>
- <controller type='ide' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
- </controller>
- <controller type='pci' index='0' model='pci-root'/>
- <serial type='pty'>
- <target type='isa-serial' port='0'>
- <model name='isa-serial'/>
- </target>
- </serial>
- <console type='pty'>
- <target type='serial' port='0'/>
- </console>
- <input type='tablet' bus='usb'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
- </memballoon>
- </devices>
-</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 4ad6b4dac1..714d36c0a0 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1068,7 +1068,6 @@ mymain(void)
DO_TEST_CAPS_LATEST("numatune-memnode-restrictive-mode");
DO_TEST_NOCAPS("bios-nvram");
- DO_TEST_NOCAPS("bios-nvram-os-interleave");
DO_TEST_CAPS_LATEST("bios-nvram-network-iscsi");
DO_TEST_CAPS_LATEST("bios-nvram-network-nbd");
DO_TEST_CAPS_LATEST("bios-nvram-file");
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 04/28] tests: Rename and reorganize firmware tests
Group all tests related to firmware selection together and give
them consistent names that leave room for further tests to be
added in an upcoming commit.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
tests/qemusecuritytest.c | 6 +--
... => firmware-auto-bios.x86_64-latest.args} | 0
...rmware-bios.xml => firmware-auto-bios.xml} | 0
...ware-auto-efi-aarch64.aarch64-latest.args} | 0
...-efi.xml => firmware-auto-efi-aarch64.xml} | 0
...auto-efi-loader-secure.x86_64-latest.args} | 0
...ml => firmware-auto-efi-loader-secure.xml} | 0
...o-efi-no-enrolled-keys.x86_64-latest.args} | 0
...=> firmware-auto-efi-no-enrolled-keys.xml} | 0
...s => firmware-auto-efi.x86_64-latest.args} | 0
...firmware-efi.xml => firmware-auto-efi.xml} | 0
...anual-bios-rw-implicit.x86_64-latest.args} | 0
...l => firmware-manual-bios-rw-implicit.xml} | 0
...irmware-manual-bios-rw.x86_64-latest.args} | 0
...ram-rw.xml => firmware-manual-bios-rw.xml} | 0
.../{bios.args => firmware-manual-bios.args} | 0
.../{bios.xml => firmware-manual-bios.xml} | 0
... => firmware-manual-efi-acpi-aarch64.args} | 0
...l => firmware-manual-efi-acpi-aarch64.xml} | 0
...args => firmware-manual-efi-acpi-q35.args} | 0
...i.xml => firmware-manual-efi-acpi-q35.xml} | 0
...th.err => firmware-manual-efi-no-path.err} | 0
...th.xml => firmware-manual-efi-no-path.xml} | 0
...> firmware-manual-efi-noacpi-aarch64.args} | 0
...=> firmware-manual-efi-noacpi-aarch64.xml} | 0
...err => firmware-manual-efi-noacpi-q35.err} | 0
...xml => firmware-manual-efi-noacpi-q35.xml} | 0
...-manual-efi-nvram-file.x86_64-latest.args} | 0
...xml => firmware-manual-efi-nvram-file.xml} | 0
...-efi-nvram-network-iscsi.x86_64-4.1.0.err} | 0
...fi-nvram-network-iscsi.x86_64-latest.args} | 0
...rmware-manual-efi-nvram-network-iscsi.xml} | 0
...-efi-nvram-network-nbd.x86_64-latest.args} | 0
...firmware-manual-efi-nvram-network-nbd.xml} | 0
...ual-efi-nvram-template.x86_64-latest.args} | 0
...=> firmware-manual-efi-nvram-template.xml} | 0
...e.args => firmware-manual-efi-secure.args} | 0
...ure.xml => firmware-manual-efi-secure.xml} | 0
...os-nvram.args => firmware-manual-efi.args} | 0
...bios-nvram.xml => firmware-manual-efi.xml} | 0
...=> firmware-manual-noefi-acpi-aarch64.err} | 0
...=> firmware-manual-noefi-acpi-aarch64.xml} | 0
...gs => firmware-manual-noefi-acpi-q35.args} | 0
...xml => firmware-manual-noefi-acpi-q35.xml} | 0
...firmware-manual-noefi-noacpi-aarch64.args} | 0
... firmware-manual-noefi-noacpi-aarch64.xml} | 0
... => firmware-manual-noefi-noacpi-q35.args} | 0
...l => firmware-manual-noefi-noacpi-q35.xml} | 0
tests/qemuxml2argvtest.c | 52 +++++++++----------
...l => firmware-auto-bios.x86_64-latest.xml} | 0
...mware-auto-efi-aarch64.aarch64-latest.xml} | 0
...-auto-efi-loader-secure.x86_64-latest.xml} | 0
...uto-efi-no-enrolled-keys.x86_64-latest.xml | 1 +
...ml => firmware-auto-efi.x86_64-latest.xml} | 0
...e-manual-efi-nvram-file.x86_64-latest.xml} | 0
...efi-nvram-network-iscsi.x86_64-latest.xml} | 0
...l-efi-nvram-network-nbd.x86_64-latest.xml} | 0
...bios-nvram.xml => firmware-manual-efi.xml} | 0
...are-efi-no-enrolled-keys.x86_64-latest.xml | 1 -
tests/qemuxml2xmltest.c | 20 +++----
60 files changed, 39 insertions(+), 41 deletions(-)
rename tests/qemuxml2argvdata/{os-firmware-bios.x86_64-latest.args =>
firmware-auto-bios.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{os-firmware-bios.xml => firmware-auto-bios.xml} (100%)
rename tests/qemuxml2argvdata/{aarch64-os-firmware-efi.aarch64-latest.args =>
firmware-auto-efi-aarch64.aarch64-latest.args} (100%)
rename tests/qemuxml2argvdata/{aarch64-os-firmware-efi.xml =>
firmware-auto-efi-aarch64.xml} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi-secboot.x86_64-latest.args =>
firmware-auto-efi-loader-secure.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi-secboot.xml =>
firmware-auto-efi-loader-secure.xml} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.x86_64-latest.args =>
firmware-auto-efi-no-enrolled-keys.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi-no-enrolled-keys.xml =>
firmware-auto-efi-no-enrolled-keys.xml} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi.x86_64-latest.args =>
firmware-auto-efi.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{os-firmware-efi.xml => firmware-auto-efi.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-rw-implicit.x86_64-latest.args =>
firmware-manual-bios-rw-implicit.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-rw-implicit.xml =>
firmware-manual-bios-rw-implicit.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-rw.x86_64-latest.args =>
firmware-manual-bios-rw.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-rw.xml => firmware-manual-bios-rw.xml}
(100%)
rename tests/qemuxml2argvdata/{bios.args => firmware-manual-bios.args} (100%)
rename tests/qemuxml2argvdata/{bios.xml => firmware-manual-bios.xml} (100%)
rename tests/qemuxml2argvdata/{aarch64-acpi-uefi.args =>
firmware-manual-efi-acpi-aarch64.args} (100%)
rename tests/qemuxml2argvdata/{aarch64-acpi-uefi.xml =>
firmware-manual-efi-acpi-aarch64.xml} (100%)
rename tests/qemuxml2argvdata/{q35-acpi-uefi.args =>
firmware-manual-efi-acpi-q35.args} (100%)
rename tests/qemuxml2argvdata/{q35-acpi-uefi.xml => firmware-manual-efi-acpi-q35.xml}
(100%)
rename tests/qemuxml2argvdata/{bios-nvram-no-path.err =>
firmware-manual-efi-no-path.err} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-no-path.xml =>
firmware-manual-efi-no-path.xml} (100%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-uefi.args =>
firmware-manual-efi-noacpi-aarch64.args} (100%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-uefi.xml =>
firmware-manual-efi-noacpi-aarch64.xml} (100%)
rename tests/qemuxml2argvdata/{q35-noacpi-uefi.err =>
firmware-manual-efi-noacpi-q35.err} (100%)
rename tests/qemuxml2argvdata/{q35-noacpi-uefi.xml =>
firmware-manual-efi-noacpi-q35.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-file.x86_64-latest.args =>
firmware-manual-efi-nvram-file.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-file.xml =>
firmware-manual-efi-nvram-file.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.x86_64-4.1.0.err =>
firmware-manual-efi-nvram-network-iscsi.x86_64-4.1.0.err} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.x86_64-latest.args =>
firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-iscsi.xml =>
firmware-manual-efi-nvram-network-iscsi.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-nbd.x86_64-latest.args =>
firmware-manual-efi-nvram-network-nbd.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-network-nbd.xml =>
firmware-manual-efi-nvram-network-nbd.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-template.x86_64-latest.args =>
firmware-manual-efi-nvram-template.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-template.xml =>
firmware-manual-efi-nvram-template.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-secure.args =>
firmware-manual-efi-secure.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram-secure.xml =>
firmware-manual-efi-secure.xml} (100%)
rename tests/qemuxml2argvdata/{bios-nvram.args => firmware-manual-efi.args} (100%)
rename tests/qemuxml2argvdata/{bios-nvram.xml => firmware-manual-efi.xml} (100%)
rename tests/qemuxml2argvdata/{aarch64-acpi-nouefi.err =>
firmware-manual-noefi-acpi-aarch64.err} (100%)
rename tests/qemuxml2argvdata/{aarch64-acpi-nouefi.xml =>
firmware-manual-noefi-acpi-aarch64.xml} (100%)
rename tests/qemuxml2argvdata/{q35-acpi-nouefi.args =>
firmware-manual-noefi-acpi-q35.args} (100%)
rename tests/qemuxml2argvdata/{q35-acpi-nouefi.xml =>
firmware-manual-noefi-acpi-q35.xml} (100%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-nouefi.args =>
firmware-manual-noefi-noacpi-aarch64.args} (100%)
rename tests/qemuxml2argvdata/{aarch64-noacpi-nouefi.xml =>
firmware-manual-noefi-noacpi-aarch64.xml} (100%)
rename tests/qemuxml2argvdata/{q35-noacpi-nouefi.args =>
firmware-manual-noefi-noacpi-q35.args} (100%)
rename tests/qemuxml2argvdata/{q35-noacpi-nouefi.xml =>
firmware-manual-noefi-noacpi-q35.xml} (100%)
rename tests/qemuxml2xmloutdata/{os-firmware-bios.x86_64-latest.xml =>
firmware-auto-bios.x86_64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{aarch64-os-firmware-efi.aarch64-latest.xml =>
firmware-auto-efi-aarch64.aarch64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{os-firmware-efi-secboot.x86_64-latest.xml =>
firmware-auto-efi-loader-secure.x86_64-latest.xml} (100%)
create mode 120000
tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
rename tests/qemuxml2xmloutdata/{os-firmware-efi.x86_64-latest.xml =>
firmware-auto-efi.x86_64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{bios-nvram-file.x86_64-latest.xml =>
firmware-manual-efi-nvram-file.x86_64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{bios-nvram-network-iscsi.x86_64-latest.xml =>
firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{bios-nvram-network-nbd.x86_64-latest.xml =>
firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml} (100%)
rename tests/qemuxml2xmloutdata/{bios-nvram.xml => firmware-manual-efi.xml} (100%)
delete mode 120000
tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c
index 4e2343b7d7..0596783b6c 100644
--- a/tests/qemusecuritytest.c
+++ b/tests/qemusecuritytest.c
@@ -237,9 +237,9 @@ mymain(void)
DO_TEST_DOMAIN("memory-hotplug-nvdimm-pmem");
DO_TEST_DOMAIN("memory-hotplug-nvdimm-readonly");
DO_TEST_DOMAIN("net-vhostuser");
- DO_TEST_DOMAIN("os-firmware-bios");
- DO_TEST_DOMAIN("os-firmware-efi");
- DO_TEST_DOMAIN("os-firmware-efi-secboot");
+ DO_TEST_DOMAIN("firmware-auto-bios");
+ DO_TEST_DOMAIN("firmware-auto-efi");
+ DO_TEST_DOMAIN("firmware-auto-efi-loader-secure");
DO_TEST_DOMAIN("pci-bridge-many-disks");
DO_TEST_DOMAIN("tseg-explicit-size");
DO_TEST_DOMAIN("usb-redir-unix");
diff --git a/tests/qemuxml2argvdata/os-firmware-bios.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-bios.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/os-firmware-bios.xml
b/tests/qemuxml2argvdata/firmware-auto-bios.xml
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-bios.xml
rename to tests/qemuxml2argvdata/firmware-auto-bios.xml
diff --git a/tests/qemuxml2argvdata/aarch64-os-firmware-efi.aarch64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-os-firmware-efi.aarch64-latest.args
rename to tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
diff --git a/tests/qemuxml2argvdata/aarch64-os-firmware-efi.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-os-firmware-efi.xml
rename to tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-secboot.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi-secboot.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
rename to tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
rename to tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
diff --git a/tests/qemuxml2argvdata/os-firmware-efi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/os-firmware-efi.xml
b/tests/qemuxml2argvdata/firmware-auto-efi.xml
similarity index 100%
rename from tests/qemuxml2argvdata/os-firmware-efi.xml
rename to tests/qemuxml2argvdata/firmware-auto-efi.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-rw-implicit.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-rw-implicit.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-rw-implicit.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-rw-implicit.xml
rename to tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-rw.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-rw.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-rw.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-rw.xml
rename to tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
diff --git a/tests/qemuxml2argvdata/bios.args
b/tests/qemuxml2argvdata/firmware-manual-bios.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios.args
rename to tests/qemuxml2argvdata/firmware-manual-bios.args
diff --git a/tests/qemuxml2argvdata/bios.xml
b/tests/qemuxml2argvdata/firmware-manual-bios.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios.xml
rename to tests/qemuxml2argvdata/firmware-manual-bios.xml
diff --git a/tests/qemuxml2argvdata/aarch64-acpi-uefi.args
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-acpi-uefi.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
diff --git a/tests/qemuxml2argvdata/aarch64-acpi-uefi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-acpi-uefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
diff --git a/tests/qemuxml2argvdata/q35-acpi-uefi.args
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
similarity index 100%
rename from tests/qemuxml2argvdata/q35-acpi-uefi.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
diff --git a/tests/qemuxml2argvdata/q35-acpi-uefi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
similarity index 100%
rename from tests/qemuxml2argvdata/q35-acpi-uefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-no-path.err
b/tests/qemuxml2argvdata/firmware-manual-efi-no-path.err
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-no-path.err
rename to tests/qemuxml2argvdata/firmware-manual-efi-no-path.err
diff --git a/tests/qemuxml2argvdata/bios-nvram-no-path.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-no-path.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
diff --git a/tests/qemuxml2argvdata/aarch64-noacpi-uefi.args
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-noacpi-uefi.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
diff --git a/tests/qemuxml2argvdata/aarch64-noacpi-uefi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-noacpi-uefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
diff --git a/tests/qemuxml2argvdata/q35-noacpi-uefi.err
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.err
similarity index 100%
rename from tests/qemuxml2argvdata/q35-noacpi-uefi.err
rename to tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.err
diff --git a/tests/qemuxml2argvdata/q35-noacpi-uefi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
similarity index 100%
rename from tests/qemuxml2argvdata/q35-noacpi-uefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-file.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-file.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-file.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-file.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-4.1.0.err
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-4.1.0.err
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-4.1.0.err
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-4.1.0.err
diff --git a/tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-network-iscsi.x86_64-latest.args
rename to
tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-network-iscsi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-network-iscsi.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-network-nbd.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-network-nbd.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-network-nbd.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-network-nbd.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-template.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-template.x86_64-latest.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-template.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-template.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram-secure.args
b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-secure.args
rename to tests/qemuxml2argvdata/firmware-manual-efi-secure.args
diff --git a/tests/qemuxml2argvdata/bios-nvram-secure.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram-secure.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
diff --git a/tests/qemuxml2argvdata/bios-nvram.args
b/tests/qemuxml2argvdata/firmware-manual-efi.args
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram.args
rename to tests/qemuxml2argvdata/firmware-manual-efi.args
diff --git a/tests/qemuxml2argvdata/bios-nvram.xml
b/tests/qemuxml2argvdata/firmware-manual-efi.xml
similarity index 100%
rename from tests/qemuxml2argvdata/bios-nvram.xml
rename to tests/qemuxml2argvdata/firmware-manual-efi.xml
diff --git a/tests/qemuxml2argvdata/aarch64-acpi-nouefi.err
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.err
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-acpi-nouefi.err
rename to tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.err
diff --git a/tests/qemuxml2argvdata/aarch64-acpi-nouefi.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-acpi-nouefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
diff --git a/tests/qemuxml2argvdata/q35-acpi-nouefi.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
similarity index 100%
rename from tests/qemuxml2argvdata/q35-acpi-nouefi.args
rename to tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
diff --git a/tests/qemuxml2argvdata/q35-acpi-nouefi.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
similarity index 100%
rename from tests/qemuxml2argvdata/q35-acpi-nouefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
diff --git a/tests/qemuxml2argvdata/aarch64-noacpi-nouefi.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-noacpi-nouefi.args
rename to tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
diff --git a/tests/qemuxml2argvdata/aarch64-noacpi-nouefi.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
similarity index 100%
rename from tests/qemuxml2argvdata/aarch64-noacpi-nouefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
diff --git a/tests/qemuxml2argvdata/q35-noacpi-nouefi.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
similarity index 100%
rename from tests/qemuxml2argvdata/q35-noacpi-nouefi.args
rename to tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
diff --git a/tests/qemuxml2argvdata/q35-noacpi-nouefi.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
similarity index 100%
rename from tests/qemuxml2argvdata/q35-noacpi-nouefi.xml
rename to tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 48dd20458e..9aa22d5c06 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1188,29 +1188,39 @@ mymain(void)
DO_TEST_NOCAPS("reboot-timeout-disabled");
DO_TEST_NOCAPS("reboot-timeout-enabled");
- DO_TEST("bios",
+ DO_TEST("firmware-manual-bios",
QEMU_CAPS_DEVICE_ISA_SERIAL);
- DO_TEST_NOCAPS("bios-nvram");
- DO_TEST_PARSE_ERROR_NOCAPS("bios-nvram-no-path");
- DO_TEST_CAPS_LATEST("bios-nvram-rw");
- DO_TEST_CAPS_LATEST("bios-nvram-rw-implicit");
- DO_TEST("bios-nvram-secure",
+ DO_TEST_NOCAPS("firmware-manual-efi");
+ DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-efi-no-path");
+ DO_TEST_CAPS_LATEST("firmware-manual-bios-rw");
+ DO_TEST_CAPS_LATEST("firmware-manual-bios-rw-implicit");
+ DO_TEST("firmware-manual-efi-secure",
QEMU_CAPS_DEVICE_DMI_TO_PCI_BRIDGE,
QEMU_CAPS_DEVICE_PCI_BRIDGE,
QEMU_CAPS_DEVICE_IOH3420,
QEMU_CAPS_ICH9_AHCI,
QEMU_CAPS_VIRTIO_SCSI);
- DO_TEST_CAPS_LATEST("bios-nvram-template");
- DO_TEST_CAPS_LATEST("bios-nvram-network-iscsi");
- DO_TEST_CAPS_VER_PARSE_ERROR("bios-nvram-network-iscsi",
"4.1.0");
- DO_TEST_CAPS_LATEST("bios-nvram-network-nbd");
- DO_TEST_CAPS_LATEST("bios-nvram-file");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
+ DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-nvram-network-iscsi",
"4.1.0");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
/* Make sure all combinations of ACPI and UEFI behave as expected */
- DO_TEST_NOCAPS("q35-acpi-uefi");
- DO_TEST_PARSE_ERROR_NOCAPS("q35-noacpi-uefi");
- DO_TEST_NOCAPS("q35-noacpi-nouefi");
- DO_TEST_NOCAPS("q35-acpi-nouefi");
+ DO_TEST_NOCAPS("firmware-manual-efi-acpi-aarch64");
+ DO_TEST_NOCAPS("firmware-manual-efi-acpi-q35");
+ DO_TEST_NOCAPS("firmware-manual-efi-noacpi-aarch64");
+ DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-efi-noacpi-q35");
+ DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-noefi-acpi-aarch64");
+ DO_TEST_NOCAPS("firmware-manual-noefi-acpi-q35");
+ DO_TEST_NOCAPS("firmware-manual-noefi-noacpi-aarch64");
+ DO_TEST_NOCAPS("firmware-manual-noefi-noacpi-q35");
+
+ DO_TEST_CAPS_LATEST("firmware-auto-bios");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
+ DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-aarch64",
"aarch64");
DO_TEST_NOCAPS("clock-utc");
DO_TEST_NOCAPS("clock-localtime");
@@ -3018,12 +3028,6 @@ mymain(void)
QEMU_CAPS_DEVICE_PCI_BRIDGE,
QEMU_CAPS_DEVICE_PCI_SERIAL);
- /* Make sure all combinations of ACPI and UEFI behave as expected */
- DO_TEST_NOCAPS("aarch64-acpi-uefi");
- DO_TEST_NOCAPS("aarch64-noacpi-uefi");
- DO_TEST_NOCAPS("aarch64-noacpi-nouefi");
- DO_TEST_PARSE_ERROR_NOCAPS("aarch64-acpi-nouefi");
-
/* QEMU 4.0.0 didn't have support for aarch64 CPU features */
DO_TEST_CAPS_ARCH_VER_FAILURE("aarch64-features-sve", "aarch64",
"4.0.0");
/* aarch64 doesn't support the same CPU features as x86 */
@@ -3408,12 +3412,6 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("x86_64-pc-graphics", "x86_64");
DO_TEST_CAPS_ARCH_LATEST("x86_64-q35-graphics", "x86_64");
- DO_TEST_CAPS_LATEST("os-firmware-bios");
- DO_TEST_CAPS_LATEST("os-firmware-efi");
- DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
- DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
- DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
-
DO_TEST_CAPS_LATEST("vhost-user-vga");
DO_TEST_CAPS_LATEST("vhost-user-gpu-secondary");
diff --git a/tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/os-firmware-bios.x86_64-latest.xml
rename to tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.aarch64-latest.xml
rename to tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/os-firmware-efi-secboot.x86_64-latest.xml
rename to tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
new file mode 120000
index 0000000000..f954b0c4e1
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
@@ -0,0 +1 @@
+../qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/os-firmware-efi.x86_64-latest.xml
rename to tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/bios-nvram-file.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/bios-nvram-file.x86_64-latest.xml
rename to tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/bios-nvram-network-iscsi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/bios-nvram-network-iscsi.x86_64-latest.xml
rename to
tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/bios-nvram-network-nbd.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/bios-nvram-network-nbd.x86_64-latest.xml
rename to
tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
diff --git a/tests/qemuxml2xmloutdata/bios-nvram.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi.xml
similarity index 100%
rename from tests/qemuxml2xmloutdata/bios-nvram.xml
rename to tests/qemuxml2xmloutdata/firmware-manual-efi.xml
diff --git a/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
deleted file mode 120000
index 902ccb783b..0000000000
--- a/tests/qemuxml2xmloutdata/os-firmware-efi-no-enrolled-keys.x86_64-latest.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/os-firmware-efi-no-enrolled-keys.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 714d36c0a0..fdcb17838b 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1067,10 +1067,16 @@ mymain(void)
DO_TEST("numatune-hmat", QEMU_CAPS_NUMA_HMAT,
QEMU_CAPS_OBJECT_MEMORY_RAM);
DO_TEST_CAPS_LATEST("numatune-memnode-restrictive-mode");
- DO_TEST_NOCAPS("bios-nvram");
- DO_TEST_CAPS_LATEST("bios-nvram-network-iscsi");
- DO_TEST_CAPS_LATEST("bios-nvram-network-nbd");
- DO_TEST_CAPS_LATEST("bios-nvram-file");
+ DO_TEST_NOCAPS("firmware-manual-efi");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
+ DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
+
+ DO_TEST_CAPS_LATEST("firmware-auto-bios");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
+ DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-aarch64",
"aarch64");
DO_TEST_NOCAPS("tap-vhost");
DO_TEST_NOCAPS("tap-vhost-incorrect");
@@ -1081,15 +1087,9 @@ mymain(void)
DO_TEST_NOCAPS("smbios-multiple-type2");
DO_TEST_NOCAPS("smbios-type-fwcfg");
- DO_TEST_CAPS_LATEST("os-firmware-bios");
- DO_TEST_CAPS_LATEST("os-firmware-efi");
- DO_TEST_CAPS_LATEST("os-firmware-efi-secboot");
- DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys");
-
DO_TEST("aarch64-aavmf-virtio-mmio",
QEMU_CAPS_DEVICE_VIRTIO_MMIO,
QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_RANDOM);
- DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64");
DO_TEST("aarch64-virtio-pci-default",
QEMU_CAPS_VIRTIO_PCI_DISABLE_LEGACY,
QEMU_CAPS_DEVICE_VIRTIO_MMIO,
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 05/28] tests: Use minimal hardware for firmware tests
When testing firmware selection, we don't really care about any
of the hardware assigned to the VM, and in fact it's better to
keep it as minimal as possible to make sure that the focus
remains on the firmware bits.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
.../firmware-auto-bios.x86_64-latest.args | 12 +----
tests/qemuxml2argvdata/firmware-auto-bios.xml | 53 +------------------
...mware-auto-efi-aarch64.aarch64-latest.args | 6 +--
.../firmware-auto-efi-aarch64.xml | 18 +------
...-auto-efi-loader-secure.x86_64-latest.args | 12 +----
.../firmware-auto-efi-loader-secure.xml | 53 +------------------
...to-efi-no-enrolled-keys.x86_64-latest.args | 3 --
.../firmware-auto-efi-no-enrolled-keys.xml | 32 +----------
.../firmware-auto-efi.x86_64-latest.args | 12 +----
tests/qemuxml2argvdata/firmware-auto-efi.xml | 53 +------------------
...manual-bios-rw-implicit.x86_64-latest.args | 8 +--
.../firmware-manual-bios-rw-implicit.xml | 21 +-------
...firmware-manual-bios-rw.x86_64-latest.args | 8 +--
.../firmware-manual-bios-rw.xml | 21 +-------
.../firmware-manual-bios.args | 11 +---
.../qemuxml2argvdata/firmware-manual-bios.xml | 26 +--------
.../firmware-manual-efi-acpi-aarch64.args | 1 -
.../firmware-manual-efi-acpi-aarch64.xml | 4 +-
.../firmware-manual-efi-acpi-q35.args | 1 -
.../firmware-manual-efi-acpi-q35.xml | 4 +-
.../firmware-manual-efi-no-path.xml | 5 +-
.../firmware-manual-efi-noacpi-aarch64.args | 1 -
.../firmware-manual-efi-noacpi-aarch64.xml | 4 +-
.../firmware-manual-efi-noacpi-q35.xml | 4 +-
...e-manual-efi-nvram-file.x86_64-latest.args | 4 +-
.../firmware-manual-efi-nvram-file.xml | 6 +--
...efi-nvram-network-iscsi.x86_64-latest.args | 4 +-
...irmware-manual-efi-nvram-network-iscsi.xml | 9 +---
...l-efi-nvram-network-nbd.x86_64-latest.args | 4 +-
.../firmware-manual-efi-nvram-network-nbd.xml | 9 +---
...nual-efi-nvram-template.x86_64-latest.args | 4 +-
.../firmware-manual-efi-nvram-template.xml | 6 +--
.../firmware-manual-efi-secure.args | 9 +---
.../firmware-manual-efi-secure.xml | 19 +------
.../qemuxml2argvdata/firmware-manual-efi.args | 7 +--
.../qemuxml2argvdata/firmware-manual-efi.xml | 21 +-------
.../firmware-manual-noefi-acpi-aarch64.xml | 7 +--
.../firmware-manual-noefi-acpi-q35.args | 4 --
.../firmware-manual-noefi-acpi-q35.xml | 7 +--
.../firmware-manual-noefi-noacpi-aarch64.args | 4 --
.../firmware-manual-noefi-noacpi-aarch64.xml | 7 +--
.../firmware-manual-noefi-noacpi-q35.args | 4 --
.../firmware-manual-noefi-noacpi-q35.xml | 7 +--
.../firmware-auto-bios.x86_64-latest.xml | 43 ++-------------
...rmware-auto-efi-aarch64.aarch64-latest.xml | 12 ++---
...e-auto-efi-loader-secure.x86_64-latest.xml | 43 ++-------------
...uto-efi-no-enrolled-keys.x86_64-latest.xml | 37 ++++++++++++-
.../firmware-auto-efi.x86_64-latest.xml | 43 ++-------------
...re-manual-efi-nvram-file.x86_64-latest.xml | 9 +---
...-efi-nvram-network-iscsi.x86_64-latest.xml | 11 ++--
...al-efi-nvram-network-nbd.x86_64-latest.xml | 11 ++--
.../firmware-manual-efi.xml | 21 ++------
52 files changed, 111 insertions(+), 634 deletions(-)
mode change 120000 => 100644
tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
index dd159e2604..1d45a8cfba 100644
--- a/tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-bios.x86_64-latest.args
@@ -26,17 +26,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--global ICH9-LPC.disable_s3=0 \
--global ICH9-LPC.disable_s4=1 \
--boot menu=on,strict=on \
--device
'{"driver":"i82801b11-bridge","id":"pci.1","bus":"pcie.0","addr":"0x1e"}'
\
--device
'{"driver":"pci-bridge","chassis_nr":2,"id":"pci.2","bus":"pci.1","addr":"0x0"}'
\
--device
'{"driver":"ioh3420","port":8,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x1"}'
\
--device
'{"driver":"ich9-usb-ehci1","id":"usb","bus":"pcie.0","addr":"0x1d.0x7"}'
\
--device
'{"driver":"ich9-usb-uhci1","masterbus":"usb.0","firstport":0,"bus":"pcie.0","multifunction":true,"addr":"0x1d"}'
\
--device
'{"driver":"ich9-usb-uhci2","masterbus":"usb.0","firstport":2,"bus":"pcie.0","addr":"0x1d.0x1"}'
\
--device
'{"driver":"ich9-usb-uhci3","masterbus":"usb.0","firstport":4,"bus":"pcie.0","addr":"0x1d.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.2","addr":"0x1"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios.xml
b/tests/qemuxml2argvdata/firmware-auto-bios.xml
index 18ceafa948..0abbddb22e 100644
--- a/tests/qemuxml2argvdata/firmware-auto-bios.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-bios.xml
@@ -2,67 +2,18 @@
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<memory unit='KiB'>8192</memory>
- <currentMemory unit='KiB'>8192</currentMemory>
<vcpu placement='static'>1</vcpu>
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
- <controller type='sata' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
- </controller>
- <controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
index 484905d863..93f808aba9 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.aarch64-latest.args
@@ -16,7 +16,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \
-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
-machine
virt-4.0,usb=off,dump-guest-core=off,gic-version=2,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=mach-virt.ram
\
-accel tcg \
--cpu cortex-a53 \
+-cpu cortex-a15 \
-m 1024 \
-object
'{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}'
\
-overcommit mem-lock=off \
@@ -30,10 +30,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--kernel /aarch64.kernel \
--initrd /aarch64.initrd \
--append 'earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda rootwait' \
--dtb /aarch64.dtb \
-audiodev
'{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
index 48605f7198..1e8dfffb5b 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-aarch64.xml
@@ -2,30 +2,16 @@
<name>aarch64test</name>
<uuid>496d7ea8-9739-544b-4ebd-ef08be936e8b</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='aarch64' machine='virt-4.0'>hvm</type>
- <kernel>/aarch64.kernel</kernel>
- <initrd>/aarch64.initrd</initrd>
- <cmdline>earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda
rootwait</cmdline>
- <dtb>/aarch64.dtb</dtb>
- <boot dev='hd'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
- <gic version='2'/>
</features>
- <cpu mode='custom' match='exact' check='none'>
- <model fallback='allow'>cortex-a53</model>
- </cpu>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
index 1bf6ec65bd..37564db12c 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
@@ -30,17 +30,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--global ICH9-LPC.disable_s3=0 \
--global ICH9-LPC.disable_s4=1 \
--boot menu=on,strict=on \
--device
'{"driver":"i82801b11-bridge","id":"pci.1","bus":"pcie.0","addr":"0x1e"}'
\
--device
'{"driver":"pci-bridge","chassis_nr":2,"id":"pci.2","bus":"pci.1","addr":"0x0"}'
\
--device
'{"driver":"ioh3420","port":8,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x1"}'
\
--device
'{"driver":"ich9-usb-ehci1","id":"usb","bus":"pcie.0","addr":"0x1d.0x7"}'
\
--device
'{"driver":"ich9-usb-uhci1","masterbus":"usb.0","firstport":0,"bus":"pcie.0","multifunction":true,"addr":"0x1d"}'
\
--device
'{"driver":"ich9-usb-uhci2","masterbus":"usb.0","firstport":2,"bus":"pcie.0","addr":"0x1d.0x1"}'
\
--device
'{"driver":"ich9-usb-uhci3","masterbus":"usb.0","firstport":4,"bus":"pcie.0","addr":"0x1d.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.2","addr":"0x1"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
index 67c93fdbb9..1b94c25f32 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
@@ -2,67 +2,18 @@
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<memory unit='KiB'>8192</memory>
- <currentMemory unit='KiB'>8192</currentMemory>
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='yes'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
- <controller type='sata' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
- </controller>
- <controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
index 57fc34cc4d..b2cc6d3ab8 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.args
@@ -30,9 +30,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--device
'{"driver":"pcie-root-port","port":8,"chassis":1,"id":"pci.1","bus":"pcie.0","multifunction":true,"addr":"0x1"}'
\
--device
'{"driver":"pcie-root-port","port":9,"chassis":2,"id":"pci.2","bus":"pcie.0","addr":"0x1.0x1"}'
\
--device
'{"driver":"qemu-xhci","id":"usb","bus":"pci.1","addr":"0x0"}'
\
-audiodev
'{"id":"audio1","driver":"none"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
index 352908f745..e9717000a3 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
@@ -2,49 +2,19 @@
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<memory unit='KiB'>8192</memory>
- <currentMemory unit='KiB'>8192</currentMemory>
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<firmware>
<feature enabled='no' name='enrolled-keys'/>
</firmware>
- <boot dev='hd'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
- <cpu mode='custom' match='exact' check='none'>
- <model fallback='forbid'>qemu64</model>
- </cpu>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='pcie-root-port'>
- <model name='pcie-root-port'/>
- <target chassis='1' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0' multifunction='on'/>
- </controller>
- <controller type='pci' index='2'
model='pcie-root-port'>
- <model name='pcie-root-port'/>
- <target chassis='2' port='0x9'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='qemu-xhci'>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='sata' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
- </controller>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <audio id='1' type='none'/>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
index 16eb08078c..51aa5c0303 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
@@ -29,17 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--global ICH9-LPC.disable_s3=0 \
--global ICH9-LPC.disable_s4=1 \
--boot menu=on,strict=on \
--device
'{"driver":"i82801b11-bridge","id":"pci.1","bus":"pcie.0","addr":"0x1e"}'
\
--device
'{"driver":"pci-bridge","chassis_nr":2,"id":"pci.2","bus":"pci.1","addr":"0x0"}'
\
--device
'{"driver":"ioh3420","port":8,"chassis":3,"id":"pci.3","bus":"pcie.0","addr":"0x1"}'
\
--device
'{"driver":"ich9-usb-ehci1","id":"usb","bus":"pcie.0","addr":"0x1d.0x7"}'
\
--device
'{"driver":"ich9-usb-uhci1","masterbus":"usb.0","firstport":0,"bus":"pcie.0","multifunction":true,"addr":"0x1d"}'
\
--device
'{"driver":"ich9-usb-uhci2","masterbus":"usb.0","firstport":2,"bus":"pcie.0","addr":"0x1d.0x1"}'
\
--device
'{"driver":"ich9-usb-uhci3","masterbus":"usb.0","firstport":4,"bus":"pcie.0","addr":"0x1d.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.2","addr":"0x1"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.xml
b/tests/qemuxml2argvdata/firmware-auto-efi.xml
index 8109e227c0..b92277ddbe 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.xml
@@ -2,67 +2,18 @@
<name>fedora</name>
<uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
<memory unit='KiB'>8192</memory>
- <currentMemory unit='KiB'>8192</currentMemory>
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
- <controller type='sata' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
- </controller>
- <controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
index fde4c3f57f..9830078318 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.x86_64-latest.args
@@ -27,13 +27,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
--blockdev
'{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}'
\
--blockdev
'{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}'
\
--device
'{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}'
\
--device
'{"driver":"usb-tablet","id":"input0","bus":"usb.0","port":"1"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
index ebcd3e5300..6279bf2eb4 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw-implicit.xml
@@ -2,34 +2,17 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<loader
type='pflash'>/var/lib/libvirt/qemu/nvram/test-bios.fd</loader>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <controller type='pci' index='0' model='pci-root'/>
- <input type='tablet' bus='usb'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'/>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
index fde4c3f57f..9830078318 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw.x86_64-latest.args
@@ -27,13 +27,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
--blockdev
'{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}'
\
--blockdev
'{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}'
\
--device
'{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}'
\
--device
'{"driver":"usb-tablet","id":"input0","bus":"usb.0","port":"1"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
b/tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
index b03b4b5ecb..1dc9432523 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-rw.xml
@@ -2,34 +2,17 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<loader readonly='no'
type='pflash'>/var/lib/libvirt/qemu/nvram/test-bios.fd</loader>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <controller type='pci' index='0' model='pci-root'/>
- <input type='tablet' bus='usb'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'/>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios.args
b/tests/qemuxml2argvdata/firmware-manual-bios.args
index 5767de0874..e1cb064b71 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios.args
+++ b/tests/qemuxml2argvdata/firmware-manual-bios.args
@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
-name guest=test-bios,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test-bios/master-key.aes
\
--machine pc,usb=off,dump-guest-core=off,graphics=off \
+-machine pc,usb=off,dump-guest-core=off \
-accel tcg \
-bios /usr/share/seabios/bios.bin \
-m 1024 \
@@ -26,12 +26,5 @@ QEMU_AUDIO_DRV=none \
-rtc base=utc \
-no-shutdown \
-no-acpi \
--boot menu=on,strict=on \
--usb \
--drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
--device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--chardev pty,id=charserial0 \
--device isa-serial,chardev=charserial0,id=serial0,index=0 \
--device usb-tablet,id=input0,bus=usb.0,port=1 \
--device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-boot strict=on \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios.xml
b/tests/qemuxml2argvdata/firmware-manual-bios.xml
index 82092c1893..3e1946029c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-bios.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-bios.xml
@@ -2,36 +2,14 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='i686' machine='pc'>hvm</type>
<loader>/usr/share/seabios/bios.bin</loader>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
- <bios useserial='yes'/>
</os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-i386</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <serial type='pty'>
- <target port='0'/>
- </serial>
- <console type='pty'>
- <target type='serial' port='0'/>
- </console>
- <input type='tablet' bus='usb'/>
- <input type='mouse' bus='ps2'/>
- <memballoon model='virtio'/>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
index 88ea50027c..ef98c940f7 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine virt,usb=off,dump-guest-core=off,gic-version=2 \
-accel tcg \
--cpu cortex-a57 \
-drive file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \
-m 1024 \
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
index ef95ba5c17..b18c5f55f0 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-aarch64.xml
@@ -11,11 +11,9 @@
<features>
<acpi/>
</features>
- <cpu mode='custom'>
- <model>cortex-a57</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
index 1ea740d29c..0c5e3413c3 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine q35,usb=off,dump-guest-core=off \
-accel tcg \
--cpu Haswell \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \
-m 1024 \
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
index 7e3fa48e9d..ea5289da2e 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-acpi-q35.xml
@@ -11,11 +11,9 @@
<features>
<acpi/>
</features>
- <cpu mode='custom'>
- <model>Haswell</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
index bf97f0bdd6..435f01dab4 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-no-path.xml
@@ -2,18 +2,17 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<loader readonly='yes' type='pflash'/>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
index b8da2a53c7..f3aa947e52 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine virt,usb=off,dump-guest-core=off,gic-version=2 \
-accel tcg \
--cpu cortex-a57 \
-drive file=/usr/share/AAVMF/AAVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \
-m 1024 \
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
index c36ce824ac..3799a5181c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-aarch64.xml
@@ -8,11 +8,9 @@
<loader readonly='yes'
type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
</os>
- <cpu mode='custom'>
- <model>cortex-a57</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
index 4e4d6fa3d1..9b080fe31c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-noacpi-q35.xml
@@ -8,11 +8,9 @@
<loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
</os>
- <cpu mode='custom'>
- <model>Haswell</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
index 4b0aec7539..bede23b678 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.x86_64-latest.args
@@ -29,9 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
index 8df9412112..beed93adc1 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-file.xml
@@ -2,7 +2,6 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
@@ -10,14 +9,13 @@
<nvram type='file'>
<source file='/var/lib/libvirt/nvram/guest_VARS.fd'/>
</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git
a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
index b8a323358d..868a5c6465 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.args
@@ -30,9 +30,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
index d8a354126d..efc60341ab 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-iscsi.xml
@@ -2,7 +2,6 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
@@ -15,17 +14,13 @@
</auth>
</source>
</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git
a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
index 08dbd99335..7ea855e02c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.args
@@ -29,9 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
index 3350914607..60a963ca22 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-network-nbd.xml
@@ -2,7 +2,6 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
@@ -12,17 +11,13 @@
<host name='example.org' port='6000'/>
</source>
</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
index 7dc0d604a0..de7245fed0 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.x86_64-latest.args
@@ -29,9 +29,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}'
\
+-boot strict=on \
-audiodev
'{"id":"audio1","driver":"none"}' \
--device
'{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x2"}'
\
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
index 1bbe4314b5..0d7e43a26c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template.xml
@@ -2,20 +2,18 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram template="/usr/share/OVMF/OVMF_VARS.fd"/>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args
b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args
index 741ed2c16c..fe0f78599b 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-secure.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-secure.args
@@ -27,12 +27,5 @@ QEMU_AUDIO_DRV=none \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1e \
--device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x0 \
--device ioh3420,port=8,chassis=3,id=pci.3,bus=pcie.0,addr=0x1 \
--device virtio-scsi-pci,id=scsi0,bus=pci.2,addr=0x1 \
--drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-scsi0-0-0-0 \
--device
scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1
\
--device virtio-balloon-pci,id=balloon0,bus=pci.2,addr=0x2 \
+-boot strict=on \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
index fb5ca4c48d..090e37cecd 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-secure.xml
@@ -2,34 +2,19 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='q35'>hvm</type>
<loader readonly='yes' secure='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
<smm state='on'/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='sda' bus='scsi'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='scsi' index='0'/>
- <controller type='pci' index='0' model='pcie-root'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'/>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi.args
b/tests/qemuxml2argvdata/firmware-manual-efi.args
index ed3c7c96e2..ac5f86dc83 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi.args
+++ b/tests/qemuxml2argvdata/firmware-manual-efi.args
@@ -26,10 +26,5 @@ QEMU_AUDIO_DRV=none \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
--boot menu=on,strict=on \
--usb \
--drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
--device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--device usb-tablet,id=input0,bus=usb.0,port=1 \
--device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-boot strict=on \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi.xml
b/tests/qemuxml2argvdata/firmware-manual-efi.xml
index 329d510e95..bbc4641da8 100644
--- a/tests/qemuxml2argvdata/firmware-manual-efi.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-efi.xml
@@ -2,35 +2,18 @@
<name>test-bios</name>
<uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
<memory unit='KiB'>1048576</memory>
- <currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
- <boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
</features>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'/>
- <controller type='ide' index='0'/>
- <controller type='pci' index='0' model='pci-root'/>
- <input type='tablet' bus='usb'/>
- <input type='mouse' bus='ps2'/>
- <input type='keyboard' bus='ps2'/>
- <memballoon model='virtio'/>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
index cda1b1bdc6..12052e2f43 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-aarch64.xml
@@ -5,18 +5,13 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='aarch64' machine='virt'>hvm</type>
- <kernel>/var/lib/libvirt/images/guest.vmlinuz</kernel>
- <initrd>/var/lib/libvirt/images/guest.initramfs</initrd>
- <cmdline>console=ttyAMA0 rw root=/dev/vda rootwait</cmdline>
</os>
<features>
<acpi/>
</features>
- <cpu mode='custom'>
- <model>cortex-a57</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
index d0490b9fef..d97ac2f634 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine q35,usb=off,dump-guest-core=off \
-accel tcg \
--cpu Haswell \
-m 1024 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@@ -26,7 +25,4 @@ QEMU_AUDIO_DRV=none \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
--kernel /var/lib/libvirt/images/guest.vmlinuz \
--initrd /var/lib/libvirt/images/guest.initramfs \
--append 'rw root=/dev/vda rootwait' \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
index 7d735f99c4..2b3ae78169 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-acpi-q35.xml
@@ -5,18 +5,13 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='q35'>hvm</type>
- <kernel>/var/lib/libvirt/images/guest.vmlinuz</kernel>
- <initrd>/var/lib/libvirt/images/guest.initramfs</initrd>
- <cmdline>rw root=/dev/vda rootwait</cmdline>
</os>
<features>
<acpi/>
</features>
- <cpu mode='custom'>
- <model>Haswell</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
index 0aa75ca624..293085b105 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine virt,usb=off,dump-guest-core=off,gic-version=2 \
-accel tcg \
--cpu cortex-a57 \
-m 1024 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@@ -27,7 +26,4 @@ QEMU_AUDIO_DRV=none \
-no-shutdown \
-no-acpi \
-boot strict=on \
--kernel /var/lib/libvirt/images/guest.vmlinuz \
--initrd /var/lib/libvirt/images/guest.initramfs \
--append 'console=ttyAMA0 rw root=/dev/vda rootwait' \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
index e8551ed2d9..72d7bf2ed5 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-aarch64.xml
@@ -5,15 +5,10 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='aarch64' machine='virt'>hvm</type>
- <kernel>/var/lib/libvirt/images/guest.vmlinuz</kernel>
- <initrd>/var/lib/libvirt/images/guest.initramfs</initrd>
- <cmdline>console=ttyAMA0 rw root=/dev/vda rootwait</cmdline>
</os>
- <cpu mode='custom'>
- <model>cortex-a57</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
index 79ce26f047..c5e067853e 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.args
@@ -13,7 +13,6 @@ QEMU_AUDIO_DRV=none \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-guest/master-key.aes \
-machine q35,usb=off,dump-guest-core=off \
-accel tcg \
--cpu Haswell \
-m 1024 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@@ -27,7 +26,4 @@ QEMU_AUDIO_DRV=none \
-no-shutdown \
-no-acpi \
-boot strict=on \
--kernel /var/lib/libvirt/images/guest.vmlinuz \
--initrd /var/lib/libvirt/images/guest.initramfs \
--append 'rw root=/dev/vda rootwait' \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
index 163b424eac..2150c33b1c 100644
--- a/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
+++ b/tests/qemuxml2argvdata/firmware-manual-noefi-noacpi-q35.xml
@@ -5,15 +5,10 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='q35'>hvm</type>
- <kernel>/var/lib/libvirt/images/guest.vmlinuz</kernel>
- <initrd>/var/lib/libvirt/images/guest.initramfs</initrd>
- <cmdline>rw root=/dev/vda rootwait</cmdline>
</os>
- <cpu mode='custom'>
- <model>Haswell</model>
- </cpu>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
index e6704fb7de..c43f3b1147 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
@@ -9,12 +9,9 @@
<loader secure='no'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
<cpu mode='custom' match='exact' check='none'>
<model fallback='forbid'>qemu64</model>
@@ -22,51 +19,17 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
index 627e285ae1..a926869046 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-aarch64.aarch64-latest.xml
@@ -6,28 +6,24 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='aarch64' machine='virt-4.0'>hvm</type>
- <kernel>/aarch64.kernel</kernel>
- <initrd>/aarch64.initrd</initrd>
- <cmdline>earlyprintk console=ttyAMA0,115200n8 rw root=/dev/vda
rootwait</cmdline>
- <dtb>/aarch64.dtb</dtb>
<boot dev='hd'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
<gic version='2'/>
</features>
<cpu mode='custom' match='exact' check='none'>
- <model fallback='allow'>cortex-a53</model>
+ <model fallback='forbid'>cortex-a15</model>
</cpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <controller type='usb' index='0' model='none'/>
<controller type='pci' index='0' model='pcie-root'/>
<audio id='1' type='none'/>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
index 35ee0a61b0..709fd42aa6 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
@@ -9,12 +9,9 @@
<loader secure='yes'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
<cpu mode='custom' match='exact' check='none'>
<model fallback='forbid'>qemu64</model>
@@ -22,51 +19,17 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
deleted file mode 120000
index f954b0c4e1..0000000000
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/firmware-auto-efi-no-enrolled-keys.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
new file mode 100644
index 0000000000..e5d307e0b2
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml
@@ -0,0 +1,36 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='no' name='enrolled-keys'/>
+ </firmware>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
index ca323482f8..b152b3ef87 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
@@ -9,12 +9,9 @@
<loader secure='no'/>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
- <apic/>
- <pae/>
</features>
<cpu mode='custom' match='exact' check='none'>
<model fallback='forbid'>qemu64</model>
@@ -22,51 +19,17 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <pm>
- <suspend-to-mem enabled='yes'/>
- <suspend-to-disk enabled='no'/>
- </pm>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x7'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci1'>
- <master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x0' multifunction='on'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci2'>
- <master startport='2'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x1'/>
- </controller>
- <controller type='usb' index='0' model='ich9-uhci3'>
- <master startport='4'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1d' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
- <controller type='pci' index='1'
model='dmi-to-pci-bridge'>
- <model name='i82801b11-bridge'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x1e' function='0x0'/>
- </controller>
- <controller type='pci' index='2' model='pci-bridge'>
- <model name='pci-bridge'/>
- <target chassisNr='2'/>
- <address type='pci' domain='0x0000' bus='0x01'
slot='0x00' function='0x0'/>
- </controller>
- <controller type='pci' index='3'
model='pcie-root-port'>
- <model name='ioh3420'/>
- <target chassis='3' port='0x8'/>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x0'/>
- </controller>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x02'
slot='0x01' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
index 97e029f70b..b78cafecc4 100644
--- a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-file.x86_64-latest.xml
@@ -11,7 +11,6 @@
<source file='/var/lib/libvirt/nvram/guest_VARS.fd'/>
</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
@@ -25,15 +24,11 @@
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='piix3-uhci'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git
a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
index 73b7aefe7b..16de5e7387 100644
--- a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-iscsi.x86_64-latest.xml
@@ -16,7 +16,6 @@
</source>
</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
@@ -27,18 +26,14 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='piix3-uhci'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git
a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
index bc78be11b6..1adbd9e60e 100644
--- a/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-manual-efi-nvram-network-nbd.x86_64-latest.xml
@@ -13,7 +13,6 @@
</source>
</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
@@ -24,18 +23,14 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <controller type='usb' index='0' model='piix3-uhci'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-efi.xml
b/tests/qemuxml2xmloutdata/firmware-manual-efi.xml
index 7049f5e9c5..7e6b3ad432 100644
--- a/tests/qemuxml2xmloutdata/firmware-manual-efi.xml
+++ b/tests/qemuxml2xmloutdata/firmware-manual-efi.xml
@@ -9,7 +9,6 @@
<loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
- <bootmenu enable='yes'/>
</os>
<features>
<acpi/>
@@ -17,28 +16,14 @@
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
+ <on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
- <disk type='block' device='disk'>
- <driver name='qemu' type='raw'/>
- <source dev='/dev/HostVG/QEMUGuest1'/>
- <target dev='hda' bus='ide'/>
- <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
- </disk>
- <controller type='usb' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
- </controller>
- <controller type='ide' index='0'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
- </controller>
+ <controller type='usb' index='0' model='none'/>
<controller type='pci' index='0' model='pci-root'/>
- <input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<audio id='1' type='none'/>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
- </memballoon>
+ <memballoon model='none'/>
</devices>
</domain>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 06/28] tests: Don't set NVRAM path manually
This does the opposite of
commit 392292cd99ee275f986e9e21f325a9fee8e8bbfe
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Wed Feb 23 12:45:51 2022 +0000
tests: don't use auto-generated NVRAM path in tests
in order to minimize input files.
We're going to add a test case specifically covering the use of
custom NVRAM paths with firmware autoselection in an upcoming
commit.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
tests/qemuxml2argvdata/firmware-auto-bios.xml | 1 -
.../firmware-auto-efi-loader-secure.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml | 1 -
tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args | 2 +-
tests/qemuxml2argvdata/firmware-auto-efi.xml | 1 -
tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml | 1 -
.../firmware-auto-efi-loader-secure.x86_64-latest.xml | 1 -
tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml | 1 -
8 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios.xml
b/tests/qemuxml2argvdata/firmware-auto-bios.xml
index 0abbddb22e..1318f68243 100644
--- a/tests/qemuxml2argvdata/firmware-auto-bios.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-bios.xml
@@ -6,7 +6,6 @@
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
index 37564db12c..7479b05af4 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
--blockdev
'{"driver":"file","filename":"/some/user/nvram/path/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
index 1b94c25f32..34fa6d090e 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-secure.xml
@@ -6,7 +6,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='yes'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
index 51aa5c0303..885c83445d 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
--blockdev
'{"driver":"file","filename":"/some/user/nvram/path/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.xml
b/tests/qemuxml2argvdata/firmware-auto-efi.xml
index b92277ddbe..33bd7b0ac1 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.xml
@@ -6,7 +6,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
index c43f3b1147..b744234cf1 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
index 709fd42aa6..26e30d7f64 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-loader-secure.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='yes'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
index b152b3ef87..35d49b7c62 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
@@ -7,7 +7,6 @@
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<loader secure='no'/>
- <nvram>/some/user/nvram/path/guest_VARS.fd</nvram>
<boot dev='hd'/>
</os>
<features>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 07/28] tests: Don't use loader.secure=no with firmware autoselection
This currently has not effect whatsoever, so it's just cluttering
the input files.
We're going to add specific handling for this scenario, as well
as a test case covering it, in an upcoming commit.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
tests/qemuxml2argvdata/firmware-auto-bios.xml | 1 -
tests/qemuxml2argvdata/firmware-auto-efi.xml | 1 -
tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml | 1 -
tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml | 1 -
4 files changed, 4 deletions(-)
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios.xml
b/tests/qemuxml2argvdata/firmware-auto-bios.xml
index 1318f68243..06bb0bea9d 100644
--- a/tests/qemuxml2argvdata/firmware-auto-bios.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-bios.xml
@@ -5,7 +5,6 @@
<vcpu placement='static'>1</vcpu>
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
- <loader secure='no'/>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.xml
b/tests/qemuxml2argvdata/firmware-auto-efi.xml
index 33bd7b0ac1..55b9be1aec 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.xml
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.xml
@@ -5,7 +5,6 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
- <loader secure='no'/>
</os>
<features>
<acpi/>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
index b744234cf1..722294089e 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-bios.x86_64-latest.xml
@@ -6,7 +6,6 @@
<vcpu placement='static'>1</vcpu>
<os firmware='bios'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
- <loader secure='no'/>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
index 35d49b7c62..7e2e40036e 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi.x86_64-latest.xml
@@ -6,7 +6,6 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
- <loader secure='no'/>
<boot dev='hd'/>
</os>
<features>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 08/28] tests: Add more firmware tests
Note that some of these new tests are displaying incorrect or
suboptimal behavior. When we address those in upcoming patches,
this will be highlighted by changes in the test data.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
...-auto-efi-enrolled-keys.x86_64-latest.args | 35 ++++++++++++++++++
.../firmware-auto-efi-enrolled-keys.xml | 20 +++++++++++
...are-auto-efi-no-secboot.x86_64-latest.args | 35 ++++++++++++++++++
.../firmware-auto-efi-no-secboot.xml | 20 +++++++++++
...firmware-auto-efi-nvram.x86_64-latest.args | 35 ++++++++++++++++++
.../firmware-auto-efi-nvram.xml | 18 ++++++++++
...rmware-auto-efi-secboot.x86_64-latest.args | 35 ++++++++++++++++++
.../firmware-auto-efi-secboot.xml | 20 +++++++++++
tests/qemuxml2argvtest.c | 4 +++
...e-auto-efi-enrolled-keys.x86_64-latest.xml | 36 +++++++++++++++++++
...ware-auto-efi-no-secboot.x86_64-latest.xml | 36 +++++++++++++++++++
.../firmware-auto-efi-nvram.x86_64-latest.xml | 33 +++++++++++++++++
...irmware-auto-efi-secboot.x86_64-latest.xml | 36 +++++++++++++++++++
tests/qemuxml2xmltest.c | 4 +++
14 files changed, 367 insertions(+)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.xml
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-nvram.xml
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-secboot.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
create mode 100644
tests/qemuxml2xmloutdata/firmware-auto-efi-no-secboot.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/firmware-auto-efi-secboot.x86_64-latest.xml
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
new file mode 100644
index 0000000000..885c83445d
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
+-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.xml
new file mode 100644
index 0000000000..b6ee05447f
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.xml
@@ -0,0 +1,20 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ </firmware>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args
new file mode 100644
index 0000000000..b2cc6d3ab8
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
+-machine
pc-q35-4.0,usb=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.xml
new file mode 100644
index 0000000000..749d364ba5
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-no-secboot.xml
@@ -0,0 +1,20 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='no' name='secure-boot'/>
+ </firmware>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
new file mode 100644
index 0000000000..885c83445d
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
+-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.xml
new file mode 100644
index 0000000000..17de8e380a
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <nvram>/path/to/fedora_VARS.fd</nvram>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
new file mode 100644
index 0000000000..885c83445d
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-fedora \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=fedora,debug-threads=on \
+-S \
+-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
+-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
+-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev
'{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.xml
new file mode 100644
index 0000000000..8a0b414f55
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.xml
@@ -0,0 +1,20 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='secure-boot'/>
+ </firmware>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 9aa22d5c06..d21b2d9154 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1218,7 +1218,11 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-auto-bios");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-aarch64",
"aarch64");
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
new file mode 100644
index 0000000000..aa08caa4f7
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
@@ -0,0 +1,36 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ </firmware>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-no-secboot.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-secboot.x86_64-latest.xml
new file mode 100644
index 0000000000..1528ebcfe0
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-no-secboot.x86_64-latest.xml
@@ -0,0 +1,36 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='no' name='secure-boot'/>
+ </firmware>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
new file mode 100644
index 0000000000..7e2e40036e
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
@@ -0,0 +1,33 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-secboot.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-secboot.x86_64-latest.xml
new file mode 100644
index 0000000000..ef24e04b61
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-secboot.x86_64-latest.xml
@@ -0,0 +1,36 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <currentMemory unit='KiB'>8192</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='secure-boot'/>
+ </firmware>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='sata' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x1f' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index fdcb17838b..60114e3673 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1074,7 +1074,11 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-auto-bios");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-aarch64",
"aarch64");
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 09/28] conf: Move virDomainLoaderDefParseXML()
Pure code movement, needed to prepare for upcoming changes.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 57 +++++++++++++++++++++---------------------
1 file changed, 29 insertions(+), 28 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 709ca53790..6f5f370696 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17991,34 +17991,6 @@ virDomainDefMaybeAddHostdevSCSIcontroller(virDomainDef *def)
return 0;
}
-static int
-virDomainLoaderDefParseXML(xmlNodePtr node,
- virDomainLoaderDef *loader,
- bool fwAutoSelect)
-{
- if (!fwAutoSelect) {
- if (virXMLPropTristateBool(node, "readonly", VIR_XML_PROP_NONE,
- &loader->readonly) < 0)
- return -1;
-
- if (virXMLPropEnum(node, "type", virDomainLoaderTypeFromString,
- VIR_XML_PROP_NONZERO, &loader->type) < 0)
- return -1;
-
- if (!(loader->path = virXMLNodeContentString(node)))
- return -1;
-
- if (STREQ(loader->path, ""))
- VIR_FREE(loader->path);
- }
-
- if (virXMLPropTristateBool(node, "secure", VIR_XML_PROP_NONE,
- &loader->secure) < 0)
- return -1;
-
- return 0;
-}
-
static int
virDomainNvramDefParseXML(virDomainLoaderDef *loader,
@@ -18065,6 +18037,35 @@ virDomainNvramDefParseXML(virDomainLoaderDef *loader,
}
+static int
+virDomainLoaderDefParseXML(xmlNodePtr node,
+ virDomainLoaderDef *loader,
+ bool fwAutoSelect)
+{
+ if (!fwAutoSelect) {
+ if (virXMLPropTristateBool(node, "readonly", VIR_XML_PROP_NONE,
+ &loader->readonly) < 0)
+ return -1;
+
+ if (virXMLPropEnum(node, "type", virDomainLoaderTypeFromString,
+ VIR_XML_PROP_NONZERO, &loader->type) < 0)
+ return -1;
+
+ if (!(loader->path = virXMLNodeContentString(node)))
+ return -1;
+
+ if (STREQ(loader->path, ""))
+ VIR_FREE(loader->path);
+ }
+
+ if (virXMLPropTristateBool(node, "secure", VIR_XML_PROP_NONE,
+ &loader->secure) < 0)
+ return -1;
+
+ return 0;
+}
+
+
static int
virDomainSchedulerParseCommonAttrs(xmlNodePtr node,
virProcessSchedPolicy *policy,
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 10/28] conf: Rename virDomainLoaderDefParseXMLNvram()
The previous name was identical, modulo the case, to the
completely unrelated virDomainNVRAMDefParseXML().
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6f5f370696..1cb162f67c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17993,10 +17993,10 @@ virDomainDefMaybeAddHostdevSCSIcontroller(virDomainDef *def)
static int
-virDomainNvramDefParseXML(virDomainLoaderDef *loader,
- xmlXPathContextPtr ctxt,
- virDomainXMLOption *xmlopt,
- unsigned int flags)
+virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
+ xmlXPathContextPtr ctxt,
+ virDomainXMLOption *xmlopt,
+ unsigned int flags)
{
g_autofree char *nvramType = virXPathString("string(./os/nvram/@type)",
ctxt);
g_autoptr(virStorageSource) src = virStorageSourceNew();
@@ -18468,7 +18468,7 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
fwAutoSelect) < 0)
return -1;
- if (virDomainNvramDefParseXML(def->os.loader, ctxt, xmlopt, flags) < 0)
+ if (virDomainLoaderDefParseXMLNvram(def->os.loader, ctxt, xmlopt, flags) < 0)
return -1;
if (!fwAutoSelect)
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 11/28] conf: Move setting type for NVRAM source
When the 'type' attribute is present we'd end up overwriting
this value via virDomainStorageSourceParse(). Moving this
assignment makes the current code clearer and will also help
with upcoming changes.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 1cb162f67c..f19f6eb63c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18001,7 +18001,6 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
g_autofree char *nvramType = virXPathString("string(./os/nvram/@type)",
ctxt);
g_autoptr(virStorageSource) src = virStorageSourceNew();
- src->type = VIR_STORAGE_TYPE_FILE;
src->format = VIR_STORAGE_FILE_RAW;
if (!nvramType) {
@@ -18011,6 +18010,7 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
return 0; /* no nvram */
src->path = nvramPath;
+ src->type = VIR_STORAGE_TYPE_FILE;
} else {
xmlNodePtr sourceNode;
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 12/28] conf: Move nvramTemplate parsing
It belongs to virDomainLoaderDefParseXMLNvram(), where the other
parts of the <nvram> element are handled.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f19f6eb63c..fcb468b465 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17996,11 +17996,15 @@ static int
virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
- unsigned int flags)
+ unsigned int flags,
+ bool fwAutoSelect)
{
g_autofree char *nvramType = virXPathString("string(./os/nvram/@type)",
ctxt);
g_autoptr(virStorageSource) src = virStorageSourceNew();
+ if (!fwAutoSelect)
+ loader->nvramTemplate =
virXPathString("string(./os/nvram[1]/@template)", ctxt);
+
src->format = VIR_STORAGE_FILE_RAW;
if (!nvramType) {
@@ -18468,12 +18472,11 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
fwAutoSelect) < 0)
return -1;
- if (virDomainLoaderDefParseXMLNvram(def->os.loader, ctxt, xmlopt, flags) < 0)
+ if (virDomainLoaderDefParseXMLNvram(def->os.loader,
+ ctxt, xmlopt, flags,
+ fwAutoSelect) < 0)
return -1;
- if (!fwAutoSelect)
- def->os.loader->nvramTemplate =
virXPathString("string(./os/nvram[1]/@template)", ctxt);
-
return 0;
}
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 13/28] conf: Handle NVRAM in virDomainLoaderDefParseXML()
All the data in the <nvram> element ends up in the same struct
as that coming from the <loader> element, so it makes sense to
have a single entry point for parsing an XML document into a
virDomainLoaderDef instance.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index fcb468b465..d6a33a0f81 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18042,8 +18042,11 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
static int
-virDomainLoaderDefParseXML(xmlNodePtr node,
- virDomainLoaderDef *loader,
+virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
+ xmlNodePtr node,
+ xmlXPathContextPtr ctxt,
+ virDomainXMLOption *xmlopt,
+ unsigned int flags,
bool fwAutoSelect)
{
if (!fwAutoSelect) {
@@ -18066,6 +18069,11 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
&loader->secure) < 0)
return -1;
+ if (virDomainLoaderDefParseXMLNvram(loader,
+ ctxt, xmlopt, flags,
+ fwAutoSelect) < 0)
+ return -1;
+
return 0;
}
@@ -18467,16 +18475,12 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
def->os.loader = g_new0(virDomainLoaderDef, 1);
- if (virDomainLoaderDefParseXML(loader_node,
- def->os.loader,
+ if (virDomainLoaderDefParseXML(def->os.loader,
+ loader_node,
+ ctxt, xmlopt, flags,
fwAutoSelect) < 0)
return -1;
- if (virDomainLoaderDefParseXMLNvram(def->os.loader,
- ctxt, xmlopt, flags,
- fwAutoSelect) < 0)
- return -1;
-
return 0;
}
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 14/28] conf: Rename virDomainLoaderDefParseXML() argument
We're going to start passing multiple nodes to the function in
a moment, so we need a more specific name.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d6a33a0f81..d60985cb85 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18043,29 +18043,29 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
static int
virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
- xmlNodePtr node,
+ xmlNodePtr loaderNode,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
unsigned int flags,
bool fwAutoSelect)
{
if (!fwAutoSelect) {
- if (virXMLPropTristateBool(node, "readonly", VIR_XML_PROP_NONE,
+ if (virXMLPropTristateBool(loaderNode, "readonly", VIR_XML_PROP_NONE,
&loader->readonly) < 0)
return -1;
- if (virXMLPropEnum(node, "type", virDomainLoaderTypeFromString,
+ if (virXMLPropEnum(loaderNode, "type", virDomainLoaderTypeFromString,
VIR_XML_PROP_NONZERO, &loader->type) < 0)
return -1;
- if (!(loader->path = virXMLNodeContentString(node)))
+ if (!(loader->path = virXMLNodeContentString(loaderNode)))
return -1;
if (STREQ(loader->path, ""))
VIR_FREE(loader->path);
}
- if (virXMLPropTristateBool(node, "secure", VIR_XML_PROP_NONE,
+ if (virXMLPropTristateBool(loaderNode, "secure", VIR_XML_PROP_NONE,
&loader->secure) < 0)
return -1;
@@ -18467,16 +18467,16 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
virDomainXMLOption *xmlopt,
unsigned int flags)
{
- xmlNodePtr loader_node = virXPathNode("./os/loader[1]", ctxt);
+ xmlNodePtr loaderNode = virXPathNode("./os/loader[1]", ctxt);
const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
- if (!loader_node)
+ if (!loaderNode)
return 0;
def->os.loader = g_new0(virDomainLoaderDef, 1);
if (virDomainLoaderDefParseXML(def->os.loader,
- loader_node,
+ loaderNode,
ctxt, xmlopt, flags,
fwAutoSelect) < 0)
return -1;
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 15/28] conf: Use nodes in virDomainLoaderDefParseXMLNvram()
This makes the function more consistent with
virDomainLoaderDefParseXML() by preferring the virXMLProp
class of functions to XPath access.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 49 ++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 21 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d60985cb85..858242b3ae 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17994,43 +17994,45 @@ virDomainDefMaybeAddHostdevSCSIcontroller(virDomainDef *def)
static int
virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
+ xmlNodePtr nvramNode,
+ xmlNodePtr nvramSourceNode,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
unsigned int flags,
bool fwAutoSelect)
{
- g_autofree char *nvramType = virXPathString("string(./os/nvram/@type)",
ctxt);
g_autoptr(virStorageSource) src = virStorageSourceNew();
+ int typePresent;
+
+ if (!nvramNode)
+ return 0;
if (!fwAutoSelect)
- loader->nvramTemplate =
virXPathString("string(./os/nvram[1]/@template)", ctxt);
+ loader->nvramTemplate = virXMLPropString(nvramNode, "template");
src->format = VIR_STORAGE_FILE_RAW;
- if (!nvramType) {
- char *nvramPath = NULL;
-
- if (!(nvramPath = virXPathString("string(./os/nvram[1])", ctxt)))
- return 0; /* no nvram */
+ if ((typePresent = virXMLPropEnum(nvramNode, "type",
+ virStorageTypeFromString, VIR_XML_PROP_NONE,
+ &src->type)) < 0)
+ return -1;
- src->path = nvramPath;
- src->type = VIR_STORAGE_TYPE_FILE;
- } else {
- xmlNodePtr sourceNode;
+ if (!typePresent) {
+ g_autofree char *path = NULL;
- if ((src->type = virStorageTypeFromString(nvramType)) <= 0) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("unknown disk type '%s'"), nvramType);
+ if (!(path = virXMLNodeContentString(nvramNode)))
return -1;
- }
- if (!(sourceNode = virXPathNode("./os/nvram/source[1]", ctxt))) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("Missing source element for nvram"));
+ if (STREQ(path, ""))
+ return 0;
+
+ src->type = VIR_STORAGE_TYPE_FILE;
+ src->path = g_steal_pointer(&path);
+ } else {
+ if (!nvramSourceNode)
return -1;
- }
- if (virDomainStorageSourceParse(sourceNode, ctxt, src, flags, xmlopt) < 0)
+ if (virDomainStorageSourceParse(nvramSourceNode, ctxt, src, flags, xmlopt) <
0)
return -1;
loader->newStyleNVRAM = true;
@@ -18044,6 +18046,8 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
static int
virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
xmlNodePtr loaderNode,
+ xmlNodePtr nvramNode,
+ xmlNodePtr nvramSourceNode,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
unsigned int flags,
@@ -18070,6 +18074,7 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
return -1;
if (virDomainLoaderDefParseXMLNvram(loader,
+ nvramNode, nvramSourceNode,
ctxt, xmlopt, flags,
fwAutoSelect) < 0)
return -1;
@@ -18468,6 +18473,8 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
unsigned int flags)
{
xmlNodePtr loaderNode = virXPathNode("./os/loader[1]", ctxt);
+ xmlNodePtr nvramNode = virXPathNode("./os/nvram[1]", ctxt);
+ xmlNodePtr nvramSourceNode = virXPathNode("./os/nvram/source[1]", ctxt);
const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
if (!loaderNode)
@@ -18476,7 +18483,7 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
def->os.loader = g_new0(virDomainLoaderDef, 1);
if (virDomainLoaderDefParseXML(def->os.loader,
- loaderNode,
+ loaderNode, nvramNode, nvramSourceNode,
ctxt, xmlopt, flags,
fwAutoSelect) < 0)
return -1;
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 16/28] conf: Always parse NVRAM path if present
Currently, the lack of a <loader> element results in the <nvram>
element being completely ignored, but this is unnecessarily
limiting: even when firmware autoselection is in use, it should
be possible for the user to specify a custom path for the NVRAM
file.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 17 ++++++++++-------
.../firmware-auto-efi-nvram.x86_64-latest.args | 2 +-
.../firmware-auto-efi-nvram.x86_64-latest.xml | 1 +
3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 858242b3ae..9b82f391c4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18053,6 +18053,15 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
unsigned int flags,
bool fwAutoSelect)
{
+ if (virDomainLoaderDefParseXMLNvram(loader,
+ nvramNode, nvramSourceNode,
+ ctxt, xmlopt, flags,
+ fwAutoSelect) < 0)
+ return -1;
+
+ if (!loaderNode)
+ return 0;
+
if (!fwAutoSelect) {
if (virXMLPropTristateBool(loaderNode, "readonly", VIR_XML_PROP_NONE,
&loader->readonly) < 0)
@@ -18073,12 +18082,6 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
&loader->secure) < 0)
return -1;
- if (virDomainLoaderDefParseXMLNvram(loader,
- nvramNode, nvramSourceNode,
- ctxt, xmlopt, flags,
- fwAutoSelect) < 0)
- return -1;
-
return 0;
}
@@ -18477,7 +18480,7 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
xmlNodePtr nvramSourceNode = virXPathNode("./os/nvram/source[1]", ctxt);
const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
- if (!loaderNode)
+ if (!loaderNode && !nvramNode)
return 0;
def->os.loader = g_new0(virDomainLoaderDef, 1);
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
index 885c83445d..e37521b0a3 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
@@ -12,7 +12,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-fedora/master-key.aes"}'
\
-blockdev
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
--blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"driver":"file","filename":"/path/to/fedora_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
\
-blockdev
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
\
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
index 7e2e40036e..abd6ec079d 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-nvram.x86_64-latest.xml
@@ -6,6 +6,7 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <nvram>/path/to/fedora_VARS.fd</nvram>
<boot dev='hd'/>
</os>
<features>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 17/28] conf: Enable secure-boot when enrolled-keys is enabled
The latter doesn't make sense without the former, so make that
visible in the XML.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 10 ++++++++++
.../firmware-auto-efi-enrolled-keys.x86_64-latest.xml | 1 +
2 files changed, 11 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9b82f391c4..3977b5040f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4876,6 +4876,16 @@ virDomainDefPostParseMemory(virDomainDef *def,
static void
virDomainDefPostParseOs(virDomainDef *def)
{
+ if (def->os.firmwareFeatures &&
+ def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] ==
VIR_TRISTATE_BOOL_YES) {
+
+ /* For all non-broken firmware builds, enrolled-keys implies
+ * secure-boot, and having the Secure Boot keys in the NVRAM file
+ * when the firmware doesn't support the Secure Boot feature doesn't
+ * make sense anyway. Reflect this fact explicitly in the XML */
+ def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] =
VIR_TRISTATE_BOOL_YES;
+ }
+
if (!def->os.loader)
return;
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
b/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
index aa08caa4f7..8dcc741c1e 100644
--- a/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/firmware-auto-efi-enrolled-keys.x86_64-latest.xml
@@ -8,6 +8,7 @@
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
</firmware>
<boot dev='hd'/>
</os>
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 18/28] conf: Add return value to virDomainDefPostParseOs()
There are currently no failure scenarios for the function, but
we're about to add one.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3977b5040f..d88d352fb6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4873,7 +4873,7 @@ virDomainDefPostParseMemory(virDomainDef *def,
}
-static void
+static int
virDomainDefPostParseOs(virDomainDef *def)
{
if (def->os.firmwareFeatures &&
@@ -4887,13 +4887,15 @@ virDomainDefPostParseOs(virDomainDef *def)
}
if (!def->os.loader)
- return;
+ return 0;
if (def->os.loader->path &&
def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_NONE) {
/* By default, loader is type of 'rom' */
def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM;
}
+
+ return 0;
}
@@ -6214,7 +6216,8 @@ virDomainDefPostParseCommon(virDomainDef *def,
if (virDomainDefPostParseMemory(def, data->parseFlags) < 0)
return -1;
- virDomainDefPostParseOs(def);
+ if (virDomainDefPostParseOs(def) < 0)
+ return -1;
virDomainDefPostParseMemtune(def);
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 19/28] conf: Reject enrolled-keys=yes with secure-boot=no
This combination doesn't make sense and so the firmware
autoselection logic will not be able to find a suitable firmware,
but it's more user-friendly to report a detailed error upfront.
Note that this check would ideally happen in the validate phase,
but if we moved it there we would no longer be able to
automatically enable secure-boot when enrolled-keys=yes. Since
the combination never resulted in a working configuration, the
chances of this causing real-world VMs to disappear are
extremely low.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 7 +++++++
...enrolled-keys-no-secboot.x86_64-latest.err | 1 +
...ware-auto-efi-enrolled-keys-no-secboot.xml | 21 +++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
4 files changed, 30 insertions(+)
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d88d352fb6..0c6504348c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4879,6 +4879,13 @@ virDomainDefPostParseOs(virDomainDef *def)
if (def->os.firmwareFeatures &&
def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] ==
VIR_TRISTATE_BOOL_YES) {
+ if (def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT]
== VIR_TRISTATE_BOOL_NO) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("firmware feature 'enrolled-keys' cannot be
enabled when "
+ "firmware feature 'secure-boot' is
disabled"));
+ return -1;
+ }
+
/* For all non-broken firmware builds, enrolled-keys implies
* secure-boot, and having the Secure Boot keys in the NVRAM file
* when the firmware doesn't support the Secure Boot feature doesn't
diff --git
a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err
new file mode 100644
index 0000000000..989d3dbf5a
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err
@@ -0,0 +1 @@
+firmware feature 'enrolled-keys' cannot be enabled when firmware feature
'secure-boot' is disabled
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml
new file mode 100644
index 0000000000..722793684c
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml
@@ -0,0 +1,21 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='no' name='secure-boot'/>
+ </firmware>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d21b2d9154..b01ad8d4e9 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1224,6 +1224,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
+
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-aarch64",
"aarch64");
DO_TEST_NOCAPS("clock-utc");
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 20/28] conf: Always parse all firmware information
Currently we're simply ignoring some elements and attributes,
such as the loader path, when firmware autoselection is enabled
because we know we're not going to use them.
This makes sense, but has the unfortunate consequence of
confusing users who experience part of their configuration
simply going away for no apparent reason.
A more user-friendly approach is to produce meaningful error
messages in those scenarios. As a first step towards that goal,
stop conditionally parsing information.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 38 +++++++++++++++-----------------------
1 file changed, 15 insertions(+), 23 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0c6504348c..7947b1f5e6 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18018,8 +18018,7 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
xmlNodePtr nvramSourceNode,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
- unsigned int flags,
- bool fwAutoSelect)
+ unsigned int flags)
{
g_autoptr(virStorageSource) src = virStorageSourceNew();
int typePresent;
@@ -18027,8 +18026,7 @@ virDomainLoaderDefParseXMLNvram(virDomainLoaderDef *loader,
if (!nvramNode)
return 0;
- if (!fwAutoSelect)
- loader->nvramTemplate = virXMLPropString(nvramNode, "template");
+ loader->nvramTemplate = virXMLPropString(nvramNode, "template");
src->format = VIR_STORAGE_FILE_RAW;
@@ -18070,33 +18068,29 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
xmlNodePtr nvramSourceNode,
xmlXPathContextPtr ctxt,
virDomainXMLOption *xmlopt,
- unsigned int flags,
- bool fwAutoSelect)
+ unsigned int flags)
{
if (virDomainLoaderDefParseXMLNvram(loader,
nvramNode, nvramSourceNode,
- ctxt, xmlopt, flags,
- fwAutoSelect) < 0)
+ ctxt, xmlopt, flags) < 0)
return -1;
if (!loaderNode)
return 0;
- if (!fwAutoSelect) {
- if (virXMLPropTristateBool(loaderNode, "readonly", VIR_XML_PROP_NONE,
- &loader->readonly) < 0)
- return -1;
+ if (virXMLPropTristateBool(loaderNode, "readonly", VIR_XML_PROP_NONE,
+ &loader->readonly) < 0)
+ return -1;
- if (virXMLPropEnum(loaderNode, "type", virDomainLoaderTypeFromString,
- VIR_XML_PROP_NONZERO, &loader->type) < 0)
- return -1;
+ if (virXMLPropEnum(loaderNode, "type", virDomainLoaderTypeFromString,
+ VIR_XML_PROP_NONZERO, &loader->type) < 0)
+ return -1;
- if (!(loader->path = virXMLNodeContentString(loaderNode)))
- return -1;
+ if (!(loader->path = virXMLNodeContentString(loaderNode)))
+ return -1;
- if (STREQ(loader->path, ""))
- VIR_FREE(loader->path);
- }
+ if (STREQ(loader->path, ""))
+ VIR_FREE(loader->path);
if (virXMLPropTristateBool(loaderNode, "secure", VIR_XML_PROP_NONE,
&loader->secure) < 0)
@@ -18498,7 +18492,6 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
xmlNodePtr loaderNode = virXPathNode("./os/loader[1]", ctxt);
xmlNodePtr nvramNode = virXPathNode("./os/nvram[1]", ctxt);
xmlNodePtr nvramSourceNode = virXPathNode("./os/nvram/source[1]", ctxt);
- const bool fwAutoSelect = def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
if (!loaderNode && !nvramNode)
return 0;
@@ -18507,8 +18500,7 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
if (virDomainLoaderDefParseXML(def->os.loader,
loaderNode, nvramNode, nvramSourceNode,
- ctxt, xmlopt, flags,
- fwAutoSelect) < 0)
+ ctxt, xmlopt, flags) < 0)
return -1;
return 0;
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 21/28] conf: Refactor virDomainDefOSValidate()
This makes it explicit that there are two possible scenarios
(whether or not firmware autoselection is in use) and will make
upcoming changes cleaner to implement.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_validate.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 33b6f47159..1f6c32a816 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1598,21 +1598,23 @@ static int
virDomainDefOSValidate(const virDomainDef *def,
virDomainXMLOption *xmlopt)
{
- if (def->os.firmware &&
- !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_FW_AUTOSELECT)) {
- virReportError(VIR_ERR_XML_DETAIL, "%s",
- _("firmware auto selection not implemented for this
driver"));
- return -1;
- }
+ virDomainLoaderDef *loader = def->os.loader;
- if (!def->os.loader)
- return 0;
+ if (def->os.firmware) {
+ if (!(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_FW_AUTOSELECT)) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("firmware auto selection not implemented for this
driver"));
+ return -1;
+ }
+ } else {
+ if (!loader)
+ return 0;
- if (!def->os.loader->path &&
- def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
- virReportError(VIR_ERR_XML_DETAIL, "%s",
- _("no loader path specified and firmware auto selection
disabled"));
- return -1;
+ if (!loader->path) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("no loader path specified and firmware auto selection
disabled"));
+ return -1;
+ }
}
return 0;
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 22/28] conf: Validate firmware configuration more thoroughly
Generally speaking, when firmware autoselection is in use we
don't want any information to be provided manually. There are
two exceptions:
* we still want the path to the NVRAM file to be customizable;
* using <loader secure='yes'/> was how you would ask for a
firmware that implements the Secure Boot feature in the
original approach to firmware autoselection, so we want to
keep that working.
Anything else should result in a descriptive error.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/327
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_validate.c | 48 +++++++++++++++++++
...firmware-auto-bios-nvram.x86_64-latest.err | 1 +
.../firmware-auto-bios-nvram.xml | 18 +++++++
...auto-efi-loader-insecure.x86_64-latest.err | 1 +
.../firmware-auto-efi-loader-insecure.xml | 18 +++++++
...are-auto-efi-loader-path.x86_64-latest.err | 1 +
.../firmware-auto-efi-loader-path.xml | 18 +++++++
tests/qemuxml2argvtest.c | 3 ++
8 files changed, 108 insertions(+)
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-nvram.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-nvram.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.xml
create mode 100644
tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path.xml
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1f6c32a816..87fdb677d1 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1606,6 +1606,54 @@ virDomainDefOSValidate(const virDomainDef *def,
_("firmware auto selection not implemented for this
driver"));
return -1;
}
+
+ if (!loader)
+ return 0;
+
+ if (loader->readonly) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("loader attribute 'readonly' cannot be
specified "
+ "when firmware autoselection is enabled"));
+ return -1;
+ }
+ if (loader->type) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("loader attribute 'type' cannot be specified
"
+ "when firmware autoselection is enabled"));
+ return -1;
+ }
+ if (loader->path) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("loader path cannot be specified "
+ "when firmware autoselection is enabled"));
+ return -1;
+ }
+ if (loader->nvramTemplate) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("nvram attribute 'template' cannot be specified
"
+ "when firmware autoselection is enabled"));
+ return -1;
+ }
+
+ /* We need to accept 'yes' here because the initial implementation
+ * of firmware autoselection used it as a way to request a firmware
+ * with Secure Boot support, so the error message is technically
+ * incorrect; however, we want to discourage people from using this
+ * attribute at all, so it's fine to be a bit more aggressive than
+ * it would be strictly required :) */
+ if (loader->secure == VIR_TRISTATE_BOOL_NO) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("loader attribute 'secure' cannot be specified
"
+ "when firmware autoselection is enabled"));
+ return -1;
+ }
+
+ if (loader->nvram && def->os.firmware !=
VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("firmware type '%s' does not support
nvram"),
+ virDomainOsDefFirmwareTypeToString(def->os.firmware));
+ return -1;
+ }
} else {
if (!loader)
return 0;
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-nvram.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-auto-bios-nvram.x86_64-latest.err
new file mode 100644
index 0000000000..772beb49e2
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-nvram.x86_64-latest.err
@@ -0,0 +1 @@
+firmware type 'bios' does not support nvram
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-nvram.xml
b/tests/qemuxml2argvdata/firmware-auto-bios-nvram.xml
new file mode 100644
index 0000000000..6dad1e1f7f
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-nvram.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='bios'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <nvram>/path/to/fedora_VARS.fd</nvram>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
new file mode 100644
index 0000000000..564f0e6918
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
@@ -0,0 +1 @@
+loader attribute 'secure' cannot be specified when firmware autoselection is
enabled
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.xml
new file mode 100644
index 0000000000..33bd7b0ac1
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader secure='no'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
new file mode 100644
index 0000000000..e551fafd03
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
@@ -0,0 +1 @@
+loader attribute 'type' cannot be specified when firmware autoselection is
enabled
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.xml
b/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.xml
new file mode 100644
index 0000000000..a40f5e730c
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-loader-path.xml
@@ -0,0 +1,18 @@
+<domain type='kvm'>
+ <name>fedora</name>
+ <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+ <memory unit='KiB'>8192</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
+ <loader>/path/to/OVMF_CODE.fd</loader>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index b01ad8d4e9..473e00ffa7 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1217,9 +1217,12 @@ mymain(void)
DO_TEST_NOCAPS("firmware-manual-noefi-noacpi-q35");
DO_TEST_CAPS_LATEST("firmware-auto-bios");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-loader-insecure");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-loader-path");
DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 23/28] conf: Always parse firmware features
Regardless of whether firmware autoselection is in use, we
still want to parse the list of requested features. Doing this
will allow us to produce better error messages.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_conf.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7947b1f5e6..fb8bf4cfec 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -18439,20 +18439,6 @@ virDomainDefParseBootFirmwareOptions(virDomainDef *def,
int n = 0;
size_t i;
- if (!firmware)
- return 0;
-
- fw = virDomainOsDefFirmwareTypeFromString(firmware);
-
- if (fw <= 0) {
- virReportError(VIR_ERR_XML_ERROR,
- _("unknown firmware value %s"),
- firmware);
- return -1;
- }
-
- def->os.firmware = fw;
-
if ((n = virXPathNodeSet("./os/firmware/feature", ctxt, &nodes)) <
0)
return -1;
@@ -18479,6 +18465,20 @@ virDomainDefParseBootFirmwareOptions(virDomainDef *def,
def->os.firmwareFeatures = g_steal_pointer(&features);
+ if (!firmware)
+ return 0;
+
+ fw = virDomainOsDefFirmwareTypeFromString(firmware);
+
+ if (fw <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unknown firmware value %s"),
+ firmware);
+ return -1;
+ }
+
+ def->os.firmware = fw;
+
return 0;
}
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 24/28] conf: Reject features when using manual firmware selection
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/conf/domain_validate.c | 7 +++++++
...ware-manual-efi-features.x86_64-latest.err | 1 +
.../firmware-manual-efi-features.xml | 21 +++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
4 files changed, 30 insertions(+)
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-features.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-features.xml
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 87fdb677d1..4e9cbec5ce 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1655,6 +1655,13 @@ virDomainDefOSValidate(const virDomainDef *def,
return -1;
}
} else {
+ if (def->os.firmwareFeatures) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("cannot use feature-based firmware autoselection
"
+ "when firmware autoselection is disabled"));
+ return -1;
+ }
+
if (!loader)
return 0;
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-features.x86_64-latest.err
b/tests/qemuxml2argvdata/firmware-manual-efi-features.x86_64-latest.err
new file mode 100644
index 0000000000..98412de1e1
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-features.x86_64-latest.err
@@ -0,0 +1 @@
+cannot use feature-based firmware autoselection when firmware autoselection is disabled
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-features.xml
b/tests/qemuxml2argvdata/firmware-manual-efi-features.xml
new file mode 100644
index 0000000000..69cc71eb2a
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-features.xml
@@ -0,0 +1,21 @@
+<domain type='qemu'>
+ <name>test</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
+ <firmware>
+ <feature enabled='no' name='enrolled-keys'/>
+ </firmware>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' model='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 473e00ffa7..4ca1131377 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1192,6 +1192,7 @@ mymain(void)
QEMU_CAPS_DEVICE_ISA_SERIAL);
DO_TEST_NOCAPS("firmware-manual-efi");
DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-efi-no-path");
+ DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-features");
DO_TEST_CAPS_LATEST("firmware-manual-bios-rw");
DO_TEST_CAPS_LATEST("firmware-manual-bios-rw-implicit");
DO_TEST("firmware-manual-efi-secure",
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 25/28] qemu_firmware: Enable loader.secure when requires-smm
Currently, a firmware configuration such as
<os firmware='efi'>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
will correctly pick a firmware that implements the Secure Boot
feature and initialize the NVRAM file so that it contains the
keys necessary to enforce the signing requirements. However, the
lack of a
<loader secure='yes'/>
element makes it possible for pflash writes to happen outside
of SMM mode. This means that the EFI secure variables where the
keys are stored could potentially be overwritten by malicious
code running in the guest, thus making it possible to circumvent
Secure Boot.
To prevent that from happening, automatically turn on the
loader.secure feature whenever a firmware that implements Secure
Boot is chosen by the firmware autoselection logic. This is
identical to the way we already automatically enable SMM in such
a scenario.
Note that, while this is technically a guest-visible change, it
will not affect migration of existings VMs and will not prevent
legitimate guest code from running.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_firmware.c | 2 ++
.../firmware-auto-efi-enrolled-keys.x86_64-latest.args | 1 +
.../qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args | 1 +
.../firmware-auto-efi-secboot.x86_64-latest.args | 1 +
tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args | 1 +
5 files changed, 6 insertions(+)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index c8f462bfcf..5b2fa51a9c 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1240,6 +1240,8 @@ qemuFirmwareEnableFeatures(virQEMUDriver *driver,
case VIR_TRISTATE_SWITCH_LAST:
break;
}
+ VIR_DEBUG("Enabling secure loader");
+ def->os.loader->secure = VIR_TRISTATE_BOOL_YES;
break;
case QEMU_FIRMWARE_FEATURE_NONE:
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
index 885c83445d..7479b05af4 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys.x86_64-latest.args
@@ -17,6 +17,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
-cpu qemu64 \
+-global driver=cfi.pflash01,property=secure,value=on \
-m 8 \
-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
-overcommit mem-lock=off \
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
index e37521b0a3..1061e93554 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-nvram.x86_64-latest.args
@@ -17,6 +17,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
-cpu qemu64 \
+-global driver=cfi.pflash01,property=secure,value=on \
-m 8 \
-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
-overcommit mem-lock=off \
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
index 885c83445d..7479b05af4 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-secboot.x86_64-latest.args
@@ -17,6 +17,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
-cpu qemu64 \
+-global driver=cfi.pflash01,property=secure,value=on \
-m 8 \
-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
-overcommit mem-lock=off \
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
index 885c83445d..7479b05af4 100644
--- a/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/firmware-auto-efi.x86_64-latest.args
@@ -17,6 +17,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-fedora/.config \
-machine
pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram
\
-accel kvm \
-cpu qemu64 \
+-global driver=cfi.pflash01,property=secure,value=on \
-m 8 \
-object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}'
\
-overcommit mem-lock=off \
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 26/28] qemu_firmware: enrolled-keys requires secure-boot
No sane firmware build will fail this check, but just to be on
the safe side let's check anyway.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_firmware.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 5b2fa51a9c..c477b45d62 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1269,6 +1269,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
size_t i;
bool requiresSMM = false;
bool supportsSecureBoot = false;
+ bool hasEnrolledKeys = false;
for (i = 0; i < fw->nfeatures; i++) {
switch (fw->features[i]) {
@@ -1278,12 +1279,14 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
case QEMU_FIRMWARE_FEATURE_SECURE_BOOT:
supportsSecureBoot = true;
break;
+ case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS:
+ hasEnrolledKeys = true;
+ break;
case QEMU_FIRMWARE_FEATURE_NONE:
case QEMU_FIRMWARE_FEATURE_ACPI_S3:
case QEMU_FIRMWARE_FEATURE_ACPI_S4:
case QEMU_FIRMWARE_FEATURE_AMD_SEV:
case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
- case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS:
case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
case QEMU_FIRMWARE_FEATURE_LAST:
@@ -1291,14 +1294,17 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
}
}
- if (supportsSecureBoot != requiresSMM) {
+ if ((supportsSecureBoot != requiresSMM) ||
+ (hasEnrolledKeys && !supportsSecureBoot)) {
VIR_WARN("Firmware description '%s' has invalid set of features:
"
- "%s = %d, %s = %d",
+ "%s = %d, %s = %d, %s = %d",
filename,
qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_REQUIRES_SMM),
requiresSMM,
qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_SECURE_BOOT),
- supportsSecureBoot);
+ supportsSecureBoot,
+ qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS),
+ hasEnrolledKeys);
}
}
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 27/28] docs: Add kbase page for Secure Boot
Provide simple recipes for the most common high-level tasks.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
docs/kbase/index.rst | 3 ++
docs/kbase/meson.build | 1 +
docs/kbase/secureboot.rst | 102 ++++++++++++++++++++++++++++++++++++++
3 files changed, 106 insertions(+)
create mode 100644 docs/kbase/secureboot.rst
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 8b710db85a..896ececdf2 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -61,6 +61,9 @@ Usage
`Snapshots <snapshots.html>`__
Details about snapshotting a VM
+`Secure Boot <secureboot.html>`__
+ Enable and disable the Secure Boot feature
+
Debugging
---------
diff --git a/docs/kbase/meson.build b/docs/kbase/meson.build
index eb9c9544d6..c7eae3738f 100644
--- a/docs/kbase/meson.build
+++ b/docs/kbase/meson.build
@@ -15,6 +15,7 @@ docs_kbase_files = [
'qemu-passthrough-security',
'rpm-deployment',
's390_protected_virt',
+ 'secureboot',
'secureusage',
'snapshots',
'systemtap',
diff --git a/docs/kbase/secureboot.rst b/docs/kbase/secureboot.rst
new file mode 100644
index 0000000000..90c37d707c
--- /dev/null
+++ b/docs/kbase/secureboot.rst
@@ -0,0 +1,102 @@
+===========
+Secure Boot
+===========
+
+.. contents::
+
+Quick configuration
+===================
+
+If you have libvirt 8.5.0 or newer, when creating a new VM you can
+ask for Secure Boot to be enabled with
+
+::
+
+ <os firmware='efi'>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ </firmware>
+ </os>
+
+and for it to be disabled with
+
+::
+
+ <os firmware='efi'>
+ <firmware>
+ <feature enabled='no' name='enrolled-keys'/>
+ </firmware>
+ </os>
+
+These configuration will cause unsigned guest operating systems to
+be rejected and allowed respectively.
+
+
+Older libvirt versions
+======================
+
+If your libvirt version is older than 8.5.0 but newer than 7.2.0,
+then enabling Secure Boot requires a slightly more verbose XML
+snippet:
+
+::
+
+ <os firmware='efi'>
+ <loader secure='yes'/>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ </firmware>
+ </os>
+
+Versions older than 7.2.0 require manually providing all information
+about the firmware and are not covered here. Plese refer to `the
+relevant documentation
+<../formatdomain.html#operating-system-booting>`__ for details.
+
+
+Changing an existing VM
+=======================
+
+Once the VM has been created, updating the XML configuration as
+described above is **not** enough to change the Secure Boot status:
+the NVRAM file associated with the VM has to be regenerated from its
+template as well.
+
+In order to do that, update the XML and then start the VM with
+
+::
+
+ $ virsh start $vm --reset-nvram
+
+This option is only available starting with libvirt 8.1.0, so if your
+version of libvirt is older than that you will have to delete the
+NVRAM file manually before starting the VM.
+
+Most guest operating systems will be able to cope with the NVRAM file
+being reinitialized, but in some cases the VM will be unable to boot
+after the change.
+
+
+Additional information
+======================
+
+There are two parts to enabling Secure Boot: the firmware supporting
+the feature, and it being active.
+
+Most host operating systems ship a build of EDKII (the open source
+EFI implementation used for QEMU VMs) that supports the Secure Boot
+feature, but simply using such a build will not result in unsigned
+guest operating systems being rejected: for that to happen, keys that
+can be used to validate the operating system signature need to be
+provided as well.
+
+Asking for the ``enrolled-keys`` firmware feature to be enabled will
+cause libvirt to initialize the NVRAM file associated with the VM
+from a template that contains a suitable set of keys. These keys
+being present will cause the firmware to enforce the Secure Boot
+signing requirements.
+
+The opposite configuration, where the feature is explicitly disabled,
+will result in no keys being present in the NVRAM file. Unable to
+verify signatures, the firmware will allow even unsigned operating
+systems to run.
--
2.35.3
11:14 a.m.
New subject: [libvirt PATCH 28/28] NEWS: Document improvements to firmware autoselection
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
NEWS.rst | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 9a92fb4fcb..63e0388e47 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -29,6 +29,11 @@ v8.5.0 (unreleased)
* **Improvements**
+ * conf: Improved firmware autoselection
+
+ The firmware autoselection feature now behaves more intuitively, reports
+ better error messages on failure and comes with high-level documentation.
+
* **Bug fixes**
--
2.35.3
5:45 a.m.
On 6/23/22 18:14, Andrea Bolognani wrote:
The main motivation behind this series was making it as simple as
possible ("one click") to enable Secure Boot for a VM.
In the process I ended up fixing, improving and cleaning up various
parts of the firmware selection interface.
GitLab branch: https://gitlab.com/abologna/libvirt/-/commits/firmware
Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/571485540
Andrea Bolognani (28):
tests: Remove firmware bits from unrelated tests
tests: Use firmware autoselection on aarch64
tests: Drop bios-nvram-os-interleave test
tests: Rename and reorganize firmware tests
tests: Use minimal hardware for firmware tests
tests: Don't set NVRAM path manually
tests: Don't use loader.secure=no with firmware autoselection
tests: Add more firmware tests
conf: Move virDomainLoaderDefParseXML()
conf: Rename virDomainLoaderDefParseXMLNvram()
conf: Move setting type for NVRAM source
conf: Move nvramTemplate parsing
conf: Handle NVRAM in virDomainLoaderDefParseXML()
conf: Rename virDomainLoaderDefParseXML() argument
conf: Use nodes in virDomainLoaderDefParseXMLNvram()
conf: Always parse NVRAM path if present
conf: Enable secure-boot when enrolled-keys is enabled
conf: Add return value to virDomainDefPostParseOs()
conf: Reject enrolled-keys=yes with secure-boot=no
conf: Always parse all firmware information
conf: Refactor virDomainDefOSValidate()
conf: Validate firmware configuration more thoroughly
conf: Always parse firmware features
conf: Reject features when using manual firmware selection
qemu_firmware: Enable loader.secure when requires-smm
qemu_firmware: enrolled-keys requires secure-boot
docs: Add kbase page for Secure Boot
NEWS: Document improvements to firmware autoselection
109 files changed, 708 insertions(+), 1282 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
5 a.m.
On Thu, Jun 23, 2022 at 06:14:12PM +0200, Andrea Bolognani wrote:
The main motivation behind this series was making it as simple as
possible ("one click") to enable Secure Boot for a VM.
Heads up, and sort-of follow-up to the recent secure boot and smm (x86)
and tz (arm) discussion.
We'll most likely get a new secure boot variant soon. This will not
require smm, but it will also not support persistent variables. The
underlying idea is to simply re-initialize the variable store from
known-good ROM on each boot to compensate for the varstore not being
protected against the guest OS tampering with it.
Which of course implies some drawbacks: The guest can't add keys (via
mokutil) for example, and turning off secure boot in firmware setup
wouldn't work either. There are enough use cases (like just booting
cloud images in secure boot mode) where this doesn't matter, so I
consider this useful nevertheless, but maybe a separate feature flag
like 'stateless-secure-boot' makes sense for that.
Not sure yet how to package that up, best is probably as stateless image
because that'll reduce the chances of getting it wrong, i.e. something
like this:
{
"description": "OVMF with secure boot, no persistent vars",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "stateless",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*"
"pc-q35-*"
]
}
],
"features": [
"secure-boot",
"enrolled-keys",
]
}
The idea idea should work for aarch64 too and remove the trustzone support
requirement.
take care,
Gerd
5:07 a.m.
On Mon, Jun 27, 2022 at 12:00:59PM +0200, Gerd Hoffmann wrote:
On Thu, Jun 23, 2022 at 06:14:12PM +0200, Andrea Bolognani wrote:
> The main motivation behind this series was making it as simple as
> possible ("one click") to enable Secure Boot for a VM.
Heads up, and sort-of follow-up to the recent secure boot and smm (x86)
and tz (arm) discussion.
We'll most likely get a new secure boot variant soon. This will not
require smm, but it will also not support persistent variables. The
underlying idea is to simply re-initialize the variable store from
known-good ROM on each boot to compensate for the varstore not being
protected against the guest OS tampering with it.
Which of course implies some drawbacks: The guest can't add keys (via
mokutil) for example, and turning off secure boot in firmware setup
wouldn't work either. There are enough use cases (like just booting
cloud images in secure boot mode) where this doesn't matter, so I
consider this useful nevertheless, but maybe a separate feature flag
like 'stateless-secure-boot' makes sense for that.
Since the use case will be virt related, there's always the possibility
of using host side tools to inject a custom key into the default varstore
before the guest OS runs. That doesn't cover all possible mokutil
scenarios, but at least addresses the big one of providing a firmware
that trusts the user's keys, instead of the OS vendor keys.
I don't think we need a 'stateles-secure-boot' flag, as thats
implicit from mapping.mode=statusless and features.secure-boot
Not sure yet how to package that up, best is probably as stateless
image
because that'll reduce the chances of getting it wrong, i.e. something
like this:
{
"description": "OVMF with secure boot, no persistent vars",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "stateless",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*"
"pc-q35-*"
]
}
],
"features": [
"secure-boot",
"enrolled-keys",
]
}
This looks reasonable.
The idea idea should work for aarch64 too and remove the trustzone support
requirement.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
11:04 a.m.
On Mon, Jun 27, 2022 at 11:07:35AM +0100, Daniel P. Berrangé wrote:
On Mon, Jun 27, 2022 at 12:00:59PM +0200, Gerd Hoffmann wrote:
> On Thu, Jun 23, 2022 at 06:14:12PM +0200, Andrea Bolognani wrote:
> > The main motivation behind this series was making it as simple as
> > possible ("one click") to enable Secure Boot for a VM.
>
> Heads up, and sort-of follow-up to the recent secure boot and smm (x86)
> and tz (arm) discussion.
Thanks for the heads up, Gerd!
> We'll most likely get a new secure boot variant soon. This
will not
> require smm, but it will also not support persistent variables. The
> underlying idea is to simply re-initialize the variable store from
> known-good ROM on each boot to compensate for the varstore not being
> protected against the guest OS tampering with it.
>
> Which of course implies some drawbacks: The guest can't add keys (via
> mokutil) for example, and turning off secure boot in firmware setup
> wouldn't work either. There are enough use cases (like just booting
> cloud images in secure boot mode) where this doesn't matter, so I
> consider this useful nevertheless, but maybe a separate feature flag
> like 'stateless-secure-boot' makes sense for that.
Since the use case will be virt related, there's always the possibility
of using host side tools to inject a custom key into the default varstore
before the guest OS runs. That doesn't cover all possible mokutil
scenarios, but at least addresses the big one of providing a firmware
that trusts the user's keys, instead of the OS vendor keys.
I don't think we need a 'stateles-secure-boot' flag, as thats
implicit from mapping.mode=statusless and features.secure-boot
We don't currently offer a way to filter firmware builds based on
their mode. So on a machine where this new firmware is available, a
VM configuration like
<os firmware='efi'>
<firmware>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
might result in either a firmware with writable variables or a
stateless one being selected. If the user's expectation is that they
will be able to use mokutil inside the VM, the latter will not make
them happy.
If we had a separate feature, one could use
<os firmware='efi'>
<firmware>
<feature enabled='no' name='stateless'/>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
to ensure mokutils can be used.
Maybe we can make the mode filterable instead? Like
<os firmware='efi'>
<firmware>
<mode name='split'/>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
or something along those lines.
> Not sure yet how to package that up, best is probably as
stateless image
> because that'll reduce the chances of getting it wrong, i.e. something
> like this:
>
> {
> "description": "OVMF with secure boot, no persistent vars",
> "interface-types": [
> "uefi"
> ],
> "mapping": {
> "device": "flash",
> "mode": "stateless",
> "executable": {
> "filename": "/usr/share/edk2/ovmf/OVMF.secboot.fd",
Just to be clear: the firmware build supporting this new, stateless
style of Secure Boot would be a completely separate one from the
existing OVMF.secboot.fd, right?
> The idea idea should work for aarch64 too and remove the
trustzone support
> requirement.
Yeah, that'd be a pretty great outcome :)
--
Andrea Bolognani / Red Hat / Virtualization
11:17 a.m.
On Mon, Jun 27, 2022 at 09:04:02AM -0700, Andrea Bolognani wrote:
On Mon, Jun 27, 2022 at 11:07:35AM +0100, Daniel P. Berrangé wrote:
> On Mon, Jun 27, 2022 at 12:00:59PM +0200, Gerd Hoffmann wrote:
> > On Thu, Jun 23, 2022 at 06:14:12PM +0200, Andrea Bolognani wrote:
> > > The main motivation behind this series was making it as simple as
> > > possible ("one click") to enable Secure Boot for a VM.
> >
> > Heads up, and sort-of follow-up to the recent secure boot and smm (x86)
> > and tz (arm) discussion.
Thanks for the heads up, Gerd!
> > We'll most likely get a new secure boot variant soon. This will not
> > require smm, but it will also not support persistent variables. The
> > underlying idea is to simply re-initialize the variable store from
> > known-good ROM on each boot to compensate for the varstore not being
> > protected against the guest OS tampering with it.
> >
> > Which of course implies some drawbacks: The guest can't add keys (via
> > mokutil) for example, and turning off secure boot in firmware setup
> > wouldn't work either. There are enough use cases (like just booting
> > cloud images in secure boot mode) where this doesn't matter, so I
> > consider this useful nevertheless, but maybe a separate feature flag
> > like 'stateless-secure-boot' makes sense for that.
>
> Since the use case will be virt related, there's always the possibility
> of using host side tools to inject a custom key into the default varstore
> before the guest OS runs. That doesn't cover all possible mokutil
> scenarios, but at least addresses the big one of providing a firmware
> that trusts the user's keys, instead of the OS vendor keys.
>
> I don't think we need a 'stateles-secure-boot' flag, as thats
> implicit from mapping.mode=statusless and features.secure-boot
We don't currently offer a way to filter firmware builds based on
their mode. So on a machine where this new firmware is available, a
VM configuration like
<os firmware='efi'>
<firmware>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
might result in either a firmware with writable variables or a
stateless one being selected. If the user's expectation is that they
will be able to use mokutil inside the VM, the latter will not make
them happy.
If we had a separate feature, one could use
<os firmware='efi'>
<firmware>
<feature enabled='no' name='stateless'/>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
to ensure mokutils can be used.
Maybe we can make the mode filterable instead? Like
<os firmware='efi'>
<firmware>
<mode name='split'/>
<feature enabled='yes' name='secure-boot'/>
<feature enabled='yes' name='enrolled-keys'/>
</firmware>
</os>
or something along those lines.
This is the wrong place to be configuring it, as this is actually
a guest ABI issue. What we need is to express that a given VM
configuration must not have NVRAM present, and this is independant
of firmware feature selection
IOW, we need
<os ...>
....
<nvram present="yes|no"/>
...
</os>
this is something I have a PoC for for AMD SEV, but still have some
tidying up to do. Essentially if NVRAM is set as not present, then
we would only match firmware descriptors with mode=stateless
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
878
days inactive
882
days old
33 comments
4 participants
participants (4)
-
Andrea Bolognani -
Daniel P. Berrangé -
Gerd Hoffmann -
Michal Prívozník