On 08/03/2015 10:47 PM, Martin Kletzander wrote:
> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote:
>> On 08/03/2015 01:43 PM, Ryan Barry wrote:
>>> Using:
>>>
>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64
>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch
>>>
>>> On Fedora 22.
>>>
>>> Provisioning a i440FX system in virt-manager and attempting to
>>> boot results in successful EFI initialization, but the VM
>>> exits ungracefully after the bootloader (with F22 and CentOS 7
>>> installer images). There's no really useful information in any
>>> of the logs.
>>>
>
> I haven't tried EFI with 440fx, only with q35. I haven't found an
> option to enable EFI neither a secureboot anywhere in
> virt-manager.
q35 doesn't help here. secureboot is in the EFI config menus (press
<ESC> or <DEL> in the guest while booting, go look at the boot
configuration, and you'll see secureboot options -- it's disabled by
default and not able to be enabled until LockDown_ms is applied).
What I don't understand is why this matters, since I was able to
boot
with basically the generated command (see below) from a console, but
it's 100% reproducible.
>
>>> Using qemu-kvm directly (qemu-kvm -bios
>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G -cdrom
>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso) boots
>>> and loads successfully.
>>
>
> We don't use '-bios' but '-drive file,if=pflash' and that's
done
> once for the OVMF code and second time for the efivars storage.
> What's the guest XML and full command line of qemu being started?
I was able to boot with this (once I removed -S, -spice, and -netdev).
After installing with -netdev user..., and applying LockDown_ms, it
boots normally from virsh/virt-manager.
So the generated command (from libvirt) works for you if there is no
-S (of course) and -netdev (I guess because of the fd= we're passing)?
Why did you remove '-spice'?
If the only difference in this case really is libvirt, then we need to
know why the machine shuts down. If neither the 'virsh domstate
--reason <domain>' helps nor there is any information in the logs,
then I suggest enabling debug logs and looking through those (both the
domain log and libvirtd log).
Also, I can mount an ISO and reinstall once secureboot is enabled.
XML is at the bottom.
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S -machine
pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX -drive
file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on
-drive
file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1
-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid
ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults
-chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard
-no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global
PIIX4_PM.disable_s4=1 -boot strict=on -device
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
-device
ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1
-device
ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2
-drive
file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw
-device
ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device
isa-serial,chardev=charserial0,id=serial0 -chardev
socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
-chardev spicevmc,id=charchannel1,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
-device usb-tablet,id=input0 -spice
port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
-device
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
spicevmc,id=charredir0,name=usbredir -device
usb-redir,chardev=charredir0,id=redir0 -chardev
spicevmc,id=charredir1,name=usbredir -device
usb-redir,chardev=charredir1,id=redir1 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on
>
>> Just to update --
>>
>> This appears to be related to secureboot. Using a VM which has
>> secure boot enabled is successful
>>
>>>
>>> What's the difference here? Where can I go for
>>> troubleshooting?
>>>
>>> libvirt XML is below:
>>>
>>> <domain type='kvm'> <name>fedora22</name>
>>> <uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid> <memory
>>> unit='KiB'>2097152</memory> <currentMemory
>>> unit='KiB'>2097152</currentMemory> <vcpu
>>> placement='static'>1</vcpu> <os> <type
arch='x86_64'
>>> machine='pc-i440fx-2.3'>hvm</type> <loader
readonly='yes'
>>>
type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
>>>
>>>
>>>
>>>
<nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram>
>>> </os> <features> <acpi/> <apic/> <pae/>
</features> <cpu
>>> mode='custom' match='exact'> <model
>>> fallback='allow'>Haswell-noTSX</model> </cpu>
<clock
>>> offset='utc'> <timer name='rtc'
tickpolicy='catchup'/> <timer
>>> name='pit' tickpolicy='delay'/> <timer
name='hpet'
>>> present='no'/> </clock>
<on_poweroff>destroy</on_poweroff>
>>> <on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
>>> <pm> <suspend-to-mem enabled='no'/> <suspend-to-disk
>>> enabled='no'/> </pm> <devices>
>>> <emulator>/usr/bin/qemu-kvm</emulator> <disk
type='file'
>>> device='disk'> <driver name='qemu'
type='qcow2'/> <source
>>> file='/var/lib/libvirt/images/fedora22.qcow2'/> <target
>>> dev='vda' bus='virtio'/> <boot order='1'/>
<address type='pci'
>>> domain='0x0000' bus='0x00' slot='0x07'
function='0x0'/> </disk>
>>> <disk type='file' device='cdrom'> <driver
name='qemu'
>>> type='raw'/> <source
>>>
file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/>
>>>
>>>
>>>
<target dev='hda' bus='ide'/>
>>> <readonly/> <boot order='2'/> <address
type='drive'
>>> controller='0' bus='0' target='0'
unit='0'/> </disk>
>>> <controller type='usb' index='0'
model='ich9-ehci1'> <address
>>> type='pci' domain='0x0000' bus='0x00'
slot='0x06'
>>> function='0x7'/> </controller> <controller
type='usb'
>>> index='0' model='ich9-uhci1'> <master
startport='0'/> <address
>>> type='pci' domain='0x0000' bus='0x00'
slot='0x06'
>>> function='0x0' multifunction='on'/> </controller>
<controller
>>> type='usb' index='0' model='ich9-uhci2'>
<master
>>> startport='2'/> <address type='pci'
domain='0x0000' bus='0x00'
>>> slot='0x06' function='0x1'/> </controller>
<controller
>>> type='usb' index='0' model='ich9-uhci3'>
<master
>>> startport='4'/> <address type='pci'
domain='0x0000' bus='0x00'
>>> slot='0x06' function='0x2'/> </controller>
<controller
>>> type='pci' index='0' model='pci-root'/>
<controller type='ide'
>>> index='0'> <address type='pci' domain='0x0000'
bus='0x00'
>>> slot='0x01' function='0x1'/> </controller>
<controller
>>> type='virtio-serial' index='0'> <address
type='pci'
>>> domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
>>> </controller> <interface type='network'> <mac
>>> address='52:54:00:35:b6:00'/> <source
network='default'/>
>>> <model type='virtio'/> <address type='pci'
domain='0x0000'
>>> bus='0x00' slot='0x03' function='0x0'/>
</interface> <serial
>>> type='pty'> <target port='0'/> </serial>
<console type='pty'>
>>> <target type='serial' port='0'/> </console>
<channel
>>> type='unix'> <source mode='bind'
>>>
path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/>
>>>
>>>
>>>
>>>
<target type='virtio' name='org.qemu.guest_agent.0'/>
>>> <address type='virtio-serial' controller='0'
bus='0' port='1'/>
>>> </channel> <channel type='spicevmc'> <target
type='virtio'
>>> name='com.redhat.spice.0'/> <address
type='virtio-serial'
>>> controller='0' bus='0' port='2'/> </channel>
<input
>>> type='tablet' bus='usb'/> <input type='mouse'
bus='ps2'/>
>>> <input type='keyboard' bus='ps2'/> <graphics
type='spice'
>>> autoport='yes'> <image compression='off'/>
</graphics> <sound
>>> model='ich6'> <address type='pci'
domain='0x0000' bus='0x00'
>>> slot='0x04' function='0x0'/> </sound> <video>
<model type='qxl'
>>> ram='65536' vram='65536' vgamem='16384'
heads='1'/> <address
>>> type='pci' domain='0x0000' bus='0x00'
slot='0x02'
>>> function='0x0'/> </video> <redirdev bus='usb'
type='spicevmc'>
>>> </redirdev> <redirdev bus='usb' type='spicevmc'>
</redirdev>
>>> <memballoon model='virtio'> <address type='pci'
domain='0x0000'
>>> bus='0x00' slot='0x08' function='0x0'/>
</memballoon>
>>> </devices> </domain>
>>>
>>
>
>> pub rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry
>> <rbarry(a)redhat.com> uid Ryan Barry <phresus(a)gmail.com> sub
>> rsa2048/9C33C113 2013-10-31
>
>> _______________________________________________ libvirt-users
>> mailing list libvirt-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/libvirt-users