On Tue, Jul 29, 2025 at 03:28:49PM -0600, Jim Fehlig wrote:
> On 5/13/25 14:25, Jim Fehlig wrote:
> > On 4/24/25 14:18, Jim Fehlig wrote:
> > > On 4/24/25 04:59, Daniel P. Berrangé wrote:
> > > > On Mon, Apr 21, 2025 at 01:38:35PM -0600, Jim Fehlig via Devel wrote:
> > > > > Hi All,
> > > > >
> > > > > While investigating an internal bug report, we noticed that a minimal
> > > > > firmware auto-selection configuration along with SEV* fails to find a
> > > > > match.
> > > > > E.g. the following config
> > > > >
> > > > > <domain type="kvm">
> > > > > <os firmware="efi">
> > > > > <type arch="x86_64" machine="q35">hvm</type>
> > > > > <boot dev="hd"/>
> > > > > </os>
> > > > > <launchSecurity type="sev">
> > > > > <policy>0x07</policy>
> > > > > </launchSecurity>
> > > > > ...
> > > > > </domain>
> > > > >
> > > > > Fails with "Unable to find 'efi' firmware that is compatible with the
> > > > > current configuration". A firmware that should match has the
> > > > > following json
> > > > > description
> > > > >
> > > > > {
> > > > > "description": "UEFI firmware for x86_64, with AMD SEV",
> > > > > "interface-types": [
> > > > > "uefi"
> > > > > ],
> > > > > "mapping": {
> > > > > "device": "flash",
> > > > > "mode": "stateless",
> > > > > "executable": {
> > > > > "filename": "/usr/share/qemu/ovmf-x86_64-sev.bin",
> > > > > "format": "raw"
> > > > > }
> > > > > },
> > > > > "targets": [
> > > > > {
> > > > > "architecture": "x86_64",
> > > > > "machines": [
> > > > > "pc-q35-*"
> > > > > ]
> > > > > }
> > > > > ],
> > > > > "features": [
> > > > > "acpi-s4",
> > > > > "amd-sev",
> > > > > "amd-sev-es",
> > > > > "amd-sev-snp",
> > > > > "verbose-dynamic"
> > > > > ],
> > > > > "tags": [
> > > > >
> > > > > ]
> > > > > }
> > > > >
> > > > > Auto-selection works fine if I specify a 'stateless' firmware, e.g.
> > > > > amend
> > > > > the above config with
> > > > >
> > > > > <os firmware="efi">
> > > > > <type arch="x86_64" machine="q35">hvm</type>
> > > > > <loader stateless="yes"/>
> > > > > <boot dev="hd"/>
> > > > > </os>
> > > > >
> > > > > Being unfamiliar with the firmware auto-selection code, I tried the
> > > > > below
> > > > > naive hack, which only led to test failures and the subsequent
> > > > > runtime error
> > > > > "unable to find any master var store for loader:
> > > > > /usr/share/qemu/ovmf-x86_64-sev.bin". Should auto-selection work with
> > > > > the
> > > > > minimal config, or is it expected that user also specify a stateless
> > > > > firmware?
> >
> > Andrea,
> >
> > Having spent a fair bit of time in the firmware auto-selection code,
> > perhaps you have an opinion about this?
>
> Sorry to keep nagging about this, but I still see the issue with latest git
> master using a json descriptor identical to the latest Fedora one. When
> omitting the 'stateless' attribute, autoselection fails with
>
> operation failed: Unable to find 'efi' firmware that is compatible with the
> current configuration
>
> With debug enabled, I can see the firmware is not even considered since it's
> not "split"
>
> 2025-07-29 21:02:05.517+0000: 32187: debug : qemuFirmwareMatchDomain:1310 :
> Discarding loader without split flash
>
> I would need to install Fedora and verify myself, but I'd be surprised if it
> didn't encounter the same issue. Without the 'stateless' attribute, the
> following test would fail
>
> https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_firmware.c?ref_type=heads#L1303
>
> executing the else condition, and failing similarly since the firmware is not
> split.
So I've tested the scenario I mentioned before, and in fact see the
same behaviour as you describe
error: operation failed: Unable to find 'efi' firmware that is compatible with
the current configuration
which confuses me, because I'm sure I used virt-install to provision
SNP guests before, without expanding the args to
--boot uefi,loader.stateless=on
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
