On 12/29/25 00:33, Andrea Bolognani via Devel wrote: > This series improves validation so that more nonsensical > configurations are rejected, fixes a number of scenarios in which > user-provided attributes were getting overwritten by the firmware > selection process, and overall makes things more predictable and > reliable. > > Notably, it addresses the inability of starting confidential VMs on > aarch64, which was reported[1] some time ago. > > It is also a prerequisite of another series that I will post shortly, > which introduces support for the uefi-vars QEMU device and thus makes > it possible to use Secure Boot for aarch64 VMs. Since all these fixes > and improvements make sense on their own, and there is a little bit > of work still needed on the QEMU/edk2 side before the other series > can be merged, I decided to post this one separately instead of > lumping them together. It's not like it's not meaty enough on its own > anyway :) > > [1] > https://lists.libvirt.org/archives/list/[email protected]/thread/D5UDRJ4G66JXDMJHHEUNITRZHLBQH2TO/ > > Andrea Bolognani (36): > qemu_firmware: Drop support for kernel descriptors > qemu_firmware: Drop 'nvram' local variable > qemu_firmware: Move format=raw compat exception > qemu_firmware: Move copying of nvram.format to loader.format > tests: Add firmware-manual-efi-rw-nvram > domain_validate: Reject NVRAM with read/write firmware > tests: Add firmware-auto-bios-rw > tests: Add firmware-manual-bios-rw > domain_validate: Reject read/write ROMs > tests: Add firmware-auto-efi-format-loader-qcow2-rom > domain_validate: Reject ROMs with format other than raw > qemu_firmware: Ignore stateless/combined when NVRAM is configured > qemu_firmware: Drop fallback for absent nvramTemplateFormat > schemas: Allow templateFormat without template path > tests: Add firmware-manual-efi-nvram-template-nonstandard-format > tests: Add firmware-manual-efi-nvram-template-nonstandard-legacy-paths > tests: Add firmware-auto-efi-format-nvram-raw > tests: Add firmware-auto-efi-format-nvram-raw-loader-path > tests: Add firmware-auto-efi-format-nvram-raw-nvramtemplate-path > tests: Add firmware-auto-efi-format-nvramtemplate-qcow2 > tests: Add firmware-auto-efi-format-mismatch-nvramtemplate > qemu_firmware: Introduce qemuFirmwareFillDomainCustom() > qemu_firmware: Set templateFormat for custom paths > qemu_firmware: Simplify handling of legacy paths > qemu_firmware: Refactor setting NVRAM format > qemu_firmware: Prefer template format to loader format > qemu_firmware: Retain user-specified NVRAM format > qemu_firmware: Take templateFormat into account when matching > qemu_firmware: Take NVRAM format into account when matching > qemu_firmware: Remove NVRAM to loader format copy hack > tests: Add firmware-manual-efi-sev-snp > tests: Add firmware-manual-efi-tdx > qemu_firmware: ROM firmware is always in raw format > qemu_firmware: Don't skip autoselection for ROM > qemu_firmware: Allow matching both UEFI and BIOS for ROM loader > news: Mention improvements and fixes to firmware selection > > NEWS.rst | 8 + > src/conf/domain_conf.c | 18 +- > src/conf/domain_validate.c | 30 ++ > src/conf/schemas/domaincommon.rng | 10 +- > src/qemu/qemu_firmware.c | 367 ++++++++++-------- > src/qemu/qemu_postparse.c | 17 - > .../firmware-auto-bios-rw.x86_64-latest.err | 1 + > ...> firmware-auto-bios-rw.x86_64-latest.xml} | 5 +- > .../qemuxmlconfdata/firmware-auto-bios-rw.xml | 18 + > ...-format-loader-qcow2-rom.x86_64-latest.err | 1 + > ...mware-auto-efi-format-loader-qcow2-rom.xml | 18 + > ...t-mismatch-nvramtemplate.x86_64-latest.err | 1 + > ...-mismatch-nvramtemplate.x86_64-latest.xml} | 6 +- > ...auto-efi-format-mismatch-nvramtemplate.xml | 19 + > ...uto-efi-format-mismatch.x86_64-latest.args | 5 +- > ...auto-efi-format-mismatch.x86_64-latest.xml | 2 +- > ...-nvram-raw-loader-path.x86_64-latest.args} | 4 +- > ...t-nvram-raw-loader-path.x86_64-latest.xml} | 4 +- > ...-auto-efi-format-nvram-raw-loader-path.xml | 19 + > ...raw-nvramtemplate-path.x86_64-latest.args} | 4 +- > ...-raw-nvramtemplate-path.x86_64-latest.xml} | 4 +- > ...fi-format-nvram-raw-nvramtemplate-path.xml | 18 + > ...t-nvram-raw.x86_64-latest.abi-update.args} | 0 > ...at-nvram-raw.x86_64-latest.abi-update.xml} | 0 > ...o-efi-format-nvram-raw.x86_64-latest.args} | 0 > ...to-efi-format-nvram-raw.x86_64-latest.xml} | 0 > .../firmware-auto-efi-format-nvram-raw.xml | 18 + > ...at-nvramtemplate-qcow2.x86_64-latest.args} | 9 +- > ...mat-nvramtemplate-qcow2.x86_64-latest.xml} | 4 +- > ...re-auto-efi-format-nvramtemplate-qcow2.xml | 18 + > .../firmware-manual-bios-rw.x86_64-latest.err | 1 + > .../firmware-manual-bios-rw.xml | 15 + > ...-loader-path-nonstandard.x86_64-latest.xml | 2 +- > ...ate-nonstandard-format.x86_64-latest.args} | 10 +- > ...late-nonstandard-format.x86_64-latest.xml} | 4 +- > ...-efi-nvram-template-nonstandard-format.xml | 19 + > ...nstandard-legacy-paths.x86_64-latest.args} | 4 +- > ...onstandard-legacy-paths.x86_64-latest.xml} | 5 +- > ...vram-template-nonstandard-legacy-paths.xml | 20 + > ...ram-template-nonstandard.x86_64-latest.xml | 2 +- > ...ware-manual-efi-rw-nvram.x86_64-latest.err | 1 + > .../firmware-manual-efi-rw-nvram.xml | 19 + > ...ual-efi-sev-snp.x86_64-latest+amdsev.args} | 7 +- > ...nual-efi-sev-snp.x86_64-latest+amdsev.xml} | 12 +- > .../firmware-manual-efi-sev-snp.xml | 21 + > ...anual-efi-tdx.x86_64-latest+inteltdx.args} | 9 +- > ...manual-efi-tdx.x86_64-latest+inteltdx.xml} | 11 +- > .../firmware-manual-efi-tdx.xml | 25 ++ > tests/qemuxmlconftest.c | 19 + > 49 files changed, 571 insertions(+), 263 deletions(-)
Reviewed-by: Michal Privoznik <[email protected]> Michal
