Reviewed: https://review.opendev.org/c/openstack/nova/+/825496 Committed: https://opendev.org/openstack/nova/commit/6ad789010043dc4dcf8d1c0f497b6c728d230f45 Submitter: "Zuul (22348)" Branch: master
commit 6ad789010043dc4dcf8d1c0f497b6c728d230f45 Author: Imran Hussain <i...@imranh.co.uk> Date: Thu Jan 20 12:26:41 2022 +0000 [nova/libvirt] Support for checking and enabling SMM when needed Check the features list we get from the firmware descriptor file to see if we need SMM (requires-smm), if so then enable it as we aren't using the libvirt built in mechanism to enable it when grabbing the right firmware. Closes-Bug: 1958636 Change-Id: I890b3021a29fa546d9e36b21b1111e8537cd0020 Signed-off-by: Imran Hussain <i...@imranh.co.uk> ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1958636 Title: nova / libvirt Secure Boot VM support not fully functional Status in OpenStack Compute (nova): Fix Released Bug description: Hi, I've been trying to get Secure Boot VMs working on my Openstack. But I'm running in to issues with firmware requiring SMM enabled. Versions: libvirt version: 6.0.0, package: 0ubuntu8.15 QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.18) Nova 23.1.1 (deployed via kolla, so kolla/ubuntu-source-nova-compute:wallaby is the image) ovmf 0~20191122.bd85bf54-2ubuntu3.3 There's an issue with the way Nova Libvirt driver handles secure boot and the firmware bit. It boils down to Nova Libvirt driver doesn't produce the correct XML to start a VM. Nova needs to either: 1) Take advantage of Libvirts auto firmware selection feature OR 2) Produce the correct XML I have produced 2 series of patch sets for both approaches. Neither patch set is production/merge ready but works on my systems and provides a base. 1. https://review.opendev.org/c/openstack/nova/+/825729 2. https://review.opendev.org/c/openstack/nova/+/825496 Context: http://lists.openstack.org/pipermail/openstack-discuss/2022-January/026796.html http://lists.openstack.org/pipermail/openstack-discuss/2022-January/026826.html https://specs.openstack.org/openstack/nova-specs/specs/wallaby/implemented/allow-secure-boot-for-qemu-kvm-guests.html https://that.guru/blog/uefi-secure-boot-in-libvirt/ https://libvirt.org/formatdomain.html#bios-bootloader To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1958636/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp