1. Patchew
  2. Libvirt
  3. View series

[libvirt PATCH 00/15] qemu: Further improvements to firmware selection

Andrea Bolognani posted 15 patches 1 year, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20230317192747.1311223-1-abologna@redhat.com
...-manual-efi-no-secboot.x86_64-latest.args} |   4 +-
...xml => firmware-manual-efi-no-secboot.xml} |   5 +-
...are-manual-efi-secboot.x86_64-latest.args} |   0
...re.xml => firmware-manual-efi-secboot.xml} |   2 +-
tests/qemuxml2argvtest.c                      |  12 +-
...ware-auto-bios-stateless.x86_64-latest.xml |   6 +-
.../firmware-auto-bios.x86_64-latest.xml      |   6 +-
...rmware-auto-efi-aarch64.aarch64-latest.xml |   6 +-
...e-auto-efi-enrolled-keys.x86_64-latest.xml |   6 +-
...-efi-format-loader-qcow2.x86_64-latest.xml |   6 +-
...o-efi-format-loader-raw.aarch64-latest.xml |   6 +-
...-nvram-qcow2-network-nbd.x86_64-latest.xml |   5 +-
...-format-nvram-qcow2-path.x86_64-latest.xml |   6 +-
...o-efi-format-nvram-qcow2.x86_64-latest.xml |   6 +-
...uto-efi-loader-insecure.x86_64-latest.xml} |   8 +-
...loader-path-nonstandard.x86_64-latest.xml} |   4 +-
...re-auto-efi-loader-path.x86_64-latest.xml} |   6 +-
...e-auto-efi-loader-secure.x86_64-latest.xml |   6 +-
...uto-efi-no-enrolled-keys.x86_64-latest.xml |   9 +-
...ware-auto-efi-no-secboot.x86_64-latest.xml |   6 +-
...ware-auto-efi-nvram-file.x86_64-latest.xml |   6 +-
...-efi-nvram-network-iscsi.x86_64-latest.xml |   5 +-
...to-efi-nvram-network-nbd.x86_64-latest.xml |   5 +-
.../firmware-auto-efi-nvram.x86_64-latest.xml |   6 +-
...irmware-auto-efi-secboot.x86_64-latest.xml |   6 +-
...irmware-auto-efi-smm-off.x86_64-latest.xml |   6 +-
...mware-auto-efi-stateless.x86_64-latest.xml |   6 +-
.../firmware-auto-efi.x86_64-latest.xml       |   6 +-
...manual-efi-acpi-aarch64.aarch64-latest.xml |   6 +-
...ware-manual-efi-acpi-q35.x86_64-latest.xml |   6 +-
...anual-efi-loader-secure.x86_64-latest.xml} |   6 +-
...al-efi-no-enrolled-keys.x86_64-latest.xml} |   8 +-
...e-manual-efi-no-secboot.x86_64-latest.xml} |   6 +-
...nual-efi-noacpi-aarch64.aarch64-latest.xml |   6 +-
...re-manual-efi-nvram-file.x86_64-latest.xml |   6 +-
...-efi-nvram-network-iscsi.x86_64-latest.xml |   5 +-
...al-efi-nvram-network-nbd.x86_64-latest.xml |   5 +-
...anual-efi-nvram-template.x86_64-latest.xml |   6 +-
...ware-manual-efi-secboot.x86_64-latest.xml} |   6 +-
.../firmware-manual-efi.x86_64-latest.xml     |   6 +-
.../pvpanic-pci-aarch64.aarch64-latest.xml    |   6 +-
...-pci-no-address-aarch64.aarch64-latest.xml |   6 +-
.../virtio-iommu-aarch64.aarch64-latest.xml   |   6 +-
tests/qemuxml2xmltest.c                       |   8 +-
67 files changed, 409 insertions(+), 164 deletions(-)
rename tests/qemufirmwaredata/etc/qemu/firmware/{60-ovmf-sb.json => 42-masked.json} (100%)
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/42-masked.json
copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-auto-efi-loader-insecure.x86_64-latest.args} (100%)
delete mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path-nonstandard.x86_64-latest.err
copy tests/qemuxml2argvdata/{firmware-auto-efi-loader-path.xml => firmware-auto-efi-loader-path-nonstandard.xml} (86%)
copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-auto-efi-loader-path.x86_64-latest.args} (100%)
delete mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
rename tests/qemuxml2argvdata/{firmware-manual-efi-no-path.x86_64-latest.err => firmware-manual-efi-loader-no-path.x86_64-latest.err} (100%)
rename tests/qemuxml2argvdata/{firmware-manual-efi-no-path.xml => firmware-manual-efi-loader-no-path.xml} (100%)
copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-loader-secure.x86_64-latest.args} (100%)
copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-loader-secure.xml} (100%)
copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-no-enrolled-keys.x86_64-latest.args} (100%)
copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-no-enrolled-keys.xml} (87%)
copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-manual-efi-no-secboot.x86_64-latest.args} (90%)
copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-no-secboot.xml} (72%)
rename tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-secboot.x86_64-latest.args} (100%)
rename tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-secboot.xml} (86%)
copy tests/qemuxml2xmloutdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml => firmware-auto-efi-loader-insecure.x86_64-latest.xml} (82%)
copy tests/qemuxml2xmloutdata/{firmware-auto-bios-stateless.x86_64-latest.xml => firmware-auto-efi-loader-path-nonstandard.x86_64-latest.xml} (92%)
copy tests/qemuxml2xmloutdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml => firmware-auto-efi-loader-path.x86_64-latest.xml} (89%)
copy tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-loader-secure.x86_64-latest.xml} (89%)
copy tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-no-enrolled-keys.x86_64-latest.xml} (83%)
copy tests/qemuxml2xmloutdata/{firmware-manual-efi-acpi-q35.x86_64-latest.xml => firmware-manual-efi-no-secboot.x86_64-latest.xml} (89%)
rename tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-secboot.x86_64-latest.xml} (89%)
[libvirt PATCH 00/15] qemu: Further improvements to firmware selection
Posted by Andrea Bolognani 1 year, 2 months ago 
More information in the commit message for 11/15.

Ideally this would make it into 9.2.0 along with the other
changes to firmware selection I've made in this cycle[1].

[1] https://listman.redhat.com/archives/libvir-list/2023-February/237806.html

Andrea Bolognani (15):
  tests: Rename a few firmware tests
  tests: Fix firmware-auto-efi-loader-path-nonstandard
  tests: Add firmware-auto-efi-loader-path
  tests: Add more tests for manual Secure Boot configuration
  tests: Fix firmware descriptor masking test
  qemu: Introduce qemuFirmwareMatchesPaths()
  qemu: Discard requires-smm firmware when loader.secure=no
  qemu: Always go through firmware autoselection
  conf: Remove some firmware validation checks
  conf: Don't format firmware type/features when migrating
  qemu: Don't drop firmware type/features information
  qemu: Automatically add firmware type/features information
  conf: Don't explicitly set the secure-boot feature
  conf: Move validation check out of postparse
  qemu: Move validation check out of postparse

 src/conf/domain_conf.c                        |   5 +-
 src/conf/domain_postparse.c                   |  16 --
 src/conf/domain_validate.c                    |  42 +---
 src/qemu/qemu_domain.c                        |   6 -
 src/qemu/qemu_firmware.c                      | 186 +++++++++++++-----
 src/qemu/qemu_validate.c                      |   6 +
 .../{60-ovmf-sb.json => 42-masked.json}       |   0
 .../usr/share/qemu/firmware/42-masked.json    |  37 ++++
 tests/qemufirmwaretest.c                      |   2 +
 ...to-efi-loader-insecure.x86_64-latest.args} |   0
 ...auto-efi-loader-insecure.x86_64-latest.err |   1 -
 ...-loader-path-nonstandard.x86_64-latest.err |   1 +
 ...ware-auto-efi-loader-path-nonstandard.xml} |   2 +-
 ...e-auto-efi-loader-path.x86_64-latest.args} |   0
 ...are-auto-efi-loader-path.x86_64-latest.err |   1 -
 .../firmware-auto-efi-loader-path.xml         |   2 +-
 ...to-efi-no-enrolled-keys.x86_64-latest.args |   5 +-
 ...nual-efi-loader-no-path.x86_64-latest.err} |   0
 ...=> firmware-manual-efi-loader-no-path.xml} |   0
 ...nual-efi-loader-secure.x86_64-latest.args} |   0
 ... => firmware-manual-efi-loader-secure.xml} |   0
 ...l-efi-no-enrolled-keys.x86_64-latest.args} |   0
 ... firmware-manual-efi-no-enrolled-keys.xml} |   2 +-
 ...-manual-efi-no-secboot.x86_64-latest.args} |   4 +-
 ...xml => firmware-manual-efi-no-secboot.xml} |   5 +-
 ...are-manual-efi-secboot.x86_64-latest.args} |   0
 ...re.xml => firmware-manual-efi-secboot.xml} |   2 +-
 tests/qemuxml2argvtest.c                      |  12 +-
 ...ware-auto-bios-stateless.x86_64-latest.xml |   6 +-
 .../firmware-auto-bios.x86_64-latest.xml      |   6 +-
 ...rmware-auto-efi-aarch64.aarch64-latest.xml |   6 +-
 ...e-auto-efi-enrolled-keys.x86_64-latest.xml |   6 +-
 ...-efi-format-loader-qcow2.x86_64-latest.xml |   6 +-
 ...o-efi-format-loader-raw.aarch64-latest.xml |   6 +-
 ...-nvram-qcow2-network-nbd.x86_64-latest.xml |   5 +-
 ...-format-nvram-qcow2-path.x86_64-latest.xml |   6 +-
 ...o-efi-format-nvram-qcow2.x86_64-latest.xml |   6 +-
 ...uto-efi-loader-insecure.x86_64-latest.xml} |   8 +-
 ...loader-path-nonstandard.x86_64-latest.xml} |   4 +-
 ...re-auto-efi-loader-path.x86_64-latest.xml} |   6 +-
 ...e-auto-efi-loader-secure.x86_64-latest.xml |   6 +-
 ...uto-efi-no-enrolled-keys.x86_64-latest.xml |   9 +-
 ...ware-auto-efi-no-secboot.x86_64-latest.xml |   6 +-
 ...ware-auto-efi-nvram-file.x86_64-latest.xml |   6 +-
 ...-efi-nvram-network-iscsi.x86_64-latest.xml |   5 +-
 ...to-efi-nvram-network-nbd.x86_64-latest.xml |   5 +-
 .../firmware-auto-efi-nvram.x86_64-latest.xml |   6 +-
 ...irmware-auto-efi-secboot.x86_64-latest.xml |   6 +-
 ...irmware-auto-efi-smm-off.x86_64-latest.xml |   6 +-
 ...mware-auto-efi-stateless.x86_64-latest.xml |   6 +-
 .../firmware-auto-efi.x86_64-latest.xml       |   6 +-
 ...manual-efi-acpi-aarch64.aarch64-latest.xml |   6 +-
 ...ware-manual-efi-acpi-q35.x86_64-latest.xml |   6 +-
 ...anual-efi-loader-secure.x86_64-latest.xml} |   6 +-
 ...al-efi-no-enrolled-keys.x86_64-latest.xml} |   8 +-
 ...e-manual-efi-no-secboot.x86_64-latest.xml} |   6 +-
 ...nual-efi-noacpi-aarch64.aarch64-latest.xml |   6 +-
 ...re-manual-efi-nvram-file.x86_64-latest.xml |   6 +-
 ...-efi-nvram-network-iscsi.x86_64-latest.xml |   5 +-
 ...al-efi-nvram-network-nbd.x86_64-latest.xml |   5 +-
 ...anual-efi-nvram-template.x86_64-latest.xml |   6 +-
 ...ware-manual-efi-secboot.x86_64-latest.xml} |   6 +-
 .../firmware-manual-efi.x86_64-latest.xml     |   6 +-
 .../pvpanic-pci-aarch64.aarch64-latest.xml    |   6 +-
 ...-pci-no-address-aarch64.aarch64-latest.xml |   6 +-
 .../virtio-iommu-aarch64.aarch64-latest.xml   |   6 +-
 tests/qemuxml2xmltest.c                       |   8 +-
 67 files changed, 409 insertions(+), 164 deletions(-)
 rename tests/qemufirmwaredata/etc/qemu/firmware/{60-ovmf-sb.json => 42-masked.json} (100%)
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/42-masked.json
 copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-auto-efi-loader-insecure.x86_64-latest.args} (100%)
 delete mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-insecure.x86_64-latest.err
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path-nonstandard.x86_64-latest.err
 copy tests/qemuxml2argvdata/{firmware-auto-efi-loader-path.xml => firmware-auto-efi-loader-path-nonstandard.xml} (86%)
 copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-auto-efi-loader-path.x86_64-latest.args} (100%)
 delete mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-loader-path.x86_64-latest.err
 rename tests/qemuxml2argvdata/{firmware-manual-efi-no-path.x86_64-latest.err => firmware-manual-efi-loader-no-path.x86_64-latest.err} (100%)
 rename tests/qemuxml2argvdata/{firmware-manual-efi-no-path.xml => firmware-manual-efi-loader-no-path.xml} (100%)
 copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-loader-secure.x86_64-latest.args} (100%)
 copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-loader-secure.xml} (100%)
 copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-no-enrolled-keys.x86_64-latest.args} (100%)
 copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-no-enrolled-keys.xml} (87%)
 copy tests/qemuxml2argvdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.args => firmware-manual-efi-no-secboot.x86_64-latest.args} (90%)
 copy tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-no-secboot.xml} (72%)
 rename tests/qemuxml2argvdata/{firmware-manual-efi-secure.x86_64-latest.args => firmware-manual-efi-secboot.x86_64-latest.args} (100%)
 rename tests/qemuxml2argvdata/{firmware-manual-efi-secure.xml => firmware-manual-efi-secboot.xml} (86%)
 copy tests/qemuxml2xmloutdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml => firmware-auto-efi-loader-insecure.x86_64-latest.xml} (82%)
 copy tests/qemuxml2xmloutdata/{firmware-auto-bios-stateless.x86_64-latest.xml => firmware-auto-efi-loader-path-nonstandard.x86_64-latest.xml} (92%)
 copy tests/qemuxml2xmloutdata/{firmware-auto-efi-no-enrolled-keys.x86_64-latest.xml => firmware-auto-efi-loader-path.x86_64-latest.xml} (89%)
 copy tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-loader-secure.x86_64-latest.xml} (89%)
 copy tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-no-enrolled-keys.x86_64-latest.xml} (83%)
 copy tests/qemuxml2xmloutdata/{firmware-manual-efi-acpi-q35.x86_64-latest.xml => firmware-manual-efi-no-secboot.x86_64-latest.xml} (89%)
 rename tests/qemuxml2xmloutdata/{firmware-manual-efi-secure.x86_64-latest.xml => firmware-manual-efi-secboot.x86_64-latest.xml} (89%)

-- 
2.39.2
Re: [libvirt PATCH 00/15] qemu: Further improvements to firmware selection
Posted by Michal Prívozník 1 year, 1 month ago 
On 3/17/23 20:27, Andrea Bolognani wrote:
> More information in the commit message for 11/15.
> 
> Ideally this would make it into 9.2.0 along with the other
> changes to firmware selection I've made in this cycle[1].
> 
> [1] https://listman.redhat.com/archives/libvir-list/2023-February/237806.html
> 
> Andrea Bolognani (15):
>   tests: Rename a few firmware tests
>   tests: Fix firmware-auto-efi-loader-path-nonstandard
>   tests: Add firmware-auto-efi-loader-path
>   tests: Add more tests for manual Secure Boot configuration
>   tests: Fix firmware descriptor masking test
>   qemu: Introduce qemuFirmwareMatchesPaths()
>   qemu: Discard requires-smm firmware when loader.secure=no
>   qemu: Always go through firmware autoselection
>   conf: Remove some firmware validation checks
>   conf: Don't format firmware type/features when migrating
>   qemu: Don't drop firmware type/features information
>   qemu: Automatically add firmware type/features information
>   conf: Don't explicitly set the secure-boot feature
>   conf: Move validation check out of postparse
>   qemu: Move validation check out of postparse
> 

>  67 files changed, 409 insertions(+), 164 deletions(-)


Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal
Re: [libvirt PATCH 00/15] qemu: Further improvements to firmware selection
Posted by Andrea Bolognani 1 year, 1 month ago 
On Tue, Mar 21, 2023 at 01:49:50PM +0100, Michal Prívozník wrote:
> On 3/17/23 20:27, Andrea Bolognani wrote:
> > More information in the commit message for 11/15.
> >
> > Ideally this would make it into 9.2.0 along with the other
> > changes to firmware selection I've made in this cycle[1].
> >
> > [1] https://listman.redhat.com/archives/libvir-list/2023-February/237806.html
> >
> > Andrea Bolognani (15):
> >   tests: Rename a few firmware tests
> >   tests: Fix firmware-auto-efi-loader-path-nonstandard
> >   tests: Add firmware-auto-efi-loader-path
> >   tests: Add more tests for manual Secure Boot configuration
> >   tests: Fix firmware descriptor masking test
> >   qemu: Introduce qemuFirmwareMatchesPaths()
> >   qemu: Discard requires-smm firmware when loader.secure=no
> >   qemu: Always go through firmware autoselection
> >   conf: Remove some firmware validation checks
> >   conf: Don't format firmware type/features when migrating
> >   qemu: Don't drop firmware type/features information
> >   qemu: Automatically add firmware type/features information
> >   conf: Don't explicitly set the secure-boot feature
> >   conf: Move validation check out of postparse
> >   qemu: Move validation check out of postparse
>
> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Thanks a lot!

There's a teeny tiny additional patch that needs to go in before I
can push these, otherwise the Ubuntu jobs will start failing. Can you
please take a look at that one too?

https://listman.redhat.com/archives/libvir-list/2023-March/238956.html

-- 
Andrea Bolognani / Red Hat / Virtualization

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.