From nobody Fri May  3 10:19:21 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1658507015; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Rsr5TFAFTVV0v/VDu95+T8vfqrIACmlJNXXc27UgCniWEb6EzGxl1RsLD8LIy7nG0lLdcMxbLBqThih6N1ViMeFHroda+Bhv7WvZJ8ex48mP+xIyAtEXcTvoHThbYz9ZGppudG63DRTNj/hCs6sRHAcicecR30oyQxApDNKK7e0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1658507015;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=CRXAYx+dD9O1sF4aCXSujIY180nPFa5sZQCYf6qSVAc=;
	b=j030eDuM+ZzyWahUbONdtN2FNA7uQ3DoMd+l520D0BR8H6DAqc3hpn69lkqTPeTZbUDgxCr1kHhEz84SYpaU36HxShkA8LhU7Ue+UfePyeSlA5Cn/Jphsj7INFJmRO28+PViJLBpWCuPUni8bN5gYyg8BjkgkVJvA9M73ddiD+8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1658507015135288.17456115521304;
 Fri, 22 Jul 2022 09:23:35 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-358-ZMJe-5vGPBunxa_iMmHKYQ-1; Fri, 22 Jul 2022 12:23:24 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
 [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 82B38811E7A;
	Fri, 22 Jul 2022 16:23:22 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 6C0412166B2A;
	Fri, 22 Jul 2022 16:23:22 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 5687E1940348;
	Fri, 22 Jul 2022 16:23:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 06EA6194704D for <libvir-list@listman.corp.redhat.com>;
 Fri, 22 Jul 2022 16:23:20 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id EB1291121315; Fri, 22 Jul 2022 16:23:19 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.33.36.91])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 560AA1121314;
 Fri, 22 Jul 2022 16:23:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1658507014;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=CRXAYx+dD9O1sF4aCXSujIY180nPFa5sZQCYf6qSVAc=;
	b=Mgm5BQvL92FTT3QgwdbkYID20IZBfRaYHQNtMGk/Hh5009v1IjyghhqWTspry8Gpn2l/Su
	a4uDsNFaIY9F+pdTIxrgJgzYrY5uBpcX9vcNKHgOsIdCB0acCiiam74hj5YCbbNJvS7515
	LitJ0N3L+9YW4kAM6uFME7LJP+KYa7I=
X-MC-Unique: ZMJe-5vGPBunxa_iMmHKYQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 1/2] conf: support stateless UEFI firmware
Date: Fri, 22 Jul 2022 17:23:16 +0100
Message-Id: <20220722162317.2377173-2-berrange@redhat.com>
In-Reply-To: <20220722162317.2377173-1-berrange@redhat.com>
References: <20220722162317.2377173-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1658507016359100001

Normally when an UEFI firmware is marked as read-only, an associated
NVRAM file will be created. Some builds of UEFI firmware, however, wish
to remain stateless and so will be read-only, but never have any NVRAM
file. To represent this concept a 'stateless' tristate bool attribute
is introduced on the <loader/> element.

There are rather a large number of permutations to consider.

With default firmware selection

  *  <os/>

     =3D> Historic default, no change

  *  <os>
       <loader stateless=3D'yes'/>
     </os>

     =3D> Explicit version of historic default, no change

  *  <os>
       <loader stateless=3D'no'/>
     </os>

      =3D> Invalid, bios is always stateless

With manual legacy BIOS selection

  *  <os>
       <loader>/path/to/seabios</loader>
       ...
     </os>

     =3D> Historic default, no change

  *  <os>
       <loader stateless=3D'yes'>/path/to/seabios</loader>
       ...
     </os>

     =3D> Explicit version of historic default, no change

  *  <os>
       <loader stateless=3D'no'>/path/to/seabios</loader>
       ...
     </os>

      =3D> Invalid, bios is always stateless

With manual UEFI selection

  *  <os>
       <loader type=3D'pflash'>/path/to/edk2</loader>
       ...
     </os>

     =3D> Historic default, no change

  *  <os>
       <loader type=3D'pflash' stateless=3D'yes'>/path/to/edk2</loader>
       ...
     </os>

     =3D> Skip auto-filling NVRAM / template

  *  <os>
       <loader type=3D'pflash' stateless=3D'no'>/path/to/edk2</loader>
       ...
     </os>

     =3D> Explicit version of historic default, no change

With automatic firmware selection

  *  <os firmware=3D'bios'/>

     =3D> Historic default, no change

  *  <os firmware=3D'bios'>
       <loader stateless=3D'yes'/>
     </os>

     =3D> Explicit version of historic default, no change

  *  <os firmware=3D'bios'>
       <loader stateless=3D'no'/>
     </os>

      =3D> Invalid, bios is always stateless

  *  <os firmware=3D'uefi'/>

     =3D> Historic default, no change

  *  <os firmware=3D'uefi'>
       <loader stateless=3D'yes'/>
     </os>

     =3D> Skip auto-filling NVRAM / template

  *  <os firmware=3D'uefi'>
       <loader stateless=3D'no'/>
     </os>

     =3D> Explicit version of historic default, no change

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 docs/formatdomain.rst                         |  9 ++++-
 src/conf/domain_conf.c                        |  9 +++++
 src/conf/domain_conf.h                        |  1 +
 src/conf/domain_validate.c                    | 26 ++++++++++++++
 src/conf/schemas/domaincommon.rng             |  5 +++
 ...-auto-bios-not-stateless.x86_64-latest.err |  1 +
 .../firmware-auto-bios-not-stateless.xml      | 18 ++++++++++
 ...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++++++
 .../firmware-auto-bios-stateless.xml          | 18 ++++++++++
 .../firmware-manual-bios-not-stateless.err    |  1 +
 .../firmware-manual-bios-not-stateless.xml    | 15 ++++++++
 .../firmware-manual-bios-stateless.args       | 30 ++++++++++++++++
 .../firmware-manual-bios-stateless.xml        | 15 ++++++++
 ...nual-efi-nvram-stateless.x86_64-latest.err |  1 +
 .../firmware-manual-efi-nvram-stateless.xml   | 21 ++++++++++++
 ...nvram-template-stateless.x86_64-latest.err |  1 +
 ...re-manual-efi-nvram-template-stateless.xml | 19 +++++++++++
 tests/qemuxml2argvtest.c                      |  8 +++++
 ...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++++++++
 .../firmware-manual-bios-stateless.xml        | 25 ++++++++++++++
 .../firmware-manual-bios.xml                  | 25 ++++++++++++++
 tests/qemuxml2xmltest.c                       |  3 ++
 22 files changed, 316 insertions(+), 1 deletion(-)
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless=
.x86_64-latest.err
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless=
.xml
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86=
_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-statele=
ss.err
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-statele=
ss.xml
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.a=
rgs
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.x=
ml
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-statel=
ess.x86_64-latest.err
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-statel=
ess.xml
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-templa=
te-stateless.x86_64-latest.err
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-templa=
te-stateless.xml
 create mode 100644 tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x=
86_64-latest.xml
 create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless=
.xml
 create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3ea094e64c..4199abfd1a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -242,7 +242,11 @@ harddisk, cdrom, network) determining where to obtain/=
find the boot image.
    firmwares may implement the Secure boot feature. Attribute ``secure`` c=
an be
    used to tell the hypervisor that the firmware is capable of Secure Boot=
 feature.
    It cannot be used to enable or disable the feature itself in the firmwa=
re.
-   :since:`Since 2.1.0`
+   :since:`Since 2.1.0`. If the loader is marked as read-only, then with U=
EFI it
+   is assumed that there will be a writable NVRAM available. In some cases,
+   however, it may be desirable for the loader to run without any NVRAM, d=
iscarding
+   any config changes on shutdown. The ``stateless`` flag can be used to c=
ontrol
+   this behaviour, when set to ``no`` NVRAM will never be created.
 ``nvram``
    Some UEFI firmwares may want to use a non-volatile memory to store some
    variables. In the host, this is represented as a file and the absolute =
path
@@ -262,6 +266,9 @@ harddisk, cdrom, network) determining where to obtain/f=
ind the boot image.
    **Note:** ``network`` backed NVRAM the variables are not instantiated f=
rom
    the ``template`` and it's user's responsibility to provide a valid NVRA=
M image.
=20
+   It is not valid to provide this element if the loader is marked as
+   stateless.
+
 ``boot``
    The ``dev`` attribute takes one of the values "fd", "hd", "cdrom" or
    "network" and is used to specify the next boot device to consider. The
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c7564e3a3a..e85cc1f809 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -16682,6 +16682,10 @@ virDomainLoaderDefParseXML(virDomainLoaderDef *loa=
der,
                                &loader->secure) < 0)
         return -1;
=20
+    if (virXMLPropTristateBool(loaderNode, "stateless", VIR_XML_PROP_NONE,
+                               &loader->stateless) < 0)
+        return -1;
+
     return 0;
 }
=20
@@ -25888,6 +25892,11 @@ virDomainLoaderDefFormat(virBuffer *buf,
         virBufferAsprintf(&loaderAttrBuf, " type=3D'%s'",
                           virDomainLoaderTypeToString(loader->type));
=20
+    if (loader->stateless !=3D VIR_TRISTATE_BOOL_ABSENT) {
+        virBufferAsprintf(&loaderAttrBuf, " stateless=3D'%s'",
+                          virTristateBoolTypeToString(loader->stateless));
+    }
+
     virBufferEscapeString(&loaderChildBuf, "%s", loader->path);
=20
     virXMLFormatElementInternal(buf, "loader", &loaderAttrBuf, &loaderChil=
dBuf, false, false);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 90de50c12f..060c395943 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2266,6 +2266,7 @@ struct _virDomainLoaderDef {
     virTristateBool readonly;
     virDomainLoader type;
     virTristateBool secure;
+    virTristateBool stateless;
     virStorageSource *nvram;
     bool newStyleNVRAM;
     char *nvramTemplate;   /* user override of path to master nvram */
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 814922cd46..cfd868fafa 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1672,6 +1672,32 @@ virDomainDefOSValidate(const virDomainDef *def,
         }
     }
=20
+    if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) {
+        if (loader->nvramTemplate) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("NVRAM template is not permitted when loader =
is stateless"));
+            return -1;
+        }
+
+        if (loader->nvram) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("NVRAM is not permitted when loader is statel=
ess"));
+            return -1;
+        }
+    } else if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_NO) {
+        if (def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
+            if (def->os.loader->type !=3D VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+                virReportError(VIR_ERR_XML_DETAIL, "%s",
+                               _("Only pflash loader type permits NVRAM"));
+                return -1;
+            }
+        } else if (def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("Only EFI firmware permits NVRAM"));
+            return -1;
+        }
+    }
+
     return 0;
 }
=20
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom=
mon.rng
index 2f07c25430..aaecf795c6 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -320,6 +320,11 @@
                 </choice>
               </attribute>
             </optional>
+            <optional>
+              <attribute name=3D"stateless">
+                <ref name=3D"virYesNo"/>
+              </attribute>
+            </optional>
             <optional>
               <ref name=3D"absFilePath"/>
             </optional>
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64=
-latest.err b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_6=
4-latest.err
new file mode 100644
index 0000000000..b058f970a4
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest=
.err
@@ -0,0 +1 @@
+Only EFI firmware permits NVRAM
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml b/=
tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
new file mode 100644
index 0000000000..b2c8fc1122
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
@@ -0,0 +1,18 @@
+<domain type=3D'kvm'>
+  <name>fedora</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>8192</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'bios'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-4.0'>hvm</type>
+    <loader stateless=3D'no'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-lat=
est.args b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-lates=
t.args
new file mode 100644
index 0000000000..1d45a8cfba
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
@@ -0,0 +1,32 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-fedora \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dfedora,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-fedora/master-key.aes"}' \
+-machine pc-q35-4.0,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ra=
m \
+-accel kvm \
+-cpu qemu64 \
+-bios /usr/share/seabios/bios-256k.bin \
+-m 8 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml b/test=
s/qemuxml2argvdata/firmware-auto-bios-stateless.xml
new file mode 100644
index 0000000000..4847951346
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
@@ -0,0 +1,18 @@
+<domain type=3D'kvm'>
+  <name>fedora</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>8192</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'bios'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-4.0'>hvm</type>
+    <loader stateless=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err =
b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
new file mode 100644
index 0000000000..188a5a4180
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
@@ -0,0 +1 @@
+Only pflash loader type permits NVRAM
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml =
b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
new file mode 100644
index 0000000000..b60878ca0b
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
@@ -0,0 +1,15 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <loader stateless=3D'no'>/usr/share/seabios/bios.bin</loader>
+  </os>
+  <devices>
+   <emulator>/usr/bin/qemu-system-i386</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-stateless.args b/t=
ests/qemuxml2argvdata/firmware-manual-bios-stateless.args
new file mode 100644
index 0000000000..e1cb064b71
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
@@ -0,0 +1,30 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-test-bios \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-test-bios/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-test-bios/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-test-bios/.config \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-i386 \
+-name guest=3Dtest-bios,debug-threads=3Don \
+-S \
+-object secret,id=3DmasterKey0,format=3Draw,file=3D/tmp/lib/domain--1-test=
-bios/master-key.aes \
+-machine pc,usb=3Doff,dump-guest-core=3Doff \
+-accel tcg \
+-bios /usr/share/seabios/bios.bin \
+-m 1024 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 362d1fc1-df7d-193e-5c18-49a71bd1da66 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml b/te=
sts/qemuxml2argvdata/firmware-manual-bios-stateless.xml
new file mode 100644
index 0000000000..9d6f4e4c83
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
@@ -0,0 +1,15 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <loader stateless=3D'yes'>/usr/share/seabios/bios.bin</loader>
+  </os>
+  <devices>
+   <emulator>/usr/bin/qemu-system-i386</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86=
_64-latest.err b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless=
.x86_64-latest.err
new file mode 100644
index 0000000000..de8db3763d
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-lat=
est.err
@@ -0,0 +1 @@
+NVRAM is not permitted when loader is stateless
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml=
 b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
new file mode 100644
index 0000000000..717712e89b
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
@@ -0,0 +1,21 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <loader stateless=3D'yes' readonly=3D'yes' type=3D'pflash'>/usr/share/=
OVMF/OVMF_CODE.fd</loader>
+    <nvram type=3D'file'>
+      <source file=3D'/var/lib/libvirt/nvram/guest_VARS.fd'/>
+    </nvram>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stat=
eless.x86_64-latest.err b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-=
template-stateless.x86_64-latest.err
new file mode 100644
index 0000000000..95ec794c17
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x=
86_64-latest.err
@@ -0,0 +1 @@
+NVRAM template is not permitted when loader is stateless
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stat=
eless.xml b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-state=
less.xml
new file mode 100644
index 0000000000..a6d7079b78
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x=
ml
@@ -0,0 +1,19 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <loader stateless=3D'yes' readonly=3D'yes' type=3D'pflash'>/usr/share/=
OVMF/OVMF_CODE.fd</loader>
+    <nvram template=3D"/usr/share/OVMF/OVMF_VARS.fd"/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index b2da42cb1f..57d5f3e1c1 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1190,6 +1190,10 @@ mymain(void)
=20
     DO_TEST("firmware-manual-bios",
             QEMU_CAPS_DEVICE_ISA_SERIAL);
+    DO_TEST("firmware-manual-bios-stateless",
+            QEMU_CAPS_DEVICE_ISA_SERIAL);
+    DO_TEST_PARSE_ERROR("firmware-manual-bios-not-stateless",
+                        QEMU_CAPS_DEVICE_ISA_SERIAL);
     DO_TEST_NOCAPS("firmware-manual-efi");
     DO_TEST_PARSE_ERROR_NOCAPS("firmware-manual-efi-no-path");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-features");
@@ -1202,10 +1206,12 @@ mymain(void)
             QEMU_CAPS_ICH9_AHCI,
             QEMU_CAPS_VIRTIO_SCSI);
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
+    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-st=
ateless");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
     DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-nvram-network-iscsi"=
, "4.1.0");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
+    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-stateless");
=20
     /* Make sure all combinations of ACPI and UEFI behave as expected */
     DO_TEST_NOCAPS("firmware-manual-efi-acpi-aarch64");
@@ -1218,6 +1224,8 @@ mymain(void)
     DO_TEST_NOCAPS("firmware-manual-noefi-noacpi-q35");
=20
     DO_TEST_CAPS_LATEST("firmware-auto-bios");
+    DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
+    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
     DO_TEST_CAPS_LATEST("firmware-auto-efi");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
diff --git a/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-l=
atest.xml b/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-la=
test.xml
new file mode 100644
index 0000000000..f1b5516ce4
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.x=
ml
@@ -0,0 +1,34 @@
+<domain type=3D'kvm'>
+  <name>fedora</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>8192</memory>
+  <currentMemory unit=3D'KiB'>8192</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'bios'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-4.0'>hvm</type>
+    <loader stateless=3D'yes'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'sata' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x1f' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml b/=
tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
new file mode 100644
index 0000000000..de5ecb96dc
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
@@ -0,0 +1,25 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <loader type=3D'rom' stateless=3D'yes'>/usr/share/seabios/bios.bin</lo=
ader>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/firmware-manual-bios.xml b/tests/qemu=
xml2xmloutdata/firmware-manual-bios.xml
new file mode 100644
index 0000000000..75bb6038ca
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/firmware-manual-bios.xml
@@ -0,0 +1,25 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <loader type=3D'rom'>/usr/share/seabios/bios.bin</loader>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 68e5041bfd..8cac50c767 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1067,12 +1067,15 @@ mymain(void)
     DO_TEST("numatune-hmat", QEMU_CAPS_NUMA_HMAT, QEMU_CAPS_OBJECT_MEMORY_=
RAM);
     DO_TEST_CAPS_LATEST("numatune-memnode-restrictive-mode");
=20
+    DO_TEST_NOCAPS("firmware-manual-bios");
+    DO_TEST_NOCAPS("firmware-manual-bios-stateless");
     DO_TEST_NOCAPS("firmware-manual-efi");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
=20
     DO_TEST_CAPS_LATEST("firmware-auto-bios");
+    DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
     DO_TEST_CAPS_LATEST("firmware-auto-efi");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
--=20
2.36.1

From nobody Fri May  3 10:19:21 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1658507017; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Lz4o3kvDTuH2shion1fbEf2dLvdRpIXbJWjxmxCefnhCGA6OH0Ay1l5eJTpf0nqNzfI3vmxyosm9ZnKVOoGfbFUrdyzIscvqvff2RIQV+a/T9mZQZtf9aIwYi1Qs+sltlj54m6tHqnUcSlU32yWjCKKYxzYuF7ZAT2eeln+3OH4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1658507017;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=iEW8YoSAOelDltoOkUvqF6iF+QiPWQCwuubUFQJgGlk=;
	b=nHzmL8td7HKi6yisNz1saDnpRI97APPBWLvS2b4rGQ7EonAJui4GA9gneeSFD79Rzo/MumSsZ18beT4h4CdwofYzBWtHp7306lp1M3i1aodGRQzQypU5HZZOeP86MoB4+Vlpcs+X9Sgnbz+f86xbZuQhdwHMdtOIsvi19zksEsc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1658507017694428.39025513235185;
 Fri, 22 Jul 2022 09:23:37 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-308-IAvZ5YmrNZyKh9uVV7Gi9A-1; Fri, 22 Jul 2022 12:23:23 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DF679823F72;
	Fri, 22 Jul 2022 16:23:21 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id CAB121121319;
	Fri, 22 Jul 2022 16:23:21 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 14B3619451F3;
	Fri, 22 Jul 2022 16:23:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id A90F31947049 for <libvir-list@listman.corp.redhat.com>;
 Fri, 22 Jul 2022 16:23:20 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 9BC5C1121319; Fri, 22 Jul 2022 16:23:20 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.33.36.91])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2CE331121314;
 Fri, 22 Jul 2022 16:23:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1658507015;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=iEW8YoSAOelDltoOkUvqF6iF+QiPWQCwuubUFQJgGlk=;
	b=iR+XmYLx5Mu7KAZlfh63ffLAeIGqIW2ezBgnucbRErvOxVbQa0YdCTpDJuLVmIcjtCQyRL
	zI6lYyxgxfZ8NEZL1Wg597mksFiVYnt+8otsD/fUCHNPMUyIn8NbqbS15TENVW/QEkih0/
	UwFTEn4bjwvTqHDVqwaAEa8+97QYYmU=
X-MC-Unique: IAvZ5YmrNZyKh9uVV7Gi9A-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 2/2] qemu: support use of stateless EFI firmware
Date: Fri, 22 Jul 2022 17:23:17 +0100
Message-Id: <20220722162317.2377173-3-berrange@redhat.com>
In-Reply-To: <20220722162317.2377173-1-berrange@redhat.com>
References: <20220722162317.2377173-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1658507017953100003

When the <loader stateless=3D'yes'/> attribute is set, the QEMU driver
needs to do three things

 - Avoid looking for an NVRAM template
 - Avoid auto-populating an <nvram/> path
 - Find firmware descriptors with mode=3Dstateless instead of mode=3Dsplit

Note, the first thing happens automatically when we solve the second
thing.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_domain.c                        |  3 +-
 src/qemu/qemu_firmware.c                      | 48 +++++++++++--------
 ...ware-auto-efi-stateless.x86_64-latest.args | 33 +++++++++++++
 .../firmware-auto-efi-stateless.xml           | 18 +++++++
 ...re-manual-efi-stateless.x86_64-latest.args | 33 +++++++++++++
 .../firmware-manual-efi-stateless.xml         | 18 +++++++
 tests/qemuxml2argvtest.c                      |  2 +
 7 files changed, 135 insertions(+), 20 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_=
64-latest.args
 create mode 100644 tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.x8=
6_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 7df8041adf..b02ffc9a2e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4683,7 +4683,8 @@ qemuDomainDefPostParse(virDomainDef *def,
     }
=20
     if (virDomainDefHasOldStyleROUEFI(def) &&
-        !def->os.loader->nvram) {
+        !def->os.loader->nvram &&
+        def->os.loader->stateless !=3D VIR_TRISTATE_BOOL_YES) {
         def->os.loader->nvram =3D virStorageSourceNew();
         def->os.loader->nvram->type =3D VIR_STORAGE_TYPE_FILE;
         def->os.loader->nvram->format =3D VIR_STORAGE_FILE_RAW;
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index c477b45d62..eb7abb0b32 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1110,10 +1110,18 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
         return false;
     }
=20
-    if (fw->mapping.device =3D=3D QEMU_FIRMWARE_DEVICE_FLASH &&
-        fw->mapping.data.flash.mode !=3D QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
-        VIR_DEBUG("Discarding loader without split flash");
-        return false;
+    if (fw->mapping.device =3D=3D QEMU_FIRMWARE_DEVICE_FLASH) {
+        if (def->os.loader && def->os.loader->stateless =3D=3D VIR_TRISTAT=
E_BOOL_YES) {
+            if (fw->mapping.data.flash.mode !=3D QEMU_FIRMWARE_FLASH_MODE_=
STATELESS) {
+                VIR_DEBUG("Discarding loader without stateless flash");
+                return false;
+            }
+        } else {
+            if (fw->mapping.data.flash.mode !=3D QEMU_FIRMWARE_FLASH_MODE_=
SPLIT) {
+                VIR_DEBUG("Discarding loader without split flash");
+                return false;
+            }
+        }
     }
=20
     if (def->sec) {
@@ -1175,27 +1183,29 @@ qemuFirmwareEnableFeatures(virQEMUDriver *driver,
         VIR_FREE(def->os.loader->path);
         def->os.loader->path =3D g_strdup(flash->executable.filename);
=20
-        if (STRNEQ(flash->nvram_template.format, "raw")) {
-            virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
-                           _("unsupported nvram template format '%s'"),
-                           flash->nvram_template.format);
-            return -1;
-        }
+        if (flash->mode =3D=3D QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
+            if (STRNEQ(flash->nvram_template.format, "raw")) {
+                virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+                               _("unsupported nvram template format '%s'"),
+                               flash->nvram_template.format);
+                return -1;
+            }
=20
-        VIR_FREE(def->os.loader->nvramTemplate);
-        def->os.loader->nvramTemplate =3D g_strdup(flash->nvram_template.f=
ilename);
+            VIR_FREE(def->os.loader->nvramTemplate);
+            def->os.loader->nvramTemplate =3D g_strdup(flash->nvram_templa=
te.filename);
=20
-        if (!def->os.loader->nvram) {
-            def->os.loader->nvram =3D virStorageSourceNew();
-            def->os.loader->nvram->type =3D VIR_STORAGE_TYPE_FILE;
-            def->os.loader->nvram->format =3D VIR_STORAGE_FILE_RAW;
-            qemuDomainNVRAMPathFormat(cfg, def, &def->os.loader->nvram->pa=
th);
+            if (!def->os.loader->nvram) {
+                def->os.loader->nvram =3D virStorageSourceNew();
+                def->os.loader->nvram->type =3D VIR_STORAGE_TYPE_FILE;
+                def->os.loader->nvram->format =3D VIR_STORAGE_FILE_RAW;
+                qemuDomainNVRAMPathFormat(cfg, def, &def->os.loader->nvram=
->path);
+            }
         }
=20
         VIR_DEBUG("decided on firmware '%s' template '%s' NVRAM '%s'",
                   def->os.loader->path,
-                  def->os.loader->nvramTemplate,
-                  def->os.loader->nvram->path);
+                  NULLSTR(def->os.loader->nvramTemplate),
+                  NULLSTR(def->os.loader->nvram ? def->os.loader->nvram->p=
ath : NULL));
         break;
=20
     case QEMU_FIRMWARE_DEVICE_KERNEL:
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-late=
st.args b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.=
args
new file mode 100644
index 0000000000..89f733761e
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.x86_64-latest.args
@@ -0,0 +1,33 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-fedora \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-fedora/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-fedora/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-fedora/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dfedora,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-fedora/master-key.aes"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF.sev.fd","node=
-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver"=
:"raw","file":"libvirt-pflash0-storage"}' \
+-machine pc-q35-4.0,usb=3Doff,dump-guest-core=3Doff,pflash0=3Dlibvirt-pfla=
sh0-format,memory-backend=3Dpc.ram \
+-accel kvm \
+-cpu qemu64 \
+-m 8 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml b/tests=
/qemuxml2argvdata/firmware-auto-efi-stateless.xml
new file mode 100644
index 0000000000..1be0f4fd96
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-auto-efi-stateless.xml
@@ -0,0 +1,18 @@
+<domain type=3D'kvm'>
+  <name>fedora</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>8192</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-4.0'>hvm</type>
+    <loader stateless=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-la=
test.args b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-lat=
est.args
new file mode 100644
index 0000000000..fa4a677ce9
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.x86_64-latest.ar=
gs
@@ -0,0 +1,33 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-test-bios \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-test-bios/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-test-bios/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-test-bios/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dtest-bios,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-test-bios/master-key.aes"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","nod=
e-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'=
 \
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver"=
:"raw","file":"libvirt-pflash0-storage"}' \
+-machine pc,usb=3Doff,dump-guest-core=3Doff,pflash0=3Dlibvirt-pflash0-form=
at,memory-backend=3Dpc.ram \
+-accel tcg \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 362d1fc1-df7d-193e-5c18-49a71bd1da66 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml b/tes=
ts/qemuxml2argvdata/firmware-manual-efi-stateless.xml
new file mode 100644
index 0000000000..6f2a4963b1
--- /dev/null
+++ b/tests/qemuxml2argvdata/firmware-manual-efi-stateless.xml
@@ -0,0 +1,18 @@
+<domain type=3D'qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <loader readonly=3D'yes' type=3D'pflash' stateless=3D'yes'>/usr/share/=
OVMF/OVMF_CODE.fd</loader>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 57d5f3e1c1..b72d61c3bc 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1205,6 +1205,7 @@ mymain(void)
             QEMU_CAPS_DEVICE_IOH3420,
             QEMU_CAPS_ICH9_AHCI,
             QEMU_CAPS_VIRTIO_SCSI);
+    DO_TEST_CAPS_LATEST("firmware-manual-efi-stateless");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-st=
ateless");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
@@ -1228,6 +1229,7 @@ mymain(void)
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
     DO_TEST_CAPS_LATEST("firmware-auto-efi");
+    DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-loader-insecure");
--=20
2.36.1