From nobody Mon Sep  8 17:04:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1753976811; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ekn8PSR+wzJKlUALwS/PjhKdBlTkdkMoiwiRfNwrMGjpF1dTiH4C0eEvcs1VkXrTJwgdi0QmtAwTVmZaMtwFqTNzIp9vMEd03uUWMPo8c25aCc800XjePRcURI4WzkXsj0A0pICV7dzNS9BnhG96ju+znyQcQZKjB1lS2S1mBJo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1753976811;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=WhA5uhIr5gHabgFbJ5/c3U/SOhoD/Qw5m9IicPsmdX0=;
	b=kcBSLD2oBiD6nwnS4xW998Gb5ygHqn9xShUEHlf0hQ5tM6nxywssQQ5VIQNVj9OsT/OKsC60Ct0wH3YhjcmNADRWhw2TwOcEmcgj599VwBc+POS6J95/C3hfweKGcEpquq2en53FWUOe6WhFBVGroLoXee/b1/QjuA/Wr+1XwxA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1753976810722169.89236425386378;
 Thu, 31 Jul 2025 08:46:50 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 9F85E1262; Thu, 31 Jul 2025 11:46:49 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id BD9671287;
	Thu, 31 Jul 2025 11:45:58 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id BC99FA92; Thu, 31 Jul 2025 11:45:52 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 400D9A74
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 11:45:52 -0400 (EDT)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-617-48OE5LFRMWmlkZlb9cjOHg-1; Thu,
 31 Jul 2025 11:45:49 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 74715180056F
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:48 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.44.33.228])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id A08D11800B4F
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1753976751;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=RU4A1lvST21o07yGizn1bmhiKF5/HLcMC9S2C/KnZco=;
	b=JF1in3KN4WviFn/YW5G50ehxJm3jp4F1OA58kfy5f6P4UoHxYgOi85kDu8TQ0k6+xk0OdB
	cjdutNX63HROp8s9JgZzzLZqq9C9Rp4PmLXwQp5x2k4Zrc6ahgzHjP7vRimXoXyqUcJKEq
	BydEdWK3IuwcVgpUm2LVB236PGAdJd0=
X-MC-Unique: 48OE5LFRMWmlkZlb9cjOHg-1
X-Mimecast-MFC-AGG-ID: 48OE5LFRMWmlkZlb9cjOHg_1753976748
To: devel@lists.libvirt.org
Subject: [PATCH 1/5] tests: Tweak descriptor for combined firmware
Date: Thu, 31 Jul 2025 17:45:38 +0200
Message-ID: <20250731154542.109878-2-abologna@redhat.com>
In-Reply-To: <20250731154542.109878-1-abologna@redhat.com>
References: <20250731154542.109878-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: Whf5PdA1uxpYWezlqg93i_IcygqGnsMyy_6cZwyHzGc_1753976748
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 4SCVPOSNQ34SQMOWAVDK5VBWHLEQSAGF
X-Message-ID-Hash: 4SCVPOSNQ34SQMOWAVDK5VBWHLEQSAGF
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/4SCVPOSNQ34SQMOWAVDK5VBWHLEQSAGF/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1753976811736116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

This kind of firmware build is not shipped in Fedora, where
most descriptors in our test suite come from, so we had to
make it up. It was based off the Secure Boot-enabled edk2
build, and the filename it points to is the same.

That has been fine so far since it's not actually being picked
up by any of the test cases, but that's going to change soon
and when it does we want to be able to avoid any confusion.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
---
 .../qemufirmwaredata/usr/share/qemu/firmware/90-combined.json | 4 ++--
 tests/qemufirmwaretest.c                                      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.jso=
n b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
index 2c8381adf7..8ecac440b4 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
@@ -1,5 +1,5 @@
 {
-    "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
+    "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled (combi=
ned)",
     "interface-types": [
         "uefi"
     ],
@@ -7,7 +7,7 @@
         "device": "flash",
         "mode": "combined",
         "executable": {
-            "filename": "/usr/share/edk2/ovmf/OVMF.secboot.fd",
+            "filename": "/usr/share/edk2/ovmf/OVMF.combined.fd",
             "format": "raw"
         }
     },
diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
index f16ea526ff..a4fb5c9b9c 100644
--- a/tests/qemufirmwaretest.c
+++ b/tests/qemufirmwaretest.c
@@ -317,7 +317,7 @@ mymain(void)
                       "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd:/usr/shar=
e/edk2/ovmf/OVMF_VARS.fd:"
                       "/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2:/usr/share/=
edk2/ovmf/OVMF_VARS_4M.qcow2:"
                       "/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/o=
vmf/OVMF_VARS.fd:"
-                      "/usr/share/edk2/ovmf/OVMF.secboot.fd:NULL:"
+                      "/usr/share/edk2/ovmf/OVMF.combined.fd:NULL:"
                       "/usr/share/edk2/ovmf/OVMF.amdsev.fd:NULL:"
                       "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL",
                       VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS,
--=20
2.50.1
From nobody Mon Sep  8 17:04:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1753976843; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jTJkvbU7/cUTZoH6pmXVceTZR7zec1KvPTuW4bGlpFkhualkqZqupGX7aeqmRo4HPcRTZZTXzNTQN6ch1/zDR2pqhxeVmqtiIDdLL2QRO5IbtuYs4AH0t0GkW6KENSGuwUv+HhhKWa1ZM3cFofTFP2PIxYf/8oMm2to7HfqMXc4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1753976843;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=83TmXnunzNsbH74IvLCQpGTKDDEUX4Ky2opc4IUZp6s=;
	b=R/GnbejdWO3GNndFcbz2b9xFW8AC5PVZSaP2gDjWMy8yXrNL4709tiZyv17oczeWnFF10Bb3ch+3hw0TfdqnzrB+9eVO6WFIQZu2hDai75wA4a3oM3Wd9VsJfxxjkBkMDW4DmZpU1lgcEQpc+MA/f3WUHG8p4NJ8Ero9slqmhwQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 17539768437381004.1937252776918;
 Thu, 31 Jul 2025 08:47:23 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 9289A12BF; Thu, 31 Jul 2025 11:47:22 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id CCE081324;
	Thu, 31 Jul 2025 11:46:01 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id BF1C7A74; Thu, 31 Jul 2025 11:45:53 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 39C72A4E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 11:45:53 -0400 (EDT)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-681-3E2LYRfFPnS7D_heUakTjg-1; Thu,
 31 Jul 2025 11:45:50 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id C73C0180036F
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:49 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.44.33.228])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id F370F180035E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1753976752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ATjeJIscSAt1SE/eeTHh0GGhOtKw8CzJkJhi+zaBtV8=;
	b=MXzZZvHjZA1m1iKv6ui6a8AxQbj47q935WRVBHlFSoyU8I/lweUE4xXOmxSGAWHoAYAvQ3
	k/7lIoagc6eHerdrSdluzqwDekGFOm1EWCN4EDR05XWRyvEUHjHDSnYRLOBDyb14Vg3P4a
	ga7n5q6djmPG+PhO9ixFawfDbpLTpDc=
X-MC-Unique: 3E2LYRfFPnS7D_heUakTjg-1
X-Mimecast-MFC-AGG-ID: 3E2LYRfFPnS7D_heUakTjg_1753976749
To: devel@lists.libvirt.org
Subject: [PATCH 2/5] tests: Add firmware-auto-efi-sev-snp
Date: Thu, 31 Jul 2025 17:45:39 +0200
Message-ID: <20250731154542.109878-3-abologna@redhat.com>
In-Reply-To: <20250731154542.109878-1-abologna@redhat.com>
References: <20250731154542.109878-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: ufuyMDFAJyXT7IBey7SAGj83MYjoZFn9PzsrmpweETs_1753976749
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: EESN7HGVXCPDGNEXD6LSSGMCVRZFXKWB
X-Message-ID-Hash: EESN7HGVXCPDGNEXD6LSSGMCVRZFXKWB
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/EESN7HGVXCPDGNEXD6LSSGMCVRZFXKWB/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1753976845903116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

This test case demonstrates how firmware autoselection doesn't
currently work correctly for domains using SEV-SNP: the
descriptor for a suitable firmware exists, and yet it doesn't
get picked up.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 ...-auto-efi-sev-snp.x86_64-latest+amdsev.err |  1 +
 ...-auto-efi-sev-snp.x86_64-latest+amdsev.xml | 38 +++++++++++++++++++
 .../firmware-auto-efi-sev-snp.xml             | 20 ++++++++++
 tests/qemuxmlconftest.c                       |  5 +++
 4 files changed, 64 insertions(+)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-=
latest+amdsev.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-=
latest+amdsev.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.err b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.err
new file mode 100644
index 0000000000..3edb2b3451
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.xml
new file mode 100644
index 0000000000..81ac7888ea
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
xml
@@ -0,0 +1,38 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
+    <loader format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'sata' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x1f' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <watchdog model=3D'itco' action=3D'reset'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev-snp'>
+    <policy>0x00030000</policy>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml b/tests/qe=
muxmlconfdata/firmware-auto-efi-sev-snp.xml
new file mode 100644
index 0000000000..ea980c06c2
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.xml
@@ -0,0 +1,20 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D"sev-snp">
+    <policy>0x30000</policy>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 678d2efbc3..272d314195 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1477,6 +1477,11 @@ mymain(void)
     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-r=
aw", "aarch64");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
=20
+    DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-auto-efi-sev-snp", "x86_64",
+                                  ARG_FLAGS, FLAG_EXPECT_FAILURE,
+                                  ARG_CAPS_VARIANT, "+amdsev",
+                                  ARG_END);
+
     DO_TEST_CAPS_LATEST("clock-utc");
     DO_TEST_CAPS_LATEST("clock-localtime");
     DO_TEST_CAPS_LATEST("clock-localtime-basis-localtime");
--=20
2.50.1
From nobody Mon Sep  8 17:04:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1753976889; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hlXQhjnGe51MmZnHncjd4MPK9nnb/e/gVtHh1AGC/T0WciGYZixKNO+4q9ra3IRgnhf2a2jGM14V3bKNvvPFrQfq7NcHy09OVW2+799Hul3NS3TCh52MqjjxoBp41+SEJkvoJcE3XhFSR8qfB1qL84TnQBZqKQa24cVUx3bXZfY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1753976889;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=I/wdi7aSm2PZ+o4eSRh/5kDAYglqq1kmQCnwoE+oWOo=;
	b=Uc3ptXEHbgFmyAeDOBoFv7GqFwYv/HSeOAi4xOUwop1O6WVxUTa7pbXWYGYut9lPvwMqC3E+TFVwG+ZeumZolA2HlMQsrFizOxwD9wJ3RhmhrBHFCkvwAzdAHxRI34/orGOyS3UYjtWD5kREV1DclMRdhMb/nrI0BmI2NESygIc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1753976889862695.161548299247;
 Thu, 31 Jul 2025 08:48:09 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id CBE4A12D1; Thu, 31 Jul 2025 11:48:08 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 568E4CAB;
	Thu, 31 Jul 2025 11:46:04 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 48C83A92; Thu, 31 Jul 2025 11:45:55 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 5B178A74
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 11:45:54 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-604-bIJP-PmpNgqM_VUp2fCfuA-1; Thu,
 31 Jul 2025 11:45:52 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 699F719560B6
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:51 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.44.33.228])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id 52F041800B7E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=no
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1753976754;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=siLXb66qn8Ei6DqEVQ4oJm7GpyvsNwgDAsDb14FzVCQ=;
	b=SanvKyeky/Z8eH9pmxuA7gQ+Jjs+Fgs7m5GFtXFpUhxT4PQaSEob2C549jJizSNIDqB2fF
	grlLNNDfdzTnLGdxJ7iXNseEcJOyYQBmyuwToIz/VZmpXCwkYX5TkMyTnZabLo0dmvfjNT
	Vw4QHduY5gQRfBDexXQIYLI41ymsCQM=
X-MC-Unique: bIJP-PmpNgqM_VUp2fCfuA-1
X-Mimecast-MFC-AGG-ID: bIJP-PmpNgqM_VUp2fCfuA_1753976751
To: devel@lists.libvirt.org
Subject: [PATCH 3/5] qemu: Fix matching for stateless/combined firmware
Date: Thu, 31 Jul 2025 17:45:40 +0200
Message-ID: <20250731154542.109878-4-abologna@redhat.com>
In-Reply-To: <20250731154542.109878-1-abologna@redhat.com>
References: <20250731154542.109878-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: ZgdOsCMUTdt8PI8DRkvvFGvnkePDu94nYCHTB5RQz7o_1753976751
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YX33HH47CIFW6EAGOHTUW4XWFOX3H25J
X-Message-ID-Hash: YX33HH47CIFW6EAGOHTUW4XWFOX3H25J
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/YX33HH47CIFW6EAGOHTUW4XWFOX3H25J/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1753976892725116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

The current code assumes that a stateless firmware has to be
explicitly requested by the user, and should never be picked
otherwise. This means that, for example, domains configured to
use SEV-SNP are forced to explicitly request for the firmware
to be stateless.

Additionally, we assume that only split firmware is suitable
for the stateful use case, whereas a combined firmware image
would also do the job.

As a result of these changes, the failing SEV-SNP test case
that was added recently passes, and so do the test cases
requesting read/write firmware.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/qemu/qemu_firmware.c                      | 32 ++++++++++------
 ...ware-auto-efi-rw-pflash.x86_64-latest.args | 36 ++++++++++++++++++
 ...mware-auto-efi-rw-pflash.x86_64-latest.err |  1 -
 ...mware-auto-efi-rw-pflash.x86_64-latest.xml |  6 ++-
 .../firmware-auto-efi-rw.x86_64-latest.args   | 36 ++++++++++++++++++
 .../firmware-auto-efi-rw.x86_64-latest.err    |  1 -
 .../firmware-auto-efi-rw.x86_64-latest.xml    |  6 ++-
 ...auto-efi-sev-snp.x86_64-latest+amdsev.args | 37 +++++++++++++++++++
 ...-auto-efi-sev-snp.x86_64-latest+amdsev.err |  1 -
 ...-auto-efi-sev-snp.x86_64-latest+amdsev.xml |  6 ++-
 tests/qemuxmlconftest.c                       |  5 +--
 11 files changed, 147 insertions(+), 20 deletions(-)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_6=
4-latest.args
 delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_6=
4-latest.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-lates=
t.args
 delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-lates=
t.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-=
latest+amdsev.args
 delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-=
latest+amdsev.err

diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index f10137144e..22e0eb83f0 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1300,16 +1300,21 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
             return false;
         }
=20
-        if (loader && loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) {
-            if (flash->mode !=3D QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
-                VIR_DEBUG("Discarding loader without stateless flash");
-                return false;
-            }
-        } else {
-            if (flash->mode !=3D QEMU_FIRMWARE_FLASH_MODE_SPLIT) {
-                VIR_DEBUG("Discarding loader without split flash");
-                return false;
-            }
+        /* Explicit requests for either a stateless or stateful
+         * firmware should be fulfilled, but if no preference is
+         * provided either one is fine as long as the other match
+         * criteria are satisfied */
+        if (loader &&
+            loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES &&
+            flash->mode !=3D QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+            VIR_DEBUG("Discarding loader without stateless flash");
+            return false;
+        }
+        if (loader &&
+            loader->stateless =3D=3D VIR_TRISTATE_BOOL_NO &&
+            flash->mode =3D=3D QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+            VIR_DEBUG("Discarding loader with stateless flash");
+            return false;
         }
=20
         if (loader &&
@@ -1424,9 +1429,14 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
         loader =3D def->os.loader;
=20
         loader->type =3D VIR_DOMAIN_LOADER_TYPE_PFLASH;
-        loader->readonly =3D VIR_TRISTATE_BOOL_YES;
         loader->format =3D format;
=20
+        /* Combined mode implies read/write, other modes imply read-only */
+        if (flash->mode =3D=3D QEMU_FIRMWARE_FLASH_MODE_COMBINED)
+            loader->readonly =3D VIR_TRISTATE_BOOL_NO;
+        else
+            loader->readonly =3D VIR_TRISTATE_BOOL_YES;
+
         VIR_FREE(loader->path);
         loader->path =3D g_strdup(flash->executable.filename);
=20
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-lates=
t.args b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.ar=
gs
new file mode 100644
index 0000000000..d06de24db8
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.args
@@ -0,0 +1,36 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-guest \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dguest,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.combined=
.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":=
"unmap"}' \
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver=
":"raw","file":"libvirt-pflash0-storage"}' \
+-machine pc-q35-10.0,usb=3Doff,smm=3Don,dump-guest-core=3Doff,memory-backe=
nd=3Dpc.ram,pflash0=3Dlibvirt-pflash0-format,acpi=3Don \
+-accel kvm \
+-cpu qemu64 \
+-global driver=3Dcfi.pflash01,property=3Dsecure,value=3Don \
+-m size=3D1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=3Doff \
+-watchdog-action reset \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-lates=
t.err b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-lates=
t.xml b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
index 217c1f4b94..7b79738d98 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
@@ -6,11 +6,15 @@
   <vcpu placement=3D'static'>1</vcpu>
   <os firmware=3D'efi'>
     <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
-    <loader readonly=3D'no' type=3D'pflash' format=3D'raw'/>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'secure-boot'/>
+    </firmware>
+    <loader readonly=3D'no' secure=3D'yes' type=3D'pflash' format=3D'raw'>=
/usr/share/edk2/ovmf/OVMF.combined.fd</loader>
     <boot dev=3D'hd'/>
   </os>
   <features>
     <acpi/>
+    <smm state=3D'on'/>
   </features>
   <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
     <model fallback=3D'forbid'>qemu64</model>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args =
b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args
new file mode 100644
index 0000000000..d06de24db8
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args
@@ -0,0 +1,36 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-guest \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dguest,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.combined=
.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":=
"unmap"}' \
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver=
":"raw","file":"libvirt-pflash0-storage"}' \
+-machine pc-q35-10.0,usb=3Doff,smm=3Don,dump-guest-core=3Doff,memory-backe=
nd=3Dpc.ram,pflash0=3Dlibvirt-pflash0-format,acpi=3Don \
+-accel kvm \
+-cpu qemu64 \
+-global driver=3Dcfi.pflash01,property=3Dsecure,value=3Don \
+-m size=3D1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=3Doff \
+-watchdog-action reset \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err b=
/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml b=
/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml
index 0f6b965067..7b79738d98 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml
@@ -6,11 +6,15 @@
   <vcpu placement=3D'static'>1</vcpu>
   <os firmware=3D'efi'>
     <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
-    <loader readonly=3D'no' format=3D'raw'/>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'secure-boot'/>
+    </firmware>
+    <loader readonly=3D'no' secure=3D'yes' type=3D'pflash' format=3D'raw'>=
/usr/share/edk2/ovmf/OVMF.combined.fd</loader>
     <boot dev=3D'hd'/>
   </os>
   <features>
     <acpi/>
+    <smm state=3D'on'/>
   </features>
   <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
     <model fallback=3D'forbid'>qemu64</model>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest=
+amdsev.args
new file mode 100644
index 0000000000..ab8fed6593
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
args
@@ -0,0 +1,37 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-guest \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dguest,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.f=
d","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"u=
nmap"}' \
+-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver"=
:"raw","file":"libvirt-pflash0-storage"}' \
+-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_=
VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
+-machine pc-q35-10.0,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.r=
am,confidential-guest-support=3Dlsec0,pflash0=3Dlibvirt-pflash0-format,pfla=
sh1=3Dlibvirt-pflash1-storage,acpi=3Don \
+-accel kvm \
+-cpu qemu64 \
+-m size=3D1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=3Doff \
+-watchdog-action reset \
+-object '{"qom-type":"sev-snp-guest","id":"lsec0","cbitpos":51,"reduced-ph=
ys-bits":1,"policy":196608}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.err b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+=
amdsev.xml
index 81ac7888ea..1cc08ff4fd 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.=
xml
@@ -6,7 +6,11 @@
   <vcpu placement=3D'static'>1</vcpu>
   <os firmware=3D'efi'>
     <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
-    <loader format=3D'raw'/>
+    <firmware>
+      <feature enabled=3D'no' name=3D'secure-boot'/>
+    </firmware>
+    <loader readonly=3D'yes' type=3D'pflash' format=3D'raw'>/usr/share/edk=
2/ovmf/OVMF.amdsev.fd</loader>
+    <nvram format=3D'raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
     <boot dev=3D'hd'/>
   </os>
   <features>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 272d314195..2d048746ea 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1443,8 +1443,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi");
     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw");
-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw-pflash");
+    DO_TEST_CAPS_LATEST("firmware-auto-efi-rw");
+    DO_TEST_CAPS_LATEST("firmware-auto-efi-rw-pflash");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-loader-secure");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-insecure");
@@ -1478,7 +1478,6 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
=20
     DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-auto-efi-sev-snp", "x86_64",
-                                  ARG_FLAGS, FLAG_EXPECT_FAILURE,
                                   ARG_CAPS_VARIANT, "+amdsev",
                                   ARG_END);
=20
--=20
2.50.1
From nobody Mon Sep  8 17:04:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1753976911; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bdjUYOhuUYMKy4Z8PQxOTYuuaogauXDKythvLgaazP0RgyxcYpdSYH1HR3VFcEyJoOxjTi5LMR4JOK9UPUEA+2vVTcMeSU8Y4XqmIoncq2SMtY0hSvk+nCiQJ3dgj1SwbcPNqMBWFiwbZNWv5wpRxWzId7/n060r7EJH/nhDYns=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1753976911;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=gfX4FB3VuuwmPQ9/Gw+/H/AkXByKpuRO2JW7H+OT3Gg=;
	b=bfluv9g1snts4p/lz9N0Z07xU7XwOUThl+5/Hp4oeWCP9ZvGIC08csVljehRx1p12OaaVmJBF0+t2Nqsr1IBREl2NkyCt8SbR69tLUcX+NDDy5KO5DINnqGrkKHktXWrUf2qIGMS4wN8TVFQ4FrJEV+dFvvYyxHiJo8PnsgTGDA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 175397691115087.75613168301288;
 Thu, 31 Jul 2025 08:48:31 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 02742A7E; Thu, 31 Jul 2025 11:48:29 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id A4803E3A;
	Thu, 31 Jul 2025 11:46:05 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id AE41EAD6; Thu, 31 Jul 2025 11:45:55 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 38E8CA4E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 11:45:55 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-180-OOGXJRssPkOSXC2BZ5eLbQ-1; Thu,
 31 Jul 2025 11:45:53 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id BCCDB19560B2
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:52 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.44.33.228])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id E7BA8180035E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=no
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1753976755;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FsBbhh7iXuNNt7JiuNxXazoiKGdLeqdNOGrRkeO3Ass=;
	b=IpRIhEcZZUP7hkAmSrAPXNyCF43F2102hkkK30jwGga79GCE1CkwztO3btpoyKEHaxlMVZ
	89u8ncL2TT59R0i+VKkMxat7RWOxG6+4Zsx4clHHEL5iOfOOzmeDy+sKliDY5ddCJY3pZ7
	4+JpkC2Bv2danJcVOAdoSWfv9jMQqAo=
X-MC-Unique: OOGXJRssPkOSXC2BZ5eLbQ-1
X-Mimecast-MFC-AGG-ID: OOGXJRssPkOSXC2BZ5eLbQ_1753976752
To: devel@lists.libvirt.org
Subject: [PATCH 4/5] qemu: Fix matching for read/write firmware
Date: Thu, 31 Jul 2025 17:45:41 +0200
Message-ID: <20250731154542.109878-5-abologna@redhat.com>
In-Reply-To: <20250731154542.109878-1-abologna@redhat.com>
References: <20250731154542.109878-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: oKmiJnqMudqWRcTUQGahfoEz3q8NQU-SHWTzgrpZKhY_1753976752
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: PYINSEA4MGAL65IGFPQVFW2XYI72QNW4
X-Message-ID-Hash: PYINSEA4MGAL65IGFPQVFW2XYI72QNW4
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/PYINSEA4MGAL65IGFPQVFW2XYI72QNW4/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1753976914498116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

We currently always pick a read-only firmware unless we are
explicitly asked for a read/write one, which is probably what
most people expect anyway but doesn't really make sense
otherwise: if no specific requirement has been provided by the
user, both read-only and read/write firmwares should be
allowed to match.

This won't result in any change in practice, since distros are
not shipping read/write builds of edk2 anyway. If they started
doing that, it would be their responsibility to ensure that
they are ordered after the read-only builds.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/qemu/qemu_firmware.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 22e0eb83f0..0fb954993a 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1317,6 +1317,13 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
             return false;
         }
=20
+        /* Same for read-only status */
+        if (loader &&
+            loader->readonly =3D=3D VIR_TRISTATE_BOOL_YES &&
+            flash->mode =3D=3D QEMU_FIRMWARE_FLASH_MODE_COMBINED) {
+            VIR_DEBUG("Discarding read/write loader");
+            return false;
+        }
         if (loader &&
             loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO &&
             flash->mode !=3D QEMU_FIRMWARE_FLASH_MODE_COMBINED) {
--=20
2.50.1
From nobody Mon Sep  8 17:04:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1753976935; cv=none;
	d=zohomail.com; s=zohoarc;
	b=L//HYA78iTGJm7FrWUKUq136mxLJ+uZ1PkKYNQMbCShWp3pjpKgq/TYHsIND/kKCjCQaRJ25OQODhB0pQ3kGYobIOLvKo11jK5YEkTZEq6o5oscFE2HJrdD95fmyBIgmY/4+H5c4ojcgp35To7TqXd+eptDCDfHbFLHl8KBRZ9c=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1753976935;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=cHofZ25ZIT2mb9n2y3zsQpt3SXebxhFlupVlTKqkVZw=;
	b=dTuJznPSa+/syPj7gNAPZBepakzLYvugL/sbQvUBjRQaLTxkLgRUzNiL0irPKrprM15YCSCFch7Ey0lnV8021P8YBwKhHgD+R0DhQfR0XeqywhO0jQ6/GsdDwScad916eQdMOBR9r4UVZEBcc5jge5XxWy+bACCFXQ3H+RQ9h94=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1753976935292515.4760015038787;
 Thu, 31 Jul 2025 08:48:55 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 48FFCB25; Thu, 31 Jul 2025 11:48:54 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 62658CA0;
	Thu, 31 Jul 2025 11:46:10 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 700181356; Thu, 31 Jul 2025 11:46:06 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id D9474C64
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 11:45:56 -0400 (EDT)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-353-TivmtWfYNXm7oMNOSmBKtQ-1; Thu,
 31 Jul 2025 11:45:54 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 2D7151800446
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:54 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.44.33.228])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id 4F80C180035E
	for <devel@lists.libvirt.org>; Thu, 31 Jul 2025 15:45:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1753976756;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=+O5OBiTTLhn8Mc4qnk2LOHcXgWYZaGuAPDM5hYFuNOQ=;
	b=MWC3BwKIpPhjtIl49+rcKdSWnorNg9Ff7owMa746p9pq/RVa5EG0l8/uzXR4JmK4k9Ibmo
	JrhlG/WmIgL9ipAjpWuFkSyQLGZUBYbgjTBd2cY20ZjIyQO+YYZVr1r052hJn74WpJH8k3
	qjTMLMJjglckza0cm4v9hqXtR2WmCzY=
X-MC-Unique: TivmtWfYNXm7oMNOSmBKtQ-1
X-Mimecast-MFC-AGG-ID: TivmtWfYNXm7oMNOSmBKtQ_1753976754
To: devel@lists.libvirt.org
Subject: [PATCH 5/5] news: Update for firmware selection fixes
Date: Thu, 31 Jul 2025 17:45:42 +0200
Message-ID: <20250731154542.109878-6-abologna@redhat.com>
In-Reply-To: <20250731154542.109878-1-abologna@redhat.com>
References: <20250731154542.109878-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: Qf5N9hZVtP-Hu1WUufmxh9KaUoS0DBGq3qij6Tm9vUQ_1753976754
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ATKYPSZBBKXSB2UOOLGWMY6OXTZESOS7
X-Message-ID-Hash: ATKYPSZBBKXSB2UOOLGWMY6OXTZESOS7
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/ATKYPSZBBKXSB2UOOLGWMY6OXTZESOS7/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1753976936719116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 NEWS.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 5a320b7f33..b3c7dcb141 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -96,6 +96,12 @@ v11.6.0 (unreleased)
     ebtables, creating the base chains only if they did not already
     exist.
=20
+  * qemu: Fix selection of stateless/combined firmware
+
+    A stateless firmware will now be correctly chosen when appropriate,
+    e.g. for domains configured to use SEV-SNP.
+
+
 v11.5.0 (2025-07-01)
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=20
--=20
2.50.1