1. Patchew
  2. Libvirt
  3. [PATCH v2 00/10] qemu: Fixes to firmware selection
  4. View patch

[PATCH v2 09/10] DONOTMERGE remove SEV features from non-SEV descriptors

Andrea Bolognani via Devel posted 10 patches 1 week, 5 days ago
[PATCH v2 09/10] DONOTMERGE remove SEV features from non-SEV descriptors
Posted by Andrea Bolognani via Devel 1 week, 5 days ago 
These changes are not in the Fedora edk2 packages, not even in
tentative form, and are just a suggestion of how we could
potentially move things forward.

The idea is to stop advertising SEV(-ES) support in the
descriptors for regular edk2 builds, thus forcing the
SEV-specific stateless build to be used. This arguably makes
more sense, but it's unclear whether removing the combination
could have negative impact on certain use cases.
---
 .../share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json  | 2 --
 .../share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json    | 2 --
 .../usr/share/qemu/firmware/90-combined.json                 | 1 -
 .../firmware-auto-efi-sev.x86_64-latest+amdsev.args          | 5 ++---
 .../firmware-auto-efi-sev.x86_64-latest+amdsev.xml           | 3 +--
 5 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
index d64735f477..bb11f5febd 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
@@ -26,8 +26,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
-        "amd-sev-es",
         "verbose-dynamic"
     ],
     "tags": [
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
index 050853e2b8..bb8ea4c07a 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
@@ -26,8 +26,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
-        "amd-sev-es",
         "verbose-dynamic"
     ],
     "tags": [
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
index 8ecac440b4..a788a3fc40 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
@@ -21,7 +21,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
         "enrolled-keys",
         "requires-smm",
         "secure-boot",
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
index 550ac52b8a..a0ede6ca92 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
@@ -10,10 +10,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -name guest=guest,debug-threads=on \
 -S \
 -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
--machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
+-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
 -accel kvm \
 -cpu qemu64 \
 -m size=1048576k \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
index cbfdcdeee3..35db3dc7c3 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
@@ -10,8 +10,7 @@
       <feature enabled='no' name='enrolled-keys'/>
       <feature enabled='no' name='secure-boot'/>
     </firmware>
-    <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
-    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+    <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
     <boot dev='hd'/>
   </os>
   <features>
-- 
2.51.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.