Based on proposed changes in the Fedora edk2 package:
https://src.fedoraproject.org/rpms/edk2/pull-request/14
A new firmware descriptor exists for the stateful SEV
use case, and the regular edk2 descriptor no longer
advertises support for SEV/SEV-ES.
Additionally, all stateless SEV use cases are now using
the rom loader instead of the pflash one.
---
.../share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json | 8 ++------
.../30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json | 3 +--
.../firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json | 3 +--
.../qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json | 3 +--
.../qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json | 3 +--
.../share/qemu/firmware/50-edk2-aarch64-qcow2.json | 4 +---
.../usr/share/qemu/firmware/50-edk2-loongarch64.json | 2 ++
.../qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json | 5 +----
.../usr/share/qemu/firmware/50-edk2-riscv-qcow2.json | 4 +---
.../usr/share/qemu/firmware/51-edk2-aarch64-raw.json | 4 +---
.../qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json | 5 +----
.../qemu/firmware/52-edk2-aarch64-verbose-qcow2.json | 3 +--
.../qemu/firmware/53-edk2-aarch64-verbose-raw.json | 3 +--
.../share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json | 11 +++--------
.../qemu/firmware/60-edk2-ovmf-x64-inteltdx.json | 1 -
...osb.json => 61-edk2-ovmf-x64-amdsev-stateful.json} | 7 ++-----
.../usr/share/qemu/firmware/90-combined.json | 1 -
tests/qemufirmwaretest.c | 2 ++
...irmware-auto-efi-sev-snp.x86_64-latest+amdsev.args | 5 ++---
...firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml | 2 +-
.../firmware-auto-efi-sev.x86_64-latest+amdsev.args | 6 ++----
.../firmware-auto-efi-sev.x86_64-latest+amdsev.xml | 3 +--
.../firmware-auto-efi-stateless.x86_64-latest.args | 5 ++---
.../firmware-auto-efi-stateless.x86_64-latest.xml | 2 +-
...ev-missing-platform-info.x86_64-latest+amdsev.args | 5 ++---
...sev-missing-platform-info.x86_64-latest+amdsev.xml | 2 +-
.../launch-security-sev-snp.x86_64-latest+amdsev.args | 5 ++---
.../launch-security-sev-snp.x86_64-latest+amdsev.xml | 2 +-
.../launch-security-sev-snp.x86_64-latest.args | 5 ++---
.../launch-security-sev-snp.x86_64-latest.xml | 2 +-
.../launch-security-sev.x86_64-latest+amdsev.args | 5 ++---
.../launch-security-sev.x86_64-latest+amdsev.xml | 2 +-
32 files changed, 43 insertions(+), 80 deletions(-)
copy tests/qemufirmwaredata/usr/share/qemu/firmware/{51-edk2-ovmf-2m-raw-x64-nosb.json => 61-edk2-ovmf-x64-amdsev-stateful.json} (81%)
diff --git a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
index d83d394ba7..e53e1213e6 100644
--- a/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
+++ b/tests/qemufirmwaredata/out/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
@@ -3,12 +3,8 @@
"uefi"
],
"mapping": {
- "device": "flash",
- "mode": "stateless",
- "executable": {
- "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
- "format": "raw"
- }
+ "device": "memory",
+ "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd"
},
"targets": [
{
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
index e709223313..b899d104e0 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2",
"format": "qcow2"
@@ -31,6 +31,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
index 2ed45362c4..61eb80ca20 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
@@ -31,6 +31,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json
index 655dd42ef1..89da929062 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2",
"format": "qcow2"
@@ -30,6 +30,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json
index 06b3ece89a..0b61f44956 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
@@ -30,6 +30,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json
index 79f64a11a3..39a9073f8e 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-aarch64-qcow2.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
"format": "qcow2"
@@ -24,9 +24,7 @@
}
],
"features": [
-
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json
index c5a7ec5f7b..96e4d82a8f 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-loongarch64.json
@@ -24,5 +24,7 @@
}
],
"features": [
+ ],
+ "tags": [
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
index d64735f477..85cc1f78d1 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2",
"format": "qcow2"
@@ -26,11 +26,8 @@
],
"features": [
"acpi-s3",
- "amd-sev",
- "amd-sev-es",
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json
index eb1930da49..19ef29a2cd 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/50-edk2-riscv-qcow2.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2",
"format": "qcow2"
@@ -25,9 +25,7 @@
}
],
"features": [
-
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json
index cabbd396ea..f567a41933 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-aarch64-raw.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
"format": "raw"
@@ -24,9 +24,7 @@
}
],
"features": [
-
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
index 050853e2b8..f1a7f97253 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
"format": "raw"
@@ -26,11 +26,8 @@
],
"features": [
"acpi-s3",
- "amd-sev",
- "amd-sev-es",
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
index 4173102967..02bc53862f 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
"format": "qcow2"
@@ -27,6 +27,5 @@
"verbose-static"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json
index ec69d19858..59439af322 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json
@@ -5,7 +5,7 @@
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
"format": "raw"
@@ -27,6 +27,5 @@
"verbose-static"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
index 9a561bc7eb..5c8bfc0ffd 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
@@ -1,15 +1,11 @@
{
- "description": "OVMF with SEV-ES support",
+ "description": "OVMF with SEV + SEV-ES + SEV-SNP support",
"interface-types": [
"uefi"
],
"mapping": {
- "device": "flash",
- "mode": "stateless",
- "executable": {
- "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
- "format": "raw"
- }
+ "device": "memory",
+ "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd"
},
"targets": [
{
@@ -26,6 +22,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
index 445eb70e03..52323b2a04 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
@@ -22,6 +22,5 @@
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json
similarity index 81%
copy from tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
copy to tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json
index 050853e2b8..f1194a3d37 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json
@@ -1,11 +1,11 @@
{
- "description": "OVMF without SB+SMM, empty varstore",
+ "description": "OVMF with SEV + SEV-ES support, stateful",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
- "mode" : "split",
+ "mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
"format": "raw"
@@ -19,18 +19,15 @@
{
"architecture": "x86_64",
"machines": [
- "pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
- "acpi-s3",
"amd-sev",
"amd-sev-es",
"verbose-dynamic"
],
"tags": [
-
]
}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
index 8ecac440b4..a788a3fc40 100644
--- a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
@@ -21,7 +21,6 @@
],
"features": [
"acpi-s3",
- "amd-sev",
"enrolled-keys",
"requires-smm",
"secure-boot",
diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
index a4fb5c9b9c..dfb7d18f5d 100644
--- a/tests/qemufirmwaretest.c
+++ b/tests/qemufirmwaretest.c
@@ -101,6 +101,7 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
SYSCONFDIR "/qemu/firmware/59-combined.json",
PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
+ PREFIX "/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json",
PREFIX "/share/qemu/firmware/90-combined.json",
PREFIX "/share/qemu/firmware/91-bios.json",
PREFIX "/share/qemu/firmware/93-invalid.json",
@@ -280,6 +281,7 @@ mymain(void)
DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
+ DO_PARSE_TEST("usr/share/qemu/firmware/61-edk2-ovmf-x64-amdsev-stateful.json");
DO_PARSE_TEST("usr/share/qemu/firmware/90-combined.json");
DO_PARSE_TEST("usr/share/qemu/firmware/91-bios.json");
DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-invalid.json");
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args
index 99350f600c..624039d1a2 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-name guest=guest,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml
index 6ea58f3361..10a1a3a22d 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev-snp.x86_64-latest+amdsev.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
index 550ac52b8a..2529f9c069 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.args
@@ -10,12 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-name guest=guest,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
--machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
+-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
index cbfdcdeee3..96468a6943 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-sev.x86_64-latest+amdsev.xml
@@ -10,8 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
- <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+ <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args
index 0c0caf2468..9bb122c04a 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-name guest=guest,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml
index 3fead35a66..da15c12e61 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-stateless.x86_64-latest.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args
index 6e076cec63..a751ac70c8 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml
index d0f8ed031d..d3c4aca1a0 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_64-latest+amdsev.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args
index d849eb88e0..f8bc8a71fe 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml
index a0487b021e..f57f3f2b68 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest+amdsev.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args
index d849eb88e0..f8bc8a71fe 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml
index a0487b021e..f57f3f2b68 100644
--- a/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args
index b62961f974..51a92dc47c 100644
--- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args
+++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args
@@ -10,11 +10,10 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
--machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
-accel kvm \
-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.amdsev.fd \
-m size=219136k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
-overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml
index b7ec804058..9f46eec07d 100644
--- a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml
+++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml
@@ -10,7 +10,7 @@
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
- <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
+ <loader type='rom' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
<boot dev='hd'/>
</os>
<features>
--
2.51.0© 2016 - 2025 Red Hat, Inc.