From nobody Fri Jan  9 08:49:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1766970047; cv=none;
	d=zohomail.com; s=zohoarc;
	b=W1bldAwNzLtyUMKG3HVSmPuY1PLWtPM3Ivum9bD/h77gcqaG48vMPiVOs3Ic8AWMdpHoRgkkHoBaWpo6z6f+lQAqsjEVWwF9uc2a3NvcIDJcrGMnkFbJKwjJIdgtw5vhHg4tjn3HIpy/3en73247inP/iPN99e66MNg11xrJ14s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1766970047;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=zCca3h4eXt1UgcgE5BpBIfCTy0h0FthuwsPc1XTyrng=;
	b=hzgCHVlp7Gpk/i5CL7F4QWThnWnVT04lBRUtTvGJwzvwc7X3e4oJsXnuwIMXjbOCMfurXF4ulXObig50epW5Ndy0Z6J8CO37n/lH+/1geVSapeclUVZdP8rI4MR/4j6X2WlRWXN6BTuo3kJqY3HvlAY2e58XXNESYLn+hLFlU1Y=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1766970047870440.73967172487096;
 Sun, 28 Dec 2025 17:00:47 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id E49B83F8EC; Sun, 28 Dec 2025 20:00:46 -0500 (EST)
Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 9E74143E1B;
	Sun, 28 Dec 2025 19:54:03 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 129104186C; Sun, 28 Dec 2025 18:49:42 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id E04F541C4B
	for <devel@lists.libvirt.org>; Sun, 28 Dec 2025 18:41:15 -0500 (EST)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-102-z1XKafe_PRq1LQ1GotPoTQ-1; Sun,
 28 Dec 2025 18:41:14 -0500
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 3F5491956050
	for <devel@lists.libvirt.org>; Sun, 28 Dec 2025 23:41:13 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.224.19])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id 7FB16180035A
	for <devel@lists.libvirt.org>; Sun, 28 Dec 2025 23:41:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1766965275;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=zCca3h4eXt1UgcgE5BpBIfCTy0h0FthuwsPc1XTyrng=;
	b=OzemrR5ELV5cXbPvzHl08QoYCmA+jySR7il+lL5kygwulhHMbWaCXHN7MmxVtknSO2pJcA
	Ffv9Zmx8t6tCVYVJzgWqBjMOteuVuvXYBDCyQkvK6W63FaIGdQV7X6uYwCF9BHg/7hmofM
	/stiicxiVaO6uXMB1ISMiQqKCxiEBns=
X-MC-Unique: z1XKafe_PRq1LQ1GotPoTQ-1
X-Mimecast-MFC-AGG-ID: z1XKafe_PRq1LQ1GotPoTQ_1766965273
To: devel@lists.libvirt.org
Subject: [PATCH 18/29] tests: Add firmware-auto-efi-enrolled-keys-aarch64
Date: Mon, 29 Dec 2025 00:40:37 +0100
Message-ID: <20251228234048.1711701-19-abologna@redhat.com>
In-Reply-To: <20251228234048.1711701-1-abologna@redhat.com>
References: <20251228234048.1711701-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: b5JWR45jwT4xWYn6GGPanfyC4iysIl3eqEJK-7Tiyew_1766965273
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: LUJBGQRQUYXW2VW3TGYUKRQICDIRHMHA
X-Message-ID-Hash: LUJBGQRQUYXW2VW3TGYUKRQICDIRHMHA
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/LUJBGQRQUYXW2VW3TGYUKRQICDIRHMHA/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1766970048642158500
Content-Type: text/plain; charset="utf-8"; x-default="true"

This test case demonstrates how to automatically configure an
aarch64 guest so that Secure Boot support is available and only
signed operating systems are allowed to boot.

It currently fails because there is no firmware descriptor that
describes a suitable firmware build yet. That will change in a
future commit.

In addition to the latest version, the test case is also executed
against QEMU 8.2.0 specifically. This version of the test case is
intended to fail, because the uefi-vars device that we need to
support Secure Boot on aarch64 was not yet available in that
version of QEMU. The exact error message will change down the
line.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err |  1 +
 ...fi-enrolled-keys-aarch64.aarch64-8.2.0.xml | 30 +++++++++++++++++++
 ...i-enrolled-keys-aarch64.aarch64-latest.err |  1 +
 ...i-enrolled-keys-aarch64.aarch64-latest.xml | 30 +++++++++++++++++++
 ...irmware-auto-efi-enrolled-keys-aarch64.xml | 20 +++++++++++++
 tests/qemuxmlconftest.c                       |  2 ++
 6 files changed, 84 insertions(+)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-latest.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.xml

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.err
new file mode 100644
index 0000000000..3edb2b3451
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-8.2.0.err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.xml
new file mode 100644
index 0000000000..e1b1417cbc
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-8.2.0.xml
@@ -0,0 +1,30 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-4.0'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+    <loader format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <gic version=3D'3'/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-=
aarch64.aarch64-latest.err
new file mode 100644
index 0000000000..3edb2b3451
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-latest.err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-=
aarch64.aarch64-latest.xml
new file mode 100644
index 0000000000..e1b1417cbc
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-latest.xml
@@ -0,0 +1,30 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-4.0'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+    <loader format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <gic version=3D'3'/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
new file mode 100644
index 0000000000..4e075e560f
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
@@ -0,0 +1,20 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-4.0'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index ec3c53cf67..85c35af515 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1598,6 +1598,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
+    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarc=
h64", "aarch64");
+    DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64=
", "aarch64", "8.2.0");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-se=
cboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
--=20
2.52.0