Now that everything else is in place, we can finally add the
firmware descriptors for the edk2 builds that use the uefi-vars
QEMU device.
Several existing test cases that were failing up until this
point can pass now. This includes firmware-auto-efi-varstore-q35,
firmware-auto-efi-varstore-aarch64 and
firmware-auto-efi-enrolled-keys-aarch64, which were only failing
because a matching firmware descriptor could not be found.
firmware-manual-efi-varstore-aarch64 also passes now, because
with the firmware descriptor in place libvirt is able to figure
out that the manually-provided path corresponds to a UEFI
firmware build, which means that the use of ACPI is fine.
The test cases using older version of QEMU still fail, as is
expected, though the error message is now slightly different and
reflect the actual reason why that is.
The qemufirmware and domaincaps tests are updated in the
expected ways. In particular, versions QEMU 10.0 and newer now
advertise varstore support as available.
https://issues.redhat.com/browse/RHEL-82645
DONOTMERGE: The firmware descriptors have not been added to the
Fedora edk2 package yet.
---
.../qemu_10.0.0-q35.x86_64+amdsev.xml | 2 +-
.../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 2 +-
.../qemu_10.0.0-virt.aarch64.xml | 4 ++-
tests/domaincapsdata/qemu_10.0.0.aarch64.xml | 4 ++-
.../qemu_10.1.0-q35.x86_64+inteltdx.xml | 2 +-
.../domaincapsdata/qemu_10.1.0-q35.x86_64.xml | 2 +-
.../qemu_10.2.0-q35.x86_64+mshv.xml | 2 +-
.../domaincapsdata/qemu_10.2.0-q35.x86_64.xml | 2 +-
.../qemu_10.2.0-virt.aarch64.xml | 4 ++-
tests/domaincapsdata/qemu_10.2.0.aarch64.xml | 4 ++-
.../domaincapsdata/qemu_11.0.0-q35.x86_64.xml | 2 +-
.../qemu_11.0.0-virt.aarch64.xml | 4 ++-
tests/domaincapsdata/qemu_11.0.0.aarch64.xml | 4 ++-
.../qemu_8.2.0-virt.aarch64.xml | 2 ++
tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 2 ++
.../qemu_9.2.0-hvf.aarch64+hvf.xml | 2 ++
...70-edk2-ovmf-qemuvars-x64-sb-enrolled.json | 30 ++++++++++++++++
.../70-edk2-qemuvars-aarch64-sb-enrolled.json | 28 +++++++++++++++
.../71-edk2-ovmf-qemuvars-x64-sb.json | 29 ++++++++++++++++
.../firmware/71-edk2-qemuvars-aarch64-sb.json | 27 +++++++++++++++
tests/qemufirmwaretest.c | 20 ++++++++---
...fi-enrolled-keys-aarch64.aarch64-8.2.0.err | 2 +-
...-enrolled-keys-aarch64.aarch64-latest.args | 31 +++++++++++++++++
...i-enrolled-keys-aarch64.aarch64-latest.err | 1 -
...i-enrolled-keys-aarch64.aarch64-latest.xml | 4 ++-
...o-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
...to-efi-varstore-aarch64.aarch64-latest.err | 1 -
...to-efi-varstore-aarch64.aarch64-latest.xml | 8 +++--
...e-auto-efi-varstore-q35.x86_64-latest.args | 34 +++++++++++++++++++
...re-auto-efi-varstore-q35.x86_64-latest.err | 1 -
...re-auto-efi-varstore-q35.x86_64-latest.xml | 8 +++--
...ual-efi-varstore-aarch64.aarch64-8.2.0.err | 2 +-
...l-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
...al-efi-varstore-aarch64.aarch64-latest.err | 1 -
...l-efi-varstore-aarch64.aarch64-latest.xml} | 6 ++--
...-manual-efi-varstore-q35.x86_64-latest.xml | 8 +++--
tests/qemuxmlconftest.c | 10 +++---
37 files changed, 320 insertions(+), 37 deletions(-)
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
delete mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
rename tests/qemuxmlconfdata/{firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml => firmware-manual-efi-varstore-aarch64.aarch64-latest.xml} (75%)
diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
index 1fff8c7fc7..bf6393dc03 100644
--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
index 6c26e5b422..d6f710e56e 100644
--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
index 97064ea009..334aa5e31f 100644
--- a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
index 97064ea009..334aa5e31f 100644
--- a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 3537dd01f6..6c370de5dd 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
index e55d7d8ba6..60cc9eee3d 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
index 43fe2bff93..e30b64e068 100644
--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
@@ -35,7 +35,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
index 2c1b38b4ec..fde3055148 100644
--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
index fa1d3c490b..beb9a49ee3 100644
--- a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
index fa1d3c490b..beb9a49ee3 100644
--- a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
index 109f3ae0ae..aa62aa1502 100644
--- a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
index db47c5ee98..4d41b6427d 100644
--- a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
index db47c5ee98..4d41b6427d 100644
--- a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
@@ -32,7 +34,7 @@
<value>no</value>
</enum>
</loader>
- <varstore supported='no'/>
+ <varstore supported='yes'/>
</os>
<cpu>
<mode name='host-passthrough' supported='yes'>
diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
index 420fbedd72..83fc9e37a7 100644
--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
index 420fbedd72..83fc9e37a7 100644
--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
diff --git a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
index f998177636..65bb9dc9bd 100644
--- a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
+++ b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
@@ -11,9 +11,11 @@
</enum>
<firmwareFeatures supported='yes'>
<enum name='secureBoot'>
+ <value>yes</value>
<value>no</value>
</enum>
<enum name='enrolledKeys'>
+ <value>yes</value>
<value>no</value>
</enum>
</firmwareFeatures>
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
new file mode 100644
index 0000000000..a173c3e63a
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
@@ -0,0 +1,30 @@
+{
+ "description": "OVMF for qemuvars, SB enabled, MS certs enrolled",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "memory",
+ "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
+ "uefi-vars": {
+ "template": "/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s3",
+ "enrolled-keys",
+ "secure-boot",
+ "host-uefi-vars",
+ "verbose-dynamic"
+ ],
+ "tags": [
+ ]
+}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
new file mode 100644
index 0000000000..b9dd623584
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
@@ -0,0 +1,28 @@
+{
+ "description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "memory",
+ "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
+ "uefi-vars": {
+ "template": "/usr/share/edk2/aarch64/vars-template.enrolled.json"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+ "enrolled-keys",
+ "secure-boot",
+ "host-uefi-vars"
+ ],
+ "tags": [
+ ]
+}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
new file mode 100644
index 0000000000..9972c34337
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
@@ -0,0 +1,29 @@
+{
+ "description": "OVMF for qemuvars, SB enabled, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "memory",
+ "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
+ "uefi-vars": {
+ "template": "/usr/share/edk2/ovmf/OVMF_VARS.empty.json"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s3",
+ "secure-boot",
+ "host-uefi-vars",
+ "verbose-dynamic"
+ ],
+ "tags": [
+ ]
+}
diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
new file mode 100644
index 0000000000..58a81a1de6
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
@@ -0,0 +1,27 @@
+{
+ "description": "UEFI firmware for ARM64 virtual machines, SB enabled, empty varstore",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "memory",
+ "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
+ "uefi-vars": {
+ "template": "/usr/share/edk2/aarch64/vars-template.empty.json"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "aarch64",
+ "machines": [
+ "virt-*"
+ ]
+ }
+ ],
+ "features": [
+ "secure-boot",
+ "host-uefi-vars"
+ ],
+ "tags": [
+ ]
+}
diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
index e434121834..abe6e75120 100644
--- a/tests/qemufirmwaretest.c
+++ b/tests/qemufirmwaretest.c
@@ -101,6 +101,10 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
SYSCONFDIR "/qemu/firmware/59-libvirt-combined.json",
PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
+ PREFIX "/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json",
+ PREFIX "/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json",
+ PREFIX "/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json",
+ PREFIX "/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json",
PREFIX "/share/qemu/firmware/90-libvirt-combined.json",
PREFIX "/share/qemu/firmware/91-libvirt-bios.json",
PREFIX "/share/qemu/firmware/93-libvirt-invalid.json",
@@ -296,6 +300,10 @@ mymain(void)
DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
+ DO_PARSE_TEST("usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json");
+ DO_PARSE_TEST("usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json");
+ DO_PARSE_TEST("usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json");
+ DO_PARSE_TEST("usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json");
DO_PARSE_TEST("usr/share/qemu/firmware/90-libvirt-combined.json");
DO_PARSE_TEST("usr/share/qemu/firmware/91-libvirt-bios.json");
DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-libvirt-invalid.json");
@@ -325,7 +333,7 @@ mymain(void)
DO_SUPPORTED_TEST("pc-i440fx-3.1", VIR_ARCH_I686, false, false,
"/usr/share/seabios/bios.bin:NULL",
VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS);
- DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, false,
+ DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, true,
"/usr/share/seabios/bios.bin:NULL:"
"/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2:/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2:"
"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd:"
@@ -335,7 +343,9 @@ mymain(void)
"/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd:"
"/usr/share/edk2/ovmf/OVMF.combined.fd:NULL:"
"/usr/share/edk2/ovmf/OVMF.amdsev.fd:NULL:"
- "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL",
+ "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL:"
+ "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json:"
+ "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/OVMF_VARS.empty.json",
VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS,
VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_I686, false, false,
@@ -344,11 +354,13 @@ mymain(void)
DO_SUPPORTED_TEST("microvm", VIR_ARCH_X86_64, false, false,
"/usr/share/edk2/ovmf/MICROVM.fd:NULL",
VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
- DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, false,
+ DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, true,
"/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
"/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
"/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
- "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw",
+ "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
+ "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars-template.enrolled.json:"
+ "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars-template.empty.json",
VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
DO_SUPPORTED_TEST("virt", VIR_ARCH_RISCV64, false, false,
"/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2:/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
index 3edb2b3451..e64c2b21aa 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
@@ -1 +1 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+unsupported configuration: The uefi-vars device is not supported by this QEMU binary
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
new file mode 100644
index 0000000000..abc934692a
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
index 908a8435f9..3fd52d75f3 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
@@ -8,8 +8,10 @@
<type arch='aarch64' machine='virt-8.2'>hvm</type>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
</firmware>
- <loader format='raw'/>
+ <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+ <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
new file mode 100644
index 0000000000..abc934692a
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
index b0fa092509..3fd52d75f3 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
@@ -6,8 +6,12 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='aarch64' machine='virt-8.2'>hvm</type>
- <loader format='raw'/>
- <varstore/>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
+ </firmware>
+ <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+ <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
new file mode 100644
index 0000000000..9a899c2a65
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
@@ -0,0 +1,34 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
+-accel kvm \
+-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=off \
+-watchdog-action reset \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
deleted file mode 100644
index 3edb2b3451..0000000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
index c4d70c9fc5..21bb42a3f7 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
@@ -6,8 +6,12 @@
<vcpu placement='static'>1</vcpu>
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
- <loader format='raw'/>
- <varstore/>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
+ </firmware>
+ <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
+ <varstore template='/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
index 4fe79bdacf..e64c2b21aa 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
@@ -1 +1 @@
-unsupported configuration: ACPI requires UEFI on this architecture
+unsupported configuration: The uefi-vars device is not supported by this QEMU binary
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
new file mode 100644
index 0000000000..abc934692a
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
deleted file mode 100644
index 4fe79bdacf..0000000000
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: ACPI requires UEFI on this architecture
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
similarity index 75%
rename from tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
rename to tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
index 5213a41b90..1d533fb1dd 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
@@ -8,13 +8,15 @@
<type arch='aarch64' machine='virt-8.2'>hvm</type>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
</firmware>
- <loader format='raw'/>
+ <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+ <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/path/to/guest.json'/>
<boot dev='hd'/>
</os>
<features>
<acpi/>
- <gic version='3'/>
+ <gic version='2'/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
index 296c6e8f59..1cb556fe9b 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
@@ -4,10 +4,14 @@
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
- <os>
+ <os firmware='efi'>
<type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
+ <firmware>
+ <feature enabled='yes' name='enrolled-keys'/>
+ <feature enabled='yes' name='secure-boot'/>
+ </firmware>
<loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
- <varstore path='/path/to/guest.json'/>
+ <varstore template='/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json' path='/path/to/guest.json'/>
<boot dev='hd'/>
</os>
<features>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 43e994fc93..187f90c9dc 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1620,7 +1620,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
- DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64");
+ DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-varstore-aarch64", "aarch64");
DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64", "8.2.0");
/* Make sure all combinations of ACPI and UEFI behave as expected */
@@ -1657,8 +1657,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
- DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
- DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
+ DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
+ DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
@@ -1673,8 +1673,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
- DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-varstore-q35");
- DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-varstore-aarch64", "aarch64");
+ DO_TEST_CAPS_LATEST("firmware-auto-efi-varstore-q35");
+ DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-varstore-aarch64", "aarch64");
DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
--
2.53.0On Wed, Feb 18, 2026 at 01:05:52PM +0100, Andrea Bolognani via Devel wrote:
> Now that everything else is in place, we can finally add the
> firmware descriptors for the edk2 builds that use the uefi-vars
> QEMU device.
>
> Several existing test cases that were failing up until this
> point can pass now. This includes firmware-auto-efi-varstore-q35,
> firmware-auto-efi-varstore-aarch64 and
> firmware-auto-efi-enrolled-keys-aarch64, which were only failing
> because a matching firmware descriptor could not be found.
>
> firmware-manual-efi-varstore-aarch64 also passes now, because
> with the firmware descriptor in place libvirt is able to figure
> out that the manually-provided path corresponds to a UEFI
> firmware build, which means that the use of ACPI is fine.
>
> The test cases using older version of QEMU still fail, as is
> expected, though the error message is now slightly different and
> reflect the actual reason why that is.
>
> The qemufirmware and domaincaps tests are updated in the
> expected ways. In particular, versions QEMU 10.0 and newer now
> advertise varstore support as available.
>
> https://issues.redhat.com/browse/RHEL-82645
That's a ticket against libvirt in RHEL...
> DONOTMERGE: The firmware descriptors have not been added to the
> Fedora edk2 package yet.
but this talks about EDK2 in Fedora. For that the link should
be
https://src.fedoraproject.org/rpms/edk2/pull-request/15
which was both opened and merged today. I've not checked if
that PR matches what you've added here, so will let you
re-evaluate that before reviewing this patch.
> ---
> .../qemu_10.0.0-q35.x86_64+amdsev.xml | 2 +-
> .../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 2 +-
> .../qemu_10.0.0-virt.aarch64.xml | 4 ++-
> tests/domaincapsdata/qemu_10.0.0.aarch64.xml | 4 ++-
> .../qemu_10.1.0-q35.x86_64+inteltdx.xml | 2 +-
> .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml | 2 +-
> .../qemu_10.2.0-q35.x86_64+mshv.xml | 2 +-
> .../domaincapsdata/qemu_10.2.0-q35.x86_64.xml | 2 +-
> .../qemu_10.2.0-virt.aarch64.xml | 4 ++-
> tests/domaincapsdata/qemu_10.2.0.aarch64.xml | 4 ++-
> .../domaincapsdata/qemu_11.0.0-q35.x86_64.xml | 2 +-
> .../qemu_11.0.0-virt.aarch64.xml | 4 ++-
> tests/domaincapsdata/qemu_11.0.0.aarch64.xml | 4 ++-
> .../qemu_8.2.0-virt.aarch64.xml | 2 ++
> tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 2 ++
> .../qemu_9.2.0-hvf.aarch64+hvf.xml | 2 ++
> ...70-edk2-ovmf-qemuvars-x64-sb-enrolled.json | 30 ++++++++++++++++
> .../70-edk2-qemuvars-aarch64-sb-enrolled.json | 28 +++++++++++++++
> .../71-edk2-ovmf-qemuvars-x64-sb.json | 29 ++++++++++++++++
> .../firmware/71-edk2-qemuvars-aarch64-sb.json | 27 +++++++++++++++
> tests/qemufirmwaretest.c | 20 ++++++++---
> ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err | 2 +-
> ...-enrolled-keys-aarch64.aarch64-latest.args | 31 +++++++++++++++++
> ...i-enrolled-keys-aarch64.aarch64-latest.err | 1 -
> ...i-enrolled-keys-aarch64.aarch64-latest.xml | 4 ++-
> ...o-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
> ...to-efi-varstore-aarch64.aarch64-latest.err | 1 -
> ...to-efi-varstore-aarch64.aarch64-latest.xml | 8 +++--
> ...e-auto-efi-varstore-q35.x86_64-latest.args | 34 +++++++++++++++++++
> ...re-auto-efi-varstore-q35.x86_64-latest.err | 1 -
> ...re-auto-efi-varstore-q35.x86_64-latest.xml | 8 +++--
> ...ual-efi-varstore-aarch64.aarch64-8.2.0.err | 2 +-
> ...l-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
> ...al-efi-varstore-aarch64.aarch64-latest.err | 1 -
> ...l-efi-varstore-aarch64.aarch64-latest.xml} | 6 ++--
> ...-manual-efi-varstore-q35.x86_64-latest.xml | 8 +++--
> tests/qemuxmlconftest.c | 10 +++---
> 37 files changed, 320 insertions(+), 37 deletions(-)
> create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
> create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
> create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
> create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
> create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
> create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
> create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
> create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> delete mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
> rename tests/qemuxmlconfdata/{firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml => firmware-manual-efi-varstore-aarch64.aarch64-latest.xml} (75%)
>
> diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
> index 1fff8c7fc7..bf6393dc03 100644
> --- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
> +++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
> index 6c26e5b422..d6f710e56e 100644
> --- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
> +++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
> index 97064ea009..334aa5e31f 100644
> --- a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
> index 97064ea009..334aa5e31f 100644
> --- a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
> index 3537dd01f6..6c370de5dd 100644
> --- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
> +++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
> index e55d7d8ba6..60cc9eee3d 100644
> --- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
> +++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
> index 43fe2bff93..e30b64e068 100644
> --- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
> +++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
> @@ -35,7 +35,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
> index 2c1b38b4ec..fde3055148 100644
> --- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
> +++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
> index fa1d3c490b..beb9a49ee3 100644
> --- a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
> index fa1d3c490b..beb9a49ee3 100644
> --- a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
> index 109f3ae0ae..aa62aa1502 100644
> --- a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
> +++ b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
> @@ -36,7 +36,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
> index db47c5ee98..4d41b6427d 100644
> --- a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
> index db47c5ee98..4d41b6427d 100644
> --- a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> @@ -32,7 +34,7 @@
> <value>no</value>
> </enum>
> </loader>
> - <varstore supported='no'/>
> + <varstore supported='yes'/>
> </os>
> <cpu>
> <mode name='host-passthrough' supported='yes'>
> diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
> index 420fbedd72..83fc9e37a7 100644
> --- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
> index 420fbedd72..83fc9e37a7 100644
> --- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
> +++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> diff --git a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
> index f998177636..65bb9dc9bd 100644
> --- a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
> +++ b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
> @@ -11,9 +11,11 @@
> </enum>
> <firmwareFeatures supported='yes'>
> <enum name='secureBoot'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> <enum name='enrolledKeys'>
> + <value>yes</value>
> <value>no</value>
> </enum>
> </firmwareFeatures>
> diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
> new file mode 100644
> index 0000000000..a173c3e63a
> --- /dev/null
> +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json
> @@ -0,0 +1,30 @@
> +{
> + "description": "OVMF for qemuvars, SB enabled, MS certs enrolled",
> + "interface-types": [
> + "uefi"
> + ],
> + "mapping": {
> + "device": "memory",
> + "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
> + "uefi-vars": {
> + "template": "/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json"
> + }
> + },
> + "targets": [
> + {
> + "architecture": "x86_64",
> + "machines": [
> + "pc-q35-*"
> + ]
> + }
> + ],
> + "features": [
> + "acpi-s3",
> + "enrolled-keys",
> + "secure-boot",
> + "host-uefi-vars",
> + "verbose-dynamic"
> + ],
> + "tags": [
> + ]
> +}
> diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
> new file mode 100644
> index 0000000000..b9dd623584
> --- /dev/null
> +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json
> @@ -0,0 +1,28 @@
> +{
> + "description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled",
> + "interface-types": [
> + "uefi"
> + ],
> + "mapping": {
> + "device": "memory",
> + "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
> + "uefi-vars": {
> + "template": "/usr/share/edk2/aarch64/vars-template.enrolled.json"
> + }
> + },
> + "targets": [
> + {
> + "architecture": "aarch64",
> + "machines": [
> + "virt-*"
> + ]
> + }
> + ],
> + "features": [
> + "enrolled-keys",
> + "secure-boot",
> + "host-uefi-vars"
> + ],
> + "tags": [
> + ]
> +}
> diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
> new file mode 100644
> index 0000000000..9972c34337
> --- /dev/null
> +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json
> @@ -0,0 +1,29 @@
> +{
> + "description": "OVMF for qemuvars, SB enabled, empty varstore",
> + "interface-types": [
> + "uefi"
> + ],
> + "mapping": {
> + "device": "memory",
> + "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
> + "uefi-vars": {
> + "template": "/usr/share/edk2/ovmf/OVMF_VARS.empty.json"
> + }
> + },
> + "targets": [
> + {
> + "architecture": "x86_64",
> + "machines": [
> + "pc-q35-*"
> + ]
> + }
> + ],
> + "features": [
> + "acpi-s3",
> + "secure-boot",
> + "host-uefi-vars",
> + "verbose-dynamic"
> + ],
> + "tags": [
> + ]
> +}
> diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
> new file mode 100644
> index 0000000000..58a81a1de6
> --- /dev/null
> +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json
> @@ -0,0 +1,27 @@
> +{
> + "description": "UEFI firmware for ARM64 virtual machines, SB enabled, empty varstore",
> + "interface-types": [
> + "uefi"
> + ],
> + "mapping": {
> + "device": "memory",
> + "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
> + "uefi-vars": {
> + "template": "/usr/share/edk2/aarch64/vars-template.empty.json"
> + }
> + },
> + "targets": [
> + {
> + "architecture": "aarch64",
> + "machines": [
> + "virt-*"
> + ]
> + }
> + ],
> + "features": [
> + "secure-boot",
> + "host-uefi-vars"
> + ],
> + "tags": [
> + ]
> +}
> diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
> index e434121834..abe6e75120 100644
> --- a/tests/qemufirmwaretest.c
> +++ b/tests/qemufirmwaretest.c
> @@ -101,6 +101,10 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
> SYSCONFDIR "/qemu/firmware/59-libvirt-combined.json",
> PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
> PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
> + PREFIX "/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json",
> + PREFIX "/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json",
> + PREFIX "/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json",
> + PREFIX "/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json",
> PREFIX "/share/qemu/firmware/90-libvirt-combined.json",
> PREFIX "/share/qemu/firmware/91-libvirt-bios.json",
> PREFIX "/share/qemu/firmware/93-libvirt-invalid.json",
> @@ -296,6 +300,10 @@ mymain(void)
> DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
> DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
> DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
> + DO_PARSE_TEST("usr/share/qemu/firmware/70-edk2-ovmf-qemuvars-x64-sb-enrolled.json");
> + DO_PARSE_TEST("usr/share/qemu/firmware/70-edk2-qemuvars-aarch64-sb-enrolled.json");
> + DO_PARSE_TEST("usr/share/qemu/firmware/71-edk2-ovmf-qemuvars-x64-sb.json");
> + DO_PARSE_TEST("usr/share/qemu/firmware/71-edk2-qemuvars-aarch64-sb.json");
> DO_PARSE_TEST("usr/share/qemu/firmware/90-libvirt-combined.json");
> DO_PARSE_TEST("usr/share/qemu/firmware/91-libvirt-bios.json");
> DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-libvirt-invalid.json");
> @@ -325,7 +333,7 @@ mymain(void)
> DO_SUPPORTED_TEST("pc-i440fx-3.1", VIR_ARCH_I686, false, false,
> "/usr/share/seabios/bios.bin:NULL",
> VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS);
> - DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, false,
> + DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, true,
> "/usr/share/seabios/bios.bin:NULL:"
> "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2:/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2:"
> "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd:"
> @@ -335,7 +343,9 @@ mymain(void)
> "/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd:"
> "/usr/share/edk2/ovmf/OVMF.combined.fd:NULL:"
> "/usr/share/edk2/ovmf/OVMF.amdsev.fd:NULL:"
> - "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL",
> + "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL:"
> + "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json:"
> + "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/OVMF_VARS.empty.json",
> VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS,
> VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
> DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_I686, false, false,
> @@ -344,11 +354,13 @@ mymain(void)
> DO_SUPPORTED_TEST("microvm", VIR_ARCH_X86_64, false, false,
> "/usr/share/edk2/ovmf/MICROVM.fd:NULL",
> VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
> - DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, false,
> + DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, true,
> "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
> "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
> "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
> - "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw",
> + "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
> + "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars-template.enrolled.json:"
> + "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars-template.empty.json",
> VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
> DO_SUPPORTED_TEST("virt", VIR_ARCH_RISCV64, false, false,
> "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2:/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
> index 3edb2b3451..e64c2b21aa 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
> @@ -1 +1 @@
> -operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
> +unsupported configuration: The uefi-vars device is not supported by this QEMU binary
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> new file mode 100644
> index 0000000000..abc934692a
> --- /dev/null
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> @@ -0,0 +1,31 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/var/lib/libvirt/qemu/domain--1-guest \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
> +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
> +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
> +/usr/bin/qemu-system-aarch64 \
> +-name guest=guest,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
> +-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
> +-accel kvm \
> +-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-m size=1048576k \
> +-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-audiodev '{"id":"audio1","driver":"none"}' \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
> deleted file mode 100644
> index 3edb2b3451..0000000000
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
> +++ /dev/null
> @@ -1 +0,0 @@
> -operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
> index 908a8435f9..3fd52d75f3 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
> @@ -8,8 +8,10 @@
> <type arch='aarch64' machine='virt-8.2'>hvm</type>
> <firmware>
> <feature enabled='yes' name='enrolled-keys'/>
> + <feature enabled='yes' name='secure-boot'/>
> </firmware>
> - <loader format='raw'/>
> + <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
> + <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
> <boot dev='hd'/>
> </os>
> <features>
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> new file mode 100644
> index 0000000000..abc934692a
> --- /dev/null
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> @@ -0,0 +1,31 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/var/lib/libvirt/qemu/domain--1-guest \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
> +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
> +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
> +/usr/bin/qemu-system-aarch64 \
> +-name guest=guest,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
> +-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
> +-accel kvm \
> +-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-m size=1048576k \
> +-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-audiodev '{"id":"audio1","driver":"none"}' \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
> deleted file mode 100644
> index 3edb2b3451..0000000000
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
> +++ /dev/null
> @@ -1 +0,0 @@
> -operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
> index b0fa092509..3fd52d75f3 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
> @@ -6,8 +6,12 @@
> <vcpu placement='static'>1</vcpu>
> <os firmware='efi'>
> <type arch='aarch64' machine='virt-8.2'>hvm</type>
> - <loader format='raw'/>
> - <varstore/>
> + <firmware>
> + <feature enabled='yes' name='enrolled-keys'/>
> + <feature enabled='yes' name='secure-boot'/>
> + </firmware>
> + <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
> + <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
> <boot dev='hd'/>
> </os>
> <features>
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> new file mode 100644
> index 0000000000..9a899c2a65
> --- /dev/null
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> @@ -0,0 +1,34 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/var/lib/libvirt/qemu/domain--1-guest \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
> +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
> +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
> +/usr/bin/qemu-system-x86_64 \
> +-name guest=guest,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
> +-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
> +-accel kvm \
> +-cpu qemu64 \
> +-bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
> +-m size=1048576k \
> +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-audiodev '{"id":"audio1","driver":"none"}' \
> +-global ICH9-LPC.noreboot=off \
> +-watchdog-action reset \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
> deleted file mode 100644
> index 3edb2b3451..0000000000
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
> +++ /dev/null
> @@ -1 +0,0 @@
> -operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
> index c4d70c9fc5..21bb42a3f7 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
> @@ -6,8 +6,12 @@
> <vcpu placement='static'>1</vcpu>
> <os firmware='efi'>
> <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
> - <loader format='raw'/>
> - <varstore/>
> + <firmware>
> + <feature enabled='yes' name='enrolled-keys'/>
> + <feature enabled='yes' name='secure-boot'/>
> + </firmware>
> + <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
> + <varstore template='/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
> <boot dev='hd'/>
> </os>
> <features>
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
> index 4fe79bdacf..e64c2b21aa 100644
> --- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
> @@ -1 +1 @@
> -unsupported configuration: ACPI requires UEFI on this architecture
> +unsupported configuration: The uefi-vars device is not supported by this QEMU binary
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> new file mode 100644
> index 0000000000..abc934692a
> --- /dev/null
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> @@ -0,0 +1,31 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/var/lib/libvirt/qemu/domain--1-guest \
> +USER=test \
> +LOGNAME=test \
> +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
> +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
> +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
> +/usr/bin/qemu-system-aarch64 \
> +-name guest=guest,debug-threads=on \
> +-S \
> +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
> +-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
> +-accel kvm \
> +-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-m size=1048576k \
> +-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
> +-overcommit mem-lock=off \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
> +-display none \
> +-no-user-config \
> +-nodefaults \
> +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
> +-mon chardev=charmonitor,id=monitor,mode=control \
> +-rtc base=utc \
> +-no-shutdown \
> +-boot strict=on \
> +-audiodev '{"id":"audio1","driver":"none"}' \
> +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
> +-msg timestamp=on
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
> deleted file mode 100644
> index 4fe79bdacf..0000000000
> --- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
> +++ /dev/null
> @@ -1 +0,0 @@
> -unsupported configuration: ACPI requires UEFI on this architecture
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
> similarity index 75%
> rename from tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
> rename to tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
> index 5213a41b90..1d533fb1dd 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
> @@ -8,13 +8,15 @@
> <type arch='aarch64' machine='virt-8.2'>hvm</type>
> <firmware>
> <feature enabled='yes' name='enrolled-keys'/>
> + <feature enabled='yes' name='secure-boot'/>
> </firmware>
> - <loader format='raw'/>
> + <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
> + <varstore template='/usr/share/edk2/aarch64/vars-template.enrolled.json' path='/path/to/guest.json'/>
> <boot dev='hd'/>
> </os>
> <features>
> <acpi/>
> - <gic version='3'/>
> + <gic version='2'/>
> </features>
> <clock offset='utc'/>
> <on_poweroff>destroy</on_poweroff>
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
> index 296c6e8f59..1cb556fe9b 100644
> --- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
> @@ -4,10 +4,14 @@
> <memory unit='KiB'>1048576</memory>
> <currentMemory unit='KiB'>1048576</currentMemory>
> <vcpu placement='static'>1</vcpu>
> - <os>
> + <os firmware='efi'>
> <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
> + <firmware>
> + <feature enabled='yes' name='enrolled-keys'/>
> + <feature enabled='yes' name='secure-boot'/>
> + </firmware>
> <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
> - <varstore path='/path/to/guest.json'/>
> + <varstore template='/usr/share/edk2/ovmf/OVMF_VARS.enrolled.json' path='/path/to/guest.json'/>
> <boot dev='hd'/>
> </os>
> <features>
> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
> index 43e994fc93..187f90c9dc 100644
> --- a/tests/qemuxmlconftest.c
> +++ b/tests/qemuxmlconftest.c
> @@ -1620,7 +1620,7 @@ mymain(void)
>
> DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
> DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
> - DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64");
> + DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-varstore-aarch64", "aarch64");
> DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64", "8.2.0");
>
> /* Make sure all combinations of ACPI and UEFI behave as expected */
> @@ -1657,8 +1657,8 @@ mymain(void)
> DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
> - DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
> - DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
> + DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
> + DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
> DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
> @@ -1673,8 +1673,8 @@ mymain(void)
> DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
> DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
> - DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-varstore-q35");
> - DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-varstore-aarch64", "aarch64");
> + DO_TEST_CAPS_LATEST("firmware-auto-efi-varstore-q35");
> + DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-varstore-aarch64", "aarch64");
>
> DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
> DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
> --
> 2.53.0
>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
On Mon, Feb 23, 2026 at 02:26:25PM +0000, Daniel P. Berrangé wrote: > On Wed, Feb 18, 2026 at 01:05:52PM +0100, Andrea Bolognani via Devel wrote: > > Now that everything else is in place, we can finally add the > > firmware descriptors for the edk2 builds that use the uefi-vars > > QEMU device. > > [...] > > > > https://issues.redhat.com/browse/RHEL-82645 > > That's a ticket against libvirt in RHEL... > > > DONOTMERGE: The firmware descriptors have not been added to the > > Fedora edk2 package yet. > > but this talks about EDK2 in Fedora. For that the link should > be > > https://src.fedoraproject.org/rpms/edk2/pull-request/15 > > which was both opened and merged today. I've not checked if > that PR matches what you've added here, so will let you > re-evaluate that before reviewing this patch. There are changes between what I suggested here and what was ultimately merged into Fedora, but they're not semantically meaningful: the descriptors have slightly different names but the ordering remains the same, the paths to the firmware files themselves are also slightly different. I have already imported the actual descriptors file locally. -- Andrea Bolognani / Red Hat / Virtualization
On Mon, Feb 23, 2026 at 11:31:15AM -0500, Andrea Bolognani wrote: > On Mon, Feb 23, 2026 at 02:26:25PM +0000, Daniel P. Berrangé wrote: > > On Wed, Feb 18, 2026 at 01:05:52PM +0100, Andrea Bolognani via Devel wrote: > > > Now that everything else is in place, we can finally add the > > > firmware descriptors for the edk2 builds that use the uefi-vars > > > QEMU device. > > > > [...] > > > > > > https://issues.redhat.com/browse/RHEL-82645 > > > > That's a ticket against libvirt in RHEL... > > > > > DONOTMERGE: The firmware descriptors have not been added to the > > > Fedora edk2 package yet. > > > > but this talks about EDK2 in Fedora. For that the link should > > be > > > > https://src.fedoraproject.org/rpms/edk2/pull-request/15 > > > > which was both opened and merged today. I've not checked if > > that PR matches what you've added here, so will let you > > re-evaluate that before reviewing this patch. > > There are changes between what I suggested here and what was > ultimately merged into Fedora, but they're not semantically > meaningful: the descriptors have slightly different names but the > ordering remains the same, the paths to the firmware files themselves > are also slightly different. I have already imported the actual > descriptors file locally. Ok on that basis Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
© 2016 - 2026 Red Hat, Inc.