1. Patchew
  2. Libvirt
  3. [PATCH v3 00/38] qemu: Implement support for uefi-vars device (varstore element)
  4. View patch

[PATCH v3 30/38] qemu_command: Use uefi-vars device where appropriate

Andrea Bolognani via Devel posted 38 patches 1 week, 5 days ago
There is a newer version of this series
[PATCH v3 30/38] qemu_command: Use uefi-vars device where appropriate
Posted by Andrea Bolognani via Devel 1 week, 5 days ago 
This makes guests actually functional.

https://issues.redhat.com/browse/RHEL-82645

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/qemu/qemu_command.c                       | 34 +++++++++++++++++++
 ...-enrolled-keys-aarch64.aarch64-latest.args |  1 +
 ...o-efi-varstore-aarch64.aarch64-latest.args |  1 +
 ...e-auto-efi-varstore-q35.x86_64-latest.args |  1 +
 ...l-efi-varstore-aarch64.aarch64-latest.args |  1 +
 ...manual-efi-varstore-q35.x86_64-latest.args |  1 +
 6 files changed, 39 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index a742998e4c..ba300f3551 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9815,6 +9815,37 @@ qemuBuildDomainLoaderCommandLine(virCommand *cmd,
 }
 
 
+static int
+qemuBuildUefiVarsCommandLine(virCommand *cmd,
+                             const virDomainDef *def,
+                             virQEMUCaps *qemuCaps)
+{
+    virDomainLoaderDef *loader = def->os.loader;
+    virDomainVarstoreDef *varstore = def->os.varstore;
+    g_autoptr(virJSONValue) props = NULL;
+    const char *model = NULL;
+
+    if (!loader || !varstore || !varstore->path)
+        return 0;
+
+    if (ARCH_IS_X86(def->os.arch))
+        model = "uefi-vars-x64";
+    else
+        model = "uefi-vars-sysbus";
+
+    if (virJSONValueObjectAdd(&props,
+                              "s:driver", model,
+                              "s:jsonfile", varstore->path,
+                              NULL) < 0)
+        return -1;
+
+    if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, qemuCaps) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 static int
 qemuBuildTPMDevCmd(virCommand *cmd,
                    const virDomainDef *def,
@@ -10889,6 +10920,9 @@ qemuBuildCommandLine(virDomainObj *vm,
 
     qemuBuildDomainLoaderCommandLine(cmd, def);
 
+    if (qemuBuildUefiVarsCommandLine(cmd, def, qemuCaps) < 0)
+        return NULL;
+
     if (qemuBuildMemCommandLine(cmd, def, qemuCaps, priv) < 0)
         return NULL;
 
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
index abc934692a..10f1a5a6a4 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
 -accel kvm \
 -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
 -m size=1048576k \
 -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
index abc934692a..10f1a5a6a4 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
 -accel kvm \
 -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
 -m size=1048576k \
 -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
index 9a899c2a65..392ea77c28 100644
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
@@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -accel kvm \
 -cpu qemu64 \
 -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
+-device '{"driver":"uefi-vars-x64","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
 -m size=1048576k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
index abc934692a..894bab7ffe 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
 -accel kvm \
 -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-device '{"driver":"uefi-vars-sysbus","jsonfile":"/path/to/guest.json"}' \
 -m size=1048576k \
 -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
 -overcommit mem-lock=off \
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
index 9a899c2a65..6c04c8c39f 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
@@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
 -accel kvm \
 -cpu qemu64 \
 -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
+-device '{"driver":"uefi-vars-x64","jsonfile":"/path/to/guest.json"}' \
 -m size=1048576k \
 -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
 -overcommit mem-lock=off \
-- 
2.53.0
Re: [PATCH v3 30/38] qemu_command: Use uefi-vars device where appropriate
Posted by Daniel P. Berrangé via Devel 1 week ago 
On Wed, Feb 18, 2026 at 01:05:53PM +0100, Andrea Bolognani via Devel wrote:
> This makes guests actually functional.

.....they're not actually functional yet if you require use of
a template, or apparmor or selinux. IMHO this needs to be moved
after patch 34

> 
> https://issues.redhat.com/browse/RHEL-82645
> 
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---
>  src/qemu/qemu_command.c                       | 34 +++++++++++++++++++
>  ...-enrolled-keys-aarch64.aarch64-latest.args |  1 +
>  ...o-efi-varstore-aarch64.aarch64-latest.args |  1 +
>  ...e-auto-efi-varstore-q35.x86_64-latest.args |  1 +
>  ...l-efi-varstore-aarch64.aarch64-latest.args |  1 +
>  ...manual-efi-varstore-q35.x86_64-latest.args |  1 +
>  6 files changed, 39 insertions(+)
> 
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index a742998e4c..ba300f3551 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -9815,6 +9815,37 @@ qemuBuildDomainLoaderCommandLine(virCommand *cmd,
>  }
>  
>  
> +static int
> +qemuBuildUefiVarsCommandLine(virCommand *cmd,
> +                             const virDomainDef *def,
> +                             virQEMUCaps *qemuCaps)
> +{
> +    virDomainLoaderDef *loader = def->os.loader;
> +    virDomainVarstoreDef *varstore = def->os.varstore;
> +    g_autoptr(virJSONValue) props = NULL;
> +    const char *model = NULL;
> +
> +    if (!loader || !varstore || !varstore->path)
> +        return 0;
> +
> +    if (ARCH_IS_X86(def->os.arch))
> +        model = "uefi-vars-x64";
> +    else
> +        model = "uefi-vars-sysbus";
> +
> +    if (virJSONValueObjectAdd(&props,
> +                              "s:driver", model,
> +                              "s:jsonfile", varstore->path,
> +                              NULL) < 0)
> +        return -1;
> +
> +    if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, qemuCaps) < 0)
> +        return -1;
> +
> +    return 0;
> +}
> +
> +
>  static int
>  qemuBuildTPMDevCmd(virCommand *cmd,
>                     const virDomainDef *def,
> @@ -10889,6 +10920,9 @@ qemuBuildCommandLine(virDomainObj *vm,
>  
>      qemuBuildDomainLoaderCommandLine(cmd, def);
>  
> +    if (qemuBuildUefiVarsCommandLine(cmd, def, qemuCaps) < 0)
> +        return NULL;
> +
>      if (qemuBuildMemCommandLine(cmd, def, qemuCaps, priv) < 0)
>          return NULL;
>  
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> index abc934692a..10f1a5a6a4 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
> @@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
>  -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
>  -accel kvm \
>  -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
>  -m size=1048576k \
>  -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
>  -overcommit mem-lock=off \
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> index abc934692a..10f1a5a6a4 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
> @@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
>  -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
>  -accel kvm \
>  -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
>  -m size=1048576k \
>  -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
>  -overcommit mem-lock=off \
> diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> index 9a899c2a65..392ea77c28 100644
> --- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> +++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
> @@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
>  -accel kvm \
>  -cpu qemu64 \
>  -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
> +-device '{"driver":"uefi-vars-x64","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
>  -m size=1048576k \
>  -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
>  -overcommit mem-lock=off \
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> index abc934692a..894bab7ffe 100644
> --- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
> @@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
>  -machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
>  -accel kvm \
>  -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
> +-device '{"driver":"uefi-vars-sysbus","jsonfile":"/path/to/guest.json"}' \
>  -m size=1048576k \
>  -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
>  -overcommit mem-lock=off \
> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
> index 9a899c2a65..6c04c8c39f 100644
> --- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
> +++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
> @@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
>  -accel kvm \
>  -cpu qemu64 \
>  -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
> +-device '{"driver":"uefi-vars-x64","jsonfile":"/path/to/guest.json"}' \
>  -m size=1048576k \
>  -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
>  -overcommit mem-lock=off \
> -- 
> 2.53.0
> 

With regards,
Daniel
-- 
|: https://berrange.com       ~~        https://hachyderm.io/@berrange :|
|: https://libvirt.org          ~~          https://entangle-photo.org :|
|: https://pixelfed.art/berrange   ~~    https://fstop138.berrange.com :|
Re: [PATCH v3 30/38] qemu_command: Use uefi-vars device where appropriate
Posted by Daniel P. Berrangé via Devel 1 week ago 
On Wed, Feb 18, 2026 at 01:05:53PM +0100, Andrea Bolognani via Devel wrote:
> This makes guests actually functional.
> 
> https://issues.redhat.com/browse/RHEL-82645
> 
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---
>  src/qemu/qemu_command.c                       | 34 +++++++++++++++++++
>  ...-enrolled-keys-aarch64.aarch64-latest.args |  1 +
>  ...o-efi-varstore-aarch64.aarch64-latest.args |  1 +
>  ...e-auto-efi-varstore-q35.x86_64-latest.args |  1 +
>  ...l-efi-varstore-aarch64.aarch64-latest.args |  1 +
>  ...manual-efi-varstore-q35.x86_64-latest.args |  1 +
>  6 files changed, 39 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

I would have really preferred the qemu validate code to reject the
config until this point. ie command line enablement, should be
paired with removing the validate code restriction in the same
commit. Since you've written the patches now & any git bisect won't
related to this feature be going back beyond this commit, I won't 
ask to re-arrange the patches.

With regards,
Daniel
-- 
|: https://berrange.com       ~~        https://hachyderm.io/@berrange :|
|: https://libvirt.org          ~~          https://entangle-photo.org :|
|: https://pixelfed.art/berrange   ~~    https://fstop138.berrange.com :|

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.