From nobody Tue Mar  3 04:54:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1771417501; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OYqUyubRRskdR74tbQ5RF0NJ/9bIhX+5/KddaeLEMBFgHD09sNpc9cREJYeXPG7RvmLH9TpPHKiM1CQO5Pd5NaoVVqsHjn+4zT+G6qA4H4CQ0YrhNA3HVkIUuw7I+0dfL045QXaZLHTR/okpr842G8JpnZZSXoI8gUO6BtCvePg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1771417501;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=MMNXsMjSghTIwFKqULfyicKS1/yrxr+zhr/YgLVWOzU=;
	b=OA+wKW6RCJiJtB4GLfBrN2Mtn6E8lw3WcAuy8gSTybuBey1dSocUT9sm/7jR0+0H2aKsXmKEY9iJOPNcng+uROzi4GcBO4SvfmNw6KOELYPjdnZTThuabPtiyq0j+LTjw7DtMLoMeOXONuR40cQF8Kpso+dF8CQFnEcEYyyKFSI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1771417501627891.8236103095642;
 Wed, 18 Feb 2026 04:25:01 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id C7B4441CE9; Wed, 18 Feb 2026 07:25:00 -0500 (EST)
Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 7941F43E64;
	Wed, 18 Feb 2026 07:10:06 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id E34DA41A99; Wed, 18 Feb 2026 07:09:51 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 2131541B14
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 07:06:33 -0500 (EST)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-10-2KXel73LP_ijuRNdQpZgDg-1; Wed,
 18 Feb 2026 07:06:31 -0500
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id A7C931956067
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 12:06:30 +0000 (UTC)
Received: from kinshicho.usersys.redhat.com (unknown [10.45.226.171])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id B089730001B9
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 12:06:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1771416392;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=MMNXsMjSghTIwFKqULfyicKS1/yrxr+zhr/YgLVWOzU=;
	b=YV2L1Hbop6GHqrrrdnbjJD5vDvl0lDWixcxkyC1rV3Gmb2hT3BYIN0pKtruNVY31EDJNNc
	PdtyBH3l84CP2ZIjDy4KdVJm3TPwE512VDr+/gorq2w1zkLS9SC4kU77IM0LwKCUlOFjIL
	CeA3ZFWBQElj4SnS9o7PgSm3MXIRsJw=
X-MC-Unique: 2KXel73LP_ijuRNdQpZgDg-1
X-Mimecast-MFC-AGG-ID: 2KXel73LP_ijuRNdQpZgDg_1771416390
To: devel@lists.libvirt.org
Subject: [PATCH v3 15/38] tests: Add firmware-auto-efi-enrolled-keys-aarch64
Date: Wed, 18 Feb 2026 13:05:38 +0100
Message-ID: <20260218120601.230343-16-abologna@redhat.com>
In-Reply-To: <20260218120601.230343-1-abologna@redhat.com>
References: <20260218120601.230343-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: bh8ESuwURP3MekDK5lR5F3DIpZG1_nCo3xTw5EmAJGQ_1771416390
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: CIMA3SJJNYFC7D6RSBVZRCP7EZXFVL7O
X-Message-ID-Hash: CIMA3SJJNYFC7D6RSBVZRCP7EZXFVL7O
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/CIMA3SJJNYFC7D6RSBVZRCP7EZXFVL7O/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1771417502398158500
Content-Type: text/plain; charset="utf-8"; x-default="true"

This test case demonstrates how to automatically configure an
aarch64 guest so that Secure Boot support is available and only
signed operating systems are allowed to boot.

It currently fails because there is no firmware descriptor that
describes a suitable firmware build yet. That will change in a
future commit.

In addition to the latest version, the test case is also executed
against QEMU 8.2.0 specifically. This version of the test case is
intended to fail, because the uefi-vars device that we need to
support Secure Boot on aarch64 was not yet available in that
version of QEMU. The exact error message will change down the
line.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err |  1 +
 ...fi-enrolled-keys-aarch64.aarch64-8.2.0.xml | 30 +++++++++++++++++++
 ...i-enrolled-keys-aarch64.aarch64-latest.err |  1 +
 ...i-enrolled-keys-aarch64.aarch64-latest.xml | 30 +++++++++++++++++++
 ...irmware-auto-efi-enrolled-keys-aarch64.xml | 20 +++++++++++++
 tests/qemuxmlconftest.c                       |  2 ++
 6 files changed, 84 insertions(+)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-latest.err
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.xml

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.err
new file mode 100644
index 0000000000..3edb2b3451
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-8.2.0.err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-a=
arch64.aarch64-8.2.0.xml
new file mode 100644
index 0000000000..5213a41b90
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-8.2.0.xml
@@ -0,0 +1,30 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-8.2'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+    <loader format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <gic version=3D'3'/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-=
aarch64.aarch64-latest.err
new file mode 100644
index 0000000000..3edb2b3451
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-latest.err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with th=
e current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-=
aarch64.aarch64-latest.xml
new file mode 100644
index 0000000000..908a8435f9
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64=
-latest.xml
@@ -0,0 +1,30 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-8.2'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+    <loader format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <gic version=3D'2'/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.=
xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
new file mode 100644
index 0000000000..6cd382d0fa
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
@@ -0,0 +1,20 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'efi'>
+    <type arch=3D'aarch64' machine=3D'virt-8.2'>hvm</type>
+    <firmware>
+      <feature enabled=3D'yes' name=3D'enrolled-keys'/>
+    </firmware>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <devices>
+    <emulator>/usr/bin/qemu-system-aarch64</emulator>
+    <controller type=3D'usb' model=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 24168b98af..ca00dc96f0 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1657,6 +1657,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
+    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarc=
h64", "aarch64");
+    DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64=
", "aarch64", "8.2.0");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-se=
cboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
--=20
2.53.0