From nobody Tue Mar  3 04:52:43 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1771417215; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LSYgCJ1dD9ipPMi0bN2horYeeWRW8o2Mrgv8RjA+8yYpzCD8XMhfsLAYA5OPu0Ni+3Tx5N8YTeaQoh5PDFVZH5Op4h3R3HAP71hzDQSrwLnxqSTDmU0eaLuHIf6E7W5tptZBWg57S93ub7wKQDO1+BNKYGQXJK1z4YQji7VRQu4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1771417215;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=+IW1SPKxBJoXcYhauQ1G4mRRwnIx/GqHOqE3Oei7FpU=;
	b=iNXnjl74wBLgEVVBKzvjbnpgAVCrzLqezH5/TXFAkFgJQ+ucIsU+PTuw97cqKcbJnq9TENPwZnlY06Ho+LUbbkaaDT7xu0zZOTN1ctCV67W+FrQ6OxoTFbgWNkkOuIw+mvwP2AFj4Mr2USDQIG2548HU9Wj/ci26VGk8mKxM+Jw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1771417215616134.2052184289364;
 Wed, 18 Feb 2026 04:20:15 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 0C9C941B3E; Wed, 18 Feb 2026 07:20:15 -0500 (EST)
Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 267E541D92;
	Wed, 18 Feb 2026 07:09:48 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 344A941B57; Wed, 18 Feb 2026 07:09:32 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 7413941959
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 07:06:22 -0500 (EST)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-371-zNXiOd9zNnSNc44t4TukGQ-1; Wed,
 18 Feb 2026 07:06:20 -0500
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id D82FA1954B07
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 12:06:19 +0000 (UTC)
Received: from kinshicho.usersys.redhat.com (unknown [10.45.226.171])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with
 ESMTPS id A210430001A5
	for <devel@lists.libvirt.org>; Wed, 18 Feb 2026 12:06:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1771416382;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=+IW1SPKxBJoXcYhauQ1G4mRRwnIx/GqHOqE3Oei7FpU=;
	b=iJn7iJDpHhLYRqjOcnJ6bT9vfRaki3n8uzno+U9rpyiQMPHgxaWpsS87eYDls4AdsmYam0
	A8o1ziNyWhWisal8g0W3XEE1IMB/+keVv0Qlr1jYhLazj/9MiDa/c72vqKk0htSSCvKCM5
	DdI7nuKo3/vN89e2RTXgB9FUzr6v0Oo=
X-MC-Unique: zNXiOd9zNnSNc44t4TukGQ-1
X-Mimecast-MFC-AGG-ID: zNXiOd9zNnSNc44t4TukGQ_1771416379
To: devel@lists.libvirt.org
Subject: [PATCH v3 08/38] conf: Update validation to consider varstore element
Date: Wed, 18 Feb 2026 13:05:31 +0100
Message-ID: <20260218120601.230343-9-abologna@redhat.com>
In-Reply-To: <20260218120601.230343-1-abologna@redhat.com>
References: <20260218120601.230343-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: vyTeELbQNdu43N4WUixMUHezQsDI90YuztqkFkuBw3Q_1771416379
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 77C5CULT3HPUU6KEUAMMK3VFL7OIZQBR
X-Message-ID-Hash: 77C5CULT3HPUU6KEUAMMK3VFL7OIZQBR
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/77C5CULT3HPUU6KEUAMMK3VFL7OIZQBR/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Andrea Bolognani via Devel <devel@lists.libvirt.org>
Reply-To: Andrea Bolognani <abologna@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1771417217070154100
Content-Type: text/plain; charset="utf-8"; x-default="true"

The code is reworked quite significantly, but most of the
existing checks are preserved. Those that aren't, notably the
one that allowed pflash as the only acceptable non-stateless
firmware type, are intentionally removed because they will no
longer reflect reality once support for the uefi-vars QEMU
device is introduced.

As a side effect, reworking the function in this fashion
resolves a subtle bug: due to the early exits that were being
performed when the loader element was missing, the checks at
the bottom of the function (related to the shim and kernel
elements) were effectively never performed. This is no longer
the case.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/conf/domain_validate.c                    | 82 +++++++------------
 ...-auto-bios-not-stateless.x86_64-latest.err |  2 +-
 ...-auto-bios-not-stateless.x86_64-latest.xml | 35 ++++++++
 ...firmware-auto-bios-nvram.x86_64-latest.err |  2 +-
 ...nual-bios-not-stateless.x86_64-latest.args | 32 ++++++++
 ...anual-bios-not-stateless.x86_64-latest.err |  1 -
 ...anual-bios-not-stateless.x86_64-latest.xml | 28 +++++++
 ...nual-efi-nvram-stateless.x86_64-latest.err |  2 +-
 ...nvram-template-stateless.x86_64-latest.err |  2 +-
 ...ware-manual-efi-rw-nvram.x86_64-latest.err |  2 +-
 tests/qemuxmlconftest.c                       |  7 +-
 11 files changed, 135 insertions(+), 60 deletions(-)
 create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.=
x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles=
s.x86_64-latest.args
 delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles=
s.x86_64-latest.err
 create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateles=
s.x86_64-latest.xml

diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1ad614935f..7e3da84767 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1723,100 +1723,78 @@ virDomainDefOSValidate(const virDomainDef *def,
                        virDomainXMLOption *xmlopt)
 {
     virDomainLoaderDef *loader =3D def->os.loader;
+    virDomainVarstoreDef *varstore =3D def->os.varstore;
+    virDomainOsDefFirmware firmware =3D def->os.firmware;
+    int *firmwareFeatures =3D def->os.firmwareFeatures;
+    bool usesNvram =3D loader && (loader->nvram || loader->nvramTemplate |=
| loader->nvramTemplateFormat);
=20
-    if (def->os.firmware) {
+    if (firmware) {
         if (xmlopt && !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_F=
W_AUTOSELECT)) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
                            _("firmware auto selection not implemented for =
this driver"));
             return -1;
         }
=20
-        if (def->os.firmwareFeatures &&
-            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_EN=
ROLLED_KEYS] =3D=3D VIR_TRISTATE_BOOL_YES &&
-            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SE=
CURE_BOOT] =3D=3D VIR_TRISTATE_BOOL_NO) {
+        if (firmwareFeatures &&
+            firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_K=
EYS] =3D=3D VIR_TRISTATE_BOOL_YES &&
+            firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOO=
T] =3D=3D VIR_TRISTATE_BOOL_NO) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
                            _("firmware feature 'enrolled-keys' cannot be e=
nabled when firmware feature 'secure-boot' is disabled"));
             return -1;
         }
-
-        if (!loader)
-            return 0;
-
-        if (loader->nvram && def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMW=
ARE_EFI) {
-            virReportError(VIR_ERR_XML_DETAIL,
-                           _("firmware type '%1$s' does not support nvram"=
),
-                           virDomainOsDefFirmwareTypeToString(def->os.firm=
ware));
-            return -1;
-        }
     } else {
-        if (def->os.firmwareFeatures) {
+        if (firmwareFeatures) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
                            _("cannot use feature-based firmware autoselect=
ion when firmware autoselection is disabled"));
             return -1;
         }
=20
-        if (!loader)
-            return 0;
-
-        if (!loader->path) {
+        if (loader && !loader->path) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
                            _("no loader path specified and firmware auto s=
election disabled"));
             return -1;
         }
     }
=20
-    if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) {
-        if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) {
+    if (loader && loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) {
+        if (loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
                            _("ROM loader type cannot be used as read/write=
"));
             return -1;
         }
=20
-        if (loader->nvramTemplate) {
-            virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("NVRAM template is not permitted when loader =
is read/write"));
+        if (loader->format &&
+            loader->format !=3D VIR_STORAGE_FILE_RAW) {
+            virReportError(VIR_ERR_XML_DETAIL,
+                           _("Invalid format '%1$s' for ROM loader type"),
+                           virStorageFileFormatTypeToString(loader->format=
));
             return -1;
         }
+    }
=20
-        if (loader->nvram) {
+    if (usesNvram && varstore) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("NVRAM is not permitted when loader is read/w=
rite"));
+                           _("Only one of NVRAM/varstore can be used"));
             return -1;
-        }
     }
=20
-    if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) {
-        if (loader->nvramTemplate) {
-            virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("NVRAM template is not permitted when loader =
is stateless"));
+    if (usesNvram || varstore) {
+        if (firmware && firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+            virReportError(VIR_ERR_XML_DETAIL,
+                           _("Firmware type '%1$s' does not support variab=
le storage (NVRAM/varstore)"),
+                           virDomainOsDefFirmwareTypeToString(firmware));
             return -1;
         }
=20
-        if (loader->nvram) {
-            virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("NVRAM is not permitted when loader is statel=
ess"));
-            return -1;
-        }
-    } else if (loader->stateless =3D=3D VIR_TRISTATE_BOOL_NO) {
-        if (def->os.firmware =3D=3D VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
-            if (def->os.loader->type !=3D VIR_DOMAIN_LOADER_TYPE_PFLASH) {
-                virReportError(VIR_ERR_XML_DETAIL, "%s",
-                               _("Only pflash loader type permits NVRAM"));
-                return -1;
-            }
-        } else if (def->os.firmware !=3D VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+        if (loader && loader->stateless =3D=3D VIR_TRISTATE_BOOL_YES) {
             virReportError(VIR_ERR_XML_DETAIL, "%s",
-                           _("Only EFI firmware permits NVRAM"));
+                           _("Variable storage (NVRAM/varstore) is not per=
mitted when loader is stateless"));
             return -1;
         }
-    }
=20
-    if (loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) {
-        if (loader->format &&
-            loader->format !=3D VIR_STORAGE_FILE_RAW) {
-            virReportError(VIR_ERR_XML_DETAIL,
-                           _("Invalid format '%1$s' for ROM loader type"),
-                           virStorageFileFormatTypeToString(loader->format=
));
+        if (loader && loader->readonly =3D=3D VIR_TRISTATE_BOOL_NO) {
+            virReportError(VIR_ERR_XML_DETAIL, "%s",
+                           _("Variable storage (NVRAM/varstore) is not per=
mitted when loader is read/write"));
             return -1;
         }
     }
diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-=
latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-=
latest.err
index b058f970a4..743fe27a97 100644
--- a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.=
err
+++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.=
err
@@ -1 +1 @@
-Only EFI firmware permits NVRAM
+operation failed: Unable to find 'bios' firmware that is compatible with t=
he current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-=
latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-=
latest.xml
new file mode 100644
index 0000000000..062835e351
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.=
xml
@@ -0,0 +1,35 @@
+<domain type=3D'kvm'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os firmware=3D'bios'>
+    <type arch=3D'x86_64' machine=3D'pc-q35-10.0'>hvm</type>
+    <loader stateless=3D'no' format=3D'raw'/>
+    <boot dev=3D'hd'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'sata' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x1f' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pcie-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <watchdog model=3D'itco' action=3D'reset'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.e=
rr b/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
index 772beb49e2..c4eeb92788 100644
--- a/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
+++ b/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
@@ -1 +1 @@
-firmware type 'bios' does not support nvram
+Firmware type 'bios' does not support variable storage (NVRAM/varstore)
diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_6=
4-latest.args b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x8=
6_64-latest.args
new file mode 100644
index 0000000000..969c7ad68c
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-lates=
t.args
@@ -0,0 +1,32 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-guest \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dguest,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc-i440fx-10.0,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dp=
c.ram,acpi=3Doff \
+-accel tcg \
+-cpu qemu64 \
+-bios /usr/share/seabios/bios.bin \
+-m size=3D1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_6=
4-latest.err b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86=
_64-latest.err
deleted file mode 100644
index 188a5a4180..0000000000
--- a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-lates=
t.err
+++ /dev/null
@@ -1 +0,0 @@
-Only pflash loader type permits NVRAM
diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_6=
4-latest.xml b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86=
_64-latest.xml
new file mode 100644
index 0000000000..075da36d00
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-lates=
t.xml
@@ -0,0 +1,28 @@
+<domain type=3D'qemu'>
+  <name>guest</name>
+  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>1048576</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-10.0'>hvm</type>
+    <loader type=3D'rom' stateless=3D'no' format=3D'raw'>/usr/share/seabio=
s/bios.bin</loader>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0' model=3D'none'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_=
64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x=
86_64-latest.err
index de8db3763d..9bfd4465ab 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-late=
st.err
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-late=
st.err
@@ -1 +1 @@
-NVRAM is not permitted when loader is stateless
+Variable storage (NVRAM/varstore) is not permitted when loader is stateless
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-state=
less.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-te=
mplate-stateless.x86_64-latest.err
index 95ec794c17..9bfd4465ab 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x8=
6_64-latest.err
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x8=
6_64-latest.err
@@ -1 +1 @@
-NVRAM template is not permitted when loader is stateless
+Variable storage (NVRAM/varstore) is not permitted when loader is stateless
diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-late=
st.err b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.e=
rr
index d0cf62061a..708b4838d4 100644
--- a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
@@ -1 +1 @@
-NVRAM is not permitted when loader is read/write
+Variable storage (NVRAM/varstore) is not permitted when loader is read/wri=
te
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index d2ab4a71b5..18c2ac5701 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1581,7 +1581,10 @@ mymain(void)
=20
     DO_TEST_CAPS_LATEST("firmware-manual-bios");
     DO_TEST_CAPS_LATEST("firmware-manual-bios-stateless");
-    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-not-stateless");
+    /* This combination doesn't make sense (BIOS is stateless by definitio=
n)
+     * but unfortunately there's no way for libvirt to report an error in =
this
+     * scenario. The stateless=3Dno attribute will effectively be ignored =
*/
+    DO_TEST_CAPS_LATEST("firmware-manual-bios-not-stateless");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-rw");
     DO_TEST_CAPS_LATEST("firmware-manual-efi");
     DO_TEST_CAPS_LATEST("firmware-manual-efi-features");
@@ -1634,7 +1637,7 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-bios");
     DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-bios-rw");
-    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
+    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-bios-not-stateless");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
     DO_TEST_CAPS_LATEST("firmware-auto-efi");
     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
--=20
2.53.0