v2 of:

  https://www.redhat.com/archives/libvir-list/2019-February/msg01503.html

As usual, you can find my patches at my github:

  https://github.com/zippy2/libvirt/commits/firmware_v2

diff to v1:
- Hopefully all Lazlo's comment are worked in (fixing the logic that
  chooses suitable firmware for secboot/SMM domains, commit message
  adjustements, sanity check for parsed FW descriptions, etc.)

- Added more debug messages around FW selection code, i.e. it'll be
  visible from the logs why given FS is not suitable (or that it is).

Michal Prívozník (15):
  virmock: Initialize both symbols in VIR_MOCK_REAL_INIT_ALT
  qemu_domain: Separate NVRAM VAR store file name generation
  qemu_capabilities: Expose qemu <-> libvirt arch translators
  virDomainLoaderDefParseXML: Allow loader path to be NULL
  conf: Introduce VIR_DOMAIN_LOADER_TYPE_NONE
  conf: Introduce firmware attribute to <os/>
  qemu: Introduce basic skeleton for parsing firmware description
  test: Introduce qemufirmwaretest
  qemu_firmware: Introduce qemuFirmwareFetchConfigs
  qemufirmwaretest: Test qemuFirmwareFetchConfigs()
  qemu_firmware: Introduce qemuFirmwareFillDomain()
  qemu_process: Call qemuFirmwareFillDomain
  qemuDomainDefValidate: Don't require SMM if automatic firmware
    selection enabled
  qemu: Enable firmware autoselection
  qemuxml2argvtest: Test os.firmware autoselection

 docs/formatdomain.html.in                     |   22 +-
 docs/schemas/domaincommon.rng                 |   12 +-
 src/conf/domain_conf.c                        |  113 +-
 src/conf/domain_conf.h                        |   15 +-
 src/libvirt_private.syms                      |    2 +
 src/qemu/Makefile.inc.am                      |    2 +
 src/qemu/qemu_capabilities.c                  |    4 +-
 src/qemu/qemu_capabilities.h                  |    3 +
 src/qemu/qemu_command.c                       |    1 +
 src/qemu/qemu_domain.c                        |   34 +-
 src/qemu/qemu_domain.h                        |    4 +
 src/qemu/qemu_firmware.c                      | 1364 +++++++++++++++++
 src/qemu/qemu_firmware.h                      |   50 +
 src/qemu/qemu_process.c                       |    5 +
 tests/Makefile.am                             |   14 +-
 tests/domaincapsschemadata/full.xml           |    1 +
 .../etc/qemu/firmware/40-ovmf-sb-keys.json    |    1 +
 .../etc/qemu/firmware/60-ovmf-sb.json         |    0
 .../user/.config/qemu/firmware/10-bios.json   |    0
 .../usr/share/qemu/firmware/40-bios.json      |   35 +
 .../share/qemu/firmware/50-ovmf-sb-keys.json  |   36 +
 .../usr/share/qemu/firmware/60-ovmf-sb.json   |   35 +
 .../usr/share/qemu/firmware/61-ovmf.json      |   33 +
 .../usr/share/qemu/firmware/70-aavmf.json     |   35 +
 tests/qemufirmwaretest.c                      |  135 ++
 ...arch64-os-firmware-efi.aarch64-latest.args |   37 +
 .../aarch64-os-firmware-efi.xml               |   30 +
 .../os-firmware-bios.x86_64-latest.args       |   39 +
 tests/qemuxml2argvdata/os-firmware-bios.xml   |   68 +
 ...os-firmware-efi-secboot.x86_64-latest.args |   43 +
 .../os-firmware-efi-secboot.xml               |   68 +
 .../os-firmware-efi.x86_64-latest.args        |   42 +
 tests/qemuxml2argvdata/os-firmware-efi.xml    |   68 +
 tests/qemuxml2argvtest.c                      |   17 +
 .../aarch64-os-firmware-efi.xml               |    1 +
 tests/qemuxml2xmloutdata/os-firmware-bios.xml |    1 +
 .../os-firmware-efi-secboot.xml               |    1 +
 tests/qemuxml2xmloutdata/os-firmware-efi.xml  |    1 +
 tests/qemuxml2xmltest.c                       |   27 +
 tests/virmock.h                               |    5 +-
 40 files changed, 2374 insertions(+), 30 deletions(-)
 create mode 100644 src/qemu/qemu_firmware.c
 create mode 100644 src/qemu/qemu_firmware.h
 create mode 120000 tests/qemufirmwaredata/etc/qemu/firmware/40-ovmf-sb-keys.json
 create mode 100644 tests/qemufirmwaredata/etc/qemu/firmware/60-ovmf-sb.json
 create mode 100644 tests/qemufirmwaredata/home/user/.config/qemu/firmware/10-bios.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/40-bios.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/50-ovmf-sb-keys.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/60-ovmf-sb.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/61-ovmf.json
 create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/70-aavmf.json
 create mode 100644 tests/qemufirmwaretest.c
 create mode 100644 tests/qemuxml2argvdata/aarch64-os-firmware-efi.aarch64-latest.args
 create mode 100644 tests/qemuxml2argvdata/aarch64-os-firmware-efi.xml
 create mode 100644 tests/qemuxml2argvdata/os-firmware-bios.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/os-firmware-bios.xml
 create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-secboot.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-secboot.xml
 create mode 100644 tests/qemuxml2argvdata/os-firmware-efi.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/os-firmware-efi.xml
 create mode 120000 tests/qemuxml2xmloutdata/aarch64-os-firmware-efi.xml
 create mode 120000 tests/qemuxml2xmloutdata/os-firmware-bios.xml
 create mode 120000 tests/qemuxml2xmloutdata/os-firmware-efi-secboot.xml
 create mode 120000 tests/qemuxml2xmloutdata/os-firmware-efi.xml

-- 
2.19.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Thu, Mar 07, 2019 at 10:29:10AM +0100, Michal Privoznik wrote:
> v2 of:
> 
>   https://www.redhat.com/archives/libvir-list/2019-February/msg01503.html
> 
> As usual, you can find my patches at my github:
> 
>   https://github.com/zippy2/libvirt/commits/firmware_v2
> 
> diff to v1:
> - Hopefully all Lazlo's comment are worked in (fixing the logic that
>   chooses suitable firmware for secboot/SMM domains, commit message
>   adjustements, sanity check for parsed FW descriptions, etc.)
> 
> - Added more debug messages around FW selection code, i.e. it'll be
>   visible from the logs why given FS is not suitable (or that it is).

I've done a very quick review of the patches and the design and
overall implementation strategy looks good to me. A few misc
points

 - We ought to expose the list of firmware types supported
   in the domain capabilities, so mgmt apps can probe if
   uefi is available

 - What should we do about the 'nvram' config from /etc/libvirt/qemu.conf
   We can't get rid of it for a while, since the new firmware configs
   won't be widely supported by distros in forseeable future. In the
   places which currently use the 'nvram' config though, should we
   make sure we consult the firmware configs in prefereence to
   resolve the var store ?  Maybe your code is already doing this and
   I missed the logic from the diffs.

 - We support 'bios' and 'efi' right now, but QEMU also reoprts
   'openfirmware' and 'uboot' as supported types. In practice
   no config files probably exist for those yet, but if it is
   easy to make the code support them we should try todo it to
   get parity with the QEMU spec

I don't think any of these are blockers though - all would work
as followup patches I expect.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On 3/7/19 1:04 PM, Daniel P. Berrangé wrote:
> On Thu, Mar 07, 2019 at 10:29:10AM +0100, Michal Privoznik wrote:
>> v2 of:
>>
>>    https://www.redhat.com/archives/libvir-list/2019-February/msg01503.html
>>
>> As usual, you can find my patches at my github:
>>
>>    https://github.com/zippy2/libvirt/commits/firmware_v2
>>
>> diff to v1:
>> - Hopefully all Lazlo's comment are worked in (fixing the logic that
>>    chooses suitable firmware for secboot/SMM domains, commit message
>>    adjustements, sanity check for parsed FW descriptions, etc.)
>>
>> - Added more debug messages around FW selection code, i.e. it'll be
>>    visible from the logs why given FS is not suitable (or that it is).
> 
> I've done a very quick review of the patches and the design and
> overall implementation strategy looks good to me. A few misc
> points
> 
>   - We ought to expose the list of firmware types supported
>     in the domain capabilities, so mgmt apps can probe if
>     uefi is available

Makes sense, I'll start working on this after these are merged.

> 
>   - What should we do about the 'nvram' config from /etc/libvirt/qemu.conf
>     We can't get rid of it for a while, since the new firmware configs
>     won't be widely supported by distros in forseeable future. In the
>     places which currently use the 'nvram' config though, should we
>     make sure we consult the firmware configs in prefereence to
>     resolve the var store ?  Maybe your code is already doing this and
>     I missed the logic from the diffs.

I think we can ignore 'nvram' from qemu.conf safely. The whole point of 
nvram variable is to define which varstore corresponds to which fw 
image. These pairs are consulted if and only if no template was 
specified in domain XML. With firmware autoselect I don't think we are 
going to fulfil the condition as my code takes whatever FW config said 
the path to NVRAM is and uses that as template for the domain.
And even if FW config did not provide any NVRAM path (which can be 
viewed as bug IMO) then we would consult qemu.conf (or some hardwired 
defaults).

> 
>   - We support 'bios' and 'efi' right now, but QEMU also reoprts
>     'openfirmware' and 'uboot' as supported types. In practice
>     no config files probably exist for those yet, but if it is
>     easy to make the code support them we should try todo it to
>     get parity with the QEMU spec

Sure. It's just that I don't think there is a way to even configure thos 
via our domain XML, is there?

> 
> I don't think any of these are blockers though - all would work
> as followup patches I expect.

Yes, agreed.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list