On 8/27/25 09:33, Andrea Bolognani wrote:
On Mon, Aug 25, 2025 at 11:05:02AM -0600, Jim Fehlig wrote:
On 8/20/25 09:12, Andrea Bolognani wrote:
On Thu, Aug 14, 2025 at 03:07:10PM -0600, Jim Fehlig wrote:
On 8/13/25 09:01, Andrea Bolognani wrote:
Can you be more specific about the issue you're experiencing for
SEV(-ES) guests?
I'm seeing the same issue we were trying to solve for SNP guests with this series
ERROR operation failed: Unable to find 'efi' firmware that is compatible
with the current configuration
Please share the debug output showing what happens during the
firmware selection process. That will tell us why the amdsev.json
descriptor is not considered suitable. I'm really surprised by this
because things seem to work correctly in the context of the test
suite, but clearly there's something going on.
Debug output attached. I've also attached the amdsev.json equivalent I'm
using for testing. And for completeness, here's the virt-install command
virt-install --virt-type kvm --hvm --arch x86_64 --name sev-es-temp --vcpus
2,maxvcpus=4 --memory 2048,maxmemory=4096 --memtune hard_limit=4563402
--boot uefi --disk
path=/vm_images/jim/images/sev-temp/disk0.qcow2,size=60,format=qcow2
--network bridge=br0,model=virtio --location
http://blabla/install/sles15sp7/x86_64 --autoconsole text --extra-args
"console=ttyS0,115200n8" --extra-args "textmode=1" --graphics vnc --serial
pty --launchSecurity sev,policy=0x03 --machine q35 --events
on_reboot=destroy
Here are the relevant bits from the log:
...
qemuInteropFetchConfigs:149 : firmware description path
'/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' len=464
qemuInteropFetchConfigs:149 : firmware description path
'/usr/share/qemu/firmware/50-ovmf-x86_64-sev.json' len=570
qemuInteropFetchConfigs:149 : firmware description path
'/usr/share/qemu/firmware/50-seabios-256k.json' len=664
...
qemuFirmwareMatchDomain:1361 : Domain requires SEV, firmware
'/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' doesn't support
it
qemuFirmwareMatchDomain:1311 : Discarding loader without split flash
qemuFirmwareMatchDomain:1182 : No matching interface in
'/usr/share/qemu/firmware/50-seabios-256k.json'
...
So 50-ovmf-x86_64-sev.json is discarded because it advertises a
stateless firmware, while libvirt assumes that you want a stateful
one. Patch 05/10 from the v2 series should address this very problem
by making a stateless firmware eligible for this scenario.
Nod. It's spread across threads and responses therein, but I've mentioned the
patch works great for me :-).
> Can you
please try applying that series and checking whether that makes the
issue go away?
I applied the full series on recent master and can verify autoselection works
for SEV, SEV-ES and SEV-SNP guests.
I wasn't able to verify TDX since the hardware is occupied ATM, but it should
work fine. The TDX descriptor advertises the type as 'memory', and in my testing
libvirt already correctly handled autoselection for that firmware device type.
Regards,
Jim
