On Mon, Aug 25, 2025 at 11:05:02AM -0600, Jim Fehlig wrote: > On 8/20/25 09:12, Andrea Bolognani wrote: > > On Thu, Aug 14, 2025 at 03:07:10PM -0600, Jim Fehlig wrote: > > > On 8/13/25 09:01, Andrea Bolognani wrote: > > > > Can you be more specific about the issue you're experiencing for > > > > SEV(-ES) guests? > > > > > > I'm seeing the same issue we were trying to solve for SNP guests with this series > > > > > > ERROR operation failed: Unable to find 'efi' firmware that is compatible > > > with the current configuration > > > > Please share the debug output showing what happens during the > > firmware selection process. That will tell us why the amdsev.json > > descriptor is not considered suitable. I'm really surprised by this > > because things seem to work correctly in the context of the test > > suite, but clearly there's something going on. > > Debug output attached. I've also attached the amdsev.json equivalent I'm > using for testing. And for completeness, here's the virt-install command > > virt-install --virt-type kvm --hvm --arch x86_64 --name sev-es-temp --vcpus > 2,maxvcpus=4 --memory 2048,maxmemory=4096 --memtune hard_limit=4563402 > --boot uefi --disk > path=/vm_images/jim/images/sev-temp/disk0.qcow2,size=60,format=qcow2 > --network bridge=br0,model=virtio --location > http://blabla/install/sles15sp7/x86_64 --autoconsole text --extra-args > "console=ttyS0,115200n8" --extra-args "textmode=1" --graphics vnc --serial > pty --launchSecurity sev,policy=0x03 --machine q35 --events > on_reboot=destroy Here are the relevant bits from the log: ... qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' len=464 qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-ovmf-x86_64-sev.json' len=570 qemuInteropFetchConfigs:149 : firmware description path '/usr/share/qemu/firmware/50-seabios-256k.json' len=664 ... qemuFirmwareMatchDomain:1361 : Domain requires SEV, firmware '/usr/share/qemu/firmware/50-ovmf-x86_64-sev-snp.json' doesn't support it qemuFirmwareMatchDomain:1311 : Discarding loader without split flash qemuFirmwareMatchDomain:1182 : No matching interface in '/usr/share/qemu/firmware/50-seabios-256k.json' ... So 50-ovmf-x86_64-sev.json is discarded because it advertises a stateless firmware, while libvirt assumes that you want a stateful one. Patch 05/10 from the v2 series should address this very problem by making a stateless firmware eligible for this scenario. Can you please try applying that series and checking whether that makes the issue go away? -- Andrea Bolognani / Red Hat / Virtualization
