[libvirt PATCH 1/2] conf: support stateless UEFI firmware
Michal Prívozník
mprivozn at redhat.com
Mon Jul 25 13:40:45 UTC 2022
On 7/22/22 18:23, Daniel P. Berrangé wrote:
> Normally when an UEFI firmware is marked as read-only, an associated
> NVRAM file will be created. Some builds of UEFI firmware, however, wish
> to remain stateless and so will be read-only, but never have any NVRAM
> file. To represent this concept a 'stateless' tristate bool attribute
> is introduced on the <loader/> element.
>
> There are rather a large number of permutations to consider.
>
> With default firmware selection
>
> * <os/>
>
> => Historic default, no change
>
> * <os>
> <loader stateless='yes'/>
> </os>
>
> => Explicit version of historic default, no change
>
> * <os>
> <loader stateless='no'/>
> </os>
>
> => Invalid, bios is always stateless
>
> With manual legacy BIOS selection
>
> * <os>
> <loader>/path/to/seabios</loader>
> ...
> </os>
>
> => Historic default, no change
>
> * <os>
> <loader stateless='yes'>/path/to/seabios</loader>
> ...
> </os>
>
> => Explicit version of historic default, no change
>
> * <os>
> <loader stateless='no'>/path/to/seabios</loader>
> ...
> </os>
>
> => Invalid, bios is always stateless
>
> With manual UEFI selection
>
> * <os>
> <loader type='pflash'>/path/to/edk2</loader>
> ...
> </os>
>
> => Historic default, no change
>
> * <os>
> <loader type='pflash' stateless='yes'>/path/to/edk2</loader>
> ...
> </os>
>
> => Skip auto-filling NVRAM / template
>
> * <os>
> <loader type='pflash' stateless='no'>/path/to/edk2</loader>
> ...
> </os>
>
> => Explicit version of historic default, no change
>
> With automatic firmware selection
>
> * <os firmware='bios'/>
>
> => Historic default, no change
>
> * <os firmware='bios'>
> <loader stateless='yes'/>
> </os>
>
> => Explicit version of historic default, no change
>
> * <os firmware='bios'>
> <loader stateless='no'/>
> </os>
>
> => Invalid, bios is always stateless
>
> * <os firmware='uefi'/>
>
> => Historic default, no change
>
> * <os firmware='uefi'>
> <loader stateless='yes'/>
> </os>
>
> => Skip auto-filling NVRAM / template
>
> * <os firmware='uefi'>
> <loader stateless='no'/>
> </os>
>
> => Explicit version of historic default, no change
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> docs/formatdomain.rst | 9 ++++-
> src/conf/domain_conf.c | 9 +++++
> src/conf/domain_conf.h | 1 +
> src/conf/domain_validate.c | 26 ++++++++++++++
> src/conf/schemas/domaincommon.rng | 5 +++
> ...-auto-bios-not-stateless.x86_64-latest.err | 1 +
> .../firmware-auto-bios-not-stateless.xml | 18 ++++++++++
> ...are-auto-bios-stateless.x86_64-latest.args | 32 +++++++++++++++++
> .../firmware-auto-bios-stateless.xml | 18 ++++++++++
> .../firmware-manual-bios-not-stateless.err | 1 +
> .../firmware-manual-bios-not-stateless.xml | 15 ++++++++
> .../firmware-manual-bios-stateless.args | 30 ++++++++++++++++
> .../firmware-manual-bios-stateless.xml | 15 ++++++++
> ...nual-efi-nvram-stateless.x86_64-latest.err | 1 +
> .../firmware-manual-efi-nvram-stateless.xml | 21 ++++++++++++
> ...nvram-template-stateless.x86_64-latest.err | 1 +
> ...re-manual-efi-nvram-template-stateless.xml | 19 +++++++++++
> tests/qemuxml2argvtest.c | 8 +++++
> ...ware-auto-bios-stateless.x86_64-latest.xml | 34 +++++++++++++++++++
> .../firmware-manual-bios-stateless.xml | 25 ++++++++++++++
> .../firmware-manual-bios.xml | 25 ++++++++++++++
> tests/qemuxml2xmltest.c | 3 ++
> 22 files changed, 316 insertions(+), 1 deletion(-)
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.x86_64-latest.err
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-not-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/firmware-auto-bios-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.err
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-not-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.args
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-bios-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-stateless.xml
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
> create mode 100644 tests/qemuxml2argvdata/firmware-manual-efi-nvram-template-stateless.xml
> create mode 100644 tests/qemuxml2xmloutdata/firmware-auto-bios-stateless.x86_64-latest.xml
> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios-stateless.xml
> create mode 100644 tests/qemuxml2xmloutdata/firmware-manual-bios.xml
>
> diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
> index 3ea094e64c..4199abfd1a 100644
> --- a/docs/formatdomain.rst
> +++ b/docs/formatdomain.rst
> @@ -242,7 +242,11 @@ harddisk, cdrom, network) determining where to obtain/find the boot image.
> firmwares may implement the Secure boot feature. Attribute ``secure`` can be
> used to tell the hypervisor that the firmware is capable of Secure Boot feature.
> It cannot be used to enable or disable the feature itself in the firmware.
> - :since:`Since 2.1.0`
> + :since:`Since 2.1.0`. If the loader is marked as read-only, then with UEFI it
> + is assumed that there will be a writable NVRAM available. In some cases,
> + however, it may be desirable for the loader to run without any NVRAM, discarding
> + any config changes on shutdown. The ``stateless`` flag can be used to control
> + this behaviour, when set to ``no`` NVRAM will never be created.
The ``stateless` flag (:since:since 8.6.0) can be used ...
Or something among those lines, to make it obvious when the attribute
was added.
> ``nvram``
> Some UEFI firmwares may want to use a non-volatile memory to store some
> variables. In the host, this is represented as a file and the absolute path
Michal
More information about the libvir-list
mailing list