[libvirt-users] Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
Ryan Barry
rbarry at redhat.com
Thu Aug 6 18:28:25 UTC 2015
On 08/06/2015 08:08 AM, Martin Kletzander wrote:
> On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote:
>> On 08/03/2015 10:47 PM, Martin Kletzander wrote:
>>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote:
>>>> On 08/03/2015 01:43 PM, Ryan Barry wrote:
>>>>> Using:
>>>>>
>>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64
>>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch
>>>>>
>>>>> On Fedora 22.
>>>>>
>>>>> Provisioning a i440FX system in virt-manager and attempting
>>>>> to boot results in successful EFI initialization, but the
>>>>> VM exits ungracefully after the bootloader (with F22 and
>>>>> CentOS 7 installer images). There's no really useful
>>>>> information in any of the logs.
>>>>>
>>>
>>> I haven't tried EFI with 440fx, only with q35. I haven't found
>>> an option to enable EFI neither a secureboot anywhere in
>>> virt-manager.
>>
>> q35 doesn't help here. secureboot is in the EFI config menus
>> (press <ESC> or <DEL> in the guest while booting, go look at the
>> boot configuration, and you'll see secureboot options -- it's
>> disabled by default and not able to be enabled until LockDown_ms
>> is applied).
>>
>
> Oh, so that's what I misunderstood, sorry for that.
>
>> What I don't understand is why this matters, since I was able to
>> boot with basically the generated command (see below) from a
>> console, but it's 100% reproducible.
>>
>>>
>>>>> Using qemu-kvm directly (qemu-kvm -bios
>>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G
>>>>> -cdrom
>>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso)
>>>>> boots and loads successfully.
>>>>
>>>
>>> We don't use '-bios' but '-drive file,if=pflash' and that's
>>> done once for the OVMF code and second time for the efivars
>>> storage. What's the guest XML and full command line of qemu
>>> being started?
>>
>> I was able to boot with this (once I removed -S, -spice, and
>> -netdev). After installing with -netdev user..., and applying
>> LockDown_ms, it boots normally from virsh/virt-manager.
>>
>
> So the generated command (from libvirt) works for you if there is
> no -S (of course) and -netdev (I guess because of the fd= we're
> passing)? Why did you remove '-spice'?
>
> If the only difference in this case really is libvirt, then we need
> to know why the machine shuts down. If neither the 'virsh
> domstate --reason <domain>' helps nor there is any information in
> the logs, then I suggest enabling debug logs and looking through
> those (both the domain log and libvirtd log).
I removed -spice because I was ok with a basic console.
I enabled libvirtd debug logging and got nothing useful out of it.
I'll try guest debugging next week
>
>> Also, I can mount an ISO and reinstall once secureboot is
>> enabled.
>>
>> XML is at the bottom.
>>
>> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
>> QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S
>> -machine pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX
>> -drive
>> file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on
>>
>>
>>
-drive
>> file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1
>>
>>
>>
-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid
>> ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults
>> -chardev
>> socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait
>>
>>
>>
-mon chardev=charmonitor,id=monitor,mode=control -rtc
>> base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard
>> -no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global
>> PIIX4_PM.disable_s4=1 -boot strict=on -device
>> ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device
>> ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
>>
>>
>>
-device
>> ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1
>>
>>
-device
>> ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2
>>
>>
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
>> file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
>>
>>
>>
-device
>> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2
>>
>>
>>
-drive
>> file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw
>>
>>
>>
-device
>> ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
>>
>>
-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device
>> virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3
>>
>>
>>
-chardev pty,id=charserial0 -device
>> isa-serial,chardev=charserial0,id=serial0 -chardev
>> socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait
>>
>>
>>
-device
>> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
>>
>>
>>
-chardev spicevmc,id=charchannel1,name=vdagent -device
>> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
>>
>>
>>
-device usb-tablet,id=input0 -spice
>> port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
>>
>>
>>
-device
>> qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2
>>
>>
>>
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
>> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
>> spicevmc,id=charredir0,name=usbredir -device
>> usb-redir,chardev=charredir0,id=redir0 -chardev
>> spicevmc,id=charredir1,name=usbredir -device
>> usb-redir,chardev=charredir1,id=redir1 -device
>> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg
>> timestamp=on
>>
>>
>>>
>>>> Just to update --
>>>>
>>>> This appears to be related to secureboot. Using a VM which
>>>> has secure boot enabled is successful
>>>>
>>>>>
>>>>> What's the difference here? Where can I go for
>>>>> troubleshooting?
>>>>>
>>>>> libvirt XML is below:
>>>>>
>>>>> <domain type='kvm'> <name>fedora22</name>
>>>>> <uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid> <memory
>>>>> unit='KiB'>2097152</memory> <currentMemory
>>>>> unit='KiB'>2097152</currentMemory> <vcpu
>>>>> placement='static'>1</vcpu> <os> <type arch='x86_64'
>>>>> machine='pc-i440fx-2.3'>hvm</type> <loader readonly='yes'
>>>>> type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>
>>>>>
<nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram>
>>>>> </os> <features> <acpi/> <apic/> <pae/> </features> <cpu
>>>>> mode='custom' match='exact'> <model
>>>>> fallback='allow'>Haswell-noTSX</model> </cpu> <clock
>>>>> offset='utc'> <timer name='rtc' tickpolicy='catchup'/>
>>>>> <timer name='pit' tickpolicy='delay'/> <timer name='hpet'
>>>>> present='no'/> </clock> <on_poweroff>destroy</on_poweroff>
>>>>> <on_reboot>restart</on_reboot>
>>>>> <on_crash>restart</on_crash> <pm> <suspend-to-mem
>>>>> enabled='no'/> <suspend-to-disk enabled='no'/> </pm>
>>>>> <devices> <emulator>/usr/bin/qemu-kvm</emulator> <disk
>>>>> type='file' device='disk'> <driver name='qemu'
>>>>> type='qcow2'/> <source
>>>>> file='/var/lib/libvirt/images/fedora22.qcow2'/> <target
>>>>> dev='vda' bus='virtio'/> <boot order='1'/> <address
>>>>> type='pci' domain='0x0000' bus='0x00' slot='0x07'
>>>>> function='0x0'/> </disk> <disk type='file' device='cdrom'>
>>>>> <driver name='qemu' type='raw'/> <source
>>>>> file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/>
>>>>>
>>>>>
>>>>>
>>
>>>>>
<target dev='hda' bus='ide'/>
>>>>> <readonly/> <boot order='2'/> <address type='drive'
>>>>> controller='0' bus='0' target='0' unit='0'/> </disk>
>>>>> <controller type='usb' index='0' model='ich9-ehci1'>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
>>>>> function='0x7'/> </controller> <controller type='usb'
>>>>> index='0' model='ich9-uhci1'> <master startport='0'/>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
>>>>> function='0x0' multifunction='on'/> </controller>
>>>>> <controller type='usb' index='0' model='ich9-uhci2'>
>>>>> <master startport='2'/> <address type='pci' domain='0x0000'
>>>>> bus='0x00' slot='0x06' function='0x1'/> </controller>
>>>>> <controller type='usb' index='0' model='ich9-uhci3'>
>>>>> <master startport='4'/> <address type='pci' domain='0x0000'
>>>>> bus='0x00' slot='0x06' function='0x2'/> </controller>
>>>>> <controller type='pci' index='0' model='pci-root'/>
>>>>> <controller type='ide' index='0'> <address type='pci'
>>>>> domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
>>>>> </controller> <controller type='virtio-serial' index='0'>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x05'
>>>>> function='0x0'/> </controller> <interface type='network'>
>>>>> <mac address='52:54:00:35:b6:00'/> <source
>>>>> network='default'/> <model type='virtio'/> <address
>>>>> type='pci' domain='0x0000' bus='0x00' slot='0x03'
>>>>> function='0x0'/> </interface> <serial type='pty'> <target
>>>>> port='0'/> </serial> <console type='pty'> <target
>>>>> type='serial' port='0'/> </console> <channel type='unix'>
>>>>> <source mode='bind'
>>>>> path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>
>>>>>
<target type='virtio' name='org.qemu.guest_agent.0'/>
>>>>> <address type='virtio-serial' controller='0' bus='0'
>>>>> port='1'/> </channel> <channel type='spicevmc'> <target
>>>>> type='virtio' name='com.redhat.spice.0'/> <address
>>>>> type='virtio-serial' controller='0' bus='0' port='2'/>
>>>>> </channel> <input type='tablet' bus='usb'/> <input
>>>>> type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/>
>>>>> <graphics type='spice' autoport='yes'> <image
>>>>> compression='off'/> </graphics> <sound model='ich6'>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x04'
>>>>> function='0x0'/> </sound> <video> <model type='qxl'
>>>>> ram='65536' vram='65536' vgamem='16384' heads='1'/>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x02'
>>>>> function='0x0'/> </video> <redirdev bus='usb'
>>>>> type='spicevmc'> </redirdev> <redirdev bus='usb'
>>>>> type='spicevmc'> </redirdev> <memballoon model='virtio'>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x08'
>>>>> function='0x0'/> </memballoon> </devices> </domain>
>>>>>
>>>>
>>>
>>>> pub rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry
>>>> <rbarry at redhat.com> uid Ryan Barry <phresus at gmail.com> sub
>>>> rsa2048/9C33C113 2013-10-31
>>>
>>>> _______________________________________________
>>>> libvirt-users mailing list libvirt-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>
More information about the libvirt-users
mailing list