ecrypting image file breaks efi/boot of the guest/Ubuntu - ?
lejeczek
peljasz at yahoo.co.uk
Fri Apr 14 11:39:17 UTC 2023
On 11/04/2023 09:13, Peter Krempa wrote:
> On Sat, Apr 08, 2023 at 11:25:18 +0200, lejeczek wrote:
>> Hi guys.
>>
>> I've have a guest and that guest differs from all other guest by:
>>
>> <os>
>> <type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type>
>> <loader readonly='yes' secure='yes'
>> type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
>> <nvram>/var/lib/libvirt/qemu/nvram/ubusrv1_VARS.fd</nvram>
>> <boot dev='hd'/>
>> <bootmenu enable='yes'/>
>> </os>
>>
>> whereas everything else has:
>>
>> <os>
>> <type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type>
>> <boot dev='hd'/>
>> <boot dev='cdrom'/>
>> <bootmenu enable='yes'/>
>> </os>
>>
>> Now, that different guest fails - as the only one - to start, to boot after
>> its qcow2 image was luks-encrypted.
>> Guest starts but says that:
>>
>> BdsDxe: failed to load Boot0001 "Uefi Misc Device" from PciRoot
>> (0x0)/Pci(0x2,0x3)/Pci(0x0,0x0): Not found
>>
>> revert back to original, non-encrypted qcow2 image and all works a ok.
> Please attach either the full XML or at least the disk part for *both*
> the case where it doesn't work and where it does work.
>
<domain type='kvm'>
<name>ubusrv1</name>
<metadata>
<libosinfo:libosinfo
xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://ubuntu.com/ubuntu/22.04"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='GiB'>4</memory>
<currentMemory unit='GiB'>4</currentMemory>
<vcpu placement='auto' cpuset='2'>2</vcpu>
<numatune>
<memory mode='strict' placement='auto'/>
</numatune>
<os>
<type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type>
<loader readonly='yes' secure='yes'
type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/ubusrv1_VARS.fd</nvram>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
<features>
<acpi/>
<apic/>
<vmport state='off'/>
<smm state='on'/>
</features>
<cpu mode='custom' match='exact' check='partial'>
<model fallback='forbid'>EPYC-Rome</model>
<feature policy='require' name='ibpb'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='virt-ssbd'/>
<feature policy='require' name='x2apic'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='xsave'/>
<feature policy='disable' name='svm'/>
<feature policy='require' name='topoext'/>
<feature policy='disable' name='npt'/>
<feature policy='disable' name='nrip-save'/>
</cpu>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='none'
discard='unmap'/>
<source file='/00-VMs/ubusrv1.qcow2'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x04'
slot='0x00' function='0x0'/>
</disk>
...
When I add encryption to <disk> & use encrypted qcow2 then
VM fails as I described.
many thanks, L.
More information about the libvirt-users
mailing list