pool/virt-manager
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
virt-manager/4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch

298 lines
10 KiB
Diff
Raw Normal View History

- bsc#1027942 - virt-manager: Missing upstream bug fixes f38c56c9-add-support-for-SMM-feature.patch 24f9d053-add-support-for-loader-secure-attribute.patch 4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch - bsc#1027942 - virt-manager: Missing upstream bug fixes 93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-manager?expand=0&rev=352
2017-06-05 17:55:06 +00:00
References: rbz#1387479
Subject: virtinst: if required by UEFI enable SMM feature and set q35 machine type
From: Pavel Hrdina phrdina@redhat.com Mon Feb 6 13:46:06 2017 +0100
Date: Thu Jun 1 09:58:46 2017 +0200:
Git: 4f8e795c6a7158b3da48f65322cabfae1d110cae
If we detect that the UEFI image is build to require SMM feature we
should configure the guest to enable SMM feature and set q35 machine
type. Without this user wouldn't be able to boot the guest.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1387479
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Index: virt-manager-1.4.1/tests/capabilities-xml/kvm-x86_64-domcaps-q35.xml
===================================================================
--- /dev/null
+++ virt-manager-1.4.1/tests/capabilities-xml/kvm-x86_64-domcaps-q35.xml
@@ -0,0 +1,126 @@
+<domainCapabilities>
+ <path>/home/phrdina/work/qemu/x86_64-softmmu/qemu-system-x86_64</path>
+ <domain>kvm</domain>
+ <machine>pc-q35-2.9</machine>
+ <arch>x86_64</arch>
+ <vcpu max='288'/>
+ <os supported='yes'>
+ <loader supported='yes'>
+ <value>/usr/share/ovmf/OVMF_CODE.secboot.fd</value>
+ <enum name='type'>
+ <value>rom</value>
+ <value>pflash</value>
+ </enum>
+ <enum name='readonly'>
+ <value>yes</value>
+ <value>no</value>
+ </enum>
+ </loader>
+ </os>
+ <cpu>
+ <mode name='host-passthrough' supported='yes'/>
+ <mode name='host-model' supported='yes'>
+ <model fallback='forbid'>Skylake-Client</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='vmx'/>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='tsc_adjust'/>
+ <feature policy='require' name='clflushopt'/>
+ <feature policy='require' name='xsaves'/>
+ <feature policy='require' name='pdpe1gb'/>
+ <feature policy='require' name='invtsc'/>
+ </mode>
+ <mode name='custom' supported='yes'>
+ <model usable='yes'>qemu64</model>
+ <model usable='yes'>qemu32</model>
+ <model usable='no'>phenom</model>
+ <model usable='yes'>pentium3</model>
+ <model usable='yes'>pentium2</model>
+ <model usable='yes'>pentium</model>
+ <model usable='yes'>n270</model>
+ <model usable='yes'>kvm64</model>
+ <model usable='yes'>kvm32</model>
+ <model usable='yes'>coreduo</model>
+ <model usable='yes'>core2duo</model>
+ <model usable='no'>athlon</model>
+ <model usable='yes'>Westmere</model>
+ <model usable='yes'>Skylake-Client</model>
+ <model usable='yes'>SandyBridge</model>
+ <model usable='yes'>Penryn</model>
+ <model usable='no'>Opteron_G5</model>
+ <model usable='no'>Opteron_G4</model>
+ <model usable='no'>Opteron_G3</model>
+ <model usable='yes'>Opteron_G2</model>
+ <model usable='yes'>Opteron_G1</model>
+ <model usable='yes'>Nehalem</model>
+ <model usable='yes'>IvyBridge</model>
+ <model usable='yes'>Haswell</model>
+ <model usable='yes'>Haswell-noTSX</model>
+ <model usable='yes'>Conroe</model>
+ <model usable='yes'>Broadwell</model>
+ <model usable='yes'>Broadwell-noTSX</model>
+ <model usable='yes'>486</model>
+ </mode>
+ </cpu>
+ <devices>
+ <disk supported='yes'>
+ <enum name='diskDevice'>
+ <value>disk</value>
+ <value>cdrom</value>
+ <value>floppy</value>
+ <value>lun</value>
+ </enum>
+ <enum name='bus'>
+ <value>fdc</value>
+ <value>scsi</value>
+ <value>virtio</value>
+ <value>usb</value>
+ <value>sata</value>
+ </enum>
+ </disk>
+ <graphics supported='yes'>
+ <enum name='type'>
+ <value>sdl</value>
+ <value>vnc</value>
+ <value>spice</value>
+ </enum>
+ </graphics>
+ <video supported='yes'>
+ <enum name='modelType'>
+ <value>vga</value>
+ <value>cirrus</value>
+ <value>vmvga</value>
+ <value>qxl</value>
+ <value>virtio</value>
+ </enum>
+ </video>
+ <hostdev supported='yes'>
+ <enum name='mode'>
+ <value>subsystem</value>
+ </enum>
+ <enum name='startupPolicy'>
+ <value>default</value>
+ <value>mandatory</value>
+ <value>requisite</value>
+ <value>optional</value>
+ </enum>
+ <enum name='subsysType'>
+ <value>usb</value>
+ <value>pci</value>
+ <value>scsi</value>
+ </enum>
+ <enum name='capsType'/>
+ <enum name='pciBackend'>
+ <value>default</value>
+ <value>kvm</value>
+ <value>vfio</value>
+ </enum>
+ </hostdev>
+ </devices>
+ <features>
+ <gic supported='no'/>
+ </features>
+</domainCapabilities>
+
+
Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml
===================================================================
--- /dev/null
+++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml
@@ -0,0 +1,61 @@
+<domain type="kvm">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="x86_64" machine="q35">hvm</type>
+ <loader readonly="yes" type="pflash">/usr/share/ovmf/OVMF_CODE.secboot.fd</loader>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <smm state="on"/>
+ <vmport state="off"/>
+ </features>
+ <cpu mode="custom" match="exact">
+ <model>Opteron_G4</model>
+ </cpu>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-kvm</emulator>
+ <controller type="usb" index="0" model="ich9-ehci1"/>
+ <controller type="usb" index="0" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
+ </interface>
+ <input type="mouse" bus="ps2"/>
+ <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+ <image compression="off"/>
+ </graphics>
+ <console type="pty"/>
+ <channel type="spicevmc">
+ <target type="virtio" name="com.redhat.spice.0"/>
+ </channel>
+ <sound model="ich6"/>
+ <video>
+ <model type="qxl"/>
+ </video>
+ <redirdev bus="usb" type="spicevmc"/>
+ <redirdev bus="usb" type="spicevmc"/>
+ </devices>
+</domain>
Index: virt-manager-1.4.1/tests/clitest.py
===================================================================
--- virt-manager-1.4.1.orig/tests/clitest.py
+++ virt-manager-1.4.1/tests/clitest.py
@@ -71,6 +71,7 @@ test_files = {
'URI-TEST-DEFAULT': utils.uri_test_default,
'URI-TEST-REMOTE': utils.uri_test_remote,
'URI-KVM': utils.uri_kvm,
+ 'URI-KVM-Q35': utils.uri_kvm_q35,
'URI-KVM-SESSION': utils.uri_kvm_session,
'URI-KVM-REMOTE': utils.uri_kvm + ",remote",
'URI-KVM-NODOMCAPS': utils.uri_kvm_nodomcaps,
@@ -771,6 +772,9 @@ c.add_invalid("--disk none --boot networ
c.add_invalid("--nodisks --boot network --arch mips --virt-type kvm") # Invalid domain type for arch
c.add_invalid("--nodisks --boot network --paravirt --arch mips") # Invalid arch/virt combo
+c = vinst.add_category("kvm-q35", "--connect %(URI-KVM-Q35)s --noautoconsole", compare_check=support.SUPPORT_CONN_VMPORT)
+c.add_compare("--boot uefi --disk none", "boot-uefi")
+
######################
# LXC specific tests #
Index: virt-manager-1.4.1/tests/utils.py
===================================================================
--- virt-manager-1.4.1.orig/tests/utils.py
+++ virt-manager-1.4.1/tests/utils.py
@@ -37,10 +37,12 @@ uri_test_remote = uri_test + ",remote"
_uri_qemu = "%s,qemu" % uri_test
_uri_kvm_domcaps = (_uri_qemu + _domcapsprefix + "kvm-x86_64-domcaps.xml")
+_uri_kvm_domcaps_q35 = (_uri_qemu + _domcapsprefix + "kvm-x86_64-domcaps-q35.xml")
_uri_kvm_aarch64_domcaps = (_uri_qemu + _domcapsprefix + "kvm-aarch64-domcaps.xml")
uri_kvm_nodomcaps = (_uri_qemu + _capsprefix + "kvm-x86_64.xml")
uri_kvm_rhel = (_uri_kvm_domcaps + _capsprefix + "kvm-x86_64-rhel7.xml")
uri_kvm = (_uri_kvm_domcaps + _capsprefix + "kvm-x86_64.xml")
+uri_kvm_q35 = (_uri_kvm_domcaps_q35 + _capsprefix + "kvm-x86_64.xml")
uri_kvm_session = uri_kvm + ",session"
uri_kvm_armv7l = (_uri_kvm_domcaps + _capsprefix + "kvm-armv7l.xml")
Index: virt-manager-1.4.1/virtManager/domain.py
===================================================================
--- virt-manager-1.4.1.orig/virtManager/domain.py
+++ virt-manager-1.4.1/virtManager/domain.py
@@ -698,6 +698,7 @@ class vmmDomain(vmmLibvirtObject):
guest.os.loader = loader
guest.os.loader_type = "pflash"
guest.os.loader_ro = True
+ guest.check_uefi_smm()
if nvram != _SENTINEL:
guest.os.nvram = nvram
Index: virt-manager-1.4.1/virtinst/guest.py
===================================================================
--- virt-manager-1.4.1.orig/virtinst/guest.py
+++ virt-manager-1.4.1/virtinst/guest.py
@@ -542,6 +542,29 @@ class Guest(XMLBuilder):
self.os.loader_type = "pflash"
self.os.loader = path
+ self.check_uefi_smm()
+
+
+ def check_uefi_smm(self):
+ """
+ If the firmware name contains "secboot" it is probably build
+ with SMM feature required so we need to enable that feature,
+ otherwise the firmware may fail to load. True secure boot is
+ currently supported only on x86 architecture and with q35 with
+ SMM feature enabled so change the machine to q35 as well.
+ """
+
+ if not self.os.is_x86():
+ return
+
+ if "secboot" not in self.os.loader:
+ return
+
+ if not self.conn.check_support(self.conn.SUPPORT_DOMAIN_FEATURE_SMM):
+ return
+
+ self.features.smm = True
+ self.os.machine = "q35"
###################
# Device defaults #
Reference in New Issue Copy Permalink