Info virt-manager

Pavel Hrdina phrdina at redhat.com
Thu Jul 9 13:12:07 UTC 2020


On Wed, Jul 08, 2020 at 07:53:22PM +0200, Domenico Panella wrote:
> Hi,
> I have a problem with virt-manager. 
> I'm building a edk2-ovmf package for Void Linux. 
> When i create a new virtual machine , i can't choice secure boot option from 
> combo box. The OVMF_CODE.secboot.fd is present but it isn't show.
> What am i wrong?

Hi,

If I'm correct your are talking about virt-manager GUI where during
installation you checked 'Customize configuration before install' and
in the new window in 'Overview' you are trying to select 'Firmware'.

That list of firmwares is provided by libvirt, you can use virsh to see
what virt-manager gets from libvirt by using:

    virsh domcapabilities --machine q35

There you should be able to see the list of firmwares that libvirt knows
about.

In order to have functional secure boot you have to use Q35 machine type
because the old i440fx doesn't support secure boot.

The list will by default contain only firmwares installed by your
distribution but it's possible to change it. The location where you
should change it depends on libvirt version.

libvirt 5.2.0 and older:

    You need to modify /etc/libvirt/qemu.conf file where you should
    look for 'nvram' option.

libvirt 5.3.0 and newer:

    We switched to improved format of describing firmwares, it's no
    longer in qemu.conf file but we use json files. These are the
    location where libvirt looks for the firmware json files:
    
        - /usr/share/qemu/firmware/
        - /etc/qemu/firmware/

    And in case of session connection

        - $XDG_CONFIG_HOME/qemu/firmware or $HOME/.config/qemu/firmware/

    The documentation for the json file is here [1].


I did some searching and it looks like that the edk2-ovmf package is not
available on Void Linux but there is a pull request [2] to introduce
that package. If you are involved in the pull request you need to make
sure that the json files provided by edk2-ovmf package are in correct
directory (it should be the /usr/share/qemu/firmware/).

I also check QEMU package in Void Linux and it looks like they are
building it incorrectly by using --datadir=/usr/lib. QEMU has its own
edk2 firmwares and it is also providing json files for these firmwares
but they are installed in /usr/lib/qemu/firmware/ so libvirt will not
be able to find them.

Pavel

[1] <https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json;hb=HEAD>
[2] <https://github.com/void-linux/void-packages/pull/17225>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20200709/faa736e3/attachment.sig>


More information about the virt-tools-list mailing list