qemu: ROM firmware images are always readonly

author Andrea Bolognani <abologna@redhat.com>

Mon, 8 Jul 2024 12:19:43 +0000 (14:19 +0200)

committer Andrea Bolognani <abologna@redhat.com>

Fri, 19 Jul 2024 13:18:39 +0000 (15:18 +0200)
author Andrea Bolognani <abologna@redhat.com>
Mon, 8 Jul 2024 12:19:43 +0000 (14:19 +0200)
committer Andrea Bolognani <abologna@redhat.com>
Fri, 19 Jul 2024 13:18:39 +0000 (15:18 +0200)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c

index a0b13f76b81eb08c35d19b07a94e8e06e098d42e..08ca99e1ac57ac216ca754e04064413463f07b83 100644 (file)
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1339,6 +1339,11 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
              VIR_DEBUG("Discarding rom loader");
              return false;
          }
+
+        if (loader && loader->readonly == VIR_TRISTATE_BOOL_NO) {
+            VIR_DEBUG("Discarding readonly loader");
+            return false;
+        }
      }
  
      if (def->sec) {
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args

deleted file mode 100644 (file)

index 753ad2d..0000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args
+++ /dev/null
@@ -1,34 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/var/lib/libvirt/qemu/domain--1-guest \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-/usr/bin/qemu-system-x86_64 \
--name guest=guest,debug-threads=on \
--S \
--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
--machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
--accel kvm \
--cpu qemu64 \
--bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
--m size=1048576k \
--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
--overcommit mem-lock=off \
--smp 1,sockets=1,cores=1,threads=1 \
--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
--display none \
--no-user-config \
--nodefaults \
--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
--mon chardev=charmonitor,id=monitor,mode=control \
--rtc base=utc \
--no-shutdown \
--boot strict=on \
--audiodev '{"id":"audio1","driver":"none"}' \
--global ICH9-LPC.noreboot=off \
--watchdog-action reset \
--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
--msg timestamp=on
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err

new file mode 100644 (file)

index 0000000..3edb2b3
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err
@@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml

index fe05e33b69659ab630d9670bf409d938cc372423..c2d0c33a0b5663b04ff28f4c24238edf048bb2d7 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml
@@ -6,11 +6,7 @@
    <vcpu placement='static'>1</vcpu>
    <os firmware='efi'>
      <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
-    <firmware>
-      <feature enabled='yes' name='enrolled-keys'/>
-      <feature enabled='yes' name='secure-boot'/>
-    </firmware>
-    <loader readonly='no' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
+    <loader readonly='no'/>
      <boot dev='hd'/>
    </os>
    <features>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c

index 9856d19709a171af747dbb575fafd973d59bcead..85f6d0f314df89c8c0fb1701ce226b79b2aeaea3 100644 (file)
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1422,7 +1422,7 @@ mymain(void)
      DO_TEST_CAPS_LATEST("firmware-auto-efi");
      DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
      DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
-    DO_TEST_CAPS_LATEST("firmware-auto-efi-rw");
+    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw");
      DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw-pflash");
      DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
      DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-loader-secure");
author	Andrea Bolognani <abologna@redhat.com>
	Mon, 8 Jul 2024 12:19:43 +0000 (14:19 +0200)
committer	Andrea Bolognani <abologna@redhat.com>
	Fri, 19 Jul 2024 13:18:39 +0000 (15:18 +0200)
src/qemu/qemu_firmware.c		patch \| blob \| blame \| history
tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.args	[deleted file]	patch \| blob \| blame \| history
tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.err	[new file with mode: 0644]	patch \| blob
tests/qemuxmlconfdata/firmware-auto-efi-rw.x86_64-latest.xml		patch \| blob \| blame \| history
tests/qemuxmlconftest.c		patch \| blob \| blame \| history