From: Dominik Csapak <d.csapak@proxmox.com>
Date: Mon, 11 Oct 2021 12:10:24 +0000 (+0200)
Subject: use non SMM ovmf code file for i440fx machines
X-Git-Url: https://git.proxmox.com/?p=qemu-server.git;a=commitdiff_plain;h=90b20b152c04577f0889540c54c448578cbc07f2;hp=c21013ac58e8f178ba7e07722702747b50bfb980

use non SMM ovmf code file for i440fx machines

ovmf with SMM enabled will not boot on i440fx (hangs on graphics
initialization), so load the non SMM variant.

should be no issue regarding live-migration since it never worked with
this anyway.

adapts the test and adds one with q35

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Stefan Reiter <s.reiter@proxmox.com>
Reviewed-by: Stefan Reiter <s.reiter@proxmox.com>
---

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 8c5abc1..1ac81e2 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -24,6 +24,7 @@ use PVE::QemuServer;
 use PVE::QemuServer::Drive;
 use PVE::QemuServer::CPUConfig;
 use PVE::QemuServer::Monitor qw(mon_cmd);
+use PVE::QemuServer::Machine;
 use PVE::QemuMigrate;
 use PVE::RPCEnvironment;
 use PVE::AccessControl;
@@ -183,8 +184,9 @@ my $create_disks = sub {
 
 	    my $volid;
 	    if ($ds eq 'efidisk0') {
+		my $smm = PVE::QemuServer::Machine::machine_type_is_q35($conf);
 		($volid, $size) = PVE::QemuServer::create_efidisk(
-		    $storecfg, $storeid, $vmid, $fmt, $arch, $disk);
+		    $storecfg, $storeid, $vmid, $fmt, $arch, $disk, $smm);
 	    } elsif ($ds eq 'tpmstate0') {
 		# swtpm can only use raw volumes, and uses a fixed size
 		$size = PVE::Tools::convert_size(PVE::QemuServer::Drive::TPMSTATE_DISK_SIZE, 'b' => 'kb');
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index e7204c7..794558b 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -64,6 +64,14 @@ eval {
 my $EDK2_FW_BASE = '/usr/share/pve-edk2-firmware/';
 my $OVMF = {
     x86_64 => {
+	'4m-no-smm' => [
+	    "$EDK2_FW_BASE/OVMF_CODE_4M.fd",
+	    "$EDK2_FW_BASE/OVMF_VARS_4M.fd",
+	],
+	'4m-no-smm-ms' => [
+	    "$EDK2_FW_BASE/OVMF_CODE_4M.fd",
+	    "$EDK2_FW_BASE/OVMF_VARS_4M.ms.fd",
+	],
 	'4m' => [
 	    "$EDK2_FW_BASE/OVMF_CODE_4M.secboot.fd",
 	    "$EDK2_FW_BASE/OVMF_VARS_4M.fd",
@@ -3165,15 +3173,16 @@ sub get_vm_machine {
     return $machine;
 }
 
-sub get_ovmf_files($$) {
-    my ($arch, $efidisk) = @_;
+sub get_ovmf_files($$$) {
+    my ($arch, $efidisk, $smm) = @_;
 
     my $types = $OVMF->{$arch}
 	or die "no OVMF images known for architecture '$arch'\n";
 
     my $type = 'default';
     if (defined($efidisk->{efitype}) && $efidisk->{efitype} eq '4m') {
-	$type = $efidisk->{'pre-enrolled-keys'} ? "4m-ms" : "4m";
+	$type = $smm ? "4m" : "4m-no-smm";
+	$type .= '-ms' if $efidisk->{'pre-enrolled-keys'};
     }
 
     return $types->{$type}->@*;
@@ -3436,7 +3445,7 @@ sub config_to_command {
 	    $d = parse_drive('efidisk0', $efidisk);
 	}
 
-	my ($ovmf_code, $ovmf_vars) = get_ovmf_files($arch, $d);
+	my ($ovmf_code, $ovmf_vars) = get_ovmf_files($arch, $d, $q35);
 	die "uefi base image '$ovmf_code' not found\n" if ! -f $ovmf_code;
 
 	my ($path, $format);
@@ -7532,7 +7541,8 @@ sub get_efivars_size {
     my ($conf) = @_;
     my $arch = get_vm_arch($conf);
     my $efidisk = $conf->{efidisk0} ? parse_drive('efidisk0', $conf->{efidisk0}) : undef;
-    my (undef, $ovmf_vars) = get_ovmf_files($arch, $efidisk);
+    my $smm = PVE::QemuServer::Machine::machine_type_is_q35($conf);
+    my (undef, $ovmf_vars) = get_ovmf_files($arch, $efidisk, $smm);
     die "uefi vars image '$ovmf_vars' not found\n" if ! -f $ovmf_vars;
     return -s $ovmf_vars;
 }
@@ -7557,10 +7567,10 @@ sub update_tpmstate_size {
     $conf->{tpmstate0} = print_drive($disk);
 }
 
-sub create_efidisk($$$$$$) {
-    my ($storecfg, $storeid, $vmid, $fmt, $arch, $efidisk) = @_;
+sub create_efidisk($$$$$$$) {
+    my ($storecfg, $storeid, $vmid, $fmt, $arch, $efidisk, $smm) = @_;
 
-    my (undef, $ovmf_vars) = get_ovmf_files($arch, $efidisk);
+    my (undef, $ovmf_vars) = get_ovmf_files($arch, $efidisk, $smm);
     die "EFI vars default image not found\n" if ! -f $ovmf_vars;
 
     my $vars_size_b = -s $ovmf_vars;
diff --git a/test/cfg2cmd/efi-secboot-and-tpm-q35.conf b/test/cfg2cmd/efi-secboot-and-tpm-q35.conf
new file mode 100644
index 0000000..5d4b5f5
--- /dev/null
+++ b/test/cfg2cmd/efi-secboot-and-tpm-q35.conf
@@ -0,0 +1,6 @@
+# TEST: Test newer 4MB efidisk with secureboot, smm enforce and a TPM device on Q35
+smbios1: uuid=7b10d7af-b932-4c66-b2c3-3996152ec465
+bios: ovmf
+machine: q35
+efidisk0: local:100/vm-disk-100-0.raw,efitype=4m,pre-enrolled-keys=1,size=528K
+tpmstate0: local:108/vm-100-disk-1.raw,size=4M,version=v2.0
diff --git a/test/cfg2cmd/efi-secboot-and-tpm-q35.conf.cmd b/test/cfg2cmd/efi-secboot-and-tpm-q35.conf.cmd
new file mode 100644
index 0000000..b2a2662
--- /dev/null
+++ b/test/cfg2cmd/efi-secboot-and-tpm-q35.conf.cmd
@@ -0,0 +1,28 @@
+/usr/bin/kvm \
+  -id 8006 \
+  -name vm8006 \
+  -no-shutdown \
+  -chardev 'socket,id=qmp,path=/var/run/qemu-server/8006.qmp,server=on,wait=off' \
+  -mon 'chardev=qmp,mode=control' \
+  -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect=5' \
+  -mon 'chardev=qmp-event,mode=control' \
+  -pidfile /var/run/qemu-server/8006.pid \
+  -daemonize \
+  -smbios 'type=1,uuid=7b10d7af-b932-4c66-b2c3-3996152ec465' \
+  -drive 'if=pflash,unit=0,format=raw,readonly=on,file=/usr/share/pve-edk2-firmware//OVMF_CODE_4M.secboot.fd' \
+  -drive 'if=pflash,unit=1,format=raw,id=drive-efidisk0,size=540672,file=/var/lib/vz/images/100/vm-disk-100-0.raw' \
+  -smp '1,sockets=1,cores=1,maxcpus=1' \
+  -nodefaults \
+  -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
+  -vnc 'unix:/var/run/qemu-server/8006.vnc,password=on' \
+  -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep \
+  -m 512 \
+  -readconfig /usr/share/qemu-server/pve-q35-4.0.cfg
+  -device 'usb-tablet,id=tablet,bus=ehci.0,port=1'
+  -chardev 'socket,id=tpmchar,path=/var/run/qemu-server/8006.swtpm' \
+  -tpmdev 'emulator,id=tpmdev,chardev=tpmchar' \
+  -device 'tpm-tis,tpmdev=tpmdev' \
+  -device 'VGA,id=vga,bus=pcie.0,addr=0x1' \
+  -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' \
+  -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
+  -machine 'type=q35+pve0'
diff --git a/test/cfg2cmd/efi-secboot-and-tpm.conf b/test/cfg2cmd/efi-secboot-and-tpm.conf
index ba2601f..915424e 100644
--- a/test/cfg2cmd/efi-secboot-and-tpm.conf
+++ b/test/cfg2cmd/efi-secboot-and-tpm.conf
@@ -1,4 +1,4 @@
-# TEST: Test newer 4MB efidisk with secureboot, smm enforce and a TPM device
+# TEST: Test newer 4MB efidisk with secureboot and a TPM device
 smbios1: uuid=7b10d7af-b932-4c66-b2c3-3996152ec465
 bios: ovmf
 efidisk0: local:100/vm-disk-100-0.raw,efitype=4m,pre-enrolled-keys=1,size=528K
diff --git a/test/cfg2cmd/efi-secboot-and-tpm.conf.cmd b/test/cfg2cmd/efi-secboot-and-tpm.conf.cmd
index 499dbab..400db42 100644
--- a/test/cfg2cmd/efi-secboot-and-tpm.conf.cmd
+++ b/test/cfg2cmd/efi-secboot-and-tpm.conf.cmd
@@ -9,7 +9,7 @@
   -pidfile /var/run/qemu-server/8006.pid \
   -daemonize \
   -smbios 'type=1,uuid=7b10d7af-b932-4c66-b2c3-3996152ec465' \
-  -drive 'if=pflash,unit=0,format=raw,readonly=on,file=/usr/share/pve-edk2-firmware//OVMF_CODE_4M.secboot.fd' \
+  -drive 'if=pflash,unit=0,format=raw,readonly=on,file=/usr/share/pve-edk2-firmware//OVMF_CODE_4M.fd' \
   -drive 'if=pflash,unit=1,format=raw,id=drive-efidisk0,size=540672,file=/var/lib/vz/images/100/vm-disk-100-0.raw' \
   -smp '1,sockets=1,cores=1,maxcpus=1' \
   -nodefaults \