On Mon, Aug 04, 2025 at 02:15:01PM -0600, Jim Fehlig wrote:
> On 8/4/25 05:31, Andrea Bolognani wrote:
> > On Fri, Aug 01, 2025 at 11:39:45AM -0600, Jim Fehlig via Devel wrote:
> > > With this addition, the correct firmware is detected, but it's not
> > > properly
> > > provided to qemu
> > >
> > > internal error: QEMU unexpectedly closed the monitor (vm='sles15sp7-snp'):
> > > 2025-08-01T17:11:20.589614Z qemu-system-x86_64: pflash with kvm requires
> > > KVM
> > > readonly memory support
> > >
> > > The pertinent command line pieces being
> > >
> > > -blockdev
> > > '{"driver":"file","filename":"/usr/share/qemu/ovmf-x86_64-sev.bin","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":
> > > "unmap"}'
> > > -blockdev
> > > '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
> > >
> > > But for SNP, it needs to be provided as bios, e.g.
> > >
> > > -bios /usr/share/qemu/ovmf-x86_64-sev.bin
> > >
> > > Are we correctly identifying this firmware in the descriptor file? It's
> > > advertised as a "flash" device, although I'm not sure if any of the other
> > > "FirmwareDevice" options [1] are appropriate. Perhaps the
> > > "FirmwareOSInterface" should be 'bios'?
> >
> > Adding Michal and Daniel to the conversation so that they can provide
> > some insights. I have zero experience with SEV and no easy access to
> > the relevant hardware.
>
> I don't follow qemu development close enough to know if pflash is now
> supported with SNP guests. AFAIK, only '-bios' was supported when the
> initial SNP enablement was merged.
TDX/SNP are strictly -bios only and will remain that way.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
