Re: [PATCH] qemu: don't warn about missing SMM for CVM firmware

Ján Tomko via Devel Tue, 12 Aug 2025 01:24:31 -0700

On a Thursday in 2025, Daniel P. Berrangé via Devel wrote:

From: Daniel P. Berrangé <berra...@redhat.com>


Neither Intel TDX / AMD SEV(SNP) allow use of SMM, but the EDK2
firmware none the less supports secureboot. Libvirt currently
issues bogus warnings about Fedora firmware

 warning : qemuFirmwareSanityCheck:1575 : Firmware description
 '/usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json' has
 invalid set of features: requires-smm = 0, secure-boot = 1,
 enrolled-keys = 1

This removes the warning if the firmware descriptor indicates use
of any confidential VM technology.

Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
src/qemu/qemu_firmware.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index f10137144e..dbec068738 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1540,6 +1540,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
    bool requiresSMM = false;
    bool supportsSecureBoot = false;
    bool hasEnrolledKeys = false;
+    bool cvm = false;


Naming this, for example, confidential VM would be more descriptive.

    for (i = 0; i < fw->nfeatures; i++) {
        switch (fw->features[i]) {


Regardless:
Reviewed-by: Ján Tomko <jto...@redhat.com>

Jano

signature.asc
Description: PGP signature

Re: [PATCH] qemu: don't warn about missing SMM for CVM firmware

Reply via email to