[Kernel-packages] [Bug 2084922] [NEW] Ubuntu 24.04 not able to launch SEV-ES Guest using virt-install

Fri, 18 Oct 2024 08:50:47 -0700 

Public bug reported:

When we try to install a SEV-ES guest on ubuntu 24.04 (regardless of
kernel we use), virt-install will prompt an error message saying not
able to find efi firmware.

/usr/bin/virt-install --name zy-amdsos --vcpus sockets=2,cores=10 --ram 20480 
--cpu host-passthrough --graphics none --video vga --machine q35 --import 
--memtune hard_limit=23068672 --launchSecurity 
sev,policy=0x05,cbitpos=51,reducedPhysBits=1 --memballoon driver.iommu=on 
--disk 
path=/var/lib/libvirt/images/ubuntu-2404_svr_amdsos59_8gb_noworkload.img,device=disk,format=raw
 --osinfo ubuntu24.04 --boot 
uefi,loader=/usr/share/OVMF/OVMF_CODE_4M.fd,loader_ro=yes,loader_type=pflash,nvram_template=/usr/share/OVMF/OVMF_VARS_4M.fd,loader_secure=no
 --print-xml  > /var/lib/libvirt/images/zy-amdsos.xml
virsh define /var/lib/libvirt/images/zy-amdsos.xml
error: Failed to define domain from /var/lib/libvirt/images/zy-amdsos.xml
error: operation failed: Unable to find 'efi' firmware that is compatible with 
the current configuration

The issue is not observed while trying to install standard or SEV guest
using the same image on the same system. This issue is triggered only on
Ubuntu 24.04 && SEV-ES guest.


---------------------------------------------------

Able to workaround issue by adding the "amd-sev-es" to the json file and
doing "service libvirtd restart."  Able to install the SEV-ES guest
using virt-install utility.  Ubuntu 20.04 and 22.04 didn't have the
"amd-sev-es" included in their json file and they work for virt-stall.
This is possibly because there is no checking mechanism in Ubuntu
22.04/20.04.

60-edk2-x86_64.json with amd-sev-es entry :

{
    "description": "UEFI firmware for x86_64, without Secure Boot, optional 
SMM, empty varstore",
    "interface-types": [
        "uefi"
    ],
    "mapping": {
        "device": "flash",
        "executable": {
            "filename": "/usr/share/OVMF/OVMF_CODE_4M.fd",
            "format": "raw"
        },
        "nvram-template": {
            "filename": "/usr/share/OVMF/OVMF_VARS_4M.fd",
            "format": "raw"
        }
    },
    "targets": [
        {
            "architecture": "x86_64",
            "machines": [
                "pc-i440fx-*",
                "pc-q35-*"
            ]
        }
    ],
    "features": [
        "acpi-s3",
        "amd-sev",
        "amd-sev-es",
        "verbose-dynamic"
    ],
    "tags": [

    ]
}

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2084922

Title:
  Ubuntu 24.04 not able to launch SEV-ES Guest using virt-install

Status in linux package in Ubuntu:
  New

Bug description:
  When we try to install a SEV-ES guest on ubuntu 24.04 (regardless of
  kernel we use), virt-install will prompt an error message saying not
  able to find efi firmware.

  /usr/bin/virt-install --name zy-amdsos --vcpus sockets=2,cores=10 --ram 20480 
--cpu host-passthrough --graphics none --video vga --machine q35 --import 
--memtune hard_limit=23068672 --launchSecurity 
sev,policy=0x05,cbitpos=51,reducedPhysBits=1 --memballoon driver.iommu=on 
--disk 
path=/var/lib/libvirt/images/ubuntu-2404_svr_amdsos59_8gb_noworkload.img,device=disk,format=raw
 --osinfo ubuntu24.04 --boot 
uefi,loader=/usr/share/OVMF/OVMF_CODE_4M.fd,loader_ro=yes,loader_type=pflash,nvram_template=/usr/share/OVMF/OVMF_VARS_4M.fd,loader_secure=no
 --print-xml  > /var/lib/libvirt/images/zy-amdsos.xml
  virsh define /var/lib/libvirt/images/zy-amdsos.xml
  error: Failed to define domain from /var/lib/libvirt/images/zy-amdsos.xml
  error: operation failed: Unable to find 'efi' firmware that is compatible 
with the current configuration

  The issue is not observed while trying to install standard or SEV
  guest using the same image on the same system. This issue is triggered
  only on Ubuntu 24.04 && SEV-ES guest.

  
  ---------------------------------------------------

  Able to workaround issue by adding the "amd-sev-es" to the json file
  and doing "service libvirtd restart."  Able to install the SEV-ES
  guest using virt-install utility.  Ubuntu 20.04 and 22.04 didn't have
  the "amd-sev-es" included in their json file and they work for virt-
  stall.  This is possibly because there is no checking mechanism in
  Ubuntu 22.04/20.04.

  60-edk2-x86_64.json with amd-sev-es entry :

  {
      "description": "UEFI firmware for x86_64, without Secure Boot, optional 
SMM, empty varstore",
      "interface-types": [
          "uefi"
      ],
      "mapping": {
          "device": "flash",
          "executable": {
              "filename": "/usr/share/OVMF/OVMF_CODE_4M.fd",
              "format": "raw"
          },
          "nvram-template": {
              "filename": "/usr/share/OVMF/OVMF_VARS_4M.fd",
              "format": "raw"
          }
      },
      "targets": [
          {
              "architecture": "x86_64",
              "machines": [
                  "pc-i440fx-*",
                  "pc-q35-*"
              ]
          }
      ],
      "features": [
          "acpi-s3",
          "amd-sev",
        "amd-sev-es",
          "verbose-dynamic"
      ],
      "tags": [

      ]
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2084922/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to