On 4/16/19 12:50 PM, Kashyap Chamarthy wrote:
> I learnt from Dan Berrangé that the 'nvram' section in
> `/etc/libvirt/qemu.conf` will now go away in light of all the work done
> in QEMU ('firmware.json', et al) and libvirt (the firmware
> auto-selection).
>
> But for my own education, can anyone confirm that the current content of
> 'nvram' is out of date in terms of mapping of OVMF binaries to their
> corresponding variable store ("VARS") files?
>
> Let's see what I mean.
>
> On my Fedora 29 box, in `/etc/libvirt/qemu.conf`, I see the following
> mapping of OVMF binaries to their correspoindg "VARS" file under the
> 'nvram' section:
>
> #nvram = [
> # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
> # "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
> # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",
> # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
> #]
>
> Now let's enumerate the content of 'edk2-ovmf' package:
>
> $> rpm -ql edk2-ovmf
> /usr/share/OVMF
> /usr/share/OVMF/OVMF_CODE.fd
> /usr/share/OVMF/OVMF_CODE.secboot.fd
> /usr/share/OVMF/OVMF_VARS.fd
> /usr/share/OVMF/OVMF_VARS.secboot.fd
> /usr/share/OVMF/UefiShell.iso
> /usr/share/doc/edk2-ovmf
> /usr/share/doc/edk2-ovmf/README
> /usr/share/doc/edk2-ovmf/ovmf-whitepaper-c770f8c.txt
> /usr/share/edk2
> /usr/share/edk2/ovmf
> /usr/share/edk2/ovmf/EnrollDefaultKeys.efi
> /usr/share/edk2/ovmf/OVMF_CODE.fd
> /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
> /usr/share/edk2/ovmf/OVMF_VARS.fd
> /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
> /usr/share/edk2/ovmf/Shell.efi
> /usr/share/edk2/ovmf/UefiShell.iso
> /usr/share/licenses/edk2-ovmf
> /usr/share/licenses/edk2-ovmf/LICENSE.openssl
> /usr/share/licenses/edk2-ovmf/License.txt
>
> There is the /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd file (which comes
> with the default UEFI keys enrolled).
>
> So, the mapping of OVMF binary to VARS file in the earlier mentioned
> 'nvram' section should have been:
>
> /usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
>
> Yes?
>
Unfortunately the qemu.conf comment is not authoritatize. I believe
that's the default value hardcoded in libvirt, but it can also be
changed with a build time flag, which we do for fedora. The spec file
has this change:
%if 0%{?fedora}
# Nightly edk2.git-ovmf-x64
LOADERS="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd"
# Nightly edk2.git-ovmf-ia32
LOADERS="$LOADERS:/usr/share/edk2.git/ovmf-ia32/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-ia32/OVMF_VARS-pure-efi.fd"
# Nightly edk2.git-aarch64
LOADERS="$LOADERS:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw"
# Nightly edk2.git-arm
LOADERS="$LOADERS:/usr/share/edk2.git/arm/QEMU_EFI-pflash.raw:/usr/share/edk2.git/arm/vars-template-pflash.raw"
# Fedora edk2-ovmf
LOADERS="$LOADERS:/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"
# Fedora edk2-ovmf-ia32
LOADERS="$LOADERS:/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd:/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd"
# Fedora edk2-aarch64
LOADERS="$LOADERS:/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw"
# Fedora edk2-arm
LOADERS="$LOADERS:/usr/share/edk2/arm/QEMU_EFI-pflash.raw:/usr/share/edk2/arm/vars-template-pflash.raw"
%define arg_loader_nvram --with-loader-nvram="$LOADERS"
%endif
So that's 8 pairs that we look for in fedora. That default commented out
value is probably what we use on RHEL with standard RHEL packaging
- Cole
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
