focal change to 4M images changes virtinst default flavor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
edk2 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Focal |
Confirmed
|
Undecided
|
Unassigned | ||
virt-manager (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Mustafa Kemal Gilor |
Bug Description
[ Impact ]
* The fix for bug 1885662 has caused a regression in virt-install, where the default "--boot uefi" firmware image has changed from "OVMF_CODE.fd" (no secure boot) to "OVMF_CODE_
* This is related to how virt-install selects a firmware from the offered firmwares. virt-install uses a hard-coded UEFI firmware pattern list to match against the offered patterns. The pattern list can be found in virtinst/
_uefi_
/*...*/
"x86_64": [
],
/*...*/
}
* virt-install uses `find_uefi_
40-
50-
60-
* Looking at the implementation of `find_uefi_
domcapabili
/* ... */
for pattern in patterns:
for path in firmware_files:
if re.match(pattern, path):
/* ... */
The first pattern r".*edk2-
* The fix for LP#1885662 has changed the offered firmware names as follows:
40-
50-
60-
The pattern r".*OVMF_CODE\.fd" no longer matches to anything, and the loop proceeds to the next pattern until a match is found. The last pattern ".*OVMF.*" matches, but it matches to first offered firmware now instead of the last one, and returns OVMF_CODE_4M.ms.fd as UEFI firmware path. The returned OVMF_CODE_4M.ms.fd is a secure boot capable/key enrolled firmware file, where the old one was non-secure boot firmware; hence the regression.
* This SRU fixes the issue by updating the r".*OVMF_CODE\.fd" pattern as r".*OVMF_
* Note that this regression affects only the new VMs, not the existing VMS.
[ Test Plan ]
* To see the old behavior:
- lxc launch ubuntu:focal test-ovmf-r # or equivalent vm/container choice
- lxc shell test-ovmf-r
- apt install ovmf=0~
- apt install qemu-kvm libvirt-
- systemctl restart libvirtd # ensure fw descriptors are reloaded
- virt-install --boot uefi --print-xml --memory 1 --disk none --machine q35 | grep "/usr/share/OVMF"
- # should output: <loader readonly="yes" type="pflash"
- # selected default firmware is non-secure boot kind
* To see the new behavior (regression):
- lxc launch ubuntu:focal test-ovmf-r # or equivalent vm/container choice
- lxc shell test-ovmf-r
- apt install ovmf=0~
- apt install qemu-kvm libvirt-
- systemctl restart libvirtd # ensure fw descriptors are reloaded
- virt-install --boot uefi --print-xml --memory 1 --disk none --machine q35 | grep "/usr/share/OVMF"
- # should output: <loader readonly="yes" type="pflash"
- # selected default firmware is different kind (secure boot capable/key enrolled) than the previous
- # version
* Test the fix:
- Execute steps under "To see the new behavior (regression)"
- # Enable the PPA that contains the virt-install with the fix
- # and upgrade the virt-install package:
- sudo add-apt-repository ppa:mustafakema
- sudo apt update
- sudo apt upgrade
- # Check "virt-install" output again:
- virt-install --boot uefi --print-xml --memory 1 --disk none --machine q35 | grep "/usr/share/OVMF"
- # should output: <loader readonly="yes" type="pflash"
- # selected default firmware is non-secure boot kind
[ Where problems could occur ]
* The change is localized and it compliments the changes made to the OVMF package, therefore the risk of regression is considered low.
* This patch can only affect virt-install's behavior if other packages offer OVMF firmware files with the new "_4M" suffix.
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
- dann frazier: Pending requested
-
Diff: 61 lines (+39/-0)3 files modifieddebian/changelog (+8/-0)
debian/patches/lp-2004618-add-4m-pattern.patch (+30/-0)
debian/patches/series (+1/-0)
tags: | added: patch |
Changed in edk2 (Ubuntu Focal): | |
assignee: | nobody → Mustafa Kemal Gilor (mustafakemalgilor) |
description: | updated |
description: | updated |
Changed in virt-manager (Ubuntu Focal): | |
assignee: | nobody → Mustafa Kemal Gilor (mustafakemalgilor) |
Changed in edk2 (Ubuntu Focal): | |
assignee: | Mustafa Kemal Gilor (mustafakemalgilor) → nobody |
tags: | added: regression-update |
description: | updated |
For reference, I'm attaching the logs I was looking at yesterday that pointed me to the virtinst issue. I collected it by turning on the following debug settings in libvirtd.conf:
log_filters= "1:qemu_ firmware" "3:syslog: libvirtd 1:stderr"
log_outputs=
And ran libvirtd in the foreground to collect it.
You'll see that the probing pattern between old ovmf and new ovmf changed. After applying a patch to virtinst that also matches the 4M variants, the probing pattern when using the new ovmf now matches the old one.