nova / libvirt Secure Boot VM support not fully functional
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Hi,
I've been trying to get Secure Boot VMs working on my Openstack. But I'm running in to issues with firmware requiring SMM enabled.
Versions:
libvirt version: 6.0.0, package: 0ubuntu8.15
QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.18)
Nova 23.1.1 (deployed via kolla, so kolla/ubuntu-
ovmf 0~20191122.
There's an issue with the way Nova Libvirt driver handles secure boot and the firmware bit.
It boils down to Nova Libvirt driver doesn't produce the correct XML to start a VM. Nova needs to either:
1) Take advantage of Libvirts auto firmware selection feature
OR
2) Produce the correct XML
I have produced 2 series of patch sets for both approaches. Neither patch set is production/merge ready but works on my systems and provides a base.
1. https:/
2. https:/
Context:
http://
http://
https:/
https:/
https:/
Changed in nova: | |
status: | New → In Progress |
Confirmed on an Ubuntu 20.04 host with DevStack. This check has been in libvirt since the very beginning [1] so I'm not sure how I didn't hit this during development. Perhaps libvirt has changed something, Ubuntu is doing something different to Fedora, or I simply messed up...
[1] https:/ /github. com/libvirt/ libvirt/ commit/ 9c1524a01# diff-909be9ec94 676bb693c57b5a8 692cc32bd2f9728 c42dc9fe1c9cbcf 569971b36R2345- R2349