shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-26 03:21:44 +03:00
Code Releases Activity
f29a8bcef1
libvirt/tests/qemuxml2argvdata/firmware-manual-efi-secure.args

39 lines
1.5 KiB
Plaintext
Raw Normal View History

qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
LC_ALL=C \
PATH=/bin \
qemu: command: Override HOME variable for system QEMU By default, qemu user's home dir points to '/' which shouldn't be used at all. We therefore pass the HOME variable from the current variable iff not running as SUID, which means that for systemd we never set it. This patch makes sure, that for system QEMU this is always set to libDir/<driver>, session mode is left untouched. Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-06 15:29:01 +03:00
HOME=/tmp/lib/domain--1-test-bios \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
USER=test \
LOGNAME=test \
qemu: command: Enforce setting XDG variables for system QEMU For session mode, only XDG_CACHE_HOME is set, because we want to remain integrating with services in user session, but for system mode, this would have become reading/writing to '/' which carries the obvious issue with permissions (also, '/' is the wrong location in 99.9% cases anyway). Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-08 14:15:07 +03:00
XDG_DATA_HOME=/tmp/lib/domain--1-test-bios/.local/share \
XDG_CACHE_HOME=/tmp/lib/domain--1-test-bios/.cache \
XDG_CONFIG_HOME=/tmp/lib/domain--1-test-bios/.config \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
QEMU_AUDIO_DRV=none \
tests: unify qemu binary paths for all qemu related tests Our test data used a lot of different qemu binary paths and some of them were based on downstream systems. Note that there is one file where I had to add "accel=kvm" because the qemuargv2xml code parses "/usr/bin/kvm" as virt type="kvm". Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2017-04-06 19:19:48 +03:00
/usr/bin/qemu-system-x86_64 \
qemu: command: Always assume support for '-name guest=' and '-name debug-threads=on' All QEMU versions we support have these and it's very unlikely that they will be removed. Remove the capability checks. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-08-10 17:39:38 +03:00
-name guest=test-bios,debug-threads=on \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-S \
qemu: Always assume presence of QEMU_CAPS_OBJECT_SECRET The secret object is supported since qemu-2.6 and can't be compiled out. Assume the presence to simplify the code. This enables the use of the secret key for most tests not using real caps. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-09-21 18:50:00 +03:00
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-test-bios/master-key.aes \
tests: qemuxml2argvdata: Remove specific q35 machine types from fake-caps tests Use q35 instead. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-01-05 12:19:36 +03:00
-machine q35,usb=off,smm=on,dump-guest-core=off \
qemu: Switch to -accel We currently use -machine accel=XXX which is just a syntax sugar for -accel XXX. The former doesn't allow specifying arguments for accelerator, because all arguments passed to -machine are treated as arguments of machine itself. The -accel argument was introduced in QEMU commit v2.9.0-rc0~70^2~19 and since our minimum required version is newer (2.11.0) we can safely assume its existence and use it without any capability. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/233 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Tested-by: Kashyap Chamarthy <kchamart@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-11-05 11:38:10 +03:00
-accel tcg \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-global driver=cfi.pflash01,property=secure,value=on \
qemuxml2argvtest: Use internal wrapping of command line arguments virCommandToString has the possibility to return an already wrapped string with better format than what we get from the test wrapper script. The main advantage is that arguments for an option are always on the same line which makes it more easy to see what changed in a diff and prevents re-wrapping of the line if a wrapping point moves over the threshold. Additionally the used output is the same we have in the VM log file when a VM is starting. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-31 11:46:36 +03:00
-drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \
tests: don't use auto-generated NVRAM path in tests By using the auto-generated NVRAM path in test data files, we won't see bugs where a user specified path gets accidentally overwritten by a post-parse callback, or VM startup. For example, this caused us to miss the bug fixed by: commit 24adb6c7a6cbd8ce5f9de67e6af5d89e0e57c270 Author: Michal Prívozník <mprivozn@redhat.com> Date: Wed Feb 23 08:50:44 2022 +0100 qemu: Don't regenerate NVRAM path if parsed from domain XML Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-02-23 15:45:51 +03:00
-drive file=/some/user/nvram/path/guest_VARS.fd,if=pflash,format=raw,unit=1 \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-m 1024 \
qemu: command: Always assume QEMU_CAPS_OVERCOMMIT Starting with qemu-3.1 we always have the '-overcommit' argument and use it instead of '-realtime'. Remove the capability check and fix all fake-caps tests. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-02-10 14:57:26 +03:00
-overcommit mem-lock=off \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 362d1fc1-df7d-193e-5c18-49a71bd1da66 \
qemu: deprecate QEMU_CAPS_DISPLAY Implied by QEMU >= 1.2.0. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-29 13:51:55 +03:00
-display none \
qemu: deprecate QEMU_CAPS_NO_USER_CONFIG Implied by QEMU >= 1.2.0. Delete this one first, because QEMU_CAPS_NODEFCONFIG is only used when QEMU_CAPS_NO_USER_CONFIG is unsupported. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-29 13:51:55 +03:00
-no-user-config \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-nodefaults \
qemu: Always assume QEMU_CAPS_CHARDEV_FD_PASS_COMMANDLINE All qemu versions now support FD passing either directly or via FDset. Assume that we always have this capability so that we can simplify chardev handling in many cases. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-02-03 15:31:28 +03:00
-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
qemu: deprecate QEMU_CAPS_MONITOR_JSON We require QEMU >= 1.5.0, assume every QEMU supports it. Sadly that does not let us trivially drop qemuMonitor's priv->monJSON bool, because of qemuDomainQemuAttach. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-29 01:04:58 +03:00
-mon chardev=charmonitor,id=monitor,mode=control \
qemu: deprecate QEMU_CAPS_RTC Implied by QEMU >= 1.2.0. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-29 13:51:55 +03:00
-rtc base=utc \
qemu: deprecate QEMU_CAPS_NO_SHUTDOWN Implied by QEMU >= 1.2.0. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-29 13:51:55 +03:00
-no-shutdown \
qemu: command: Always assume 'QEMU_CAPS_BOOT_STRICT' Added by c8a6ae8bb9 in qemu-v1.5.0 and can't be compiled out. Assume that it's present and fix all fake-caps tests. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-09-20 17:22:59 +03:00
-boot menu=on,strict=on \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1e \
-device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x0 \
qemuBuildControllerPCIDevStr: Format via JSON properties Internally format the PCI controller properties into JSON, but convert it back to a string so that we for now change just the SCSI controller. The change in tests is expected as the 'port' field for various PCI controllers is expected to be a number and thus can't be represented as a hexadecimal value in JSON. QEMU expects the following types: 'pci-bridge' chassis_nr=<uint8> - (default: 0) 'pxb-pcie': bus_nr=<uint8> - (default: 0) 'pcie-root-port' port=<uint8> - (default: 0) chassis=<uint8> - (default: 0) hotplug=<bool> - (default: true) Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-10-05 00:07:44 +03:00
-device ioh3420,port=8,chassis=3,id=pci.3,bus=pcie.0,addr=0x1 \
qemu: Enable secure boot In qemu, enabling this feature boils down to adding the following onto the command line: -global driver=cfi.pflash01,property=secure,value=on However, there are some constraints resulting from the implementation. For instance, System Management Mode (SMM) is required to be enabled, the machine type must be q35-2.4 or later, and the guest should be x86_64. While technically it is possible to have 32 bit guests with secure boot, some non-trivial CPU flags tuning is required (for instance lm and nx flags must be prohibited). Given complexity of our CPU driver, this is not trivial. Therefore I've chosen to forbid 32 bit guests for now. If there's ever need, we can refine the check later. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-13 12:33:52 +03:00
-device virtio-scsi-pci,id=scsi0,bus=pci.2,addr=0x1 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-scsi0-0-0-0 \
qemuxml2argvtest: Use internal wrapping of command line arguments virCommandToString has the possibility to return an already wrapped string with better format than what we get from the test wrapper script. The main advantage is that arguments for an option are always on the same line which makes it more easy to see what changed in a diff and prevents re-wrapping of the line if a wrapping point moves over the threshold. Additionally the used output is the same we have in the VM log file when a VM is starting. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-03-31 11:46:36 +03:00
-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
qemu: command: Always assume support for '-msg timestamp=on' All supported QEMU versions have this option so there's no need for us to base it on the capability. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-08-10 18:07:10 +03:00
-device virtio-balloon-pci,id=balloon0,bus=pci.2,addr=0x2 \
-msg timestamp=on
Copy Permalink