Martin Kletzander
2015-Aug-06 15:08 UTC
Re: [libvirt-users] Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote:>On 08/03/2015 10:47 PM, Martin Kletzander wrote: >> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote: >>> On 08/03/2015 01:43 PM, Ryan Barry wrote: >>>> Using: >>>> >>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64 >>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch >>>> >>>> On Fedora 22. >>>> >>>> Provisioning a i440FX system in virt-manager and attempting to >>>> boot results in successful EFI initialization, but the VM >>>> exits ungracefully after the bootloader (with F22 and CentOS 7 >>>> installer images). There's no really useful information in any >>>> of the logs. >>>> >> >> I haven't tried EFI with 440fx, only with q35. I haven't found an >> option to enable EFI neither a secureboot anywhere in >> virt-manager. > >q35 doesn't help here. secureboot is in the EFI config menus (press ><ESC> or <DEL> in the guest while booting, go look at the boot >configuration, and you'll see secureboot options -- it's disabled by >default and not able to be enabled until LockDown_ms is applied). >Oh, so that's what I misunderstood, sorry for that.>What I don't understand is why this matters, since I was able to boot >with basically the generated command (see below) from a console, but >it's 100% reproducible. > >> >>>> Using qemu-kvm directly (qemu-kvm -bios >>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G -cdrom >>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso) boots >>>> and loads successfully. >>> >> >> We don't use '-bios' but '-drive file,if=pflash' and that's done >> once for the OVMF code and second time for the efivars storage. >> What's the guest XML and full command line of qemu being started? > >I was able to boot with this (once I removed -S, -spice, and -netdev). >After installing with -netdev user..., and applying LockDown_ms, it >boots normally from virsh/virt-manager. >So the generated command (from libvirt) works for you if there is no -S (of course) and -netdev (I guess because of the fd= we're passing)? Why did you remove '-spice'? If the only difference in this case really is libvirt, then we need to know why the machine shuts down. If neither the 'virsh domstate --reason <domain>' helps nor there is any information in the logs, then I suggest enabling debug logs and looking through those (both the domain log and libvirtd log).>Also, I can mount an ISO and reinstall once secureboot is enabled. > >XML is at the bottom. > >LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin >QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S -machine >pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX -drive >file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on >-drive >file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1 >-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid >ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults >-chardev >socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait >-mon chardev=charmonitor,id=monitor,mode=control -rtc >base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard >-no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global >PIIX4_PM.disable_s4=1 -boot strict=on -device >ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device >ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6 >-device >ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 >-device >ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 >-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive >file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 >-device >virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 >-drive >file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw >-device >ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 >-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device >virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3 >-chardev pty,id=charserial0 -device >isa-serial,chardev=charserial0,id=serial0 -chardev >socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait >-device >virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 >-chardev spicevmc,id=charchannel1,name=vdagent -device >virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 >-device usb-tablet,id=input0 -spice >port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on >-device >qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2 >-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device >hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev >spicevmc,id=charredir0,name=usbredir -device >usb-redir,chardev=charredir0,id=redir0 -chardev >spicevmc,id=charredir1,name=usbredir -device >usb-redir,chardev=charredir1,id=redir1 -device >virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on > > >> >>> Just to update -- >>> >>> This appears to be related to secureboot. Using a VM which has >>> secure boot enabled is successful >>> >>>> >>>> What's the difference here? Where can I go for >>>> troubleshooting? >>>> >>>> libvirt XML is below: >>>> >>>> <domain type='kvm'> <name>fedora22</name> >>>> <uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid> <memory >>>> unit='KiB'>2097152</memory> <currentMemory >>>> unit='KiB'>2097152</currentMemory> <vcpu >>>> placement='static'>1</vcpu> <os> <type arch='x86_64' >>>> machine='pc-i440fx-2.3'>hvm</type> <loader readonly='yes' >>>> type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> >>>> >>>> >>>> >>>> ><nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram> >>>> </os> <features> <acpi/> <apic/> <pae/> </features> <cpu >>>> mode='custom' match='exact'> <model >>>> fallback='allow'>Haswell-noTSX</model> </cpu> <clock >>>> offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer >>>> name='pit' tickpolicy='delay'/> <timer name='hpet' >>>> present='no'/> </clock> <on_poweroff>destroy</on_poweroff> >>>> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> >>>> <pm> <suspend-to-mem enabled='no'/> <suspend-to-disk >>>> enabled='no'/> </pm> <devices> >>>> <emulator>/usr/bin/qemu-kvm</emulator> <disk type='file' >>>> device='disk'> <driver name='qemu' type='qcow2'/> <source >>>> file='/var/lib/libvirt/images/fedora22.qcow2'/> <target >>>> dev='vda' bus='virtio'/> <boot order='1'/> <address type='pci' >>>> domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> >>>> <disk type='file' device='cdrom'> <driver name='qemu' >>>> type='raw'/> <source >>>> file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/> >>>> >>>> >>>> ><target dev='hda' bus='ide'/> >>>> <readonly/> <boot order='2'/> <address type='drive' >>>> controller='0' bus='0' target='0' unit='0'/> </disk> >>>> <controller type='usb' index='0' model='ich9-ehci1'> <address >>>> type='pci' domain='0x0000' bus='0x00' slot='0x06' >>>> function='0x7'/> </controller> <controller type='usb' >>>> index='0' model='ich9-uhci1'> <master startport='0'/> <address >>>> type='pci' domain='0x0000' bus='0x00' slot='0x06' >>>> function='0x0' multifunction='on'/> </controller> <controller >>>> type='usb' index='0' model='ich9-uhci2'> <master >>>> startport='2'/> <address type='pci' domain='0x0000' bus='0x00' >>>> slot='0x06' function='0x1'/> </controller> <controller >>>> type='usb' index='0' model='ich9-uhci3'> <master >>>> startport='4'/> <address type='pci' domain='0x0000' bus='0x00' >>>> slot='0x06' function='0x2'/> </controller> <controller >>>> type='pci' index='0' model='pci-root'/> <controller type='ide' >>>> index='0'> <address type='pci' domain='0x0000' bus='0x00' >>>> slot='0x01' function='0x1'/> </controller> <controller >>>> type='virtio-serial' index='0'> <address type='pci' >>>> domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> >>>> </controller> <interface type='network'> <mac >>>> address='52:54:00:35:b6:00'/> <source network='default'/> >>>> <model type='virtio'/> <address type='pci' domain='0x0000' >>>> bus='0x00' slot='0x03' function='0x0'/> </interface> <serial >>>> type='pty'> <target port='0'/> </serial> <console type='pty'> >>>> <target type='serial' port='0'/> </console> <channel >>>> type='unix'> <source mode='bind' >>>> path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/> >>>> >>>> >>>> >>>> ><target type='virtio' name='org.qemu.guest_agent.0'/> >>>> <address type='virtio-serial' controller='0' bus='0' port='1'/> >>>> </channel> <channel type='spicevmc'> <target type='virtio' >>>> name='com.redhat.spice.0'/> <address type='virtio-serial' >>>> controller='0' bus='0' port='2'/> </channel> <input >>>> type='tablet' bus='usb'/> <input type='mouse' bus='ps2'/> >>>> <input type='keyboard' bus='ps2'/> <graphics type='spice' >>>> autoport='yes'> <image compression='off'/> </graphics> <sound >>>> model='ich6'> <address type='pci' domain='0x0000' bus='0x00' >>>> slot='0x04' function='0x0'/> </sound> <video> <model type='qxl' >>>> ram='65536' vram='65536' vgamem='16384' heads='1'/> <address >>>> type='pci' domain='0x0000' bus='0x00' slot='0x02' >>>> function='0x0'/> </video> <redirdev bus='usb' type='spicevmc'> >>>> </redirdev> <redirdev bus='usb' type='spicevmc'> </redirdev> >>>> <memballoon model='virtio'> <address type='pci' domain='0x0000' >>>> bus='0x00' slot='0x08' function='0x0'/> </memballoon> >>>> </devices> </domain> >>>> >>> >> >>> pub rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry >>> <rbarry@redhat.com> uid Ryan Barry <phresus@gmail.com> sub >>> rsa2048/9C33C113 2013-10-31 >> >>> _______________________________________________ libvirt-users >>> mailing list libvirt-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/libvirt-users >
Ryan Barry
2015-Aug-06 18:28 UTC
Re: [libvirt-users] Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
On 08/06/2015 08:08 AM, Martin Kletzander wrote:> On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote: >> On 08/03/2015 10:47 PM, Martin Kletzander wrote: >>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote: >>>> On 08/03/2015 01:43 PM, Ryan Barry wrote: >>>>> Using: >>>>> >>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64 >>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch >>>>> >>>>> On Fedora 22. >>>>> >>>>> Provisioning a i440FX system in virt-manager and attempting >>>>> to boot results in successful EFI initialization, but the >>>>> VM exits ungracefully after the bootloader (with F22 and >>>>> CentOS 7 installer images). There's no really useful >>>>> information in any of the logs. >>>>> >>> >>> I haven't tried EFI with 440fx, only with q35. I haven't found >>> an option to enable EFI neither a secureboot anywhere in >>> virt-manager. >> >> q35 doesn't help here. secureboot is in the EFI config menus >> (press <ESC> or <DEL> in the guest while booting, go look at the >> boot configuration, and you'll see secureboot options -- it's >> disabled by default and not able to be enabled until LockDown_ms >> is applied). >> > > Oh, so that's what I misunderstood, sorry for that. > >> What I don't understand is why this matters, since I was able to >> boot with basically the generated command (see below) from a >> console, but it's 100% reproducible. >> >>> >>>>> Using qemu-kvm directly (qemu-kvm -bios >>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G >>>>> -cdrom >>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso) >>>>> boots and loads successfully. >>>> >>> >>> We don't use '-bios' but '-drive file,if=pflash' and that's >>> done once for the OVMF code and second time for the efivars >>> storage. What's the guest XML and full command line of qemu >>> being started? >> >> I was able to boot with this (once I removed -S, -spice, and >> -netdev). After installing with -netdev user..., and applying >> LockDown_ms, it boots normally from virsh/virt-manager. >> > > So the generated command (from libvirt) works for you if there is > no -S (of course) and -netdev (I guess because of the fd= we're > passing)? Why did you remove '-spice'? > > If the only difference in this case really is libvirt, then we need > to know why the machine shuts down. If neither the 'virsh > domstate --reason <domain>' helps nor there is any information in > the logs, then I suggest enabling debug logs and looking through > those (both the domain log and libvirtd log).I removed -spice because I was ok with a basic console. I enabled libvirtd debug logging and got nothing useful out of it. I'll try guest debugging next week> >> Also, I can mount an ISO and reinstall once secureboot is >> enabled. >> >> XML is at the bottom. >> >> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin >> QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S >> -machine pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX >> -drive >> file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on >> >> >>-drive>> file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1 >> >> >>-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid>> ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults >> -chardev >> socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait >> >> >>-mon chardev=charmonitor,id=monitor,mode=control -rtc>> base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard >> -no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global >> PIIX4_PM.disable_s4=1 -boot strict=on -device >> ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device >> ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6 >> >> >>-device>> ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 >> >>-device>> ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 >> >>-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive>> file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 >> >> >>-device>> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 >> >> >>-drive>> file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw >> >> >>-device>> ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 >> >>-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device>> virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3 >> >> >>-chardev pty,id=charserial0 -device>> isa-serial,chardev=charserial0,id=serial0 -chardev >> socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait >> >> >>-device>> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 >> >> >>-chardev spicevmc,id=charchannel1,name=vdagent -device>> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 >> >> >>-device usb-tablet,id=input0 -spice>> port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on >> >> >>-device>> qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2 >> >> >>-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device>> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev >> spicevmc,id=charredir0,name=usbredir -device >> usb-redir,chardev=charredir0,id=redir0 -chardev >> spicevmc,id=charredir1,name=usbredir -device >> usb-redir,chardev=charredir1,id=redir1 -device >> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg >> timestamp=on >> >> >>> >>>> Just to update -- >>>> >>>> This appears to be related to secureboot. Using a VM which >>>> has secure boot enabled is successful >>>> >>>>> >>>>> What's the difference here? Where can I go for >>>>> troubleshooting? >>>>> >>>>> libvirt XML is below: >>>>> >>>>> <domain type='kvm'> <name>fedora22</name> >>>>> <uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid> <memory >>>>> unit='KiB'>2097152</memory> <currentMemory >>>>> unit='KiB'>2097152</currentMemory> <vcpu >>>>> placement='static'>1</vcpu> <os> <type arch='x86_64' >>>>> machine='pc-i440fx-2.3'>hvm</type> <loader readonly='yes' >>>>> type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> >>>>> >>>>> >>>>> >>>>> >>>>> >> >>>>><nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram>>>>>> </os> <features> <acpi/> <apic/> <pae/> </features> <cpu >>>>> mode='custom' match='exact'> <model >>>>> fallback='allow'>Haswell-noTSX</model> </cpu> <clock >>>>> offset='utc'> <timer name='rtc' tickpolicy='catchup'/> >>>>> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' >>>>> present='no'/> </clock> <on_poweroff>destroy</on_poweroff> >>>>> <on_reboot>restart</on_reboot> >>>>> <on_crash>restart</on_crash> <pm> <suspend-to-mem >>>>> enabled='no'/> <suspend-to-disk enabled='no'/> </pm> >>>>> <devices> <emulator>/usr/bin/qemu-kvm</emulator> <disk >>>>> type='file' device='disk'> <driver name='qemu' >>>>> type='qcow2'/> <source >>>>> file='/var/lib/libvirt/images/fedora22.qcow2'/> <target >>>>> dev='vda' bus='virtio'/> <boot order='1'/> <address >>>>> type='pci' domain='0x0000' bus='0x00' slot='0x07' >>>>> function='0x0'/> </disk> <disk type='file' device='cdrom'> >>>>> <driver name='qemu' type='raw'/> <source >>>>> file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/> >>>>> >>>>> >>>>> >> >>>>><target dev='hda' bus='ide'/>>>>>> <readonly/> <boot order='2'/> <address type='drive' >>>>> controller='0' bus='0' target='0' unit='0'/> </disk> >>>>> <controller type='usb' index='0' model='ich9-ehci1'> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' >>>>> function='0x7'/> </controller> <controller type='usb' >>>>> index='0' model='ich9-uhci1'> <master startport='0'/> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' >>>>> function='0x0' multifunction='on'/> </controller> >>>>> <controller type='usb' index='0' model='ich9-uhci2'> >>>>> <master startport='2'/> <address type='pci' domain='0x0000' >>>>> bus='0x00' slot='0x06' function='0x1'/> </controller> >>>>> <controller type='usb' index='0' model='ich9-uhci3'> >>>>> <master startport='4'/> <address type='pci' domain='0x0000' >>>>> bus='0x00' slot='0x06' function='0x2'/> </controller> >>>>> <controller type='pci' index='0' model='pci-root'/> >>>>> <controller type='ide' index='0'> <address type='pci' >>>>> domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> >>>>> </controller> <controller type='virtio-serial' index='0'> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' >>>>> function='0x0'/> </controller> <interface type='network'> >>>>> <mac address='52:54:00:35:b6:00'/> <source >>>>> network='default'/> <model type='virtio'/> <address >>>>> type='pci' domain='0x0000' bus='0x00' slot='0x03' >>>>> function='0x0'/> </interface> <serial type='pty'> <target >>>>> port='0'/> </serial> <console type='pty'> <target >>>>> type='serial' port='0'/> </console> <channel type='unix'> >>>>> <source mode='bind' >>>>> path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/> >>>>> >>>>> >>>>> >>>>> >>>>> >> >>>>><target type='virtio' name='org.qemu.guest_agent.0'/>>>>>> <address type='virtio-serial' controller='0' bus='0' >>>>> port='1'/> </channel> <channel type='spicevmc'> <target >>>>> type='virtio' name='com.redhat.spice.0'/> <address >>>>> type='virtio-serial' controller='0' bus='0' port='2'/> >>>>> </channel> <input type='tablet' bus='usb'/> <input >>>>> type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> >>>>> <graphics type='spice' autoport='yes'> <image >>>>> compression='off'/> </graphics> <sound model='ich6'> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' >>>>> function='0x0'/> </sound> <video> <model type='qxl' >>>>> ram='65536' vram='65536' vgamem='16384' heads='1'/> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' >>>>> function='0x0'/> </video> <redirdev bus='usb' >>>>> type='spicevmc'> </redirdev> <redirdev bus='usb' >>>>> type='spicevmc'> </redirdev> <memballoon model='virtio'> >>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' >>>>> function='0x0'/> </memballoon> </devices> </domain> >>>>> >>>> >>> >>>> pub rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry >>>> <rbarry@redhat.com> uid Ryan Barry <phresus@gmail.com> sub >>>> rsa2048/9C33C113 2013-10-31 >>> >>>> _______________________________________________ >>>> libvirt-users mailing list libvirt-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/libvirt-users >>
Martin Kletzander
2015-Aug-07 07:33 UTC
Re: [libvirt-users] Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
On Thu, Aug 06, 2015 at 11:28:25AM -0700, Ryan Barry wrote:>On 08/06/2015 08:08 AM, Martin Kletzander wrote: >> On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote: >>> On 08/03/2015 10:47 PM, Martin Kletzander wrote: >>>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote: >>>>> On 08/03/2015 01:43 PM, Ryan Barry wrote: >>>>>> Using: >>>>>> >>>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64 >>>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch >>>>>> >>>>>> On Fedora 22. >>>>>> >>>>>> Provisioning a i440FX system in virt-manager and attempting >>>>>> to boot results in successful EFI initialization, but the >>>>>> VM exits ungracefully after the bootloader (with F22 and >>>>>> CentOS 7 installer images). There's no really useful >>>>>> information in any of the logs. >>>>>> >>>> >>>> I haven't tried EFI with 440fx, only with q35. I haven't found >>>> an option to enable EFI neither a secureboot anywhere in >>>> virt-manager. >>> >>> q35 doesn't help here. secureboot is in the EFI config menus >>> (press <ESC> or <DEL> in the guest while booting, go look at the >>> boot configuration, and you'll see secureboot options -- it's >>> disabled by default and not able to be enabled until LockDown_ms >>> is applied). >>> >> >> Oh, so that's what I misunderstood, sorry for that. >> >>> What I don't understand is why this matters, since I was able to >>> boot with basically the generated command (see below) from a >>> console, but it's 100% reproducible. >>> >>>> >>>>>> Using qemu-kvm directly (qemu-kvm -bios >>>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G >>>>>> -cdrom >>>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso) >>>>>> boots and loads successfully. >>>>> >>>> >>>> We don't use '-bios' but '-drive file,if=pflash' and that's >>>> done once for the OVMF code and second time for the efivars >>>> storage. What's the guest XML and full command line of qemu >>>> being started? >>> >>> I was able to boot with this (once I removed -S, -spice, and >>> -netdev). After installing with -netdev user..., and applying >>> LockDown_ms, it boots normally from virsh/virt-manager. >>> >> >> So the generated command (from libvirt) works for you if there is >> no -S (of course) and -netdev (I guess because of the fd= we're >> passing)? Why did you remove '-spice'? >> >> If the only difference in this case really is libvirt, then we need >> to know why the machine shuts down. If neither the 'virsh >> domstate --reason <domain>' helps nor there is any information in >> the logs, then I suggest enabling debug logs and looking through >> those (both the domain log and libvirtd log). > >I removed -spice because I was ok with a basic console. > >I enabled libvirtd debug logging and got nothing useful out of it. >I'll try guest debugging next week >Just a note, if 'virsh domstate --reason <domain>' says 'shut off (crashed)', then that's not a libvirt problem, but probably qemu.
Apparently Analagous Threads
- Re: Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
- Re: Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
- Re: Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
- Re: Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected
- Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected