libvirt users - Aug 2015 - Re: Cannot boot libvirt guests with OVMF. Raw qemu-kvm works as expected

On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry
wrote:
>On 08/03/2015 10:47 PM, Martin Kletzander wrote:
>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote:
>>> On 08/03/2015 01:43 PM, Ryan Barry wrote:
>>>> Using:
>>>>
>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64
>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch
>>>>
>>>> On Fedora 22.
>>>>
>>>> Provisioning a i440FX system in virt-manager and attempting to
>>>> boot results in successful EFI initialization, but the VM
>>>> exits ungracefully after the bootloader (with F22 and CentOS 7
>>>> installer images). There's no really useful information in
any
>>>> of the logs.
>>>>
>>
>> I haven't tried EFI with 440fx, only with q35.  I haven't found
an
>>  option to enable EFI neither a secureboot anywhere in
>> virt-manager.
>
>q35 doesn't help here. secureboot is in the EFI config menus (press
><ESC> or <DEL> in the guest while booting, go look at the boot
>configuration, and you'll see secureboot options -- it's disabled by
>default and not able to be enabled until LockDown_ms is applied).
>
Oh, so that's what I misunderstood, sorry for that.
>What I don't understand is why this matters, since I was able to boot
>with basically the generated command (see below) from a console, but
>it's 100% reproducible.
>
>>
>>>> Using qemu-kvm directly (qemu-kvm -bios
>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G -cdrom
>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso) boots
>>>> and loads successfully.
>>>
>>
>> We don't use '-bios' but '-drive file,if=pflash'
and that's done
>> once for the OVMF code and second time for the efivars storage.
>> What's the guest XML and full command line of qemu being started?
>
>I was able to boot with this (once I removed -S, -spice, and -netdev).
>After installing with -netdev user..., and applying LockDown_ms, it
>boots normally from virsh/virt-manager.
>
So the generated command (from libvirt) works for you if there is no
-S (of course) and -netdev (I guess because of the fd= we're passing)?
Why did you remove '-spice'?

If the only difference in this case really is libvirt, then we need to
know why the machine shuts down.  If neither the 'virsh domstate
--reason <domain>' helps nor there is any information in the logs,
then I suggest enabling debug logs and looking through those (both the
domain log and libvirtd log).
>Also, I can mount an ISO and reinstall once secureboot is enabled.
>
>XML is at the bottom.
>
>LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
>QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S -machine
>pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX -drive
>file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on
>-drive
>file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1
>-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid
>ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults
>-chardev
>socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait
>-mon chardev=charmonitor,id=monitor,mode=control -rtc
>base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard
>-no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global
>PIIX4_PM.disable_s4=1 -boot strict=on -device
>ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device
>ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
>-device
>ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1
>-device
>ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2
>-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
>file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
>-device
>virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2
>-drive
>file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw
>-device
>ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
>-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25 -device
>virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3
>-chardev pty,id=charserial0 -device
>isa-serial,chardev=charserial0,id=serial0 -chardev
>socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait
>-device
>virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
>-chardev spicevmc,id=charchannel1,name=vdagent -device
>virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
>-device usb-tablet,id=input0 -spice
>port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
>-device
>qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2
>-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
>hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
>spicevmc,id=charredir0,name=usbredir -device
>usb-redir,chardev=charredir0,id=redir0 -chardev
>spicevmc,id=charredir1,name=usbredir -device
>usb-redir,chardev=charredir1,id=redir1 -device
>virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on
>
>
>>
>>> Just to update --
>>>
>>> This appears to be related to secureboot. Using a VM which has
>>> secure boot enabled is successful
>>>
>>>>
>>>> What's the difference here? Where can I go for
>>>> troubleshooting?
>>>>
>>>> libvirt XML is below:
>>>>
>>>> <domain type='kvm'>
<name>fedora22</name>
>>>> <uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid>
<memory
>>>> unit='KiB'>2097152</memory> <currentMemory
>>>> unit='KiB'>2097152</currentMemory> <vcpu
>>>> placement='static'>1</vcpu> <os>
<type arch='x86_64'
>>>> machine='pc-i440fx-2.3'>hvm</type> <loader
readonly='yes'
>>>>
type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
>>>>
>>>>
>>>>
>>>>
><nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram>
>>>> </os> <features> <acpi/> <apic/>
<pae/> </features> <cpu
>>>> mode='custom' match='exact'> <model
>>>> fallback='allow'>Haswell-noTSX</model>
</cpu> <clock
>>>> offset='utc'> <timer name='rtc'
tickpolicy='catchup'/> <timer
>>>> name='pit' tickpolicy='delay'/> <timer
name='hpet'
>>>> present='no'/> </clock>
<on_poweroff>destroy</on_poweroff>
>>>> <on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
>>>> <pm> <suspend-to-mem enabled='no'/>
<suspend-to-disk
>>>> enabled='no'/> </pm> <devices>
>>>> <emulator>/usr/bin/qemu-kvm</emulator> <disk
type='file'
>>>> device='disk'> <driver name='qemu'
type='qcow2'/> <source
>>>> file='/var/lib/libvirt/images/fedora22.qcow2'/>
<target
>>>> dev='vda' bus='virtio'/> <boot
order='1'/> <address type='pci'
>>>> domain='0x0000' bus='0x00' slot='0x07'
function='0x0'/> </disk>
>>>> <disk type='file' device='cdrom'>
<driver name='qemu'
>>>> type='raw'/> <source
>>>>
file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/>
>>>>
>>>>
>>>>
><target dev='hda' bus='ide'/>
>>>> <readonly/> <boot order='2'/> <address
type='drive'
>>>> controller='0' bus='0' target='0'
unit='0'/> </disk>
>>>> <controller type='usb' index='0'
model='ich9-ehci1'> <address
>>>> type='pci' domain='0x0000' bus='0x00'
slot='0x06'
>>>> function='0x7'/> </controller> <controller
type='usb'
>>>> index='0' model='ich9-uhci1'> <master
startport='0'/> <address
>>>> type='pci' domain='0x0000' bus='0x00'
slot='0x06'
>>>> function='0x0' multifunction='on'/>
</controller> <controller
>>>> type='usb' index='0'
model='ich9-uhci2'> <master
>>>> startport='2'/> <address type='pci'
domain='0x0000' bus='0x00'
>>>> slot='0x06' function='0x1'/>
</controller> <controller
>>>> type='usb' index='0'
model='ich9-uhci3'> <master
>>>> startport='4'/> <address type='pci'
domain='0x0000' bus='0x00'
>>>> slot='0x06' function='0x2'/>
</controller> <controller
>>>> type='pci' index='0'
model='pci-root'/> <controller type='ide'
>>>> index='0'> <address type='pci'
domain='0x0000' bus='0x00'
>>>> slot='0x01' function='0x1'/>
</controller> <controller
>>>> type='virtio-serial' index='0'> <address
type='pci'
>>>> domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
>>>> </controller> <interface type='network'>
<mac
>>>> address='52:54:00:35:b6:00'/> <source
network='default'/>
>>>> <model type='virtio'/> <address
type='pci' domain='0x0000'
>>>> bus='0x00' slot='0x03'
function='0x0'/> </interface> <serial
>>>> type='pty'> <target port='0'/>
</serial> <console type='pty'>
>>>> <target type='serial' port='0'/>
</console> <channel
>>>> type='unix'> <source mode='bind'
>>>>
path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/>
>>>>
>>>>
>>>>
>>>>
><target type='virtio' name='org.qemu.guest_agent.0'/>
>>>> <address type='virtio-serial' controller='0'
bus='0' port='1'/>
>>>> </channel> <channel type='spicevmc'>
<target type='virtio'
>>>> name='com.redhat.spice.0'/> <address
type='virtio-serial'
>>>> controller='0' bus='0' port='2'/>
</channel> <input
>>>> type='tablet' bus='usb'/> <input
type='mouse' bus='ps2'/>
>>>> <input type='keyboard' bus='ps2'/>
<graphics type='spice'
>>>> autoport='yes'> <image
compression='off'/> </graphics> <sound
>>>> model='ich6'> <address type='pci'
domain='0x0000' bus='0x00'
>>>> slot='0x04' function='0x0'/> </sound>
<video> <model type='qxl'
>>>> ram='65536' vram='65536' vgamem='16384'
heads='1'/> <address
>>>> type='pci' domain='0x0000' bus='0x00'
slot='0x02'
>>>> function='0x0'/> </video> <redirdev
bus='usb' type='spicevmc'>
>>>> </redirdev> <redirdev bus='usb'
type='spicevmc'> </redirdev>
>>>> <memballoon model='virtio'> <address
type='pci' domain='0x0000'
>>>> bus='0x00' slot='0x08'
function='0x0'/> </memballoon>
>>>> </devices> </domain>
>>>>
>>>
>>
>>> pub  rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry
>>> <rbarry@redhat.com> uid Ryan Barry <phresus@gmail.com>
sub
>>> rsa2048/9C33C113 2013-10-31
>>
>>> _______________________________________________ libvirt-users
>>> mailing list libvirt-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/libvirt-users
>

On 08/06/2015 08:08 AM, Martin Kletzander wrote:
> On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote:
>> On 08/03/2015 10:47 PM, Martin Kletzander wrote:
>>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote:
>>>> On 08/03/2015 01:43 PM, Ryan Barry wrote:
>>>>> Using:
>>>>> 
>>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64 
>>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch
>>>>> 
>>>>> On Fedora 22.
>>>>> 
>>>>> Provisioning a i440FX system in virt-manager and attempting
>>>>> to boot results in successful EFI initialization, but the
>>>>> VM exits ungracefully after the bootloader (with F22 and
>>>>> CentOS 7 installer images). There's no really useful
>>>>> information in any of the logs.
>>>>> 
>>> 
>>> I haven't tried EFI with 440fx, only with q35.  I haven't
found
>>> an option to enable EFI neither a secureboot anywhere in 
>>> virt-manager.
>> 
>> q35 doesn't help here. secureboot is in the EFI config menus
>> (press <ESC> or <DEL> in the guest while booting, go look
at the
>> boot configuration, and you'll see secureboot options -- it's
>> disabled by default and not able to be enabled until LockDown_ms
>> is applied).
>> 
> 
> Oh, so that's what I misunderstood, sorry for that.
> 
>> What I don't understand is why this matters, since I was able to
>> boot with basically the generated command (see below) from a
>> console, but it's 100% reproducible.
>> 
>>> 
>>>>> Using qemu-kvm directly (qemu-kvm -bios 
>>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m 1G
>>>>> -cdrom 
>>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso)
>>>>> boots and loads successfully.
>>>> 
>>> 
>>> We don't use '-bios' but '-drive
file,if=pflash' and that's
>>> done once for the OVMF code and second time for the efivars
>>> storage. What's the guest XML and full command line of qemu
>>> being started?
>> 
>> I was able to boot with this (once I removed -S, -spice, and
>> -netdev). After installing with -netdev user..., and applying
>> LockDown_ms, it boots normally from virsh/virt-manager.
>> 
> 
> So the generated command (from libvirt) works for you if there is
> no -S (of course) and -netdev (I guess because of the fd= we're
> passing)? Why did you remove '-spice'?
> 
> If the only difference in this case really is libvirt, then we need
> to know why the machine shuts down.  If neither the 'virsh
> domstate --reason <domain>' helps nor there is any information in
> the logs, then I suggest enabling debug logs and looking through
> those (both the domain log and libvirtd log).
I removed -spice because I was ok with a basic console.

I enabled libvirtd debug logging and got nothing useful out of it.
I'll try guest debugging next week
> 
>> Also, I can mount an ISO and reinstall once secureboot is
>> enabled.
>> 
>> XML is at the bottom.
>> 
>> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin 
>> QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name passthrough -S
>> -machine pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX
>> -drive 
>>
file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on
>>
>>
>> 
-drive
>>
file=/var/lib/libvirt/qemu/nvram/passthrough_VARS.fd,if=pflash,format=raw,unit=1
>>
>>
>> 
-m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1
-uuid
>> ffd15ea4-03dc-4e86-ae93-096e517055a8 -no-user-config -nodefaults 
>> -chardev 
>>
socket,id=charmonitor,path=/var/lib/libvirt/qemu/passthrough.monitor,server,nowait
>>
>>
>> 
-mon chardev=charmonitor,id=monitor,mode=control -rtc
>> base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard 
>> -no-hpet -no-reboot -global PIIX4_PM.disable_s3=1 -global 
>> PIIX4_PM.disable_s4=1 -boot strict=on -device 
>> ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 -device 
>>
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
>>
>>
>> 
-device
>> ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1
>>
>> 
-device
>> ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2
>>
>> 
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5
-drive
>>
file=/var/lib/libvirt/images/passthrough.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
>>
>>
>> 
-device
>>
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2
>>
>>
>> 
-drive
>>
file=/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw
>>
>>
>> 
-device
>> ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
>>
>> 
-netdev tap,fd=24,id=hostnet0,vhost=on,vhostfd=25
-device
>>
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e6:72:a4,bus=pci.0,addr=0x3
>>
>>
>> 
-chardev pty,id=charserial0 -device
>> isa-serial,chardev=charserial0,id=serial0 -chardev 
>>
socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/passthrough.org.qemu.guest_agent.0,server,nowait
>>
>>
>> 
-device
>>
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
>>
>>
>> 
-chardev spicevmc,id=charchannel1,name=vdagent -device
>>
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
>>
>>
>> 
-device usb-tablet,id=input0 -spice
>>
port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
>>
>>
>> 
-device
>>
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2
>>
>>
>> 
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
>> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev 
>> spicevmc,id=charredir0,name=usbredir -device 
>> usb-redir,chardev=charredir0,id=redir0 -chardev 
>> spicevmc,id=charredir1,name=usbredir -device 
>> usb-redir,chardev=charredir1,id=redir1 -device 
>> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg
>> timestamp=on
>> 
>> 
>>> 
>>>> Just to update --
>>>> 
>>>> This appears to be related to secureboot. Using a VM which
>>>> has secure boot enabled is successful
>>>> 
>>>>> 
>>>>> What's the difference here? Where can I go for 
>>>>> troubleshooting?
>>>>> 
>>>>> libvirt XML is below:
>>>>> 
>>>>> <domain type='kvm'>
<name>fedora22</name>
>>>>>
<uuid>7f363d28-881f-4240-97eb-9b8d49cfb282</uuid> <memory
>>>>> unit='KiB'>2097152</memory>
<currentMemory
>>>>> unit='KiB'>2097152</currentMemory>
<vcpu
>>>>> placement='static'>1</vcpu> <os>
<type arch='x86_64'
>>>>> machine='pc-i440fx-2.3'>hvm</type>
<loader readonly='yes'
>>>>>
type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>
>>>>> 
<nvram>/var/lib/libvirt/qemu/nvram/fedora22_VARS.fd</nvram>
>>>>> </os> <features> <acpi/> <apic/>
<pae/> </features> <cpu
>>>>> mode='custom' match='exact'> <model 
>>>>> fallback='allow'>Haswell-noTSX</model>
</cpu> <clock
>>>>> offset='utc'> <timer name='rtc'
tickpolicy='catchup'/>
>>>>> <timer name='pit'
tickpolicy='delay'/> <timer name='hpet'
>>>>> present='no'/> </clock>
<on_poweroff>destroy</on_poweroff>
>>>>> <on_reboot>restart</on_reboot>
>>>>> <on_crash>restart</on_crash> <pm>
<suspend-to-mem
>>>>> enabled='no'/> <suspend-to-disk
enabled='no'/> </pm>
>>>>> <devices>
<emulator>/usr/bin/qemu-kvm</emulator> <disk
>>>>> type='file' device='disk'> <driver
name='qemu'
>>>>> type='qcow2'/> <source 
>>>>> file='/var/lib/libvirt/images/fedora22.qcow2'/>
<target
>>>>> dev='vda' bus='virtio'/> <boot
order='1'/> <address
>>>>> type='pci' domain='0x0000'
bus='0x00' slot='0x07'
>>>>> function='0x0'/> </disk> <disk
type='file' device='cdrom'>
>>>>> <driver name='qemu' type='raw'/>
<source
>>>>>
file='/home/rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso'/>
>>>>>
>>>>>
>>>>>
>>
>>>>> 
<target dev='hda' bus='ide'/>
>>>>> <readonly/> <boot order='2'/>
<address type='drive'
>>>>> controller='0' bus='0' target='0'
unit='0'/> </disk>
>>>>> <controller type='usb' index='0'
model='ich9-ehci1'>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x06'
>>>>> function='0x7'/> </controller>
<controller type='usb'
>>>>> index='0' model='ich9-uhci1'> <master
startport='0'/>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x06'
>>>>> function='0x0' multifunction='on'/>
</controller>
>>>>> <controller type='usb' index='0'
model='ich9-uhci2'>
>>>>> <master startport='2'/> <address
type='pci' domain='0x0000'
>>>>> bus='0x00' slot='0x06'
function='0x1'/> </controller>
>>>>> <controller type='usb' index='0'
model='ich9-uhci3'>
>>>>> <master startport='4'/> <address
type='pci' domain='0x0000'
>>>>> bus='0x00' slot='0x06'
function='0x2'/> </controller>
>>>>> <controller type='pci' index='0'
model='pci-root'/>
>>>>> <controller type='ide' index='0'>
<address type='pci'
>>>>> domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
>>>>> </controller> <controller
type='virtio-serial' index='0'>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x05'
>>>>> function='0x0'/> </controller>
<interface type='network'>
>>>>> <mac address='52:54:00:35:b6:00'/> <source
>>>>> network='default'/> <model
type='virtio'/> <address
>>>>> type='pci' domain='0x0000'
bus='0x00' slot='0x03'
>>>>> function='0x0'/> </interface> <serial
type='pty'> <target
>>>>> port='0'/> </serial> <console
type='pty'> <target
>>>>> type='serial' port='0'/>
</console> <channel type='unix'>
>>>>> <source mode='bind' 
>>>>>
path='/var/lib/libvirt/qemu/channel/target/fedora22.org.qemu.guest_agent.0'/>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>
>>>>> 
<target type='virtio'
name='org.qemu.guest_agent.0'/>
>>>>> <address type='virtio-serial'
controller='0' bus='0'
>>>>> port='1'/> </channel> <channel
type='spicevmc'> <target
>>>>> type='virtio'
name='com.redhat.spice.0'/> <address
>>>>> type='virtio-serial' controller='0'
bus='0' port='2'/>
>>>>> </channel> <input type='tablet'
bus='usb'/> <input
>>>>> type='mouse' bus='ps2'/> <input
type='keyboard' bus='ps2'/>
>>>>> <graphics type='spice'
autoport='yes'> <image
>>>>> compression='off'/> </graphics> <sound
model='ich6'>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x04'
>>>>> function='0x0'/> </sound> <video>
<model type='qxl'
>>>>> ram='65536' vram='65536'
vgamem='16384' heads='1'/>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x02'
>>>>> function='0x0'/> </video> <redirdev
bus='usb'
>>>>> type='spicevmc'> </redirdev> <redirdev
bus='usb'
>>>>> type='spicevmc'> </redirdev>
<memballoon model='virtio'>
>>>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x08'
>>>>> function='0x0'/> </memballoon>
</devices> </domain>
>>>>> 
>>>> 
>>> 
>>>> pub  rsa2048/B6AA86F9 2013-10-31 uid Ryan Barry 
>>>> <rbarry@redhat.com> uid Ryan Barry
<phresus@gmail.com> sub
>>>> rsa2048/9C33C113 2013-10-31
>>> 
>>>> _______________________________________________
>>>> libvirt-users mailing list libvirt-users@redhat.com 
>>>> https://www.redhat.com/mailman/listinfo/libvirt-users
>>

On Thu, Aug 06, 2015 at 11:28:25AM -0700, Ryan Barry
wrote:
>On 08/06/2015 08:08 AM, Martin Kletzander wrote:
>> On Tue, Aug 04, 2015 at 07:11:29AM -0700, Ryan Barry wrote:
>>> On 08/03/2015 10:47 PM, Martin Kletzander wrote:
>>>> On Mon, Aug 03, 2015 at 03:39:30PM -0700, Ryan Barry wrote:
>>>>> On 08/03/2015 01:43 PM, Ryan Barry wrote:
>>>>>> Using:
>>>>>>
>>>>>> edk2.git-0-20150803.b1141.ga0973dc.x86_64
>>>>>> edk2.git-ovmf-x64-0-20150802.b1139.gb234418.noarch
>>>>>>
>>>>>> On Fedora 22.
>>>>>>
>>>>>> Provisioning a i440FX system in virt-manager and
attempting
>>>>>> to boot results in successful EFI initialization, but
the
>>>>>> VM exits ungracefully after the bootloader (with F22
and
>>>>>> CentOS 7 installer images). There's no really
useful
>>>>>> information in any of the logs.
>>>>>>
>>>>
>>>> I haven't tried EFI with 440fx, only with q35.  I
haven't found
>>>> an option to enable EFI neither a secureboot anywhere in
>>>> virt-manager.
>>>
>>> q35 doesn't help here. secureboot is in the EFI config menus
>>> (press <ESC> or <DEL> in the guest while booting, go
look at the
>>> boot configuration, and you'll see secureboot options --
it's
>>> disabled by default and not able to be enabled until LockDown_ms
>>> is applied).
>>>
>>
>> Oh, so that's what I misunderstood, sorry for that.
>>
>>> What I don't understand is why this matters, since I was able
to
>>> boot with basically the generated command (see below) from a
>>> console, but it's 100% reproducible.
>>>
>>>>
>>>>>> Using qemu-kvm directly (qemu-kvm -bios
>>>>>> /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd -m
1G
>>>>>> -cdrom
>>>>>> ~rbarry/Downloads/Fedora-Server-netinst-x86_64-22.iso)
>>>>>> boots and loads successfully.
>>>>>
>>>>
>>>> We don't use '-bios' but '-drive
file,if=pflash' and that's
>>>> done once for the OVMF code and second time for the efivars
>>>> storage. What's the guest XML and full command line of qemu
>>>> being started?
>>>
>>> I was able to boot with this (once I removed -S, -spice, and
>>> -netdev). After installing with -netdev user..., and applying
>>> LockDown_ms, it boots normally from virsh/virt-manager.
>>>
>>
>> So the generated command (from libvirt) works for you if there is
>> no -S (of course) and -netdev (I guess because of the fd= we're
>> passing)? Why did you remove '-spice'?
>>
>> If the only difference in this case really is libvirt, then we need
>> to know why the machine shuts down.  If neither the 'virsh
>> domstate --reason <domain>' helps nor there is any
information in
>> the logs, then I suggest enabling debug logs and looking through
>> those (both the domain log and libvirtd log).
>
>I removed -spice because I was ok with a basic console.
>
>I enabled libvirtd debug logging and got nothing useful out of it.
>I'll try guest debugging next week
>
Just a note, if 'virsh domstate --reason <domain>' says 'shut
off
(crashed)', then that's not a libvirt problem, but probably qemu.