FS#75025 - [edk2-ovmf] [qemu] [linux] (Secure Boot) OVMF with -D SMM_REQUIRED triggers kvm error
Attached to Project:
Arch Linux
Opened by Tom Yan (tom.ty89) - Saturday, 11 June 2022, 01:46 GMT
Last edited by Toolybird (Toolybird) - Monday, 11 July 2022, 08:18 GMT
Opened by Tom Yan (tom.ty89) - Saturday, 11 June 2022, 01:46 GMT
Last edited by Toolybird (Toolybird) - Monday, 11 July 2022, 08:18 GMT
|
Details
Description:
Recently I have been trying to set up a SB-enabled VM and realize that it will simply stuck at "Guest has not initialized the display yet" if I used the SB-built of OVMF. If I use -M q35 (without adding ,smm=off to it) I get the following kvm error as well: KVM internal error. Suberror: 1 extra data[0]: 0x0000000000000000 extra data[1]: 0x0000000000000030 extra data[2]: 0x0000000000000184 extra data[3]: 0x0000000000000000 extra data[4]: 0x0000000000000000 extra data[5]: 0x0000000000000000 emulation failure RAX=0000000000000000 RBX=ffffffffffffffff RCX=0000000000000000 RDX=0000000000000000 RSI=00000000068ec798 RDI=0000000006f495f0 RBP=0000000006f31ea0 RSP=0000000006f31e18 R8 =0000000000000000 R9 =0000000003041001 R10=000000000000003a R11=0000000006f47e98 R12=0000000006f31e98 R13=0000000000000001 R14=000000008000f880 R15=000000008000f840 RIP=00000000000a0000 RFL=00010246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0038 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy GDT= 00000000069e2000 00000047 IDT= 00000000065b7018 00000fff CR0=80010033 CR2=0000000000000000 CR3=0000000006c01000 CR4=00000668 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d00 Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 I waited until the edk2 packages here are bumped to 202205 (and tested again) before filing this. Then I took a look at the json and did some research. Apparently something called SMM is more or less needed by and hence enabled together with SB. Eventually I tried a build with `-D SMM_REQUIRED` removed from the PKGBUILD (at "smm_required" removed from the json, not sure if that even matters at all). Now I can boot through and see Secure Boot menu item in OVMF's UEFI settings (although apparently I need a VARS with the Microsoft ca/db/whatsoever to get it actually working). I'm filing this here downstream as I have no idea if it's a bug / regression on any of the upstreams or if some build option/flag is missing in our qemu / kernel. Also perhaps we should at least build without `-D SMM_REQUIRED` for now? I've filed a bug report on OVMF's upstream as well anyway: https://bugzilla.tianocore.org/show_bug.cgi?id=3947 Additional info: * package version(s) edk2-ovmf 202205, linux 5.18.3, qemu 7.0.0 * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: qemu-system-x86_64 -enable-kvm -M q35 --bios path/to/the/right/dot/fd |
This task depends upon
perhaps those options will help you.
"a pflash-backed variable store is a requirement"
I agree this is not a packaging issue.
[1] https://github.com/tianocore/edk2/blob/master/OvmfPkg/README