qemu: Filter firmware images by type

If the configuration explicitly requests a specific type of firmware image, be it pflash or ROM, we should ignore all images that are not of that type. If no specific type has been requested, of course, any type is considered a match and the selection will be based upon the other attributes. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-09-19 14:10:58 +00:00 · 2024-07-05 17:30:27 +02:00 · 2024-07-05 17:30:27 +02:00 · f13b3f8098
commit f13b3f8098
parent b14c97e007
5 changed files with 15 additions and 40 deletions
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@ -1280,6 +1280,12 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
    if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_FLASH) {
        const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;

+        if (loader && loader->type &&
+            loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+            VIR_DEBUG("Discarding flash loader");
+            return false;
+        }
+
        if (loader && loader->stateless == VIR_TRISTATE_BOOL_YES) {
            if (flash->mode != QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
                VIR_DEBUG("Discarding loader without stateless flash");
@ -1327,6 +1333,12 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
                return false;
            }
        }
+    } else if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_MEMORY) {
+        if (loader && loader->type &&
+            loader->type != VIR_DOMAIN_LOADER_TYPE_ROM) {
+            VIR_DEBUG("Discarding rom loader");
+            return false;
+        }
    }

    if (def->sec) {
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.args
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.args
@ -1,34 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/var/lib/libvirt/qemu/domain--1-guest \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-/usr/bin/qemu-system-x86_64 \
-name guest=guest,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
-accel kvm \
-cpu qemu64 \
-bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
-audiodev '{"id":"audio1","driver":"none"}' \
-global ICH9-LPC.noreboot=off \
-watchdog-action reset \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.err
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.err
@ -0,0 +1 @@
+operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
--- a/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-rw-pflash.x86_64-latest.xml
@ -6,11 +6,7 @@
  <vcpu placement='static'>1</vcpu>
  <os firmware='efi'>
    <type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
-    <firmware>
-      <feature enabled='yes' name='enrolled-keys'/>
-      <feature enabled='yes' name='secure-boot'/>
-    </firmware>
-    <loader readonly='no' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
+    <loader readonly='no' type='pflash'/>
    <boot dev='hd'/>
  </os>
  <features>
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@ -1423,7 +1423,7 @@ mymain(void)
    DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
    DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
    DO_TEST_CAPS_LATEST("firmware-auto-efi-rw");
-    DO_TEST_CAPS_LATEST("firmware-auto-efi-rw-pflash");
+    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw-pflash");
    DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
    DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-loader-secure");
    DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-insecure");
				`@ -0,0 +1 @@`
				`operation failed: Unable to find 'efi' firmware that is compatible with the current configuration`