From da0caef5f90582687fe8b92a2b19e582413cbb39 Mon Sep 17 00:00:00 2001 From: Lukas Greve Date: Sun, 9 Nov 2025 12:01:19 +0100 Subject: [PATCH] add information related to different UEFI firmware --- virt/vm/firmware.md | 48 ++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/virt/vm/firmware.md b/virt/vm/firmware.md index 3cc0efc..02795c0 100644 --- a/virt/vm/firmware.md +++ b/virt/vm/firmware.md @@ -22,36 +22,36 @@ Virtual devices, including virtual chipsets, are shipping alongside platform fir It is based on the [TianoCore](https://www.tianocore.org/) project, which provides an open-source implementation of a platform firmware that follows UEFI specifications. -It is the default method to boot UEFI-based operating systems in a virtual machine. +It is the default method to boot UEFI-based operating systems in a virtual machine, and ddoes not support Compatibility Support Module (CSM). A virtual machine booting x86 BIOS won't be able to boot with OVMF. Under Fedora-based systems such as Phyllome, firmware that can be used by virtual machines are stored in the following directory `/usr/share/edk2/ovmf` -| Name | Feature | -| :-- | --: | -| OVMF_CODE.fd | | -| OVMF_VARS.fd | | -| OVMF_CODE_4M.qcow2 | | -| OVMF_VARS_4M.qcow2 | | -| OVMF_CODE_4M.secboot.pcrlock | | -| OVMF_CODE_4M.secboot.qcow2 | | -| OVMF_VARS_4M.secboot.qcow2 | | -| OVMF_CODE.cc.fd | | -| OVMF_CODE.secboot.fd | | -| OVMF_CODE.secboot.pcrlock | | -| OVMF_VARS.secboot.fd | | -| OVMF.igvm | | -| OVMF.qemuvars.fd | | -| OVMF.stateless.fd | | -| OVMF.stateless.secboot.fd | | -| OVMF.stateless.secboot.pcrlock | | -| OVMF.amdsev.fd | | -| OVMF.inteltdx.fd | | -| OVMF.inteltdx.secboot.fd | | - -## MicroVM +| Name | Description | +| :-- | :--: | +| OVMF_CODE.fd | 2MB default OVMF firmware. Used by default | +| OVMF_VARS.fd | Variables store | +| OVMF_CODE.secboot.fd | 2MB firmware with secure boot enabled | +| OVMF_VARS.secboot.fd | Firmware variables with secure boot enabled | +| OVMF_CODE.secboot.pcrlock | Firmware with secure boot and [PCR locking](https://www.freedesktop.org/software/systemd/man/257/systemd-pcrlock.html) | +| OVMF_CODE_4M.qcow2 | 4MB firmware in qcow2 format for virtualization | +| OVMF_VARS_4M.qcow2 | 4MB variable store in qcow2 format for virtualization | +| OVMF_CODE_4M.secboot.pcrlock | 4MB firmware with secure boot and PCR locking | +| OVMF_CODE_4M.secboot.qcow2 | 4MB firmware with secure boot in qcow2 format | +| OVMF_VARS_4M.secboot.qcow2 | 4MB variable store with secure boot in qcow2 format | +| OVMF_CODE.cc.fd | Firmware code with confidential computing support | +| OVMF.qemuvars.fd | QEMU-specific firmware variables | +| OVMF.stateless.fd | Stateless firmware without persistent storage | +| OVMF.stateless.secboot.fd | Stateless firmware with secure boot | +| OVMF.stateless.secboot.pcrlock | Stateless firmware with secure boot and PCR locking | +| OVMF.amdsev.fd | [AMD SEV](https://docs.kernel.org/virt/kvm/x86/amd-memory-encryption.html) (Secure Encrypted Virtualization) support. Allow the memory contents of a VM to be transparently encrypted with a key unique to that VM | +| OVMF.igvm | Firmware with [IGVM loader](https://github.com/roy-hopkins/buildigvm). To be used alongside SEV platforms | +| OVMF.inteltdx.fd | [Intel Trust Domain Extensions](https://en.wikipedia.org/wiki/Trust_Domain_Extensions) (TDX) support | +| OVMF.inteltdx.secboot.fd | TDX with secure boot support | +### Resources : +- [OVMF 2015 whitepaper](https://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt) ## Rust Hypervisor Firmware