You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Piotr Pisz <pi...@piszki.pl> on 2022/01/05 10:08:15 UTC
RE: UEFI on KVM silently becomes BIOS mode
Hello,
Does anyone know a workaround for this problem?
This error prevents any VM from booting from UEFI, this is a serious problem.
I have a lot of VMs converted from vSphere, all from UEFI, I can't imagine that none of them will be bootable! :-(
Regards,
Piotr
From: Pieter Harvey <pi...@icloud.com.INVALID>
Sent: Monday, December 20, 2021 10:06 AM
To: users@cloudstack.apache.org
Subject: Re: UEFI on KVM silently becomes BIOS mode
Got it, okay will continue other testing while 4.16.1 is in the works.
Thank you
On 20 Dec 2021, at 8:13, Piotr Pisz <piotr@piszki.pl <ma...@piszki.pl> > wrote:
Hey,
I just wanted to write this, Pieter you are right, in 4.16 it doesn't work properly, old UEFI VMs work as is but new ones don't start up properly.
Regards,
Piotr
-----Original Message-----
From: Slavka Peleva <slavkap@storpool.com.INVALID <ma...@storpool.com.INVALID> >
Sent: Monday, December 20, 2021 9:03 AM
To: users@cloudstack.apache.org <ma...@cloudstack.apache.org>
Subject: Re: UEFI on KVM silently becomes BIOS mode
Hi Pieter,
This is a known issue in 4.16 with the missing loader tag in the XML definition. There is a fix that will get in the 4.16.1.0 release -
https://github.com/apache/cloudstack/pull/5692
Best regards,
Slavka
<https://github.com/apache/cloudstack/pull/5692>
On Sat, Dec 18, 2021 at 3:15 PM Piotr Pisz <piotr@piszki.pl <ma...@piszki.pl> > wrote:
Hi Pieter,
I run it in CentOS 8:
Cloudstack:
<name>i-4-46-VM</name>
<uuid>e9c33f2d-7237-4cc1-b466-5d85a04ed549</uuid>
<description>Other PV Virtio-SCSI (64-bit)</description>
<cpu mode='host-model'><model fallback='allow'></model><feature
policy='require' name='vmx'/><feature policy='require'
name='vme'/><feature policy='require' name='smx'/></cpu><sysinfo
type='smbios'>
<system>
<entry name='manufacturer'>Apache Software Foundation</entry>
<entry name='product'>CloudStack KVM Hypervisor</entry>
<entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='q35'>hvm</type>
<nvram
template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvr
am/e9c33f2d-7237-4cc1-b466-5d85a04ed549.fd</nvram><boot
dev='cdrom'/>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
Virsh dump:
<sysinfo type='smbios'>
<system>
<entry name='manufacturer'>Apache Software Foundation</entry>
<entry name='product'>CloudStack KVM Hypervisor</entry>
<entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry>
</system>
</sysinfo>
<os>
<type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
Regards,
Piotr
From: Pieter Harvey <pieter.harvey@icloud.com.INVALID <ma...@icloud.com.INVALID> >
Sent: Friday, December 17, 2021 5:46 PM
To: Pieter Harvey <pieter.harvey@icloud.com <ma...@icloud.com> >
Cc: "users@cloudstack.apache.org <ma...@cloudstack.apache.org> " <users@cloudstack.apache.org <ma...@cloudstack.apache.org> >
Subject: Re: UEFI on KVM silently becomes BIOS mode
Hi Piotr,
Is there any way to get this debug info (or xml dump) from CloudStack,
what it is creating versus what ends up in virsh?
I think I have configured everything correctly
1. cloudstack uefi enabled in database for host (host.uefi.enable)
2. host agent has uefi.properties with all paths configured (snippet
below based Ubuntu 20.04.3)
3. instance is configured for UEFI (tried both legacy and secure boot)
uefi.properties
==========
guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd
guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd
guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd
guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
sudo ls -lh /usr/share/OVMF/
====================
-rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.fd
lrwxrwxrwx 1 root root 20 Sep 20 13:11 OVMF_CODE.ms.fd ->
OVMF_CODE.secboot.fd
-rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.secboot.fd
-rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.fd
-rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.ms.fd
-rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.snakeoil.fd
syslog
=====
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) uefi.properties file found at
/etc/cloudstack/agent/uefi.properties
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) guest.nvram.template.legacy = /usr/share/OVMF/OVMF_VARS.fd
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) guest.loader.legacy = /usr/share/OVMF/OVMF_CODE.fd
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) guest.nvram.template.secure = /usr/share/OVMF/OVMF_VARS.fd
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) guest.loader.secure =/usr/share/OVMF/OVMF_CODE.secboot.fd
java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
(logid:) guest.nvram.path = /var/lib/libvirt/qemu/nvram/
-
Pieter
On 17 Dec 2021, at 16:15, Piotr Pisz <piotr@piszki.pl <mailto:
piotr@piszki.pl <ma...@piszki.pl> > > wrote:
Hi Pieter,
I have just checked, everything works as expected, maybe you have
something wrongly configured, check according to this:
https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/
Regards,
Piotr
From: Pieter Harvey <pieter.harvey@icloud.com.INVALID <mailto:
pieter.harvey@icloud.com.INVALID <ma...@icloud.com.INVALID> > >
Sent: Friday, December 17, 2021 4:11 PM
To: "users@cloudstack.apache.org <ma...@cloudstack.apache.org>
" < users@cloudstack.apache.org <ma...@cloudstack.apache.org> <ma...@cloudstack.apache.org> >
Subject: UEFI on KVM silently becomes BIOS mode
Hello,
Maybe it's something wrong with CloudStack, maybe it's my brain but I
have an issue regarding UEFI on CloudStack (4.16) + KVM (Ubuntu 20.04)
1. CloudStack Compute node is running, and can boot machines
configured as UEFI in the GUI (secure or legacy).
2. When the machine is booted, I check the virsh xml config on the
host and noticed that the machine is still in BIOS mode, even though
CloudStack "thinks" it has deployed a fresh UEFI enabled instance.
I have configured uefi.properties on the agent and the host is UEFI
enabled in CloudStack but this is the config snippet of a deployed
machine
<os>
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
However what I am expecting to see is:
<os firmware="efi">
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<loader secure="yes"/>
<boot dev='cdrom'/>
<boot dev='hd'/>
<smbios mode='sysinfo'/>
</os>
So CloudStack has changed the default machine type from 440fx to q35
but no mention of UEFI or secureboot options in the output XML.
Any tips to get UEFI and possibly secure boot fully working?
-
Pieter
Re: UEFI on KVM silently becomes BIOS mode
Posted by "Vash_X@gmx.de" <Va...@gmx.de>.
Hi Piotr,
sadly i don't have a solution for your problem at the moment.
My suggestion is at least to open a issue at github. The last issues
mentioning anything UEFI-related are nearly 18 months old.
Am Mi., 5. Jan. 2022 um 11:08 Uhr schrieb Piotr Pisz <pi...@piszki.pl>:
> Hello,
>
>
>
> Does anyone know a workaround for this problem?
>
> This error prevents any VM from booting from UEFI, this is a serious
> problem.
>
> I have a lot of VMs converted from vSphere, all from UEFI, I can't imagine
> that none of them will be bootable! :-(
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
> From: Pieter Harvey <pi...@icloud.com.INVALID>
> Sent: Monday, December 20, 2021 10:06 AM
> To: users@cloudstack.apache.org
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
> Got it, okay will continue other testing while 4.16.1 is in the works.
>
>
>
> Thank you
>
>
>
> On 20 Dec 2021, at 8:13, Piotr Pisz <piotr@piszki.pl <mailto:
> piotr@piszki.pl> > wrote:
>
>
>
>
>
> Hey,
>
>
>
> I just wanted to write this, Pieter you are right, in 4.16 it doesn't work
> properly, old UEFI VMs work as is but new ones don't start up properly.
>
>
>
> Regards,
>
> Piotr
>
>
>
>
>
> -----Original Message-----
>
> From: Slavka Peleva <slavkap@storpool.com.INVALID <mailto:
> slavkap@storpool.com.INVALID> >
>
> Sent: Monday, December 20, 2021 9:03 AM
>
> To: users@cloudstack.apache.org <ma...@cloudstack.apache.org>
>
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
> Hi Pieter,
>
>
>
> This is a known issue in 4.16 with the missing loader tag in the XML
> definition. There is a fix that will get in the 4.16.1.0 release -
>
> https://github.com/apache/cloudstack/pull/5692
>
>
>
> Best regards,
>
> Slavka
>
> <https://github.com/apache/cloudstack/pull/5692>
>
>
>
> On Sat, Dec 18, 2021 at 3:15 PM Piotr Pisz <piotr@piszki.pl <mailto:
> piotr@piszki.pl> > wrote:
>
>
>
> Hi Pieter,
>
>
>
>
>
>
>
> I run it in CentOS 8:
>
>
>
>
>
>
>
> Cloudstack:
>
>
>
>
>
>
>
> <name>i-4-46-VM</name>
>
>
>
> <uuid>e9c33f2d-7237-4cc1-b466-5d85a04ed549</uuid>
>
>
>
> <description>Other PV Virtio-SCSI (64-bit)</description>
>
>
>
> <cpu mode='host-model'><model fallback='allow'></model><feature
>
> policy='require' name='vmx'/><feature policy='require'
>
> name='vme'/><feature policy='require' name='smx'/></cpu><sysinfo
>
> type='smbios'>
>
>
>
> <system>
>
>
>
> <entry name='manufacturer'>Apache Software Foundation</entry>
>
>
>
> <entry name='product'>CloudStack KVM Hypervisor</entry>
>
>
>
> <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry>
>
>
>
> </system>
>
>
>
> </sysinfo>
>
>
>
> <os>
>
>
>
> <type arch='x86_64' machine='q35'>hvm</type>
>
>
>
> <nvram
>
> template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvr
>
> am/e9c33f2d-7237-4cc1-b466-5d85a04ed549.fd</nvram><boot
>
> dev='cdrom'/>
>
>
>
> <boot dev='hd'/>
>
>
>
> <smbios mode='sysinfo'/>
>
>
>
> </os>
>
>
>
>
>
>
>
> Virsh dump:
>
>
>
>
>
>
>
> <sysinfo type='smbios'>
>
>
>
> <system>
>
>
>
> <entry name='manufacturer'>Apache Software Foundation</entry>
>
>
>
> <entry name='product'>CloudStack KVM Hypervisor</entry>
>
>
>
> <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry>
>
>
>
> </system>
>
>
>
> </sysinfo>
>
>
>
> <os>
>
>
>
> <type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type>
>
>
>
> <boot dev='cdrom'/>
>
>
>
> <boot dev='hd'/>
>
>
>
> <smbios mode='sysinfo'/>
>
>
>
> </os>
>
>
>
>
>
>
>
> Regards,
>
>
>
> Piotr
>
>
>
>
>
>
>
>
>
>
>
> From: Pieter Harvey <pieter.harvey@icloud.com.INVALID <mailto:
> pieter.harvey@icloud.com.INVALID> >
>
> Sent: Friday, December 17, 2021 5:46 PM
>
> To: Pieter Harvey <pieter.harvey@icloud.com <mailto:
> pieter.harvey@icloud.com> >
>
> Cc: "users@cloudstack.apache.org <ma...@cloudstack.apache.org> " <
> users@cloudstack.apache.org <ma...@cloudstack.apache.org> >
>
> Subject: Re: UEFI on KVM silently becomes BIOS mode
>
>
>
>
>
>
>
> Hi Piotr,
>
>
>
>
>
>
>
> Is there any way to get this debug info (or xml dump) from CloudStack,
>
> what it is creating versus what ends up in virsh?
>
>
>
>
>
>
>
> I think I have configured everything correctly
>
>
>
> 1. cloudstack uefi enabled in database for host (host.uefi.enable)
>
>
>
> 2. host agent has uefi.properties with all paths configured (snippet
>
> below based Ubuntu 20.04.3)
>
>
>
> 3. instance is configured for UEFI (tried both legacy and secure boot)
>
>
>
>
>
>
>
> uefi.properties
>
>
>
> ==========
>
>
>
> guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd
>
>
>
> guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd
>
>
>
> guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd
>
>
>
> guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd
>
>
>
> guest.nvram.path=/var/lib/libvirt/qemu/nvram/
>
>
>
>
>
>
>
> sudo ls -lh /usr/share/OVMF/
>
>
>
> ====================
>
>
>
> -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.fd
>
>
>
> lrwxrwxrwx 1 root root 20 Sep 20 13:11 OVMF_CODE.ms.fd ->
>
> OVMF_CODE.secboot.fd
>
>
>
> -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.secboot.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.ms.fd
>
>
>
> -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.snakeoil.fd
>
>
>
>
>
>
>
> syslog
>
>
>
> =====
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) uefi.properties file found at
>
> /etc/cloudstack/agent/uefi.properties
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.nvram.template.legacy = /usr/share/OVMF/OVMF_VARS.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.loader.legacy = /usr/share/OVMF/OVMF_CODE.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.nvram.template.secure = /usr/share/OVMF/OVMF_VARS.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.loader.secure =/usr/share/OVMF/OVMF_CODE.secboot.fd
>
>
>
> java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:)
>
> (logid:) guest.nvram.path = /var/lib/libvirt/qemu/nvram/
>
>
>
>
>
>
>
>
>
>
>
> -
>
>
>
> Pieter
>
>
>
>
>
>
>
> On 17 Dec 2021, at 16:15, Piotr Pisz <piotr@piszki.pl <mailto:
>
> piotr@piszki.pl <ma...@piszki.pl> > > wrote:
>
>
>
>
>
>
>
>
>
>
>
> Hi Pieter,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> I have just checked, everything works as expected, maybe you have
>
> something wrongly configured, check according to this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Regards,
>
>
>
>
>
>
>
> Piotr
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> From: Pieter Harvey <pieter.harvey@icloud.com.INVALID <mailto:
>
> pieter.harvey@icloud.com.INVALID <ma...@icloud.com.INVALID>
> > >
>
>
>
> Sent: Friday, December 17, 2021 4:11 PM
>
>
>
> To: "users@cloudstack.apache.org <ma...@cloudstack.apache.org>
>
> " < users@cloudstack.apache.org <ma...@cloudstack.apache.org>
> <ma...@cloudstack.apache.org> >
>
>
>
> Subject: UEFI on KVM silently becomes BIOS mode
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hello,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Maybe it's something wrong with CloudStack, maybe it's my brain but I
>
> have an issue regarding UEFI on CloudStack (4.16) + KVM (Ubuntu 20.04)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 1. CloudStack Compute node is running, and can boot machines
>
> configured as UEFI in the GUI (secure or legacy).
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2. When the machine is booted, I check the virsh xml config on the
>
> host and noticed that the machine is still in BIOS mode, even though
>
> CloudStack "thinks" it has deployed a fresh UEFI enabled instance.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> I have configured uefi.properties on the agent and the host is UEFI
>
> enabled in CloudStack but this is the config snippet of a deployed
>
> machine
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> <os>
>
>
>
>
>
>
>
> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
>
>
>
>
>
>
>
> <boot dev='cdrom'/>
>
>
>
>
>
>
>
> <boot dev='hd'/>
>
>
>
>
>
>
>
> <smbios mode='sysinfo'/>
>
>
>
>
>
>
>
> </os>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> However what I am expecting to see is:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> <os firmware="efi">
>
>
>
>
>
>
>
> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
>
>
>
>
>
>
>
> <loader secure="yes"/>
>
>
>
>
>
>
>
> <boot dev='cdrom'/>
>
>
>
>
>
>
>
> <boot dev='hd'/>
>
>
>
>
>
>
>
> <smbios mode='sysinfo'/>
>
>
>
>
>
>
>
> </os>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> So CloudStack has changed the default machine type from 440fx to q35
>
> but no mention of UEFI or secureboot options in the output XML.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Any tips to get UEFI and possibly secure boot fully working?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> -
>
>
>
>
>
>
>
> Pieter
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>