Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VM: Rework firmware detection (from Incus) #14032

Merged
merged 16 commits into from
Sep 4, 2024
Merged

VM: Rework firmware detection (from Incus) #14032

merged 16 commits into from
Sep 4, 2024

Conversation

tomponline
Copy link
Member

@tomponline tomponline commented Sep 3, 2024
edited
Loading

Based on:

Plus adds support for Ubuntu 24.04 OVMF and seabios firmware locations, and maintains support for both LXD_QEMU_FW_PATH and LXD_OVMF_PATH environmental variables (accepting multiple search paths).

Also changes how apparmor profile is generated to only allow access to specific firmware file selected.

Tested with:

  • Outside of snap on Ubuntu 24.04 with OVMF and Seabios packages.
  • Inside the latest/edge snap, with OVMF and Seabios modes.
  • Upgrading from 5.0/stable snap with VM using 2MB OVMF FW switching to latest/edge with custom binary and check 4MB firmware is used.
  • Inside the latest/edge snap with debug OVMF firmware mode (with/without secureboot enabled).
  • Tested on s390x too.

@tomponline tomponline self-assigned this Sep 3, 2024
@tomponline tomponline force-pushed the tp-vm-firmwares branch 8 times, most recently from 619dbea to 0607828 Compare September 3, 2024 14:27
@tomponline tomponline changed the title Add support for ARMv8 to use AAVMF EFI firmware + Ubuntu 24.04 OVMF search paths (from Incus) Instance: Add support for ARMv8 to use AAVMF EFI firmware + Ubuntu 24.04 OVMF search paths (from Incus) Sep 3, 2024
dustins and others added 5 commits September 4, 2024 08:38
@dustins @tomponline
lxd/instance/drivers/edk2: Add new package to track EDK2 firmwares
78c1504 
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
(cherry picked from commit 6d04eb437b0f35ba0faca3e25b846cdbccf5d8ce)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@stgraber @tomponline
lxd/instance/drivers/edk2: Support OVMF filenames on arm64
63e6d37 
Quite a few environments use OVMF on arm64 rather than the more
technicaly correct AAVMF name.

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit cc33d436d193f12a38818482c050fafd1ecae04c)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@stgraber @tomponline
lxd/instance/drivers/edk2: Move seabios to /usr/share/qemu
6168f35 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit 5b093d06795e2c65cf5b4682b341237c1acd31d3)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@stgraber @tomponline
lxd/instance/drivers/edk2: Add ArchLinux x86_64 paths
b0499ef 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit 9072c73f9269113cc5ff46fd3014f6a291c59e54)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@stgraber @tomponline
lxd/instance/drivers/edk2: Fix CSM handling
d9afb30 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit 8e33c788fa48ffceaf5a4f91eeb9835141dd7862)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@tomponline tomponline force-pushed the tp-vm-firmwares branch 2 times, most recently from 16d0938 to 5a85fb6 Compare September 4, 2024 08:03
@tomponline tomponline changed the title Instance: Add support for ARMv8 to use AAVMF EFI firmware + Ubuntu 24.04 OVMF search paths (from Incus) VM: Rework firmware detection (from Incus) Sep 4, 2024
@tomponline tomponline force-pushed the tp-vm-firmwares branch 6 times, most recently from 15e99db to 8a086f4 Compare September 4, 2024 10:46
@tomponline tomponline marked this pull request as ready for review September 4, 2024 10:54
dkwo and others added 3 commits September 4, 2024 11:58
@dkwo @tomponline
lxd/instance/drivers/edk2: Add Void Linux x86_64 paths
fa5ce80 
Signed-off-by: dkwo <nicolopiazzalunga@gmail.com>
(cherry picked from commit cfbbe5d289ac5285b2a9880bd6f6cbb9041f8a4f)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@tomponline
lxd/instance/drivers/edk2: Rework to support both LXD_QEMU_FW_PATH an…
4341a6c 
…d LXD_OVMF_PATH

Supporting multiple search paths.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/instance/drivers/edk2: Add support for seabios in Ubuntu
f58e2df 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
dustins and others added 8 commits September 4, 2024 11:58
@dustins @tomponline
lxd/instance/drivers/qemu: Update to use the new edk2 package
61c78dd 
Modified to support boot.debug_edk2

Signed-off-by: Dustin Sweigart <dustins@swigg.net>
(cherry picked from commit 2546c56300c08aabb68278a483a0dfa696f99f61)
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
License: Apache-2.0
@tomponline
lxd/instance/drivers/driver/qemu: Log the VM UEFI firmware found in c…
abce75d 
…heckFeatures

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/instance/drivers/driver/qemu: Improve error in checkFeatures
0dafab0 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/util/sys: Removes unused GetQemuFwPaths function
a4e131e 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/instance/instance/interface: Add FirmwarePath to VM interface
3a86dda 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/instance/drivers/driver/qemu: Add firmware path concept and set i…
797ea06 
…t during generateQemuConfigFile

Allows access to start time firmware path for apparmor profile generation.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/apparmor/instance: Update instanceProfile to use start time firmw…
9a40488 
…are path

Rather than allowing access to all potential firmware directories.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline
lxd/instance/drivers/edk2: Removes unused GetArchitectureInstallation…
7bdeb9b 
…s function

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline tomponline merged commit d87d604 into canonical:main Sep 4, 2024
29 checks passed
@tomponline tomponline deleted the tp-vm-firmwares branch September 4, 2024 14:34
tomponline added a commit that referenced this pull request Sep 6, 2024
@tomponline
VM: Firmware detection fixes (from Incus) (#14050)
be65fe0 
Based on:

- lxc/incus#1187
- lxc/incus#1193

Follows on from #14032

Also improves the removal of old firmware vars files by not checking the
if the associated firmwares exist on the host and not trying to remove
the same files multiple times.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihalicyn mihalicyn mihalicyn approved these changes

Assignees

@tomponline tomponline

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tomponline @mihalicyn @dustins @stgraber @dkwo