Add support for ARMv8 to use AAVMF EFI firmware #880
Conversation
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
dustins
changed the title
doc/environment.md
Outdated
| @@ -36,7 +36,7 @@ Name | Description | |||
| `INCUS_EXEC_PATH` | Full path to the Incus binary (used when forking subcommands) | |||
| `INCUS_IDMAPPED_MOUNTS_DISABLE` | Disable idmapped mounts support (useful when testing traditional UID shifting) | |||
| `INCUS_LXC_TEMPLATE_CONFIG` | Path to the LXC template configuration directory | |||
| `INCUS_OVMF_PATH` | Path to an OVMF build including `OVMF_CODE.fd` and `OVMF_VARS.ms.fd` | |||
| `INCUS_EFI_PATH` | Path to EFI firmware build including `*_CODE.fd` and `*_VARS.fd` | |||
There was a problem hiding this comment.
I'd probably use INCUS_EDK2_PATH instead to be a bit more specific about what we're using.
There was a problem hiding this comment.
Based on your other comment about the ed2k driver would prefer edk2 be used throughout the code instead of the more generic efi?
There was a problem hiding this comment.
Yeah, I think so, especially as EFI is misleading anyway given that what we're using today is UEFI, not the old EFI (which I had to deal with a long time ago ;)).
| ```{note} | ||
| On ARM64 CPUs you need to install AAVMF instead of OVMF for UEFI to work with virtual machines. | ||
| ``` | ||
|
|
There was a problem hiding this comment.
I don't think we should need that.
Instead we should just remove all that symlink stuff and make sure that the logic in the code knows to look into /usr/share/qemu too in this case.
| @@ -114,40 +114,60 @@ const qemuBlockDevIDPrefix = "incus_" | |||
| // qemuMigrationNBDExportName is the name of the disk device export by the migration NBD server. | |||
| const qemuMigrationNBDExportName = "incus_root" | |||
|
|
|||
| // OVMF firmwares. | |||
| type ovmfFirmware struct { | |||
| // EFI firmwares. | |||
There was a problem hiding this comment.
The rework here looks good, but I think we should make a new internal/server/instance/drivers/edk2 package which would contain those definitions and possibly some functions to access it.
That would then make it easy to consume from the apparmor package too so we don't need to keep duplicating logic between the two.
There was a problem hiding this comment.
I like that. Thanks for the feedback. I'll give it a go and push some new commits.
|
@dustins have you had any luck with this one? |
|
Yes, I actually am almost done just wanted to test on x86 and ARM64 before pushing. Sorry for the long delay! I think I can test tonight and then push up the changes for you to review. |
|
Sounds good. We're releasing 6.2 today so that will most likely miss that release by a hair but it will be in 6.3 for sure. |
- no longer needing to symlink directories in SUSE - EDK2 installation override environemtn variable now INCUS_EDK2_PATH
|
I still have to test this on arm64/x86_64 to check that this all still works. |
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
Signed-off-by: Dustin Sweigart <dustins@swigg.net>
|
Ok I tested this on my x86_64/arm64 boxes and I was able to launch VMs with and without secure boot. |
| @@ -1,4 +1,5 @@ | |||
| AAAA | |||
| AAVMF | |||
There was a problem hiding this comment.
The file also needs to have EDK2 added to it.
| @@ -0,0 +1,141 @@ | |||
| package edk2 | |||
There was a problem hiding this comment.
This commit is missing the Signed-off-by line
| @@ -40,7 +40,7 @@ import ( | |||
| "google.golang.org/protobuf/proto" | |||
There was a problem hiding this comment.
This commit is missing the Signed-off-by line
| @@ -7,6 +7,7 @@ import ( | |||
| "strings" | |||
There was a problem hiding this comment.
This commit is missing the Signed-off-by line
| @@ -36,7 +36,7 @@ Name | Description | |||
| `INCUS_EXEC_PATH` | Full path to the Incus binary (used when forking subcommands) | |||
There was a problem hiding this comment.
This commit is missing the Signed-off-by line
There was a problem hiding this comment.
What's the correct way for me to resolve the commits without the Signed-off-by line?
| "github.com/lxc/incus/v6/client" | ||
| incus "github.com/lxc/incus/v6/client" |
There was a problem hiding this comment.
Needless change caused by goimports.
|
Looking good, just a few changes needed to get the tests to be happy! |
I discovered I wasn't able to run VMs on my RK3588 (ARM64). Although ARM64 supports UEFI it wasn't able to find appropriate
*.fdfiles because it is assumed every architecture was using OVMF. On ARM64 it should be using AAVMF as far as I can tell.This PR adds support for using AAVMF on ARMv8 architectures and updates the documentation to reflect the code changes.
I've tested creating VMs with these changes on my ARM64 and x86_64 machines but don't have many devices to test against.