From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 74FAA1FF17C
for <inbox@lore.proxmox.com>; Wed, 25 Jun 2025 17:59:39 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id E4ACD1967D;
Wed, 25 Jun 2025 17:58:27 +0200 (CEST)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 25 Jun 2025 17:56:26 +0200
Message-ID: <20250625155751.268047-4-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250625155751.268047-1-f.ebner@proxmox.com>
References: <20250625155751.268047-1-f.ebner@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.032 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [ovmf.pm]
Subject: [pve-devel] [PATCH qemu-server 03/31] ovmf: add support for using
blockdev
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Co-developed-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
Changes since previous series:
* use read-only flag for OVMF code
* collect some parameters into $hw_info hash, avoid querying AMD-SEV
type inside the OVMF module
src/PVE/QemuServer/OVMF.pm | 55 ++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/src/PVE/QemuServer/OVMF.pm b/src/PVE/QemuServer/OVMF.pm
index 66da21ce..ae2f6fab 100644
--- a/src/PVE/QemuServer/OVMF.pm
+++ b/src/PVE/QemuServer/OVMF.pm
@@ -3,10 +3,13 @@ package PVE::QemuServer::OVMF;
use strict;
use warnings;
+use JSON;
+
use PVE::RESTEnvironment qw(log_warn);
use PVE::Storage;
use PVE::Tools;
+use PVE::QemuServer::Blockdev;
use PVE::QemuServer::Drive qw(checked_volume_format drive_is_read_only parse_drive print_drive);
use PVE::QemuServer::QemuImage;
@@ -141,6 +144,58 @@ sub create_efidisk($$$$$$$$) {
return ($volid, $size / 1024);
}
+my sub generate_ovmf_blockdev {
+ my ($conf, $storecfg, $vmid, $hw_info) = @_;
+
+ my ($amd_sev_type, $arch, $q35) = $hw_info->@{qw(amd-sev-type arch q35)};
+
+ my $drive = $conf->{efidisk0} ? parse_drive('efidisk0', $conf->{efidisk0}) : undef;
+
+ die "Attempting to configure SEV-SNP with pflash devices instead of using `-bios`\n"
+ if $amd_sev_type && $amd_sev_type eq 'snp';
+
+ my ($ovmf_code, $ovmf_vars) = get_ovmf_files($arch, $drive, $q35, $amd_sev_type);
+
+ my $ovmf_code_blockdev = {
+ driver => 'raw',
+ file => { driver => 'file', filename => "$ovmf_code" },
+ 'node-name' => 'pflash0',
+ 'read-only' => JSON::true,
+ };
+
+ my $format;
+
+ if ($drive) {
+ my ($storeid, $volname) = PVE::Storage::parse_volume_id($drive->{file}, 1);
+ $format = $drive->{format};
+ if ($storeid) {
+ $format //= checked_volume_format($storecfg, $drive->{file});
+ } elsif (!defined($format)) {
+ die "efidisk format must be specified\n";
+ }
+ } else {
+ log_warn("no efidisk configured! Using temporary efivars disk.");
+ my $path = "/tmp/$vmid-ovmf.fd";
+ PVE::Tools::file_copy($ovmf_vars, $path, -s $ovmf_vars);
+ $drive = { file => $path };
+ $format = 'raw';
+ }
+
+ my $extra_blockdev_options = {};
+ # extra protection for templates, but SATA and IDE don't support it..
+ $extra_blockdev_options->{'read-only'} = 1 if drive_is_read_only($conf, $drive);
+
+ $extra_blockdev_options->{size} = -s $ovmf_vars if $format eq 'raw';
+
+ my $throttle_group = PVE::QemuServer::Blockdev::generate_throttle_group($drive);
+
+ my $ovmf_vars_blockdev = PVE::QemuServer::Blockdev::generate_drive_blockdev(
+ $storecfg, $drive, $extra_blockdev_options,
+ );
+
+ return ($ovmf_code_blockdev, $ovmf_vars_blockdev, $throttle_group);
+}
+
sub print_ovmf_commandline {
my ($conf, $storecfg, $vmid, $hw_info, $version_guard) = @_;
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel