Adjusting the default ROM option for SEV guests

Adjusting the default ROM option for SEV guests

[Vasily Ulyanov]

Hello QEMU devs,

Currently to launch an SEV guest there are certain requirements for the VM
configuration. One such is that ROM option needs to be disabled for virtio-net
devices [1]. The tools like virt-install or libvirt rely on the QEMU defaults if
the ROM value is not provided (the default for virtio-net is set to
romfile=efi-virtio.rom). Eventually this leads to unbootable guest and poor user
experience as it is now mandatory to explicitly disable the ROM option.

There is a similar situation with iommu_platform, though that seems to be
addressed already in [2] and QEMU adjusts the defaults depending on whether it
is a confidential guest or not.

Wouldn't it make sense to also handle the romfile like that in QEMU? I.e. in the
case when an SEV guest is run and no romfile is explicitly specified set it to
an empty value? This will also be useful when running an SEV VM directly with QEMU.

Are there any objections or concerns? I could work on the patches but wanted to
ping the community first and get some feedback. Would QEMU be the proper place
to handle that? Any thoughts?

[1] https://libvirt.org/kbase/launch_security_sev.html#virtio-net
[2] https://gitlab.com/qemu-project/qemu/-/commit/9f88a7a3df

-- 
Vasily Ulyanov <vulyanov@suse.de>
Software Engineer, SUSE Labs Core

Re: Adjusting the default ROM option for SEV guests

[Claudio Fontana]

Hello all

any comment on this one? It seems it would make sense to disable option roms for SEV by default in QEMU, any feedback anyone?

Thanks,

Claudio

On 5/11/22 13:30, Vasily Ulyanov wrote:
> Hello QEMU devs,
> 
> Currently to launch an SEV guest there are certain requirements for the VM
> configuration. One such is that ROM option needs to be disabled for virtio-net
> devices [1]. The tools like virt-install or libvirt rely on the QEMU defaults if
> the ROM value is not provided (the default for virtio-net is set to
> romfile=efi-virtio.rom). Eventually this leads to unbootable guest and poor user
> experience as it is now mandatory to explicitly disable the ROM option.
> 
> There is a similar situation with iommu_platform, though that seems to be
> addressed already in [2] and QEMU adjusts the defaults depending on whether it
> is a confidential guest or not.
> 
> Wouldn't it make sense to also handle the romfile like that in QEMU? I.e. in the
> case when an SEV guest is run and no romfile is explicitly specified set it to
> an empty value? This will also be useful when running an SEV VM directly with QEMU.
> 
> Are there any objections or concerns? I could work on the patches but wanted to
> ping the community first and get some feedback. Would QEMU be the proper place
> to handle that? Any thoughts?
> 
> [1] https://libvirt.org/kbase/launch_security_sev.html#virtio-net
> [2] https://gitlab.com/qemu-project/qemu/-/commit/9f88a7a3df
> 

Re: Adjusting the default ROM option for SEV guests

[Gerd Hoffmann]

On Wed, Jul 06, 2022 at 04:57:40PM +0200, Claudio Fontana wrote:
> Hello all
> 
> any comment on this one? It seems it would make sense to disable option roms for SEV by default in QEMU, any feedback anyone?
> 
> Thanks,
> 
> Claudio
> 
> On 5/11/22 13:30, Vasily Ulyanov wrote:
> > Hello QEMU devs,
> > 
> > Currently to launch an SEV guest there are certain requirements for the VM
> > configuration. One such is that ROM option needs to be disabled for virtio-net
> > devices [1].

Should be easy to fix on the firmware side.  TDX has the same
requirement and the code is already there, so this should be a
one-liner in OvmfPkg/IncompatiblePciDeviceSupportDxe

Independent from that we might consider switching virtio to
pxe-virtio.rom (i.e. bios-only instead of bios+uefi) for everyone
because the uefi firmware comes with a virtio-net driver included.

take care,
  Gerd