Add Support for Persistent OVMF Settings in Pillar #4261
Conversation
OhmSpectator
requested review from
rene,
rouming and
eriknordmark
as code owners
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
c0426ac
to
72c96a2
Compare
|
|
||
| [drive "drive-ovmf-vars"] | ||
| if = "pflash" | ||
| format = "raw" |
There was a problem hiding this comment.
maybe it makes sense to specify "readonly" "off"
There was a problem hiding this comment.
Maybe... This I will understand during the test)))
There was a problem hiding this comment.
I've grepped it over the internet, usually code is read-only, vars is not.
There was a problem hiding this comment.
Yeah, I also saw it. I'm just not sure we have set the read-only option to "off" explicitly.
There was a problem hiding this comment.
in my test, at least ubuntu boots up fine with having readonly for the OVMF_VAR.fd too.
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
72c96a2
to
879c0ea
Compare
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
879c0ea
to
7ab829d
Compare
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
7ab829d
to
cc56e06
Compare
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
cc56e06
to
afd5710
Compare
|
My only concern is compatibility with "legacy" guests: @OhmSpectator @rucoder, can we still boot non-UEFI oses? If not, then we break compatibility and better to have this under an option: |
But where do we break it? The new options are used only for FML guests which are always UEFI-based. |
I missed the point that we add only settings, this is not a full switch from legacy bios to uefi firmware. Thanks for the clarification. |
OhmSpectator
changed the title
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
2 times, most recently
from
626374e
to
f8ed3c6
Compare
pkg/pillar/types/domainmgrtypes.go
Outdated
| RootDev string // default "/dev/xvda1" | ||
| ExtraArgs string // added to bootargs | ||
| BootLoader string // default "" | ||
| BootLoaderSettingsFile string // used to pass bootloader settings file, for example OVMF_VARS.fd |
There was a problem hiding this comment.
Do you really need this field here? This struct is derived from the API (https://github.com/lf-edge/eve-api/blob/main/proto/config/vm.proto#L31), AFAIK the fixed resources are populated by the controller, if the settings file has a fixed pattern you can just go and look for the file, or is there any idea of allow custom files configured from the cloud? In this case you will need to add this field to the API....
There was a problem hiding this comment.
I used it as a part of a status. DomainStatus also includes VmConfig...
But yeah, I can move it somewhere else
There was a problem hiding this comment.
yeah, I put it there just to use un the template parsing... maybe it will be cleaner just to add an extra arg to the template itself
pkg/uefi/Dockerfile
Outdated
| @@ -29,8 +29,8 @@ COPY rpi /rpi | |||
|
|
|||
| FROM build AS build-amd64-versions | |||
|
|
|||
| ENV EDK_VERSION edk2-stable202005 | |||
| ENV EDK_COMMIT ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9 | |||
| ENV EDK_VERSION edk2-stable202208 | |||
There was a problem hiding this comment.
Please, remove the old patches files for edk2-stable202005
There was a problem hiding this comment.
Do it later when everything is tested and we are sure)
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
f8ed3c6
to
61569b0
Compare
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
2 times, most recently
from
1753a04
to
56f44cd
Compare
|
The RISC-V build failed... Will take a look. Buah. |
|
Get the latest version of #4264 . |
|
@shjala, thanks, will take it! |
I would prefer to rework the mechanism before providing more options. Precooked binaries is not a good idea for a big set of different options. We should figure out how to alter the settings in better way or to learn how to apply them in runtime. That would be a proper solution. Unfortunatelly OVMF_VAR file format is binary and pretty complicated.
I would put info about how the OVMF settings are generated. Also would mention what would be a better approach. But no sure, where is the best pace for such a doc
There is always hope for better testing! @shjala, do you think it's quickly doable? In any case I would add the tests after the merge of the feature... |
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
26a960b
to
c567bbd
Compare
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
c567bbd
to
443f73a
Compare
This commit copies OVMF_VARS.fd into the pillar container by adding it to /usr/lib/xen/boot/ovmf_vars.bin. It is important that the file is available in the pillar container because Pillar will create per-domain copies of it stored in /persist, which are then accessible to the xen-tools container. This sets the groundwork for enabling virtual machines to save and retain UEFI settings across reboots by using per-domain NVRAM files. Signed-off-by: Nikolay Martyanov <[email protected]>
Introduce support for managing per-domain OVMF_VARS.fd files, which are essential for maintaining persistent UEFI settings for FML guests. It adds functionality to prepare and clean up individual OVMF settings files stored in the persist directory, ensuring that each virtual machine has its own dedicated NVRAM file. The VM configuration structures are updated to reference the bootloader settings file, enabling the creation of unique UEFI variable stores for each domain. Signed-off-by: Nikolay Martyanov <[email protected]>
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
2 times, most recently
from
9dbba62
to
f23e947
Compare
Yes, we can have Eden test for it, but I need to cook some smaller images, with what we have now it takes about half an hour to run it in a local setup (cloud+datastore+eve all in e same machine). |
Yes, maybe an Efi application to set the custom variables and dump a custom OVMF_VAR, Ubuntu is doing it this way to pre-populate secure-boot keys for example. |
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
f23e947
to
48cdfd1
Compare
Adapt the existing tests to account for the addition of the OVMF settings file for FML guests, ensuring the expected output includes the BootLoader. It also fixes the ARM tests by ensuring the firmware line is present in the expected configuration, aligning the tests with the updated behavior for UEFI boot on both AMD64 and ARM architectures. Signed-off-by: Nikolay Martyanov <[email protected]>
Switch to using separate OVMF_CODE.fd and OVMF_VARS.fd files for FML x86 modes instead of a combined .bin file. This ensures that settings are stored correctly and maintains consistent naming conventions. These changes do not affect containers, ARM or Xen. To support ARM the OVMF build should produce separate files. Currently it produces QEMU_EFI that incorporates both code and variable sections. Signed-off-by: Nikolay Martyanov <[email protected]>
Add a new global config value app.fml.resolution to set custom resolution for FML apps. This is a string value in the format of "widthxheight". This value can be set device-wide as a global config value or set in a per-app/vm setting by defining it as top-level variable in the cloud-config. Signed-off-by: Shahriyar Jalayeri <[email protected]>
Implemented logic to select predefined OVMF_VARS.fd files for specific screen resolutions. Added pre-saved OVMF settings for 800x600, 1024x768, 1280x800, and 1920x1080 resolutions, ensuring clean boot entries. Signed-off-by: Nikolay Martyanov <[email protected]>
OhmSpectator
force-pushed
the
feature/persist-ovmf-settings
branch
from
48cdfd1
to
a39040c
Compare
In the FIRMWARE doc, add a new section explaining what OVMF is, when it's used in EVE, the key OVMF files, how settings are managed, and future automation plans. Signed-off-by: Nikolay Martyanov <[email protected]>
Node 0. This PR is not intended to be perfect. It is sourced from the need to support the predefined resolution feature. During the review, please check for possible regressions. Regarding code format, style, or even design imperfections, please don't be too strict. I will be happy to rework some parts and remove the shortcuts more cleanly later. However, we need this feature soon, and I promise to address the style issues afterward.
This PR introduces support for persistent OVMF settings. By implementing per-domain OVMF_VARS.fd file management, each FML virtual machine can maintain its own UEFI configuration, ensuring that settings persist across reboots. The changes include updating the Dockerfile to include the OVMF_VARS.fd template and enhancing the KVM setup process to create and manage individual NVRAM files for each VM.
Note 1: The current implementation lacks the cleanup of the settings files in the case when the application was removed while the device is off (so, no Cleanup() handler was called)
Note 2: The current implementation does not affect how the OVMF is handled in the case of ARM. ARM also uses this firmware, but we intentionally do not change how it's supported so that fewer changes are tested. For your information, @rene.
TODO: