What were you trying to do that didn't work?
OVMF Issue with Netboot, VirtioRng, and both COM1/COM2 configured
What is the impact of this issue to you?
High - Can no longer deploy VMs using HTTP Boot
Please provide the package NVR for which the bug is seen:
edk2-ovmf-20240524-7.el9.noarch
How reproducible is this bug?:
5/5
Steps to reproduce
- boot a vm from http or pxe, set the cpu to old cpu model which doesn't support rdrand, added rng device and added isa-serial devices in qemu command lines.
/usr/libexec/qemu-kvm \ -name 'avocado-vt-vm1' \ -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=allow \ -blockdev '{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' \ -blockdev '{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' \ -blockdev '{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/home/edk2_pxe_boot/OVMF_VARS.fd", "auto-read-only": true, "discard": "unmap"}' \ -blockdev '{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' \ -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem,acpi=on \ -device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \ -device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}' \ -nodefaults \ -no-user-config \ -vga none \ -m 2048 \ -object '{"size": 2147483648, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}' \ -cpu core2duo \ -device '{"ioport": 1285, "driver": "pvpanic", "id": "idfWQucb"}' \ -chardev socket,path=/var/tmp/avocado_yda74u21/serial-serial0-20241008-072244-XF8HTFZP,server=on,id=chardev_serial0,wait=off \ -device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}' \ -object '{"qom-type": "rng-random", "filename": "/dev/urandom", "id": "passthrough-FDon2uS3"}' \ -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \ -device '{"driver": "virtio-rng-pci", "id": "virtio-rng-rVfm7mjD", "rng": "passthrough-FDon2uS3", "bus": "pcie-root-port-1", "addr": "0x0"}' \ -device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \ -device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-2", "addr": "0x0"}' \ -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \ -device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \ -device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-3", "addr": "0x0"}' \ -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/edk2_pxe_boot/IPXE-client-02. qcow2", "cache": {"direct": true, "no-flush": false}}' \ -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \ -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \ -blockdev '{"node-name": "drive_uefishell", "driver": "file", "read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/UefiS hell.iso", "cache": {"direct": true, "no-flush": false}}' \ -device '{"driver": "scsi-cd", "id": "uefishell", "drive": "drive_uefishell", "write-cache": "on", "bootindex": 1}' \ -device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \ -device '{"driver": "virtio-net-pci", "mac": "9a:d3:94:96:4a:88", "id": "id6B2jbF", "netdev": "idf57oZn", "bus": "pcie-root-port-4", "addr": "0x0", "bootindex": 2}' \ -netdev '{"id": "idf57oZn", "type": "tap", "vhost": true, "script": "/etc/qemu-ifup-private", "downscript": "/etc/qemu-ifdown-private"}' \ -rtc base=utc,clock=host,driftfix=slew \ -nographic \ -enable-kvm \ -serial stdio \
Expected results
PXE/HTTP boot work well, getting the netboot options.
UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x00010000)
Mapping table
FS0: Alias(s):CD0b0a:;BLK1:
PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
BLK0: Alias(s):
PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Press ESC in 5 seconds to skip startup.nsh or any other key to continue.
Shell>
Shell> bcfg boot dump
Option: 00. Variable: Boot0001
Desc - UEFI QEMU QEMU CD-ROM
DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Optional- Y
Option: 01. Variable: Boot0002
Desc - UEFI PXEv4 (MAC:9AD394964A88)
DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
Optional- Y
Option: 02. Variable: Boot0003
Desc - UEFI PXEv6 (MAC:9AD394964A88)
DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
Optional- Y
Option: 03. Variable: Boot0004
Desc - UEFI HTTPv4 (MAC:9AD394964A88)
DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
Optional- Y
Option: 04. Variable: Boot0005
Desc - UEFI HTTPv6 (MAC:9AD394964A88)
DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
Optional- Y
Option: 05. Variable: Boot0000
Desc - UiApp
DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
Optional- N
Actual results
HTTP boot fails, can not get the netboot options
UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x00010000)
Mapping table
FS0: Alias(s):CD0b0a:;BLK1:
PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
BLK0: Alias(s):
PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
Shell> bcfg boot dump
Option: 00. Variable: Boot0001
Desc - UEFI QEMU QEMU CD-ROM
DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Optional- Y
Option: 01. Variable: Boot0000
Desc - UiApp
DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
Optional- N
Additional information:
Since the PixieFail CVE fixes, a strong random number generator is
required to use network functionality, such as booting via PXE or
HTTP.
On modern x86_64 CPUs this is not a problem because these support the
RDRAND instruction.
On older models one needs to add a virtio-rng device otherwise network
initialization fails.
In this bug, boot the vm without rdrand, VirtioRng, and both COM1/COM2 configured. If removed the isa-serial device, http boot works well. The detailed information, please refer to RHEL-58631 [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater.
- clones
-
RHEL-58631 [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater
- Planning