Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-63094

[Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.5]

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.5.z
    • rhel-9.5.z
    • edk2
    • edk2-20240524-6.el9_5.3
    • Yes
    • Important
    • CustomerScenariosInitiative
    • 1
    • rhel-sst-virt-firmware
    • ssg_virtualization
    • 1
    • False
    • Hide

      None

      Show
      None
    • None
    • Virt Firmware Sprint 1 - Dec24
    • None

      What were you trying to do that didn't work?

      OVMF Issue with Netboot, VirtioRng, and both COM1/COM2 configured

       

      What is the impact of this issue to you?

      High - Can no longer deploy VMs using HTTP Boot

      Please provide the package NVR for which the bug is seen:

      edk2-ovmf-20240524-6.el9_5.1.noarch

      How reproducible is this bug?:

      5/5

      Steps to reproduce

      1. boot a vm from http or pxe, set the cpu to old cpu model which doesn't support rdrand, added rng device and added isa-serial devices in qemu command lines.
       /usr/libexec/qemu-kvm \
           -name 'avocado-vt-vm1'  \
           -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=allow \
           -blockdev '{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' \
           -blockdev '{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' \
           -blockdev '{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/home/edk2_pxe_boot/OVMF_VARS.fd", "auto-read-only": true, "discard": "unmap"}' \
           -blockdev '{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' \
           -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem,acpi=on \
           -device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
           -device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}'  \
           -nodefaults \
           -no-user-config \
           -vga none \
           -m 2048 \
           -object '{"size": 2147483648, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}'  \
           -cpu core2duo  \
           -device '{"ioport": 1285, "driver": "pvpanic", "id": "idfWQucb"}' \
           -chardev socket,path=/var/tmp/avocado_yda74u21/serial-serial0-20241008-072244-XF8HTFZP,server=on,id=chardev_serial0,wait=off \
           -device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}' \
           -object '{"qom-type": "rng-random", "filename": "/dev/urandom", "id": "passthrough-FDon2uS3"}' \
           -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
           -device '{"driver": "virtio-rng-pci", "id": "virtio-rng-rVfm7mjD", "rng": "passthrough-FDon2uS3", "bus": "pcie-root-port-1", "addr": "0x0"}'  \
           -device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
           -device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-2", "addr": "0x0"}' \
           -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
           -device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
           -device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-3", "addr": "0x0"}' \
           -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/edk2_pxe_boot/IPXE-client-02.
      qcow2", "cache": {"direct": true, "no-flush": false}}' \
           -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
           -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
           -blockdev '{"node-name": "drive_uefishell", "driver": "file", "read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/UefiS
      hell.iso", "cache": {"direct": true, "no-flush": false}}' \
           -device '{"driver": "scsi-cd", "id": "uefishell", "drive": "drive_uefishell", "write-cache": "on", "bootindex": 1}'  \
           -device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \
           -device '{"driver": "virtio-net-pci", "mac": "9a:d3:94:96:4a:88", "id": "id6B2jbF", "netdev": "idf57oZn", "bus": "pcie-root-port-4", "addr": "0x0", "bootindex": 2}' \
           -netdev  '{"id": "idf57oZn", "type": "tap", "vhost": true, "script": "/etc/qemu-ifup-private", "downscript": "/etc/qemu-ifdown-private"}'  \
           -rtc base=utc,clock=host,driftfix=slew  \
           -nographic  \
           -enable-kvm \
           -serial stdio \ 

       

      Expected results

      PXE/HTTP boot work well, getting the netboot options.

      UEFI Interactive Shell v2.2
      EDK II
      UEFI v2.70 (EDK II, 0x00010000)
      Mapping table
            FS0: Alias(s):CD0b0a:;BLK1:
                PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
           BLK0: Alias(s):
                PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
      Press ESC in 5 seconds to skip startup.nsh or any other key to continue.
      Shell> 
      Shell> bcfg boot dump
      Option: 00. Variable: Boot0001   
        Desc    - UEFI QEMU QEMU CD-ROM 
        DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
        Optional- Y
      Option: 01. Variable: Boot0002   
        Desc    - UEFI PXEv4 (MAC:9AD394964A88)
        DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
        Optional- Y
      Option: 02. Variable: Boot0003   
        Desc    - UEFI PXEv6 (MAC:9AD394964A88)
        DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
        Optional- Y
      Option: 03. Variable: Boot0004   
        Desc    - UEFI HTTPv4 (MAC:9AD394964A88)
        DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
        Optional- Y
      Option: 04. Variable: Boot0005   
        Desc    - UEFI HTTPv6 (MAC:9AD394964A88)
        DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
        Optional- Y
      Option: 05. Variable: Boot0000   
        Desc    - UiApp
        DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
        Optional- N 

      Actual results

      HTTP boot fails, can not get the netboot options

      UEFI Interactive Shell v2.2
      EDK II
      UEFI v2.70 (EDK II, 0x00010000)
      Mapping table
            FS0: Alias(s):CD0b0a:;BLK1:
                PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
           BLK0: Alias(s):
                PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
      Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
      Shell> bcfg boot dump
      Option: 00. Variable: Boot0001   
        Desc    - UEFI QEMU QEMU CD-ROM 
        DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
        Optional- Y
      Option: 01. Variable: Boot0000   
        Desc    - UiApp
        DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
        Optional- N 

      Additional information:

      Since the PixieFail CVE fixes, a strong random number generator is
      required to use network functionality, such as booting via PXE or
      HTTP.
      On modern x86_64 CPUs this is not a problem because these support the
      RDRAND instruction.
      On older models one needs to add a virtio-rng device otherwise network
      initialization fails.

      In this bug, boot the vm without rdrand, VirtioRng, and both COM1/COM2 configured. If removed the isa-serial device, http boot works well. The detailed information, please refer to RHEL-58631 [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater.

        1. edk2_amd.log
          1.17 MB
        2. edk2_intel.log
          1.72 MB
        3. firmware.log
          694 kB
        4. new-cpu_without-rng.sh
          4 kB
        5. new-cpu_with-rng.sh
          4 kB
        6. old-cpu_with_fallback-rng.sh
          4 kB
        7. old-cpu_with_virtio-rng.sh
          4 kB

              osteffen@redhat.com Oliver Steffen
              jetwei Xueqiang Wei
              virt-maint virt-maint
              Xueqiang Wei Xueqiang Wei
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: