-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
rhel-9.6
-
None
-
rhel-sst-virtualization
-
ssg_virtualization
-
None
-
False
-
-
None
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Boot windows 2022 guest on Sapphire Rapids host with secure boot, enable VBS inside guest and reboot guest.
Please provide the package NVR for which the bug is seen:
qemu-kvm-9.1.0-1.el9
kernel-5.14.0-527.el9.x86_64
edk2-ovmf-20240524-8.el9.noarch
How reproducible is this bug?:
3/3
Steps to reproduce
- Boot windows 2022 guest on Sapphire Rapids host
- Enable VBS on the guest. For doing so you can use https://github.com/MicrosoftDocs/windows-itpro-docs/files/4020040/DG_Readinessv3.7.zip. Then, in Windows terminal, run DG_Readiness_Tool_3.6.ps1 -Enable.
- Reboot the guest.
Expected results
Guest boot successfully.
Actual results
Guest can't boot.
Additional Info:
[1] The issue can reproduce either with or without IOMMU.
[2] QEMU cli:
/usr/libexec/qemu-kvm \
-S \
-name 'avocado-vt-vm1' \
-sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=deny \
-blockdev '{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' \
-blockdev '{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/root/avocado/data/avocado-vt/avocado-vt-vm1_win2022-64-virtio-scsi-ovmf_qcow2_filesystem_VARS.raw", "auto-read-only": true, "discard": "unmap"}' \
-blockdev '{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' \
-machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem \
-device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
-device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}' \
-nodefaults \
-device '{"driver": "VGA", "bus": "pcie.0", "addr": "0x2"}' \
-m 8192 \
-object '{"size": 8589934592, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}' \
-smp 16,maxcpus=16,cores=8,threads=1,dies=1,sockets=2 \
-cpu 'SapphireRapids',dtes64=on,vmx=on,pdcm=on,hypervisor=on,ds=on,ss=on,tsc-adjust=on,waitpkg=on,cldemote=on,movdiri=on,movdir64b=on,md-clear=on,stibp=on,flush-l1d=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,tsx-ctrl=on,sbdr-ssdp-no=on,fbsdp-no=on,psdp-no=on,gds-no=on,rfds-no=on,vmx-ins-outs=on,vmx-true-ctls=on,vmx-store-lma=on,vmx-activity-hlt=on,vmx-activity-wait-sipi=on,vmx-vmwrite-vmexit-fields=on,vmx-apicv-xapic=on,vmx-ept=on,vmx-desc-exit=on,vmx-rdtscp-exit=on,vmx-apicv-x2apic=on,vmx-vpid=on,vmx-wbinvd-exit=on,vmx-unrestricted-guest=on,vmx-apicv-register=on,vmx-apicv-vid=on,vmx-rdrand-exit=on,vmx-invpcid-exit=on,vmx-vmfunc=on,vmx-shadow-vmcs=on,vmx-rdseed-exit=on,vmx-pml=on,vmx-xsaves=on,vmx-tsc-scaling=on,vmx-enable-user-wait-pause=on,vmx-ept-execonly=on,vmx-page-walk-4=on,vmx-page-walk-5=on,vmx-ept-2mb=on,vmx-ept-1gb=on,vmx-invept=on,vmx-eptad=on,vmx-invept-single-context=on,vmx-invept-all-context=on,vmx-invvpid=on,vmx-invvpid-single-addr=on,vmx-invvpid-all-context=on,vmx-intr-exit=on,vmx-nmi-exit=on,vmx-vnmi=on,vmx-preemption-timer=on,vmx-posted-intr=on,vmx-vintr-pending=on,vmx-tsc-offset=on,vmx-hlt-exit=on,vmx-invlpg-exit=on,vmx-mwait-exit=on,vmx-rdpmc-exit=on,vmx-rdtsc-exit=on,vmx-cr3-load-noexit=on,vmx-cr3-store-noexit=on,vmx-cr8-load-exit=on,vmx-cr8-store-exit=on,vmx-flexpriority=on,vmx-vnmi-pending=on,vmx-movdr-exit=on,vmx-io-exit=on,vmx-io-bitmap=on,vmx-mtf=on,vmx-msr-bitmap=on,vmx-monitor-exit=on,vmx-pause-exit=on,vmx-secondary-ctls=on,vmx-exit-nosave-debugctl=on,vmx-exit-load-perf-global-ctrl=on,vmx-exit-ack-intr=on,vmx-exit-save-pat=on,vmx-exit-load-pat=on,vmx-exit-save-efer=on,vmx-exit-load-efer=on,vmx-exit-save-preemption-timer=on,vmx-entry-noload-debugctl=on,vmx-entry-ia32e-mode=on,vmx-entry-load-perf-global-ctrl=on,vmx-entry-load-pat=on,vmx-entry-load-efer=on,vmx-eptp-switching=on,hle=off,rtm=off,taa-no=off,hv_stimer,hv_synic,hv_vpindex,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time,hv_frequencies,hv_runtime,hv_tlbflush,hv_reenlightenment,hv_stimer_direct,hv_ipi,hv-xmm-input,hv_tlbflush_ext,kvm_pv_unhalt=on \
-chardev socket,server=on,path=/var/tmp/avocado_bqlu3dqg/monitor-qmpmonitor1-20241115-020917-K1FHaSrP,id=qmp_id_qmpmonitor1,wait=off \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-chardev socket,server=on,path=/var/tmp/avocado_bqlu3dqg/monitor-catch_monitor-20241115-020917-K1FHaSrP,id=qmp_id_catch_monitor,wait=off \
-mon chardev=qmp_id_catch_monitor,mode=control \
-device '{"ioport": 1285, "driver": "pvpanic", "id": "idhIZvBT"}' \
-chardev socket,server=on,path=/var/tmp/avocado_bqlu3dqg/serial-serial0-20241115-020917-K1FHaSrP,id=chardev_serial0,wait=off \
-device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}' \
-chardev socket,id=seabioslog_id_20241115-020917-K1FHaSrP,path=/var/tmp/avocado_bqlu3dqg/seabios-20241115-020917-K1FHaSrP,server=on,wait=off \
-device isa-debugcon,chardev=seabioslog_id_20241115-020917-K1FHaSrP,iobase=0x402 \
-device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
-device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-1", "addr": "0x0"}' \
-device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
-device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
-device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-2", "addr": "0x0"}' \
-blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/win2022-64-virtio-scsi-ovmf.qcow2", "cache": {"direct": true, "no-flush": false}}' \
-blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
-device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "bootindex": 0, "write-cache": "on"}' \
-device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
-device '{"driver": "virtio-net-pci", "mac": "9a:61:c7:54:2f:51", "id": "idF6DPgF", "netdev": "idRqWgiI", "bus": "pcie-root-port-3", "addr": "0x0"}' \
-netdev '{"id": "idRqWgiI", "type": "tap", "vhost": true, "vhostfd": "16", "fd": "10"}' \
-vnc :0 \
-rtc base=localtime,clock=host,driftfix=slew \
-boot menu=off,order=cdn,once=,strict=off \
-chardev socket,id=char_vtpm_avocado-vt-vm1_tpm0,path=/root/avocado/data/avocado-vt/swtpm/avocado-vt-vm1_tpm0_swtpm.sock \
-tpmdev emulator,chardev=char_vtpm_avocado-vt-vm1_tpm0,id=emulator_vtpm_avocado-vt-vm1_tpm0 \
-device '{"id": "tpm-crb_vtpm_avocado-vt-vm1_tpm0", "tpmdev": "emulator_vtpm_avocado-vt-vm1_tpm0", "driver": "tpm-crb"}' \
-enable-kvm \
-device '{"id": "pcie_extra_root_port_0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x3", "chassis": 5}'
- blocks
-
-
- Planning
-
