# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes,loader.type=pflash \ --features smm=on \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" Starting install... Retrieving 'vmlinuz' | 15 MB 00:00:00 Retrieving 'initrd.img' | 148 MB 00:00:00 Allocating 'tdx_verify_test.qcow2' | 20 GB 00:00:00 Removing disk 'tdx_verify_test.qcow2' | 00:00:00 ERROR unsupported configuration: Intel TDX launch security is not supported with SMM enabled Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start tdx_verify_test otherwise, please restart your installation. root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes,loader.type=pflash \ --features smm=off \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" Starting install... Retrieving 'vmlinuz' | 15 MB 00:00:00 Retrieving 'initrd.img' | 148 MB 00:00:00 Allocating 'tdx_verify_test.qcow2' | 20 GB 00:00:00 Removing disk 'tdx_verify_test.qcow2' | 00:00:00 ERROR unsupported configuration: Intel TDX launch security is not supported with pflash loader Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start tdx_verify_test otherwise, please restart your installation. root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes \ --features smm=off \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" ERROR TDX launch security requires a Q35 UEFI machine root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot uefi,loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes,nvram.template=/dev/null \ --features smm=off \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" Starting install... Retrieving 'vmlinuz' | 15 MB 00:00:00 Retrieving 'initrd.img' | 148 MB 00:00:00 Allocating 'tdx_verify_test.qcow2' | 20 GB 00:00:00 Removing disk 'tdx_verify_test.qcow2' | 00:00:00 ERROR operation failed: Unable to find 'efi' firmware that is compatible with the current configuration Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start tdx_verify_test otherwise, please restart your installation. root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes,loader.type=pflash,loader.stateless=yes \ --features smm=off \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" Starting install... Retrieving 'vmlinuz' | 15 MB 00:00:00 Retrieving 'initrd.img' | 148 MB 00:00:00 Allocating 'tdx_verify_test.qcow2' | 20 GB 00:00:00 Removing disk 'tdx_verify_test.qcow2' | 00:00:00 ERROR unsupported configuration: Intel TDX launch security is not supported with pflash loader Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start tdx_verify_test otherwise, please restart your installation. root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --xml ./os/boot/loader='/usr/share/edk2/ovmf/OVMF_CODE.cc.fd' \ --xml ./os/boot/loader/@readonly='yes' \ --features smm=off \ --launchSecurity type=tdx,policy=0x1,quoteGenerationService=on \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" ERROR TDX launch security requires a Q35 UEFI machine root@dell-per660-10:~# sudo virt-install \ --name tdx_verify_test \ --vcpus 4 \ --memory 4096 \ --disk size=20,format=qcow2 \ --os-variant rhel10.0 \ --machine q35 \ --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd,loader.readonly=yes \ --features smm=off \ --launchSecurity type=tdx,policy=0x1 \ --iommu model=intel,driver.intremap=on,driver.caching_mode=on \ --graphics none \ --location /var/lib/libvirt/images/RHEL-10.1-20251021.0-x86_64-dvd1.iso \ --extra-args "console=ttyS0 earlyprintk=ttyS0" \ --print-xml > tdx_guest.xml ERROR TDX launch security requires a Q35 UEFI machine