[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Launchpad Bug Tracker
2106771 at bugs.launchpad.net
Sat Jul 26 00:29:00 UTC 2025
This bug was fixed in the package edk2 - 2025.02-8ubuntu1
---------------
edk2 (2025.02-8ubuntu1) questing; urgency=medium
* d/rules: Build OVMF.amdsev.fd (LP: #2106771)
* d/descriptors: Add amd-sev JSON
* d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware
-- Lukas Märdian <slyon at ubuntu.com> Wed, 11 Jun 2025 10:03:12 +0200
** Changed in: edk2 (Ubuntu Questing)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to edk2 in Ubuntu.
https://bugs.launchpad.net/bugs/2106771
Title:
Add support for QEMU AMD SNP VM Measured linux boot with the addition
of new AMDSEV OVMF.fd
Status in edk2 package in Ubuntu:
Fix Released
Status in edk2 source package in Plucky:
New
Status in edk2 source package in Questing:
Fix Released
Status in edk2 package in Debian:
New
Bug description:
On the plucky release, the launch of SNP QEMU VM with SNP measurement
boot option fails due to the absence of OVMF amdsev file in the OVMF
plucky ubuntu package
Plucky OVMF package requires the integration of the AMD SEV firmware
file,OVMF.amdsev.fd, to enable support for SEV-secured VM remote
attestation and secret injection.
Currently, the SEV firmware necessary to support SEV Virtual Machine
Remote Attestation is not available within the Ubuntu OVMF package.
I attempted to execute an SNP QEMU measured boot using the OVMF file
packaged with Ubuntu, but this endeavor was unsuccessful due to the
provision of an invalid OVMF file within the Ubuntu OVMF package.
Error message that I see using Ubuntu OVMF.fd(/usr/share/ovmf/OVMF.fd) as guest bios is as follows:
qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0)
QEMU commandline used for my SNP guest test launch on Plucky release
is as follows:
qemu-system-x86_64 \
-enable-kvm \
-cpu EPYC-v4 \
-m 2048 \
-nographic \
-netdev user,hostfwd=tcp::10030-:22,id=vmnic \
-device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= \
-device virtio-scsi-pci,id=scsi0 \
-device scsi-hd,drive=disk0 \
-drive if=none,id=disk0,format=qcow2,file=/home/amd/os-guest-test/os-guest-test-guest.qcow2 \
-machine memory-encryption=sev0,vmport=off \
-object memory-backend-memfd,id=ram1,size=2048M,share=true,prealloc=false \
-machine memory-backend=ram1 \
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on \
-bios /usr/share/ovmf/OVMF.fd \
-kernel /home/amd/os-guest-test/guest_kernel_initrd/vmlinuz-6.13.9-200.fc41.x86_64 \
-initrd /home/amd/os-guest-test/guest_kernel_initrd/initramfs-6.13.9-200.fc41.x86_64.img \
-append "console=tty1 console=ttyS0,115200n8 root=LABEL=fedora ro rootflags=subvol=root"
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: ovmf 2025.02-3ubuntu2
ProcVersionSignature: Ubuntu 6.14.0-13.13-generic 6.14.0
Uname: Linux 6.14.0-13-generic x86_64
ApportVersion: 2.32.0-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Tue Apr 8 05:43:04 2025
Dependencies:
InstallationDate: Installed on 2025-04-08 (0 days ago)
InstallationMedia: Ubuntu-Server 25.04 "Plucky Puffin" - Daily amd64 (20250407)
PackageArchitecture: all
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=tmux-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: edk2
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions
More information about the foundations-bugs
mailing list