[Bug 2122286] Re: firmware definitions lack "amd-sev-es" feature

Andreas Hasenack 2122286 at bugs.launchpad.net
Mon Sep 15 21:35:07 UTC 2025 

Plucky has something, but I'm unsure if it's all that is needed:

$ grep -r amd-sev /usr/share/qemu/firmware/
/usr/share/qemu/firmware/50-edk2-x86_64-secure.json:        "amd-sev",
/usr/share/qemu/firmware/60-edk2-x86_64-amdsev.json:        "amd-sev",
/usr/share/qemu/firmware/60-edk2-x86_64-amdsev.json:        "amd-sev-es",
/usr/share/qemu/firmware/60-edk2-x86_64-amdsev.json:        "amd-sev-snp",
/usr/share/qemu/firmware/40-edk2-x86_64-secure-enrolled.json:        "amd-sev",
/usr/share/qemu/firmware/60-edk2-x86_64.json:        "amd-sev",


Added a task for noble. Plucky and Questing will have to be evaluated, and if they are fixed already, then this bug will be an SRU candidate just for noble (and perhaps earlier, if deemed worth it or necessary).

** Changed in: edk2 (Ubuntu)
       Status: New => Triaged

** Also affects: edk2 (Ubuntu Noble)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to edk2 in Ubuntu.
https://bugs.launchpad.net/bugs/2122286

Title:
  firmware definitions lack "amd-sev-es" feature

Status in edk2 package in Ubuntu:
  Triaged
Status in edk2 source package in Noble:
  New

Bug description:
  libvirt has had the capability to select the appropriate UEFI firmware according to the features requested.
  Especially it introduced the selection logic for AMD SEV-ES in 7.2.0 which depends on the amd-sev-es feature contained in the firmware capability definitions, stored in /usr/share/qemu/firmware/ .

  https://github.com/libvirt/libvirt/commit/f14ca48ef42e552d97cac096968e95680b3c75b4

  However none of the firmware definition files contain "amd-sev-es"
  feature so libvirt fails to detect the appropriate firmware.

  ---
  $ grep -r amd-sev /usr/share/qemu/firmware/
  /usr/share/qemu/firmware/40-edk2-x86_64-secure-enrolled.json:        "amd-sev",
  /usr/share/qemu/firmware/60-edk2-x86_64.json:        "amd-sev",
  /usr/share/qemu/firmware/50-edk2-x86_64-secure.json:        "amd-sev",
  ---

  1)
  $ lsb_release -rd
  No LSB modules are available.
  Description:	Ubuntu 24.04 LTS
  Release:	24.04

  2)
  ---
  $ apt-cache policy ovmf
  ovmf:
    Installed: 2024.02-2ubuntu0.4
    Candidate: 2024.02-2ubuntu0.4
    Version table:
   *** 2024.02-2ubuntu0.4 500
          500 http://il.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       2024.02-2ubuntu0.3 500
          500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
       2024.02-2 500
          500 http://il.archive.ubuntu.com/ubuntu noble/main amd64 Packages
  ---

  3)
  At least one firmware definition file with "amd-sev-es" feature exists

  
  3)
  None of firmware definition files contain "amd-sev-es" feature

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2122286/+subscriptions

More information about the foundations-bugs mailing list