Hi,
I’m dabbling in KVM/QEMU and normally use a BIOS firmware setting. Now I want to play with a UEFI firmware with a Q35 chipset. I have loaded the package qemu-ovmf-x86_64 which gave me these files -
Trouble is I only get the 5 files highlighted in red above in the virt-manager’s Firmware drop down box. But listing aside, I have no idea as to which one to select or why. I have read stuff on the TianoCore website but it just went over my head.
Bottom line - what are the features of these 5 different firmwares and which one should I select and why?
Hi
In the list you posted is opensuse-4m-code.* that’s the one I used with qemu, strange it’s not in the drop down picture. Mind you I’m on Tumbleweed here, I see it further down the list in the drop down.
I would recommend using “ovmf-x86_64-smm-ms-code.bin”.
I have used several others.
The ones with “opensuse” as part of the name are using the opensuse signing certificate for secure-boot. The ones with “suse” as part of the name are using the suse signing certificate. The ones with “ms” as part of the name are using the Microsoft signing certificate.
The use of the Microsoft signing certificate more closely matches what is found on most hardware, so is a better choice (in my opinion).
The ones without any of those strings do not have a signing certificate. So, as provided, the don’t support secure-boot. I think they support you installing a certificate of your own, but I have not experimented with that.
Some of the firmware depend on particular instruction sets. I’m not sure of the details. You can explicitly select firmware if you use “virt-install” at the command line. But you might get error messages about mismatch between firmware and instruction set.
The “.code" and ".var” are companions. The “.var" is the initial NVRAM setup for using the corresponding ".code”. When using “virt-install”, I have specified both.
Possibly a dumb question, but what’s the difference between “ovmf-x86_64-smm-code.bin” and “ovmf-x86_64-4m-code.bin”? And which should I use when I want UEFI boot but not Secure Boot?
Just as a follow up - I used /usr/share/qemu/ovmf-x86_64-smm-opensuse-code.bin for my Leap15.2 VMs and that worked well, gave me a digital signature screen, secure boot etc.
For non-opensuse VMs (eg arch) I used /usr/share/qemu/ovmf-x86_64-smm-code.bin as using /usr/share/qemu/ovmf-x86_64-smm-opensuse-code.bin caused - lets just say headaches at install time for the arch VM. The arch VMs worked but had no secure boot feature.
Hello all…
Last Sunday I installed Tumbleweed (Fedora 34 previous) and had to install kvm to bring up a vm (Win10) needed for my work…
I faced the exact same problem to choose firmware… Everything I chose resulted in a black screen while booting vm…
After hours of trial and error and countless searches in google, I came across an article which suggested to use ovmf-x64/OVMF_CODE-pure-efi.fd from this site: https://www.kraxel.org/repos/jenkins/
I installed the repo and downloaded the files and my vm started working…
I can’t remember how many of the enlisted firmwares I tried (maybe all I could imagine that fitted) but none worked… Only this…
Hope this helps other people…
