From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Tue, 04 Jun 2019 09:10:36 -0700 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8CD6A4ACDF; Tue, 4 Jun 2019 16:10:20 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-251.ams2.redhat.com [10.36.117.251]) by smtp.corp.redhat.com (Postfix) with ESMTP id A12E584EA; Tue, 4 Jun 2019 16:10:15 +0000 (UTC) Subject: Re: [edk2-devel] Help needed in building UEFI qcow2 images To: Pavan Kumar Aravapalli , devel@edk2.groups.io References: <88960f45-42c4-3420-e33a-880a55960e48@redhat.com> <15566.1559647737135151997@groups.io> Cc: Gerd Hoffmann From: "Laszlo Ersek" Message-ID: <64f4a3ff-01c8-42b1-c2d0-41807aba03b2@redhat.com> Date: Tue, 4 Jun 2019 18:10:14 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <15566.1559647737135151997@groups.io> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 04 Jun 2019 16:10:25 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable (+Gerd) On 06/04/19 13:28, Pavan Kumar Aravapalli wrote: > Hi Laszlo, >=20 > Thank you for your quick response, and apologies for the your pervious = mail thread which i could not observed as I only monitor the mail [ pavan= kumar_a@accelerite.com ]inbox. And I am not receiving mail reply's to my = inbox even though i have subscribed to devel group. Here after i will pro= ceed with web console https://edk2.groups.io ( https://edk2.groups.io/ ) = for tracking info. >=20 > as you suggested, I have done the dom xml changes you suggested in prev= ious mail that >=20 > * Dom XML Changes for OVMF loader stuff > * deleted existing=C2=A0 varstore file /var/lib/libvirt/qemu/nvram/ >=20 > I am unable to boot the VM saying that there is no bootable device to b= oot , attached the screen shot with this thread for the same. I have been= using=C2=A0 image https://www.kraxel.org/repos/images/fedora-28-efi-syst= emd-x86_64.qcow2.xz for Guest VM Boot. Please suggest me if i missed out = some thing. When you import a pre-made disk image like this, with a UEFI OS installat= ion on it, but without any Boot#### and BootOrder UEFI variables in the d= omain's variable store, that amounts to an installed UEFI system losing i= ts Boot#### and BootOrder variables. The UEFI spec covers this case; a great writeup can be found at . However: you're using a systemd-related UEFI boot loader, and I have no c= lue whether it implements the above-referenced "fallback" behavior. For n= ow, I would suggest trying the shim+grub2 variant, and even Fedora 29 rat= her than Fedora 28: "fedora-29-efi-grub2-x86_64.qcow2.xz". If it still doesn't work, then you can modify your domain XML as follows,= for saving a firmware debug log (note that the xmlns:qemu attribute (nam= espace definition) in the root element is important): =20 The file "/tmp/secvm.log" will contain the OVMF debug log. Additionally, I'd suggest removing the element, and ad= ding the following instead: ... ... =20 ... I guess it's also possible that the UEFI boot loader in the disk imag= e that you've tried isn't properly signed, against the certificates enrol= led in "/usr/share/OVMF/OVMF_VARS.secboot.fd". If that's the case, the OV= MF debug log will show it. Thanks, Laszlo