Hi

I am new to this and i am trying to perform Windows Server 2016 [Guest VM] UEFI secure boot mode on KVM(Hypervisor) Host using edk2.git-ovmf-x64-0-20190308.1017.g0eccea3fbe.noarch.I am looking for support documents which helps me in assessing the same.

Environment Details

KVM Host :RHEL 7.3

Guest VM : Windows Server 2016

Qemu Version : qemu-kvm-ev-2.9.0-16.el7_4.13.1

[root@rhel-02 ~]# /usr/libexec/qemu-kvm --machine help

Supported machines are:

pc RHEL 7.4.0 PC (i440FX + PIIX, 1996) (alias of pc-i440fx-rhel7.4.0)

pc-i440fx-rhel7.4.0 RHEL 7.4.0 PC (i440FX + PIIX, 1996) (default)

pc-i440fx-rhel7.3.0 RHEL 7.3.0 PC (i440FX + PIIX, 1996)

pc-i440fx-rhel7.2.0 RHEL 7.2.0 PC (i440FX + PIIX, 1996)

pc-i440fx-rhel7.1.0 RHEL 7.1.0 PC (i440FX + PIIX, 1996)

pc-i440fx-rhel7.0.0 RHEL 7.0.0 PC (i440FX + PIIX, 1996)

rhel6.6.0 RHEL 6.6.0 PC

rhel6.5.0 RHEL 6.5.0 PC

rhel6.4.0 RHEL 6.4.0 PC

rhel6.3.0 RHEL 6.3.0 PC

rhel6.2.0 RHEL 6.2.0 PC

rhel6.1.0 RHEL 6.1.0 PC

rhel6.0.0 RHEL 6.0.0 PC

q35 RHEL-7.4.0 PC (Q35 + ICH9, 2009) (alias of pc-q35-rhel7.4.0)

pc-q35-rhel7.4.0 RHEL-7.4.0 PC (Q35 + ICH9, 2009)

pc-q35-rhel7.3.0 RHEL-7.3.0 PC (Q35 + ICH9, 2009)

none empty machine

Libvirt Domain XML

<domain type='kvm' id='23'>

<name>wus</name>

<uuid>97777f3a-089c-4dae-b192-070a5c676084</uuid>

<memory unit='KiB'>2097152</memory>

<currentMemory unit='KiB'>2097152</currentMemory>

<vcpu placement='static'>2</vcpu>

<resource>

<partition>/machine</partition>

</resource>

<os>

<type arch='x86_64' machine='pc-q35-rhel7.4.0'>hvm</type>

<loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>

<nvram template='/usr/share/OVMF/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/wus_VARS.fd</nvram>

<bootmenu enable='no'/>

</os>

<features>

<acpi/>

<apic/>

<smm state='on'/>

</features>

<cpu mode='custom' match='exact' check='full'>

<model fallback='forbid'>Penryn</model>

<feature policy='require' name='vme'/>

<feature policy='require' name='x2apic'/>

<feature policy='require' name='hypervisor'/>

</cpu>

<clock offset='localtime'>

<timer name='rtc' tickpolicy='catchup'/>

<timer name='pit' tickpolicy='delay'/>

<timer name='hpet' present='no'/>

<timer name='hypervclock' present='yes'/>

</clock>

<on_poweroff>destroy</on_poweroff>

<on_reboot>restart</on_reboot>

<on_crash>destroy</on_crash>

<pm>

<suspend-to-mem enabled='no'/>

<suspend-to-disk enabled='no'/>

</pm>

<devices>

<emulator>/usr/libexec/qemu-kvm</emulator>

<disk type='file' device='disk'>

<driver name='qemu' type='qcow2'/>

<source file='/mnt/5b34383e-db2f-363f-b9b1-a1e6adfb1543/win2k16-uefi-secureboot.qcow2'/>

<backingStore/>

<target dev='vda' bus='virtio'/>

<boot order='2'/>

<alias name='virtio-disk0'/>

<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>

</disk>

<disk type='file' device='cdrom'>

<driver name='qemu' type='raw'/>

<source file='/root/UefiShell-ovmf.iso'/>

<backingStore/>

<target dev='sdc' bus='scsi'/>

<readonly/>

<boot order='1'/>

<alias name='scsi0-0-0-2'/>

<address type='drive' controller='0' bus='0' target='0' unit='2'/>

</disk>

<controller type='usb' index='0' model='ich9-ehci1'>

<alias name='usb'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1d' function='0x7'/>

</controller>

<controller type='usb' index='0' model='ich9-uhci1'>

<alias name='usb'/>

<master startport='0'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1d' function='0x0' multifunction='on'/>

</controller>

<controller type='usb' index='0' model='ich9-uhci2'>

<alias name='usb'/>

<master startport='2'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1d' function='0x1'/>

</controller>

<controller type='usb' index='0' model='ich9-uhci3'>

<alias name='usb'/>

<master startport='4'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1d' function='0x2'/>

</controller>

<controller type='sata' index='0'>

<alias name='ide'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>

</controller>

<controller type='pci' index='0' model='pcie-root'>

<alias name='pcie.0'/>

</controller>

<controller type='pci' index='1' model='dmi-to-pci-bridge'>

<model name='i82801b11-bridge'/>

<alias name='pci.1'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x1e' function='0x0'/>

</controller>

<controller type='pci' index='2' model='pci-bridge'>

<model name='pci-bridge'/>

<target chassisNr='2'/>

<alias name='pci.2'/>

<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>

</controller>

<controller type='pci' index='3' model='pcie-root-port'>

<model name='pcie-root-port'/>

<target chassis='3' port='0x8'/>

<alias name='pci.3'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>

</controller>

<controller type='pci' index='4' model='pcie-root-port'>

<model name='pcie-root-port'/>

<target chassis='4' port='0x9'/>

<alias name='pci.4'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>

</controller>

<controller type='pci' index='5' model='pcie-root-port'>

<model name='pcie-root-port'/>

<target chassis='5' port='0xa'/>

<alias name='pci.5'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>

</controller>

<controller type='pci' index='6' model='pcie-root-port'>

<model name='pcie-root-port'/>

<target chassis='6' port='0xb'/>

<alias name='pci.6'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/>

</controller>

<controller type='scsi' index='0' model='virtio-scsi'>

<alias name='scsi0'/>

<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>

</controller>

<interface type='bridge'>

<mac address='52:54:00:ac:0d:af'/>

<source bridge='cloudbr0'/>

<target dev='vnet1'/>

<model type='rtl8139'/>

<alias name='net0'/>

<address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>

</interface>

<serial type='pty'>

<source path='/dev/pts/3'/>

<target type='isa-serial' port='0'>

<model name='isa-serial'/>

</target>

<alias name='serial0'/>

</serial>

<console type='pty' tty='/dev/pts/3'>

<source path='/dev/pts/3'/>

<target type='serial' port='0'/>

<alias name='serial0'/>

</console>

<input type='mouse' bus='ps2'>

<alias name='input0'/>

</input>

<input type='keyboard' bus='ps2'>

<alias name='input1'/>

</input>

<input type='tablet' bus='usb'>

<alias name='input2'/>

<address type='usb' bus='0' port='1'/>

</input>

<graphics type='vnc' port='5901' autoport='yes' listen='10.112.0.82'>

<listen type='address' address='10.112.0.82'/>

</graphics>

<video>

<model type='virtio' heads='1' primary='yes'/>

<alias name='video0'/>

<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>

</video>

<memballoon model='virtio'>

<alias name='balloon0'/>

<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>

</memballoon>

</devices>

<seclabel type='dynamic' model='dac' relabel='yes'>

<label>+0:+0</label>

<imagelabel>+0:+0</imagelabel>

</seclabel>

</domain>

Unfortunately i am unable to boot VM using with this config. I don't know what mistake with dom xml file. When i try to connect vnc server for the VM console it's stuck with "Guest has not initiated the display(yet)"

I am looking for support documents which helps me in assessing the same. I could n't find step by step documentation available over the web. Please help me.

Thanks in Advance.

Regards,

Pavan.

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.