Bug 2135715

Summary: Sym links missing edk2-ovmf
Product: Red Hat Enterprise Linux 9 Reporter: Marko Myllynen <myllynen>
Component: edk2Assignee: Miroslav Rezanina <mrezanin>
Status: CLOSED WONTFIX QA Contact: Xueqiang Wei <xuwei>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: berrange, coli, jinzhao, juzhang, kraxel, lersek, mrezanin, pbonzini, vgoyal, virt-maint
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-25 12:47:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2132951    
Bug Blocks:    

Description Marko Myllynen 2022-10-18 09:00:17 UTC 
Description of problem:
The edk2-ovmf package provides sym link only for OVMF_VARS.fd but not for OVMF_CODE.fd.

Some tools expect to find both CODE and VARS in /usr/share/OVMF so it would be helpful to add sym links from /usr/share/OVMF to /usr/share/edk2/ovmf for at least all the .fd files, perhaps for others as well. Thanks.
Comment 1 Xueqiang Wei 2022-10-18 15:13:34 UTC 
Tested with edk2-ovmf-20220826gitba0e0e4c6a-1.el9.noarch, it contains the following 4 symbol links.

# ls /usr/share/OVMF/ -l
total 0
lrwxrwxrwx. 1 root root 33 Oct 11 11:04 OVMF_CODE.secboot.fd -> ../edk2/ovmf/OVMF_CODE.secboot.fd
lrwxrwxrwx. 1 root root 25 Oct 11 11:04 OVMF_VARS.fd -> ../edk2/ovmf/OVMF_VARS.fd
lrwxrwxrwx. 1 root root 33 Oct 11 11:04 OVMF_VARS.secboot.fd -> ../edk2/ovmf/OVMF_VARS.secboot.fd
lrwxrwxrwx. 1 root root 26 Oct 11 11:04 UefiShell.iso -> ../edk2/ovmf/UefiShell.iso


Hi Marko,

You mean, add symbol links for the following files, right?

# ls /usr/share/edk2/ovmf -l
total 15772
-rw-r--r--. 1 root root   18816 Oct 11 11:04 EnrollDefaultKeys.efi
-rw-r--r--. 1 root root 4194304 Oct 11 11:04 OVMF.amdsev.fd
-rw-r--r--. 1 root root 3653632 Oct 11 11:04 OVMF_CODE.cc.fd
-rw-r--r--. 1 root root 3653632 Oct 11 11:04 OVMF_CODE.secboot.fd
-rw-r--r--. 1 root root  540672 Oct 16 10:36 OVMF_VARS.fd
-rw-r--r--. 1 root root  540672 Oct 11 11:04 OVMF_VARS.secboot.fd
-rw-r--r--. 1 root root  948096 Oct 11 11:04 Shell.efi
-rw-r--r--. 1 root root 2594816 Oct 11 11:04 UefiShell.iso
Comment 2 Marko Myllynen 2022-10-19 07:35:38 UTC 
Thanks for looking into this.

Yes, in particular I was affected by missing the sym link for OVMF_CODE.fd but perhaps other would be helpful as well.

Thanks.
Comment 3 Miroslav Rezanina 2022-10-21 11:32:12 UTC 
Just a note - there's no OVMF_CODE.fd shipped for RHEL.
Comment 5 Laszlo Ersek 2022-10-25 07:27:33 UTC 
Please refer to the discussion in bug 2132951.

OVMF_CODE.fd has traditionally not been provided in RHEL (unlike in Fedora) because it does not include the (Secure Boot + SMM) feature set. The original idea was to avoid providing a firmware binary in RHEL that lacked the ability to implement (securely) the Secure Boot operational mode.

With the advent of Confidential Computing, a new use case has appeared for a firmware binary that lacks the (Secure Boot + SMM) feature set. However, this binary is not meant as the reinstatement of "OVMF_CODE.fd" in RHEL. Hence the new filename "OVMF_CODE.cc.fd", and the deliberate lack of a compatibility symlink. Please refer to the commit message in <https://gitlab.com/redhat/rhel/src/edk2/-/commit/14f5d2513745> (which is on the "rhel-8.5.0-20200602" branch).

Thus, I'd argue against additional symlinks in RHEL. Either way, I believe bug 2132951 should be solved first.
Comment 6 Miroslav Rezanina 2022-10-25 12:47:03 UTC 
As we do not provide required package so we can't create link and there isn't good enough reason for linking other files, closing the BZ.