From e23b37fe0d6595caad4538c387b56cc0dbdece55 Mon Sep 17 00:00:00 2001
From: Nikolay Martyanov <nikolay@zededa.com>
Date: Wed, 18 Sep 2024 18:41:12 +0200
Subject: [PATCH] pillar: Separate OVMF firmware files and standardize naming.

Switch to using separate OVMF_CODE.fd and OVMF_VARS.fd files for FML x86
modes instead of a combined .bin file. This ensures that settings are
stored correctly and maintains consistent naming conventions. These
changes do not affect containers, ARM or Xen.

To support ARM the OVMF build should produce separate files. Currently
it produces QEMU_EFI that incorporates both code and variable sections.

Signed-off-by: Nikolay Martyanov <nikolay@zededa.com>
---
 pkg/pillar/Dockerfile                        |  2 +-
 pkg/pillar/cmd/zedmanager/handledomainmgr.go |  2 +-
 pkg/pillar/hypervisor/kvm.go                 | 15 +++++++++------
 pkg/pillar/hypervisor/kvm_test.go            |  8 ++++----
 pkg/pillar/types/locationconsts.go           |  2 +-
 pkg/xen-tools/Dockerfile                     |  3 ++-
 6 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/pkg/pillar/Dockerfile b/pkg/pillar/Dockerfile
index 07e1636c6e..17243cef9c 100644
--- a/pkg/pillar/Dockerfile
+++ b/pkg/pillar/Dockerfile
@@ -143,7 +143,7 @@ RUN set -e && for patch in /sys-patches/*.patch; do \
     done
 
 RUN mkdir -p /out/usr/lib/xen/boot
-COPY --from=uefi-build /OVMF_VARS.fd /out/usr/lib/xen/boot/ovmf_vars.bin
+COPY --from=uefi-build /OVMF_VARS.fd /out/usr/lib/xen/boot/OVMF_VARS.fd
 
 COPY --from=zfs /out /out
 COPY --from=fscrypt /opt/zededa/bin /out/opt/zededa/bin
diff --git a/pkg/pillar/cmd/zedmanager/handledomainmgr.go b/pkg/pillar/cmd/zedmanager/handledomainmgr.go
index bd06560726..4906513514 100644
--- a/pkg/pillar/cmd/zedmanager/handledomainmgr.go
+++ b/pkg/pillar/cmd/zedmanager/handledomainmgr.go
@@ -122,7 +122,7 @@ func MaybeAddDomainConfig(ctx *zedmanagerContext,
 		}
 	}
 	if dc.BootLoader == "" && (dc.VirtualizationModeOrDefault() == types.FML || runtime.GOARCH == "arm64") {
-		dc.BootLoader = "/usr/lib/xen/boot/ovmf.bin"
+		dc.BootLoader = "/usr/lib/xen/boot/OVMF_CODE.fd"
 	}
 	if ns != nil {
 		adapterCount := len(ns.AppNetAdapterList)
diff --git a/pkg/pillar/hypervisor/kvm.go b/pkg/pillar/hypervisor/kvm.go
index 162b20cbda..ccb0c82b95 100644
--- a/pkg/pillar/hypervisor/kvm.go
+++ b/pkg/pillar/hypervisor/kvm.go
@@ -86,7 +86,7 @@ const qemuConfTemplate = `# This file is automatically generated by domainmgr
   kernel-irqchip = "on"
 {{- end -}}
 {{- if .DomainConfig.BootLoader }}
-  {{- if ne .VirtualizationMode "FML" }}
+  {{- if or (ne .VirtualizationMode "FML") (eq .Machine "virt") }}
   firmware = "{{.DomainConfig.BootLoader}}"
   {{- end }}
 {{- end -}}
@@ -127,7 +127,7 @@ const qemuConfTemplate = `# This file is automatically generated by domainmgr
   caching-mode = "on"
 {{- end }}
 
-{{- if eq .VirtualizationMode "FML" }}
+{{- if and (eq .VirtualizationMode "FML") (ne .Machine "virt") }}
 
 [drive "drive-ovmf-code"]
   if = "pflash"
@@ -785,8 +785,13 @@ func (ctx KvmContext) Setup(status types.DomainStatus, config types.DomainConfig
 		swtpmCtrlSock = fmt.Sprintf(types.SwtpmCtrlSocketPath, domainName)
 	}
 
-	// Before we start building the domain config, we need to prepare the OVMF settings
-	if config.VirtualizationMode == types.FML {
+	// Before we start building the domain config, we need to prepare the OVMF settings.
+	// Currently, we only support OVMF settings for FML mode on x86_64 architecture.
+	// To support OVMF settings for ARM, we need to add fix OVFM build for ARM to
+	// produce separate OVMF_VARS.fd and OVMF_CODE.fd files. Currently, OVMF build
+	// for ARM produces a single QEMU_EFI.fd file that contains both OVMF_VARS.fd
+	// and OVMF_CODE.fd.
+	if config.VirtualizationMode == types.FML && runtime.GOARCH == "amd64" {
 		if err := prepareOVMFSettings(domainName); err != nil {
 			return logError("failed to setup OVMF settings for domain %s: %v", status.DomainName, err)
 		}
@@ -1236,8 +1241,6 @@ func (ctx KvmContext) Cleanup(domainName string) error {
 	}
 
 	// Cleanup OVMF settings
-	// XXX it should be a check for FML mode based on some config/status option. But we have
-	// only domain name here. So we check if the OVMF settings file exists.
 	settingsFile, err := getOVMFSettingsFilename(domainName)
 	if err != nil {
 		return fmt.Errorf("failed to get OVMF settings file: %v", err)
diff --git a/pkg/pillar/hypervisor/kvm_test.go b/pkg/pillar/hypervisor/kvm_test.go
index c26be7bc72..ca07fa2b82 100644
--- a/pkg/pillar/hypervisor/kvm_test.go
+++ b/pkg/pillar/hypervisor/kvm_test.go
@@ -371,7 +371,7 @@ func TestCreateDomConfigOnlyCom1(t *testing.T) {
 	})
 
 	config.VirtualizationMode = types.FML
-	config.BootLoader = "/usr/lib/xen/boot/ovmf.bin"
+	config.BootLoader = "/usr/lib/xen/boot/OVMF_CODE.fd"
 	t.Run("amd64-fml", func(t *testing.T) {
 		conf.Seek(0, 0)
 		if err := kvmIntel.CreateDomConfig(DefaultDomainName, config, types.DomainStatus{},
@@ -428,7 +428,7 @@ func TestCreateDomConfigOnlyCom1(t *testing.T) {
   format = "raw"
   readonly = "on"
   unit = "0"
-  file = "/usr/lib/xen/boot/ovmf.bin"
+  file = "/usr/lib/xen/boot/OVMF_CODE.fd"
 
 [drive "drive-ovmf-vars"]
   if = "pflash"
@@ -976,7 +976,7 @@ func TestCreateDomConfigAmd64Fml(t *testing.T) {
 	diskConfigs, diskStatuses := qemuDisks()
 	config, aa := domainConfigAndAssignableAdapters(diskConfigs)
 	config.VirtualizationMode = types.FML
-	config.BootLoader = "/usr/lib/xen/boot/ovmf.bin"
+	config.BootLoader = "/usr/lib/xen/boot/OVMF_CODE.fd"
 	addNonExistingAdapter(&config, &aa)
 	if err := kvmIntel.CreateDomConfig(DefaultDomainName, config, types.DomainStatus{},
 		diskStatuses, &aa, nil, swtpmCtrlSock, conf); err != nil {
@@ -1451,7 +1451,7 @@ func domConfigAmd64FML() string {
   format = "raw"
   readonly = "on"
   unit = "0"
-  file = "/usr/lib/xen/boot/ovmf.bin"
+  file = "/usr/lib/xen/boot/OVMF_CODE.fd"
 
 [drive "drive-ovmf-vars"]
   if = "pflash"
diff --git a/pkg/pillar/types/locationconsts.go b/pkg/pillar/types/locationconsts.go
index fbca8fac2d..25a39d16f1 100644
--- a/pkg/pillar/types/locationconsts.go
+++ b/pkg/pillar/types/locationconsts.go
@@ -136,7 +136,7 @@ const (
 	// OVMFSettingsDir - directory for OVMF settings, they are stored in per-domain files
 	OVMFSettingsDir = SealedDirName + "/ovmf"
 	// OVMFSettingsTemplate - template file for OVMF settings
-	OVMFSettingsTemplate = "/usr/lib/xen/boot/ovmf_vars.bin"
+	OVMFSettingsTemplate = "/usr/lib/xen/boot/OVMF_VARS.fd"
 )
 
 var (
diff --git a/pkg/xen-tools/Dockerfile b/pkg/xen-tools/Dockerfile
index e9f0284509..625ea3fc87 100644
--- a/pkg/xen-tools/Dockerfile
+++ b/pkg/xen-tools/Dockerfile
@@ -106,7 +106,8 @@ RUN if [ "$(uname -m)" = "x86_64" ]; then rm -f qemu-system-i386 && ln -s "qemu-
 
 COPY --from=uefi-build / /uefi/
 RUN mkdir -p /out/usr/lib/xen/boot && cp /uefi/OVMF.fd /out/usr/lib/xen/boot/ovmf.bin && \
-  cp /uefi/OVMF_PVH.fd /out/usr/lib/xen/boot/ovmf-pvh.bin
+  cp /uefi/OVMF_PVH.fd /out/usr/lib/xen/boot/ovmf-pvh.bin && \
+  [ -f /uefi/OVMF_CODE.fd ] && cp /uefi/OVMF_CODE.fd /out/usr/lib/xen/boot/OVMF_CODE.fd || :
 RUN if [ "$(uname -m)" = "x86_64" ]; then cp /uefi/*.rom /out/usr/lib/xen/boot/;fi
 
 FROM scratch