Running Windows 10 under QEMU, Update: Debian Changed OVMF
In October I wrote about making a Windows 10 that Boots off a USB Stick, From Linux.
A Debian update today or yesterday (Merry Christmas!) broke that and I spent a few hours today chasing that down.
There's a package called ovmf that puts BIOS/firmware
related files
in /usr/share/OVMF/. The command I used in the earlier article
included the flag -bios /usr/share/OVMF/OVMF_CODE.fd
but as of today, -bios apparently doesn't work any more
with any of the files there.
OVMF stands for Open Virtual Machine Firmware: it's the firmware from TianoCore that shows a message as you first start to boot a virtual machine.
With the new update, QEMU died with the error
qemu: could not load PC BIOS '/usr/share/OVMF/OVMF_CODE.fd
And, indeed, there is no more OVMF_CODE.fd in that directory. Instead, there's
-rw-r--r-- 1 root root 3653632 Dec 24 16:24 OVMF_CODE_4M.fd lrwxrwxrwx 1 root root 23 Dec 24 16:24 OVMF_CODE_4M.ms.fd -> OVMF_CODE_4M.secboot.fd -rw-r--r-- 1 root root 3653632 Dec 24 16:24 OVMF_CODE_4M.secboot.fd lrwxrwxrwx 1 root root 23 Dec 24 16:24 OVMF_CODE_4M.snakeoil.fd -> OVMF_CODE_4M.secboot.fdplus several OVMF_VARS* files.
But changing the -bios flag to
-bios /usr/share/OVMF/OVMF_CODE_4m.fd
fails with the exact same error message,
as does the .secboot variant.
The package has a README, /usr/share/doc/ovmf/README.Debian as well as a NEWS.Debian.gz in the same doc directory, but neither of them makes anything about this clear.
The README does have a useful list of the various OVMF files and how they compare (e.g., use OVMF_CODE_4M.secboot.fd if you're using Secure Boot, otherwise use OVMF_CODE_4M.fd.
One important key was the paragraph in the README on OVMF.fd, which begins
This is a unified image that includes the contents of both OVMF_CODE.fd and OVMF_VARS.fd. It is provided as a convenience for testing purposes, as it can be easily booted by QEMU using the -bios option.
That would be lovely, if there actually were such a file OVMF.fd,, but there isn't.
But it gave me a clue: apparently -bios can only be used on OVMF_CODE files that integrate an associated OVMF_VARS file. I have no idea how you tell whether a _CODE file includes _VARS, but perhaps the old OVMF_CODE.fd did and the new OVMF_CODE_4M.fd doesn't.
So maybe I needed to include a line for the _VARS file too.
But how? The only example I was able to find of using a _VARS file
was on
Debian
Wiki: SecureBoot VirtualMachine,
which doesn't use -bios at all but instead uses one
-disk entry for the _CODE file, and another for a local
copy of the _VARS file.
That page also seems to consider it important to have a read-write copy of the _VARS file in case the guest OS wants to change any firmware variables. Whether that only applies to secureboot systems, I don't know. I'm not using secureboot for my VM, but I decided to follow the page's advice.
So I changed my qemu command to this:
cp /usr/share/OVMF/OVMF_VARS_4M.fd /tmp/
qemu-system-x86_64 \
-display gtk,window-close=off \
-machine type=q35,accel=kvm \
-enable-kvm \
-cpu host,hv-relaxed,hv-vapic,hv_spinlocks=0x1fff,hv-runtime,hv-time,hv-frequencies \
-smp 2 \
-m 2048 \
-drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=/tmp/OVMF_VARS_4M.fd \
-object rng-random,id=rng0,filename=/dev/urandom \
-device virtio-rng-pci,max-bytes=1024,period=1000 \
-acpitable file=/path/to/QEMU/acpitables/MSDM \
-smbios file=/path/to/QEMU/acpitables/smbios_type_0.bin \
-smbios file=/path/to/QEMU/acpitables/smbios_type_1.bin \
-vga std \
-device intel-hda \
-device hda-duplex \
-device qemu-xhci,id=xhci \
-device usb-tablet,bus=xhci.0 \
-drive format=raw,file=${USB_STICK},index=0 \
-drive file="/PATH/TO/Win10_22H2_English_x64v1.iso",index=1,media=cdrom
And that boots and runs.
I wish I could find something that actually explained what these files
actually are (especially the _VARS),
how they work together and the difference between
-bios and -drive.
But maybe that's too much to hope for.
[ 18:01 Dec 26, 2023 More linux | permalink to this entry | ]
![[RSS feed]](https://shallowsky.com/images/logos/rssicon-25x25.png){kind=small}
![[Twitter icon]](https://shallowsky.com/images/logos/twitter-bird-white-on-blue-25x25.png){kind=small}
![[Mastodon icon]](https://shallowsky.com/images/logos/mastodon.svg){kind=small}
![[envelope]](https://shallowsky.com/images/logos/envelope-25x25.png){kind=small}