OpenStack Compute (nova)

libvirt driver launcing VMs with stateless firmware

Registered by Takashi Kajinami

Since v8.6.0, libvirt supports disabling NVRAM used by uefi bootloder

https://libvirt.org/formatdomain.html#bios-bootloader
```
loader
... In some cases, however, it may be desirable for the loader to run without any NVRAM, discarding any config changes on shutdown. The stateless flag (Since 8.6.0) can be used to control this behaviour, when set to yes NVRAM will never be created.
```

This is specifically useful in case we attempt to measure boot chain with SEV encrypted guests to avoid undermining the trust of the secure guest.

https://libvirt.org/kbase/launch_security_sev.html#boot-loader
```
If intending to attest the boot measurement, it is required to use a firmware binary that is stateless, as persistent NVRAM can undermine the trust of the secure guest. This is achieved by telling libvirt that a stateless binary is required
```

However this option is not configurable in the guest VMs launched by Nova.

This works aims to allow users to use the stateless firmware, by a new image property (eg. hw_firmware_statelss = true).

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Takashi Kajinami
Direction:
Needs approval
Assignee:
Takashi Kajinami
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/libvirt-stateless-firmware

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/908297
    libvirt: Stateless firmware support

Addressed by: https://review.opendev.org/c/openstack/nova/+/908888
    Report availability of stateless firmware support

Addressed by: https://review.opendev.org/c/openstack/nova/+/908890
    libvirt: Launch instances with stateless firmware

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.