tests: Add firmware descriptors for uefi-vars builds

Now that everything else is in place, we can finally add the
firmware descriptors for the edk2 builds that use the uefi-vars
QEMU device.

Several existing test cases that were failing up until this
point can pass now. This includes firmware-auto-efi-varstore-q35,
firmware-auto-efi-varstore-aarch64 and
firmware-auto-efi-enrolled-keys-aarch64, which were only failing
because a matching firmware descriptor could not be found.

firmware-manual-efi-varstore-aarch64 also passes now, because
with the firmware descriptor in place libvirt is able to figure
out that the manually-provided path corresponds to a UEFI
firmware build, which means that the use of ACPI is fine.

The test cases using older version of QEMU still fail, as is
expected, though the error message is now slightly different and
reflect the actual reason why that is.

The qemufirmware and domaincaps tests are updated in the
expected ways. In particular, versions QEMU 10.0 and newer now
advertise varstore support as available.

https://issues.redhat.com/browse/RHEL-82645

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
index 1fff8c7fc7b4f17401d48b89e3c6c1e9475e88c1..bf6393dc03bfbb2e55a93d0c102207a4b91b78b4 100644 (file)
--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
index 6c26e5b4228cd9e9e393c359fe693e6834f36279..d6f710e56ed276b945c6e332a6979f584978548b 100644 (file)
--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
index 97064ea00981bbe1cd4375c6ecda90348593bab5..334aa5e31ff957fbeaff265da448e9b2c8818f3a 100644 (file)
--- a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
index 97064ea00981bbe1cd4375c6ecda90348593bab5..334aa5e31ff957fbeaff265da448e9b2c8818f3a 100644 (file)
--- a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 3537dd01f61a5ff8050481a992db75b88a7341f3..6c370de5dd9a08581b84ac78ec6b32b1c281fc36 100644 (file)
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
index e55d7d8ba63287f7c242c19fbccd5443d601ad89..60cc9eee3da035d0bac1dbce1c6ce65de9ce1462 100644 (file)
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
index 43fe2bff93ce0e5533696526a478e53d1872b565..e30b64e0685248cef19f0d37f4924bfea5e70340 100644 (file)
--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
@@ -35,7 +35,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
index 2c1b38b4ec025b2c16d8a20b090d108965b12e4c..fde3055148332386ad3e71a598cf695d5c03d824 100644 (file)
--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
index fa1d3c490bc810bd1ff3e7d14b5be860cbc8a65a..beb9a49ee39a12ad33d08d8c99d8c3a90b858fb4 100644 (file)
--- a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
index fa1d3c490bc810bd1ff3e7d14b5be860cbc8a65a..beb9a49ee39a12ad33d08d8c99d8c3a90b858fb4 100644 (file)
--- a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
index 109f3ae0ae442d31414b9465a7f6ef5c71389810..aa62aa1502431777aaf1c7d5b31e26e6a662d29e 100644 (file)
--- a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
@@ -36,7 +36,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
index db47c5ee98b1db48fa6fef67dc12d05572d38d02..4d41b6427d9ad7aba56d83b0354597547bb11097 100644 (file)
--- a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
index db47c5ee98b1db48fa6fef67dc12d05572d38d02..4d41b6427d9ad7aba56d83b0354597547bb11097 100644 (file)
--- a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>
@@ -32,7 +34,7 @@
         <value>no</value>
       </enum>
     </loader>
-    <varstore supported='no'/>
+    <varstore supported='yes'/>
   </os>
   <cpu>
     <mode name='host-passthrough' supported='yes'>

diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
index 420fbedd723d01bafec0e2a719bd5b0d7c83aef6..83fc9e37a7a3402a6a6149d71a8f4ea0b1e8b85d 100644 (file)
--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>

diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
index 420fbedd723d01bafec0e2a719bd5b0d7c83aef6..83fc9e37a7a3402a6a6149d71a8f4ea0b1e8b85d 100644 (file)
--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>

diff --git a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
index f998177636cd7eed4b9ef8f4e16a2cbe2e06f296..65bb9dc9bd22394051964591f5aa37b866b4b86f 100644 (file)
--- a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
+++ b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
@@ -11,9 +11,11 @@
     </enum>
     <firmwareFeatures supported='yes'>
       <enum name='secureBoot'>
+        <value>yes</value>
         <value>no</value>
       </enum>
       <enum name='enrolledKeys'>
+        <value>yes</value>
         <value>no</value>
       </enum>
     </firmwareFeatures>

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
new file mode 100644 (file)
index 0000000..9142d8f
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
@@ -0,0 +1,29 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
+        "uefi-vars": {
+            "template": "/usr/share/edk2/aarch64/vars.secboot.json"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "enrolled-keys",
+        "secure-boot",
+        "host-uefi-vars"
+    ],
+    "tags": [
+
+    ]
+}

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
new file mode 100644 (file)
index 0000000..5b1b483
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
@@ -0,0 +1,31 @@
+{
+    "description": "OVMF for qemu uefi-vars, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
+        "uefi-vars": {
+            "template": "/usr/share/edk2/ovmf/vars.secboot.json"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "enrolled-keys",
+        "secure-boot",
+        "host-uefi-vars",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
new file mode 100644 (file)
index 0000000..95c2598
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
@@ -0,0 +1,28 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines, SB disabled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
+        "uefi-vars": {
+            "template": "/usr/share/edk2/aarch64/vars.blank.json"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "secure-boot",
+        "host-uefi-vars"
+    ],
+    "tags": [
+
+    ]
+}

diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
new file mode 100644 (file)
index 0000000..b3fb98c
--- /dev/null
+++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
@@ -0,0 +1,30 @@
+{
+    "description": "OVMF for qemu uefi-vars, SB disabled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
+        "uefi-vars": {
+            "template": "/usr/share/edk2/ovmf/vars.blank.json"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "secure-boot",
+        "host-uefi-vars",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
index ee585b67d2ecd719c91228ff5847f9f4b29670c4..075e3e1d4cc09e1dc6f30296ddafb06d59ff4029 100644 (file)
--- a/tests/qemufirmwaretest.c
+++ b/tests/qemufirmwaretest.c
@@ -101,7 +101,11 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
         SYSCONFDIR "/qemu/firmware/59-libvirt-combined.json",
         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
+        PREFIX "/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json",
+        PREFIX "/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json",
         PREFIX "/share/qemu/firmware/90-libvirt-combined.json",
+        PREFIX "/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json",
+        PREFIX "/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json",
         PREFIX "/share/qemu/firmware/91-libvirt-bios.json",
         PREFIX "/share/qemu/firmware/93-libvirt-invalid.json",
         NULL
@@ -296,7 +300,11 @@ mymain(void)
     DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
+    DO_PARSE_TEST("usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json");
+    DO_PARSE_TEST("usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json");
     DO_PARSE_TEST("usr/share/qemu/firmware/90-libvirt-combined.json");
+    DO_PARSE_TEST("usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json");
+    DO_PARSE_TEST("usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json");
     DO_PARSE_TEST("usr/share/qemu/firmware/91-libvirt-bios.json");
     DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-libvirt-invalid.json");
 
@@ -325,7 +333,7 @@ mymain(void)
     DO_SUPPORTED_TEST("pc-i440fx-3.1", VIR_ARCH_I686, false, false,
                       "/usr/share/seabios/bios-256k.bin:NULL",
                       VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS);
-    DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, false,
+    DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, true,
                       "/usr/share/seabios/bios-256k.bin:NULL:"
                       "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2:/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2:"
                       "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd:"
@@ -335,7 +343,9 @@ mymain(void)
                       "/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd:"
                       "/usr/share/edk2/ovmf/OVMF.combined.fd:NULL:"
                       "/usr/share/edk2/ovmf/OVMF.amdsev.fd:NULL:"
-                      "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL",
+                      "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL:"
+                      "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/vars.secboot.json:"
+                      "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/vars.blank.json",
                       VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS,
                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
     DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_I686, false, false,
@@ -344,11 +354,13 @@ mymain(void)
     DO_SUPPORTED_TEST("microvm", VIR_ARCH_X86_64, false, false,
                       "/usr/share/edk2/ovmf/MICROVM.fd:NULL",
                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
-    DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, false,
+    DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, true,
                       "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
                       "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
                       "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
-                      "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw",
+                      "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
+                      "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars.secboot.json:"
+                      "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars.blank.json",
                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
     DO_SUPPORTED_TEST("virt", VIR_ARCH_RISCV64, false, false,
                       "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2:/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
index 3edb2b34511a589b675c3048df93272640cdb75d..e64c2b21aae8703eac2c7729a0ed23d496f4e609 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
@@ -1 +1 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+unsupported configuration: The uefi-vars device is not supported by this QEMU binary

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
new file mode 100644 (file)
index 0000000..abc9346
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
deleted file mode 100644 (file)
index 3edb2b3..0000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
index 908a8435f99877e222439dca162dfd0d618ab32c..8c288d7d0cee9daa5f7b60e4c4e46051cf54f5a6 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
@@ -8,8 +8,10 @@
     <type arch='aarch64' machine='virt-8.2'>hvm</type>
     <firmware>
       <feature enabled='yes' name='enrolled-keys'/>
+      <feature enabled='yes' name='secure-boot'/>
     </firmware>
-    <loader format='raw'/>
+    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
     <boot dev='hd'/>
   </os>
   <features>

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
new file mode 100644 (file)
index 0000000..abc9346
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
deleted file mode 100644 (file)
index 3edb2b3..0000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
index b0fa092509e036f12031db9b4ecd03f3bd32de53..8c288d7d0cee9daa5f7b60e4c4e46051cf54f5a6 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
@@ -6,8 +6,12 @@
   <vcpu placement='static'>1</vcpu>
   <os firmware='efi'>
     <type arch='aarch64' machine='virt-8.2'>hvm</type>
-    <loader format='raw'/>
-    <varstore/>
+    <firmware>
+      <feature enabled='yes' name='enrolled-keys'/>
+      <feature enabled='yes' name='secure-boot'/>
+    </firmware>
+    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
     <boot dev='hd'/>
   </os>
   <features>

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
new file mode 100644 (file)
index 0000000..9a899c2
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
@@ -0,0 +1,34 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
+-accel kvm \
+-cpu qemu64 \
+-bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-global ICH9-LPC.noreboot=off \
+-watchdog-action reset \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
deleted file mode 100644 (file)
index 3edb2b3..0000000
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
index c4d70c9fc5809b0885cf40f18a6fb473d2dee7c2..cfce35de3fac5c1e678d9c5fa71b3fc5e005c83f 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
@@ -6,8 +6,12 @@
   <vcpu placement='static'>1</vcpu>
   <os firmware='efi'>
     <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
-    <loader format='raw'/>
-    <varstore/>
+    <firmware>
+      <feature enabled='yes' name='enrolled-keys'/>
+      <feature enabled='yes' name='secure-boot'/>
+    </firmware>
+    <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
+    <varstore template='/usr/share/edk2/ovmf/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
     <boot dev='hd'/>
   </os>
   <features>

diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
index 4fe79bdacf24f82cb5f08a154f8f56d1cdaf7943..e64c2b21aae8703eac2c7729a0ed23d496f4e609 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
@@ -1 +1 @@
-unsupported configuration: ACPI requires UEFI on this architecture
+unsupported configuration: The uefi-vars device is not supported by this QEMU binary

diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
new file mode 100644 (file)
index 0000000..abc9346
--- /dev/null
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
@@ -0,0 +1,31 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-aarch64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine virt-8.2,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+-accel kvm \
+-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
+-m size=1048576k \
+-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on

diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
deleted file mode 100644 (file)
index 4fe79bd..0000000
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: ACPI requires UEFI on this architecture

diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
similarity index 76%
rename from tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
rename to tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
index 5213a41b900e6c96663dfb75dba93a242c406405..83faf6842636820c3b8b1faec6ebf22da22fdccd 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
@@ -8,13 +8,15 @@
     <type arch='aarch64' machine='virt-8.2'>hvm</type>
     <firmware>
       <feature enabled='yes' name='enrolled-keys'/>
+      <feature enabled='yes' name='secure-boot'/>
     </firmware>
-    <loader format='raw'/>
+    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
+    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/path/to/guest.json'/>
     <boot dev='hd'/>
   </os>
   <features>
     <acpi/>
-    <gic version='3'/>
+    <gic version='2'/>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>

diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
index 296c6e8f59af5bd81d1d504c9951f145fbc5d63a..a7b54a3fac589ba28d6c4636a7462afa2724dee0 100644 (file)
--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
@@ -4,10 +4,14 @@
   <memory unit='KiB'>1048576</memory>
   <currentMemory unit='KiB'>1048576</currentMemory>
   <vcpu placement='static'>1</vcpu>
-  <os>
+  <os firmware='efi'>
     <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
+    <firmware>
+      <feature enabled='yes' name='enrolled-keys'/>
+      <feature enabled='yes' name='secure-boot'/>
+    </firmware>
     <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
-    <varstore path='/path/to/guest.json'/>
+    <varstore template='/usr/share/edk2/ovmf/vars.secboot.json' path='/path/to/guest.json'/>
     <boot dev='hd'/>
   </os>
   <features>

diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 43e994fc937880d8388cab8f262c4bfeca53316c..187f90c9dca98d08f3e66fe32dc6432a52fc5fc0 100644 (file)
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1620,7 +1620,7 @@ mymain(void)
 
     DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
     DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
-    DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64");
+    DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-varstore-aarch64", "aarch64");
     DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64", "8.2.0");
 
     /* Make sure all combinations of ACPI and UEFI behave as expected */
@@ -1657,8 +1657,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
-    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
-    DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
+    DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
+    DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
@@ -1673,8 +1673,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-varstore-q35");
-    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-varstore-aarch64", "aarch64");
+    DO_TEST_CAPS_LATEST("firmware-auto-efi-varstore-q35");
+    DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-varstore-aarch64", "aarch64");
 
     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");