- Posted In
- Red Hat Enterprise Linux
SMM is not available with this QEMU binary
When I select the UEFI during creation of VM, I get the following error. Does anyone know how to fix it?
Unable to complete install: 'unsupported configuration: smm is not available with this QEMU binary' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/create.py", line 2288, in _do_async_install guest.start_install(meter=meter) File "/usr/share/virt-manager/virtinst/guest.py", line 497, in start_install doboot, transient) File "/usr/share/virt-manager/virtinst/guest.py", line 433, in _create_guest domain = self.conn.createXML(install_xml or final_xml, 0) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3567, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self) libvirtError: unsupported configuration: smm is not available with this QEMU binary
One question : Do you have
OVMFinstalled ? In case not, execute :
sudo yum install OVMF
Yes, I have it installed.
Hmmm ... then it should work without issues. I have seen many "strange reasons" on different Linux distributions why it didn't work : one of them was that the installed OVMF version was incompatible with the installed
qemuversion and I solved it by copying the "ubuntu OVMF" version to the fedora workstation system. A solution in another case (for whatever reason) was to disable secure boot on the host system. But that might not help in your case ... maybe you find something here : tianocore
I don't want to disable Secure Boot or modify system files...
Well Kwong, alternatively you can search for a solution or file a bug report here : tianocore bugzilla
I had the same problem. As it turns out, the latest version of OVMF (dated from 2016) in the RH supplemental repository does not seem to work. One way to fix that is: yum downgrade OVMF You will get a version dated 2015, and it seems to work without a problem.
However, I am using the one in rhel-7-server-rpms.
I only have workstation, and it's not in that repo. The one in the server repo seems to be even newer than the one in the supplemental. My answer would be the same: try downgrading. You may then get the one from the supplemental and see if that helps. You may have to downgrade again until you find one that works.
In the end, my solution appears to be similar to Christian's suggested solution of replacing the OVMF files; he suggested using some from Ubuntu, while I simply used an older one from RH.
I assume that RH did test the OVMF files before putting them into the server repo, so there probably are additional facts that affect whether or not it works.
BTW, I tried my host both with and without secure boot enabled.
There is a few lines in the source rpm spec file
Removing "-D SMM_REQUIRE", rebuild the rpm, browse inside the rpm and then copy OVMF_CODE.secboot.fd to /usr/share/OVMF/OVMF_CODE.fd makes it work but I don't know whether this will reduce security.
I found an alternative OVMF in the supplementary channel that seems to work:
Same for me, the RPM "OVMF-20140822-7.git9ece15a.el7.x86_64.rpm" from the RHEL 7 Supplementary Repo seems to work...
please refer to: https://access.redhat.com/discussions/2958371#comment-1155681
If you rebuild OVMF with "-D SECURE_BOOT_ENABLE" but remove "-D SMM_REQUIRE", that will break the security of the Secure Boot feature. Don't do it.
Do not use OVMF from "Red Hat Enterprise Linux 7 Server - Supplementary". That package is extremely outdated.
The package from "Red Hat Enterprise Linux 7 Server" is correct. (Latest released version: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm). However, you cannot boot this firmware binary on the qemu-kvm package that is part of base RHEL7. You need qemu-kvm-rhev, from RHV.
The actual security of the Secure Boot feature in OVMF is ensured by SMM emulation. For this, OVMF must be built to include the edk2 SMM driver stack (hence -D SMM_REQUIRE). Furthermore, QEMU and KVM both must provide SMM/SMRAM emulation. The RHEL7 host kernel (KVM) provides SMM/SMRAM emulation, but qemu-kvm in base RHEL7 does not. For that, the "pc-q35-rhel7.3.0" or later QEMU machine type is necessary, and that is only available in the qemu-kvm-rhev package, from the RHV product.