SMM is not available with this QEMU binary
When I select the UEFI during creation of VM, I get the following error. Does anyone know how to fix it?
Unable to complete install: 'unsupported configuration: smm is not available with this QEMU binary'
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/create.py", line 2288, in _do_async_install
guest.start_install(meter=meter)
File "/usr/share/virt-manager/virtinst/guest.py", line 497, in start_install
doboot, transient)
File "/usr/share/virt-manager/virtinst/guest.py", line 433, in _create_guest
domain = self.conn.createXML(install_xml or final_xml, 0)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3567, in createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
libvirtError: unsupported configuration: smm is not available with this QEMU binary
Responses
Guru
34320 points
Hi Kwong,
One question : Do you have OVMF installed ? In case not, execute : sudo yum install OVMF
Regards,
Christian
Guru
34320 points
Hmmm ... then it should work without issues. I have seen many "strange reasons" on different Linux distributions why it didn't work : one of them was that the installed OVMF version was incompatible with the installed qemu version and I solved it by copying the "ubuntu OVMF" version to the fedora workstation system. A solution in another case (for whatever reason) was to disable secure boot on the host system. But that might not help in your case ... maybe you find something here : tianocore
Regards,
Christian
Guru
34320 points
Well Kwong, alternatively you can search for a solution or file a bug report here : tianocore bugzilla
Regards,
Christian
I had the same problem. As it turns out, the latest version of OVMF (dated from 2016) in the RH supplemental repository does not seem to work. One way to fix that is: yum downgrade OVMF You will get a version dated 2015, and it seems to work without a problem.
I only have workstation, and it's not in that repo. The one in the server repo seems to be even newer than the one in the supplemental. My answer would be the same: try downgrading. You may then get the one from the supplemental and see if that helps. You may have to downgrade again until you find one that works.
In the end, my solution appears to be similar to Christian's suggested solution of replacing the OVMF files; he suggested using some from Ubuntu, while I simply used an older one from RH.
I assume that RH did test the OVMF files before putting them into the server repo, so there probably are additional facts that affect whether or not it works.
BTW, I tried my host both with and without secure boot enabled.
Hi All,
please refer to: https://access.redhat.com/discussions/2958371#comment-1155681
To elaborate:
If you rebuild OVMF with "-D SECURE_BOOT_ENABLE" but remove "-D SMM_REQUIRE", that will break the security of the Secure Boot feature. Don't do it.
Do not use OVMF from "Red Hat Enterprise Linux 7 Server - Supplementary". That package is extremely outdated.
The package from "Red Hat Enterprise Linux 7 Server" is correct. (Latest released version: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm). However, you cannot boot this firmware binary on the qemu-kvm package that is part of base RHEL7. You need qemu-kvm-rhev, from RHV.
The actual security of the Secure Boot feature in OVMF is ensured by SMM emulation. For this, OVMF must be built to include the edk2 SMM driver stack (hence -D SMM_REQUIRE). Furthermore, QEMU and KVM both must provide SMM/SMRAM emulation. The RHEL7 host kernel (KVM) provides SMM/SMRAM emulation, but qemu-kvm in base RHEL7 does not. For that, the "pc-q35-rhel7.3.0" or later QEMU machine type is necessary, and that is only available in the qemu-kvm-rhev package, from the RHV product.