Thanks.
The PR that @stgraber added to allow that mentions:
This allows for booting LXD off of an external firmware file or directly
into a specific kernel. Such firmware or kernel will likely need a
matching raw.apparmor entry so that QEMU can actually access them.
https://github.com/lxc/lxd/pull/10188
Also, you can reference the host’s filesystem outside of the snap package using /var/lib/snapd/hostfs.
So something like this should work:
lxc config set <instance> raw.qemu=" -bios /var/lib/snapd/hostfs/path/to/bios-256k.bin -machine pc-q35-2.6"
printf "/var/lib/snapd/hostfs/path/to/bios-256k.bin r," | lxc config set <instance> raw.apparmor -
See for more examples of using raw.apparmor: