Spent a bunch of time today trying to get Incus running properly on an M1 Macbook Pro with Asahi Linux. I ran the out-of-the-box install of Asahi on a 200GB partition on the Mac, and did a ‘dnf install incus’, which installed Incus 6.19.1.
I was able to get a couple of LXC containers with no issues, but trying to launch a VM (ubuntu/noble) failed with “Couldn’t find one of the required UEFI firmware files”.
journalctl revealed mismatch in firmware files:
qemu-system-aarch64: cfi.pflash01 device ‘/machine/virt.flash0’ requires 67108864 bytes, pflash0 block backend provides 1966080 bytes
Spent far too much time trying to figure it out before enlisting codex, but in the end got it working. Summary:
Root cause:
Secure-boot firmware (.ms) files are absent; Incus searches for AAVMF/OVMF variants and, with secure boot enabled plus extra pflash drives, returned “Couldn’t find one of the required UEFI firmware files” and later QEMU “machine type does not support if=pflash,bus=0,unit=2”.
Fixes applied:
- Added Incus-expected ARM firmware names in the configured search path: /usr/share/edk2/aarch64/AAVMF_CODE.fd → QEMU_EFI-pflash.raw
AAVMF_VARS.fd → vars-template-pflash.raw (symlinks).
Restarted incus so INCUS_EDK2_PATH (/usr/share/edk2/aarch64/) picks them up.
sudo ln -sf /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw /usr/share/edk2/aarch64/AAVMF_CODE.fd
sudo ln -sf /usr/share/edk2/aarch64/vars-template-pflash.raw /usr/share/edk2/aarch64/AAVMF_VARS.fd
sudo systemctl restart incus
- Set security.secureboot=false in incus profile for VMs
I don’t know if this is a known issue. I assume something needs to be changed in the Fedora packaging(?). Would obviously be much nicer to not have to do the above.
Anyway - this was a ‘dry-run/proof-of-concept’ before I set up a Mac Mini more permanently as a server. I have to say it is impressively quick. Looking forward to upgrading the internal storage on the Mini and having a fast, silent, powerful and efficient little ARM server.
The only thing missing for me is that Thunderbolt/USB4 is not working in AsahiLinux yet (but I believe that is coming soon based on a recent presentation by one of the devs).