VM start is failing with latest OVMF for Red Hat flavored distribution

Pierrotws · September 16, 2025, 12:16pm

Hi,

When I use 2025 versions of edk2-ovmf package (202505, 202508), VM cannot start properly when I use red-hat based distribution (almalinux, rockylinux):

> incus start test –console
BdsDxe: loading Boot0009 “rocky” from HD(1,GPT,2CC19A35-EAF5-4F4F-8755-AB31FC98E00E,0x800,0x32000)/\\EFI\\rocky\\shimx64.efi
BdsDxe: starting Boot0009 “rocky” from HD(1,GPT,2CC19A35-EAF5-4F4F-8755-AB31FC98E00E,0x800,0x32000)/\\EFI\\rocky\\shimx64.efi
!!! X64 Exception Type - 0E(#PF - Page-Fault)  CPU Apic ID - 00000000 !!!
ExceptionData - 0000000000000011  I:1 R:0 U:0 W:0 P:1 PK:0 SS:0 SGX:0
RIP  - 000000007C7BF400, CS  - 0000000000000038, RFLAGS - 0000000000010206
RAX  - 000000007CCB3194, RCX - 000000007D6A4A98, RDX - 000000007E9EB018
RBX  - 0000000000000000, RSP - 000000007EF2B658, RBP - 000000007D6A4A98
RSI  - 000000007CDC6940, RDI - 000000007D41E098
R8   - 0000000000002000, R9  - 000000007E8EBB18, R10 - 0000000000000000
R11  - 000000007CBFCC18, R12 - 000000007D6A4A98, R13 - 0000000000000000
R14  - 000000007CCB23F8, R15 - 000000007CCB2400
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 000000007C7BF400, CR3 - 000000007EC01000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000007E9E0000 0000000000000047, LDTR - 0000000000000000
IDTR - 000000007E2EC018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 000000007EF2B2B0
!!! Find image based on IP(0x7CC23D3A) (No PDB)  (ImageBase=000000007CBFE000, EntryPoint=000000007CC21000) !!!

Same kind of error after setting security.secureboot to false

BdsDxe: loading Boot0004 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
BdsDxe: starting Boot0004 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
!!!! X64 Exception Type - 0E(#PF - Page-Fault)  CPU Apic ID - 00000000 !!!!
ExceptionData - 0000000000000011  I:1 R:0 U:0 W:0 P:1 PK:0 SS:0 SGX:0
RIP  - 000000007D939400, CS  - 0000000000000038, RFLAGS - 0000000000010202
RAX  - 000000007DE2D194, RCX - 000000007E0F4698, RDX - 000000007F9EC018
RBX  - 0000000000000000, RSP - 000000007FE9C3D8, RBP - 000000007E0F4698
RSI  - 000000007E0BA040, RDI - 000000007E0F3318
R8   - 0000000000002000, R9  - 000000007F8ECB18, R10 - 0000000000000000
R11  - 000000007DD76C18, R12 - 000000007E0F4698, R13 - 0000000000000000
R14  - 000000007DE2C3F8, R15 - 000000007DE2C400
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 000000007D939400, CR3 - 000000007FC01000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000007F9DC000 0000000000000047, LDTR - 0000000000000000
IDTR - 000000007F494018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 000000007FE9C030
!!!! Find image based on IP(0x7DD9DD3A) (No PDB)  (ImageBase=000000007DD78000, EntryPoint=000000007DD9B000) !!!!

Quite surprisingly, it does not appear when I use ubuntu image.

I solved that issue by downgrading edk2-ovmf package to version 202411.

For info, I’m using archlinux distribution on my host.

bensmrs · September 16, 2025, 12:22pm

Yeah, I’m having the same problem on my Arch hosts. Reverting to 202411 works fine.

stgraber · September 17, 2025, 12:17am

Yeah, I’ve also been keeping my packages back on 202411 to avoid similar boot failures. Not sure what happened on more recent versions of EDK2, but it sure doesn’t like something with Red Hat based images.

adamcstephens · September 17, 2025, 1:19am

Here’s one proposed patch by RH, but it seems to stem from RH’s old and buggy bootloader.

github.com/tianocore/edk2

OvmfPkg/X64: add opt/org.tianocore/UninstallMemAttrProtocol support

master ← kraxel:devel/mem-attr-cfg

opened 11:40AM - 24 Jan 25 UTC

kraxel

+65 -0

Add support for opt/org.tianocore/UninstallMemAttrProtocol, to allow turning of…f EFI_MEMORY_ATTRIBUTE_PROTOCOL, simliar to ArmVirtPkg. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> # rant I *hate* to do this, but things are breaking left and right. This time it is not shim, 15.8 works fine and almost everyone has rolled out updates meanwhile. But now grub gets the NX stuff wrong, and following that the linux kernel efi stub pagefaults. Apparently it happens due something in the huge pile of distro downstream patches doing some stupid legacy x86 linux things. Vanilla 2.12 grub is doing fine. aarch64 is doing fine too. Even `chainloader $vmlinuz` works. Only `linux $vmlinux` on x64 distro builds explodes ...

Debian is applying this patch debian/patches/OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch · debian/latest · QEMU / edk2 · GitLab

stgraber · September 17, 2025, 1:53am

Thanks for the link. I’ve now added that to the Zabbly package (daily) and am now building with latest EDK2, let’s see if something else breaks

bensmrs · September 17, 2025, 8:24am

FTR, I hadn’t noticed the problem on a RH guest, but rather on my macOS experiments (although admittedly I’m not using the most recent OpenCore bootloader for reproducibility purposes)