Windows Updates in VMs are being affected with the error 0x800f0922 when trying to install KB5012170. Searching it reveals a new OVMF is needed.
Is there something we should be doing in LXD or will some update and procedure be released to resolve this new Windows requirement, in terms of existing Windows VM images and instances?
Also I’m going to be recreating the Windows Image because the recovery partition is at the end of the root disk and we’re unable to easily extend the C volume, so it would be good to know how to resolve this Windows Update error for the new image.
This has been discussed internally and @stgraber has found that its most likely due to a new requirement to have a 4MB NVRAM rather than the current 2MB.
The problem with that is that while we can enable 4MB NVRAM in EDK2 firmware, there is no way to convert it from an existing 2MB NVRAM.
So existing VMs will keep misbehaving even if we start pushing 4MB. And to keep the existing VMs behaving, we’ll have to start shipping two versions of the firmware.
Doing some digging, it looks like it’s the issue and that this also affects actual physical machines that don’t have 4MB of physical NVRAM on them… Which is why a common recommendation appears to be to use wushowhide to just plain disable that particular update.
We’ll be looking at rolling out 4MB enabled firmware images, but as mentioned, this will not help with any existing VM.
The only way to convert from 2MB to 4MB is to wipe the NVRAM for the VM, which means losing any setting they may have done in the firmware, most importantly the boot sequence.
This may not be a huge deal for WIndows though as it’s unlikely to have multiple boot entries and so would just go through UEFI recovery (bootx64.efi) on next boot with WIndows then putting back the content of the revocation entries and the like into the NVRAM with the next Windows Update.
Agreed, we as LXD consumers need to decide whether to try to migrate to the new NVRAM. We just need to be able to establish a process.
The complicated side is in a new LXD release and how to make >= 4MB NVRAM default but keep existing VMs on the current NVRAM until we need to migrate them.
In the mean time I suppose we can play with raw.qemu and raw.apparmor settings like we did for a Citrix VPX VM based on FreeBSD, and in conjunction with these steps: https://github.com/tianocore/edk2/discussions/3221