Skip to content

Unable to boot a vm in uefi mode on a kvm arm64 host #12325

New issue
New issue
Open
Open
Unable to boot a vm in uefi mode on a kvm arm64 host#12325
Labels
component:kvmmulti-archtype:bug
Milestone
4.22.1
@kiranchavala

Description

@kiranchavala
kiranchavala
opened on Dec 23, 2025

problem

Unable to boot a vm in uefi mode on a kvm arm64 host

versions

ACS 4.22
KVM Ubuntu 24.0.4

The steps to reproduce the bug

  1. On the kvm host make sure the efi packages (apt install swtpm qemu-efi-aarch64)

  2. Create a uefi properties file


root@raspberrypi5-cloudstack:~# cat /etc/cloudstack/agent/uefi.properties
# CloudStack Agent UEFI Configuration for ARM64
# This file configures UEFI boot support for ARM64 virtual machines

# Secure boot mode with Microsoft keys
guest.nvram.template.secure=/usr/share/AAVMF/AAVMF_VARS.ms.fd
guest.loader.secure=/usr/share/AAVMF/AAVMF_CODE.ms.fd

# Secure boot mode without Microsoft keys
guest.nvram.template.secboot=/usr/share/AAVMF/AAVMF_VARS.fd
guest.loader.secboot=/usr/share/AAVMF/AAVMF_CODE.secboot.fd

# Standard UEFI mode (default)
guest.nvram.template.legacy=/usr/share/AAVMF/AAVMF_VARS.fd
guest.loader.legacy=/usr/share/AAVMF/AAVMF_CODE.fd

# No secure boot mode (explicitly disabled)
guest.nvram.template.nosecboot=/usr/share/AAVMF/AAVMF_VARS.fd
guest.loader.nosecboot=/usr/share/AAVMF/AAVMF_CODE.no-secboot.fd

# NVRAM storage path
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
  1. Restart the services

service libvirtd restart

service cloudstack-agent restart

  1. Launch a vm select the boot mode as UEFI and secure
Image
  1. Exception observed
root@raspberrypi5-cloudstack:~# cat  /var/log/cloudstack/agent/agent.log |grep -i "logid:04a17230"
2025-12-23 05:51:11,829 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-5:[]) (logid:04a17230) Trying to fetch storage pool 1a655239-1930-3a48-b0c5-9069065c283d from libvirt
2025-12-23 05:51:11,834 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-5:[]) (logid:04a17230) Trying to fetch storage pool 1a655239-1930-3a48-b0c5-9069065c283d from libvirt
2025-12-23 05:51:11,842 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-5:[]) (logid:04a17230) Creating volume b491328b-ef97-4bf3-ab0e-e2973a50a761 from template b2173816-1a35-49ea-b1e1-b1ede4ade146 in pool 1a655239-1930-3a48-b0c5-9069065c283d (NetworkFilesystem) with size (3.50 GB) 3758096384
2025-12-23 05:51:11,843 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-5:[]) (logid:04a17230) Attempting to create volume b491328b-ef97-4bf3-ab0e-e2973a50a761 (NetworkFilesystem) in pool 1a655239-1930-3a48-b0c5-9069065c283d with size (3.50 GB) 3758096384
2025-12-23 05:51:11,903 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-5:[]) (logid:04a17230) Creating volume [/mnt/1a655239-1930-3a48-b0c5-9069065c283d/b491328b-ef97-4bf3-ab0e-e2973a50a761] with backing file [/mnt/1a655239-1930-3a48-b0c5-9069065c283d/b2173816-1a35-49ea-b1e1-b1ede4ade146] as the property [create.full.clone] is [false].
2025-12-23 05:51:12,041 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-4:[]) (logid:04a17230) Trying to fetch storage pool 1a655239-1930-3a48-b0c5-9069065c283d from libvirt
2025-12-23 05:51:12,077 INFO  [kvm.storage.LibvirtStorageAdaptor] (AgentRequest-Handler-4:[]) (logid:04a17230) Trying to fetch storage pool 1a655239-1930-3a48-b0c5-9069065c283d from libvirt
2025-12-23 05:51:12,105 WARN  [kvm.resource.LibvirtKvmAgentHook] (AgentRequest-Handler-4:[]) (logid:04a17230) Groovy script '/etc/cloudstack/agent/hooks/libvirt-vm-xml-transformer.groovy' is not available. Transformations will not be applied.
2025-12-23 05:51:12,105 WARN  [kvm.resource.LibvirtKvmAgentHook] (AgentRequest-Handler-4:[]) (logid:04a17230) Shell script '/etc/cloudstack/agent/hooks/libvirt-vm-xml-transformer.sh' is not available. Transformations will not be applied.
2025-12-23 05:51:12,105 WARN  [kvm.resource.LibvirtKvmAgentHook] (AgentRequest-Handler-4:[]) (logid:04a17230) Groovy scripting engine is not initialized. Data transformation skipped.
2025-12-23 05:51:12,107 WARN  [resource.wrapper.LibvirtStartCommandWrapper] (AgentRequest-Handler-4:[]) (logid:04a17230) LibvirtException org.libvirt.LibvirtException: XML error: No PCI buses available

Workaround

Boot into BIOS and LEGACY

Image

VM boots , verify

On the kvm host dumpxml of the vm

  <os>
    <type arch='aarch64' machine='virt-8.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
    <nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/i-2-131-VM_VARS.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

login to the vm and verify

ls /sys/firmware/efi

[ -d /sys/firmware/efi ] && echo "UEFI boot" || echo "Legacy BIOS"

Image

What to do about it?

Cloudstack should BOOT mode UEFI and secure on kvm arm64 hosts

Metadata

Metadata

Assignees

No one assigned

    Labels

    component:kvmmulti-archtype:bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions