I installed a VM on KVM manually. This VM is okay to boot from UEFI.

Here is part of XML.
---
ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04
<domain type='kvm'>
  <name>ubuntu20.04</name>
  <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram>
  </os>
---
VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and set properties like 
---
openstack image set \
    --property hw_firmware_type=uefi \
    --property os_secure_boot=required \
    --property  hw_machine_type=q35 \
xxx
---
Then I  launched an instance with this image.  It cannot  be started up.

XML of this instance is ...

  <os>
    <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>

The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have different md5 checksums.

By the way, ovmf package is the same version.



On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly like below.
openstack image set \
    --property hw_firmware_type=uefi \
    --property os_secure_boot=required \
    --property  hw_machine_type=q35 \
 xxx-image

Boot an instance from that image, however,  it doesn't work. Below is part of XML definition of an instance.
---
  <os>
    <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
---

My compute nodes are ubuntu 20.04 and ovmf was installed.
---



On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set
hw_firmware_type=uefi

preferably with hw_machine_type=q35

you can do this with "openstack volume set --image-property <key=value> ..."

also in relation to your other therad you can also set the disk bus on the volume this way too
by setting hw_disk_bus=sata instead of using ide

ide would also work but its much much much slower.

On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
>   <os>
>     <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
>     <loader readonly='yes'
> type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
>     <nvram
> template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
>     <boot dev='hd'/>
>     <smbios mode='sysinfo'/>
>   </os>
> Here is the output from `virsh dumpxml XX`. As we can see uefi is properly
> setup.  But it seems a device is required.
>
> On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
>
> > I also set   hw_machine_type=q35 and   hw_machine_type=pc. Neither works.
> >
> > Converting a volume to an image takes too much space and time because it's
> > so large.
> >
> > Any alternative?
> >
> > On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
> >
> > > Hi, list,
> > >
> > > I migrated a volume from VMware ESXI VMDK, and originally on VMware
> > > platform it's EFI boot mode and secure boot enabled.
> > >
> > >  I cloned the entire VMDK by clonzilla and restored on OpenStack as a
> > > volume.
> > >
> > > I referred to this link
> > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and
> > > uploaded that volume as an image. Then set properties.
> > >
> > > Finally, I launched an instance with a target image, however, it cannot
> > > boot up with a blank and dark screen.
> > >
> > > What's the right way to implement this?
> > >
> > >  Thanks.
> > >
> > >
> > >
> > >