libvirt-11.10.0-11.el10

- qemu_firmware: Drop support for kernel descriptors (RHEL-82645)
- qemu_firmware: Drop 'nvram' local variable (RHEL-82645)
- qemu_firmware: Move format=raw compat exception (RHEL-82645)
- qemu_firmware: Move copying of nvram.format to loader.format (RHEL-82645)
- tests: Add firmware-manual-efi-rw-nvram (RHEL-82645)
- domain_validate: Reject NVRAM with read/write firmware (RHEL-82645)
- tests: Add firmware-auto-bios-rw (RHEL-82645)
- tests: Add firmware-manual-bios-rw (RHEL-82645)
- domain_validate: Reject read/write ROMs (RHEL-82645)
- tests: Add firmware-auto-efi-format-loader-qcow2-rom (RHEL-82645)
- domain_validate: Reject ROMs with format other than raw (RHEL-82645)
- qemu_firmware: Ignore stateless/combined when NVRAM is configured (RHEL-82645)
- qemu_firmware: Drop fallback for absent nvramTemplateFormat (RHEL-82645)
- schemas: Allow templateFormat without template path (RHEL-82645)
- tests: Add firmware-manual-efi-nvram-template-nonstandard-format (RHEL-82645)
- tests: Add firmware-manual-efi-nvram-template-nonstandard-legacy-paths (RHEL-82645)
- tests: Add firmware-auto-efi-format-nvram-raw (RHEL-82645)
- tests: Add firmware-auto-efi-format-nvram-raw-loader-path (RHEL-82645)
- tests: Add firmware-auto-efi-format-nvram-raw-nvramtemplate-path (RHEL-82645)
- tests: Add firmware-auto-efi-format-nvramtemplate-qcow2 (RHEL-82645)
- tests: Add firmware-auto-efi-format-mismatch-nvramtemplate (RHEL-82645)
- qemu_firmware: Introduce qemuFirmwareFillDomainCustom() (RHEL-82645)
- qemu_firmware: Set templateFormat for custom paths (RHEL-82645)
- qemu_firmware: Simplify handling of legacy paths (RHEL-82645)
- qemu_firmware: Refactor setting NVRAM format (RHEL-82645)
- qemu_firmware: Prefer template format to loader format (RHEL-82645)
- qemu_firmware: Retain user-specified NVRAM format (RHEL-82645)
- qemu_firmware: Take templateFormat into account when matching (RHEL-82645)
- qemu_firmware: Take NVRAM format into account when matching (RHEL-82645)
- qemu_firmware: Remove NVRAM to loader format copy hack (RHEL-82645)
- tests: Add firmware-manual-efi-sev-snp (RHEL-82645)
- tests: Add firmware-manual-efi-tdx (RHEL-82645)
- qemu_firmware: ROM firmware is always in raw format (RHEL-82645)
- qemu_firmware: Don't skip autoselection for ROM (RHEL-82645)
- qemu_firmware: Allow matching both UEFI and BIOS for ROM loader (RHEL-82645)
- schema: Add firmwareFeatures element for domaincaps (RHEL-82645)
- conf: Add firmwareFeatures element for domaincaps (RHEL-82645)
- qemu: Fill in firmwareFeature element for domaincaps (RHEL-82645)
- docs: Document firmwareFeature element for domaincaps (RHEL-82645)
- docs: Rename "BIOS bootloader" section to "guest firmware" (RHEL-82645)
- docs: Improvement related to firmware selection (RHEL-82645)
- qemu_firmware: Only set format for custom loader if path is present (RHEL-82645)
- conf: Move type=rom default for loader to drivers (RHEL-82645)
- tests: Rename custom JSON firmware descriptors (RHEL-82645)
- schema: Introduce osnvram define (RHEL-82645)
- conf: Parse and format varstore element (RHEL-82645)
- conf: Update validation to consider varstore element (RHEL-82645)
- qemu_capabilities: Introduce QEMU_CAPS_DEVICE_UEFI_VARS (RHEL-82645)
- qemu: Validate presence of uefi-vars device (RHEL-82645)
- tests: Add firmware-manual-efi-varstore-q35 (RHEL-82645)
- tests: Add firmware-manual-efi-varstore-aarch64 (RHEL-82645)
- tests: Add firmware-auto-efi-varstore-q35 (RHEL-82645)
- tests: Add firmware-auto-efi-varstore-aarch64 (RHEL-82645)
- tests: Add firmware-auto-efi-enrolled-keys-aarch64 (RHEL-82645)
- qemu_firmware: Parse host-uefi-vars firmware feature (RHEL-82645)
- qemu_firmware: Split sanity check (RHEL-82645)
- qemu_firmware: Consider host-uefi-vars feature in sanity check (RHEL-82645)
- qemu_firmware: Support extended syntax for ROM firmware descriptors (RHEL-82645)
- qemu_firmware: Report NVRAM template path for ROMs (RHEL-82645)
- conf: Include varstore element in domcaps (RHEL-82645)
- qemu: Fill in varstore element in domcaps (RHEL-82645)
- qemu_firmware: Use of NVRAM implies stateful firmware (RHEL-82645)
- qemu_firmware: Allow matching stateful ROMs (RHEL-82645)
- qemu_firmware: Fill in varstore information (RHEL-82645)
- qemu: Introduce varstoreDir (RHEL-82645)
- qemu_firmware: Generate varstore path when necessary (RHEL-82645)
- qemu: Introduce qemuPrepareNVRAMFileCommon() (RHEL-82645)
- qemu: Create and delete varstore file (RHEL-82645)
- security: Mark ROMs as read only when using AppArmor (RHEL-82645)
- security: Handle varstore file (RHEL-82645)
- tests: Add firmware descriptors for uefi-vars builds (RHEL-82645)
- qemu_command: Use uefi-vars device where appropriate (RHEL-82645)
- include: Mention varstore where applicable (RHEL-82645)
- virsh: Update for varstore handling (RHEL-82645)
- domain_conf: initialize network hostdev private data (RHEL-151916)
- qemu_hotplug: enter monitor in order to rollback passed FD (RHEL-151916)

Resolves: RHEL-151916, RHEL-82645

libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch

@@ -0,0 +1,85 @@
+From 271cfe0d7954d5398af307b24fc5b601977975b8 Mon Sep 17 00:00:00 2001
+Message-ID: <271cfe0d7954d5398af307b24fc5b601977975b8.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 9 Feb 2026 21:28:50 +0100
+Subject: [PATCH] conf: Add firmwareFeatures element for domaincaps
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 928bdc3e67b29ff2314ff538905703e299b1e47e)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_capabilities.c | 15 +++++++++++++++
+ src/conf/domain_capabilities.h |  8 ++++++++
+ 2 files changed, 23 insertions(+)
+
+diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
+index 49179b97ab..9b3577cd08 100644
+--- a/src/conf/domain_capabilities.c
++++ b/src/conf/domain_capabilities.c
+@@ -422,6 +422,19 @@ virDomainCapsFeatureFormatSimple(virBuffer *buf,
+ }
+ 
+ 
++static void
++virDomainCapsFirmwareFeaturesFormat(virBuffer *buf,
++                                    const virDomainCapsFirmwareFeatures *firmwareFeatures)
++{
++    FORMAT_PROLOGUE(firmwareFeatures);
++
++    ENUM_PROCESS(firmwareFeatures, secureBoot, virTristateBoolTypeToString);
++    ENUM_PROCESS(firmwareFeatures, enrolledKeys, virTristateBoolTypeToString);
++
++    FORMAT_EPILOGUE(firmwareFeatures);
++}
++
++
+ static void
+ virDomainCapsLoaderFormat(virBuffer *buf,
+                           const virDomainCapsLoader *loader)
+@@ -440,12 +453,14 @@ static void
+ virDomainCapsOSFormat(virBuffer *buf,
+                       const virDomainCapsOS *os)
+ {
++    const virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures;
+     const virDomainCapsLoader *loader = &os->loader;
+ 
+     FORMAT_PROLOGUE(os);
+ 
+     ENUM_PROCESS(os, firmware, virDomainOsDefFirmwareTypeToString);
+ 
++    virDomainCapsFirmwareFeaturesFormat(&childBuf, firmwareFeatures);
+     virDomainCapsLoaderFormat(&childBuf, loader);
+ 
+     FORMAT_EPILOGUE(os);
+diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
+index b10370db8f..a68fafe235 100644
+--- a/src/conf/domain_capabilities.h
++++ b/src/conf/domain_capabilities.h
+@@ -43,6 +43,13 @@ struct _virDomainCapsStringValues {
+     size_t nvalues; /* number of strings */
+ };
+ 
++typedef struct _virDomainCapsFirmwareFeatures virDomainCapsFirmwareFeatures;
++struct _virDomainCapsFirmwareFeatures {
++    virTristateBool supported;
++    virDomainCapsEnum secureBoot;
++    virDomainCapsEnum enrolledKeys;
++};
++
+ STATIC_ASSERT_ENUM(VIR_DOMAIN_LOADER_TYPE_LAST);
+ STATIC_ASSERT_ENUM(VIR_TRISTATE_BOOL_LAST);
+ typedef struct _virDomainCapsLoader virDomainCapsLoader;
+@@ -59,6 +66,7 @@ typedef struct _virDomainCapsOS virDomainCapsOS;
+ struct _virDomainCapsOS {
+     virTristateBool supported;
+     virDomainCapsEnum firmware;     /* Info about virDomainOsDefFirmware */
++    virDomainCapsFirmwareFeatures firmwareFeatures;
+     virDomainCapsLoader loader;     /* Info about virDomainLoaderDef */
+ };
+ 
+-- 
+2.53.0

libvirt-conf-Include-varstore-element-in-domcaps.patch

@@ -0,0 +1,140 @@
+From af94300604718604a70a5d587e56187ffe5e6557 Mon Sep 17 00:00:00 2001
+Message-ID: <af94300604718604a70a5d587e56187ffe5e6557.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 30 Jan 2026 17:46:30 +0100
+Subject: [PATCH] conf: Include varstore element in domcaps
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We want to advertise whether the element is usable when
+defining new domains.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 3d6987914bb10beb11b9eb5e83ec2194dfab1659)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/formatdomaincaps.rst       |  7 +++++++
+ src/conf/domain_capabilities.c  | 10 ++++++++++
+ src/conf/domain_capabilities.h  |  6 ++++++
+ src/conf/schemas/domaincaps.rng |  9 +++++++++
+ 4 files changed, 32 insertions(+)
+
+diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
+index 3426b7c9cd..5a1d3f2670 100644
+--- a/docs/formatdomaincaps.rst
++++ b/docs/formatdomaincaps.rst
+@@ -141,6 +141,7 @@ domains.
+            <value>no</value>
+          </enum>
+        </loader>
++       <varstore supported='yes'/>
+      </os>
+      ...
+    <domainCapabilities>
+@@ -227,6 +228,12 @@ are the following:
+    possible to enforce Secure Boot, look at the ``enrolledKeys`` enum inside
+    the ``<firmwareFeatures/>`` element instead.
+ 
++The ``<varstore/>`` element :since:`(since 12.1.0)` indicates whether UEFI
++variable storage backed by the ``uefi-vars`` QEMU device can be used as an
++alternative to pflash-based NVRAM storage. This is the only type of variable
++storage compatible with Secure Boot on non-x86 architectures, but it can be
++used on x86 too.
++
+ CPU configuration
+ ~~~~~~~~~~~~~~~~~
+ 
+diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
+index 9b3577cd08..78b8e6e6e1 100644
+--- a/src/conf/domain_capabilities.c
++++ b/src/conf/domain_capabilities.c
+@@ -449,12 +449,21 @@ virDomainCapsLoaderFormat(virBuffer *buf,
+     FORMAT_EPILOGUE(loader);
+ }
+ 
++static void
++virDomainCapsVarstoreFormat(virBuffer *buf,
++                            const virDomainCapsVarstore *varstore)
++{
++    FORMAT_PROLOGUE(varstore);
++    FORMAT_EPILOGUE(varstore);
++}
++
+ static void
+ virDomainCapsOSFormat(virBuffer *buf,
+                       const virDomainCapsOS *os)
+ {
+     const virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures;
+     const virDomainCapsLoader *loader = &os->loader;
++    const virDomainCapsVarstore *varstore = &os->varstore;
+ 
+     FORMAT_PROLOGUE(os);
+ 
+@@ -462,6 +471,7 @@ virDomainCapsOSFormat(virBuffer *buf,
+ 
+     virDomainCapsFirmwareFeaturesFormat(&childBuf, firmwareFeatures);
+     virDomainCapsLoaderFormat(&childBuf, loader);
++    virDomainCapsVarstoreFormat(&childBuf, varstore);
+ 
+     FORMAT_EPILOGUE(os);
+ }
+diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
+index a68fafe235..02344fd9b6 100644
+--- a/src/conf/domain_capabilities.h
++++ b/src/conf/domain_capabilities.h
+@@ -61,6 +61,11 @@ struct _virDomainCapsLoader {
+     virDomainCapsEnum secure;   /* Info about secure:virTristateBool */
+ };
+ 
++typedef struct _virDomainCapsVarstore virDomainCapsVarstore;
++struct _virDomainCapsVarstore {
++    virTristateBool supported;
++};
++
+ STATIC_ASSERT_ENUM(VIR_DOMAIN_OS_DEF_FIRMWARE_LAST);
+ typedef struct _virDomainCapsOS virDomainCapsOS;
+ struct _virDomainCapsOS {
+@@ -68,6 +73,7 @@ struct _virDomainCapsOS {
+     virDomainCapsEnum firmware;     /* Info about virDomainOsDefFirmware */
+     virDomainCapsFirmwareFeatures firmwareFeatures;
+     virDomainCapsLoader loader;     /* Info about virDomainLoaderDef */
++    virDomainCapsVarstore varstore;
+ };
+ 
+ STATIC_ASSERT_ENUM(VIR_DOMAIN_MEMORY_SOURCE_LAST);
+diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng
+index 3b24caeca6..4682abbf41 100644
+--- a/src/conf/schemas/domaincaps.rng
++++ b/src/conf/schemas/domaincaps.rng
+@@ -87,6 +87,12 @@
+     </element>
+   </define>
+ 
++  <define name="varstore">
++    <element name="varstore">
++      <ref name="supported"/>
++    </element>
++  </define>
++
+   <define name="os">
+     <element name="os">
+       <interleave>
+@@ -98,6 +104,9 @@
+         <optional>
+           <ref name="loader"/>
+         </optional>
++        <optional>
++          <ref name="varstore"/>
++        </optional>
+       </interleave>
+     </element>
+   </define>
+-- 
+2.53.0

libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch

@@ -0,0 +1,104 @@
+From 08ff36546b810ae14135c19c99fb1dc1aa5fcbb2 Mon Sep 17 00:00:00 2001
+Message-ID: <08ff36546b810ae14135c19c99fb1dc1aa5fcbb2.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 3 Feb 2026 15:18:39 +0100
+Subject: [PATCH] conf: Move type=rom default for loader to drivers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Right now we set this default in the common parsing code, which
+is not a big problem per se but would get in the way of some
+upcoming changes.
+
+Leave this choice to individual drivers instead. Only the QEMU
+and Xen drivers use the value for anything, so we can limit the
+amount of code duplication this change causes.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 1504b7f687bdfc679377e605d076776b18533468)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_postparse.c | 19 -------------------
+ src/libxl/libxl_domain.c    |  6 ++++++
+ src/qemu/qemu_firmware.c    |  5 +++++
+ 3 files changed, 11 insertions(+), 19 deletions(-)
+
+diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c
+index 38e731348d..cbaae75c02 100644
+--- a/src/conf/domain_postparse.c
++++ b/src/conf/domain_postparse.c
+@@ -89,22 +89,6 @@ virDomainDefPostParseMemory(virDomainDef *def,
+ }
+ 
+ 
+-static int
+-virDomainDefPostParseOs(virDomainDef *def)
+-{
+-    if (!def->os.loader)
+-        return 0;
+-
+-    if (def->os.loader->path &&
+-        def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_NONE) {
+-        /* By default, loader is type of 'rom' */
+-        def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM;
+-    }
+-
+-    return 0;
+-}
+-
+-
+ static void
+ virDomainDefPostParseMemtune(virDomainDef *def)
+ {
+@@ -1251,9 +1235,6 @@ virDomainDefPostParseCommon(virDomainDef *def,
+     if (virDomainDefPostParseMemory(def, data->parseFlags) < 0)
+         return -1;
+ 
+-    if (virDomainDefPostParseOs(def) < 0)
+-        return -1;
+-
+     virDomainDefPostParseMemtune(def);
+ 
+     if (virDomainDefRejectDuplicateControllers(def) < 0)
+diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
+index 9842d6fece..c6717e31cf 100644
+--- a/src/libxl/libxl_domain.c
++++ b/src/libxl/libxl_domain.c
+@@ -279,6 +279,12 @@ libxlDomainDefPostParse(virDomainDef *def,
+             def->features[VIR_DOMAIN_FEATURE_ACPI] = VIR_TRISTATE_SWITCH_ON;
+     }
+ 
++    if (def->os.loader &&
++        def->os.loader->path &&
++        !def->os.loader->type) {
++        def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM;
++    }
++
+     /* add implicit balloon device */
+     if (def->memballoon == NULL) {
+         virDomainMemballoonDef *memballoon;
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 519828f6f9..6a074055ca 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1662,6 +1662,11 @@ qemuFirmwareFillDomainCustom(virDomainDef *def)
+     if (!loader)
+         return;
+ 
++    if (loader->path &&
++        !loader->type) {
++        loader->type = VIR_DOMAIN_LOADER_TYPE_ROM;
++    }
++
+     if (loader->path &&
+         !loader->format) {
+         loader->format = VIR_STORAGE_FILE_RAW;
+-- 
+2.53.0

libvirt-conf-Parse-and-format-varstore-element.patch

@@ -0,0 +1,385 @@
+From 50a7a37ea4d6c8ffab8110a58db1b16b9d1d7b84 Mon Sep 17 00:00:00 2001
+Message-ID: <50a7a37ea4d6c8ffab8110a58db1b16b9d1d7b84.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 19 Jan 2026 14:20:06 +0100
+Subject: [PATCH] conf: Parse and format varstore element
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This will be used to configure the backing storage used by the
+uefi-vars QEMU device.
+
+Dealing with the element itself is trivial, however we have to
+refactor the existing code which deals with the loader and nvram
+elements slightly: in particular, we can no longer perform an
+early exit if those elements are absent.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 3feee6d0aba5abf5e69d69b0022c08ea6bd5af3e)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/formatdomain.rst             | 23 +++++++--
+ docs/kbase/secureboot.rst         | 46 ++++++++++++------
+ src/conf/domain_conf.c            | 81 ++++++++++++++++++++++++++++---
+ src/conf/domain_conf.h            |  9 ++++
+ src/conf/schemas/domaincommon.rng | 22 ++++++++-
+ src/conf/virconftypes.h           |  2 +
+ src/libvirt_private.syms          |  2 +
+ 7 files changed, 157 insertions(+), 28 deletions(-)
+
+diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
+index 152fd7f530..7d6cc45efd 100644
+--- a/docs/formatdomain.rst
++++ b/docs/formatdomain.rst
+@@ -196,9 +196,9 @@ harddisk, cdrom, network) determining where to obtain/find the boot image.
+ 
+ ``firmware``
+    The ``firmware`` attribute allows management applications to automatically
+-   fill ``<loader/>`` and ``<nvram/>`` elements and possibly enable some
+-   features required by selected firmware. Accepted values are ``bios`` and
+-   ``efi``.
++   fill ``<loader/>`` and ``<nvram/>`` or ``<varstore/>`` elements and possibly
++   enable some features required by selected firmware. Accepted values are
++   ``bios`` and ``efi``.
+    The selection process scans for files describing installed firmware images in
+    specified location and uses the most specific one which fulfills domain
+    requirements. The locations in order of preference (from generic to most
+@@ -311,6 +311,23 @@ harddisk, cdrom, network) determining where to obtain/find the boot image.
+    It is not valid to provide this element if the loader is marked as
+    stateless.
+ 
++``varstore``
++   This works much the same way as the ``<nvram/>`` element described above,
++   except that variable storage is handled by the ``uefi-vars`` QEMU device
++   instead of being backed by a pflash device. :since:`Since 12.1.0 (QEMU only)`
++
++   The ``path`` attribute contains the path of the domain-specific file where
++   variables are stored, while the ``template`` attribute points to a template
++   that the domain-specific file can be (re)generated from. Assuming that the
++   necessary JSON firmware descriptor files are present, both attributes will
++   be filled in automatically by libvirt.
++
++   Using ``<varstore/>`` instead of ``<nvram/>`` is particularly useful on
++   non-x86 architectures such as aarch64, where it represents the only way to
++   get Secure Boot working. It can be used on x86 too, and doing so will make
++   it possible to keep UEFI authenticated variables safe from tampering without
++   requiring the use of SMM emulation.
++
+ ``boot``
+    The ``dev`` attribute takes one of the values "fd", "hd", "cdrom" or
+    "network" and is used to specify the next boot device to consider. The
+diff --git a/docs/kbase/secureboot.rst b/docs/kbase/secureboot.rst
+index 6c22b08d22..b411b65f00 100644
+--- a/docs/kbase/secureboot.rst
++++ b/docs/kbase/secureboot.rst
+@@ -74,8 +74,8 @@ Changing an existing VM
+ 
+ When a VM is defined, libvirt will pick the firmware that best
+ satisfies the provided criteria and record this information for use
+-on subsequent boots. The resulting XML configuration will look like
+-this:
++on subsequent boots. The resulting XML configuration will look either
++like this:
+ 
+ ::
+ 
+@@ -88,14 +88,28 @@ this:
+     <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/vm_VARS.fd</nvram>
+   </os>
+ 
++or like this:
++
++::
++
++  <os firmware='efi'>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
++    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/vm.json'/>
++  </os>
++
+ In order to force libvirt to repeat the firmware autoselection
+-process, it's necessary to remove the ``<loader>`` and ``<nvram>``
+-elements. Failure to do so will likely result in an error.
++process, it's necessary to remove the ``<loader>`` as well as the
++``<nvram>`` or ``<varstore>`` elements, depending on what's
++applicable. Failure to do so will likely result in an error.
+ 
+ Note that updating the XML configuration as described above is
+-**not** enough to change the Secure Boot status: the NVRAM file
+-associated with the VM has to be regenerated from its template as
+-well.
++**not** enough to change the Secure Boot status: the NVRAM/varstore
++file associated with the VM has to be regenerated from its template
++as well.
+ 
+ In order to do that, update the XML and then start the VM with
+ 
+@@ -107,9 +121,9 @@ This option is only available starting with libvirt 8.1.0, so if your
+ version of libvirt is older than that you will have to delete the
+ NVRAM file manually before starting the VM.
+ 
+-Most guest operating systems will be able to cope with the NVRAM file
+-being reinitialized, but in some cases the VM will be unable to boot
+-after the change.
++Most guest operating systems will be able to cope with the
++NVRAM/varstore file being reinitialized, but in some cases the VM
++will be unable to boot after the change.
+ 
+ 
+ Additional information
+@@ -126,15 +140,15 @@ can be used to validate the operating system signature need to be
+ provided as well.
+ 
+ Asking for the ``enrolled-keys`` firmware feature to be enabled will
+-cause libvirt to initialize the NVRAM file associated with the VM
+-from a template that contains a suitable set of keys. These keys
+-being present will cause the firmware to enforce the Secure Boot
++cause libvirt to initialize the NVRAM/varstore file associated with
++the VM from a template that contains a suitable set of keys. These
++keys being present will cause the firmware to enforce the Secure Boot
+ signing requirements.
+ 
+ The opposite configuration, where the feature is explicitly disabled,
+-will result in no keys being present in the NVRAM file. Unable to
+-verify signatures, the firmware will allow even unsigned operating
+-systems to run.
++will result in no keys being present in the NVRAM/varstore file.
++Unable to verify signatures, the firmware will allow even unsigned
++operating systems to run.
+ 
+ If running unsigned code is desired, it's also possible to ask for
+ the ``secure-boot`` feature to be disabled, which will cause libvirt
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index e72cda0048..16ea9f0b2e 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -3932,6 +3932,27 @@ virDomainLoaderDefFree(virDomainLoaderDef *loader)
+     g_free(loader);
+ }
+ 
++virDomainVarstoreDef *
++virDomainVarstoreDefNew(void)
++{
++    virDomainVarstoreDef *def = NULL;
++
++    def = g_new0(virDomainVarstoreDef, 1);
++
++    return def;
++}
++
++void
++virDomainVarstoreDefFree(virDomainVarstoreDef *varstore)
++{
++    if (!varstore)
++        return;
++
++    g_free(varstore->path);
++    g_free(varstore->template);
++    g_free(varstore);
++}
++
+ 
+ static void
+ virDomainResctrlMonDefFree(virDomainResctrlMonDef *domresmon)
+@@ -4034,6 +4055,7 @@ virDomainOSDefClear(virDomainOSDef *os)
+         virDomainOSACPITableDefFree(os->acpiTables[i]);
+     g_free(os->acpiTables);
+     virDomainLoaderDefFree(os->loader);
++    virDomainVarstoreDefFree(os->varstore);
+     g_free(os->bootloader);
+     g_free(os->bootloaderArgs);
+ }
+@@ -17983,6 +18005,17 @@ virDomainLoaderDefParseXMLLoader(virDomainLoaderDef *loader,
+ }
+ 
+ 
++static int
++virDomainVarstoreDefParseXML(virDomainVarstoreDef *varstore,
++                             xmlNodePtr varstoreNode)
++{
++    varstore->path = virXMLPropString(varstoreNode, "path");
++    varstore->template = virXMLPropString(varstoreNode, "template");
++
++    return 0;
++}
++
++
+ static int
+ virDomainLoaderDefParseXML(virDomainLoaderDef *loader,
+                            xmlNodePtr loaderNode,
+@@ -18430,16 +18463,29 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def,
+     xmlNodePtr loaderNode = virXPathNode("./os/loader[1]", ctxt);
+     xmlNodePtr nvramNode = virXPathNode("./os/nvram[1]", ctxt);
+     xmlNodePtr nvramSourceNode = virXPathNode("./os/nvram/source[1]", ctxt);
++    xmlNodePtr varstoreNode = virXPathNode("./os/varstore[1]", ctxt);
+ 
+-    if (!loaderNode && !nvramNode)
+-        return 0;
+-
+-    def->os.loader = virDomainLoaderDefNew();
+-
+-    if (virDomainLoaderDefParseXML(def->os.loader,
+-                                   loaderNode, nvramNode, nvramSourceNode,
+-                                   ctxt, xmlopt, flags) < 0)
++    if (nvramNode && varstoreNode) {
++        virReportError(VIR_ERR_XML_ERROR, "%s",
++                       _("Cannot have both <nvram> and <varstore>"));
+         return -1;
++    }
++
++    if (loaderNode || nvramNode) {
++        def->os.loader = virDomainLoaderDefNew();
++
++        if (virDomainLoaderDefParseXML(def->os.loader,
++                                       loaderNode, nvramNode, nvramSourceNode,
++                                       ctxt, xmlopt, flags) < 0)
++            return -1;
++    }
++
++    if (varstoreNode) {
++        def->os.varstore = virDomainVarstoreDefNew();
++
++        if (virDomainVarstoreDefParseXML(def->os.varstore, varstoreNode) < 0)
++            return -1;
++    }
+ 
+     return 0;
+ }
+@@ -28062,6 +28108,20 @@ virDomainLoaderDefFormat(virBuffer *buf,
+     return 0;
+ }
+ 
++static int
++virDomainVarstoreDefFormat(virBuffer *buf,
++                           virDomainVarstoreDef *varstore)
++{
++    g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
++
++    virBufferEscapeString(&attrBuf, " template='%s'", varstore->template);
++    virBufferEscapeString(&attrBuf, " path='%s'", varstore->path);
++
++    virXMLFormatElementEmpty(buf, "varstore", &attrBuf, NULL);
++
++    return 0;
++}
++
+ static void
+ virDomainKeyWrapDefFormat(virBuffer *buf, virDomainKeyWrapDef *keywrap)
+ {
+@@ -29523,6 +29583,11 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def,
+     if (def->os.loader &&
+         virDomainLoaderDefFormat(buf, def->os.loader, xmlopt, flags) < 0)
+         return -1;
++
++    if (def->os.varstore &&
++        virDomainVarstoreDefFormat(buf, def->os.varstore) < 0)
++        return -1;
++
+     virBufferEscapeString(buf, "<kernel>%s</kernel>\n",
+                           def->os.kernel);
+     virBufferEscapeString(buf, "<initrd>%s</initrd>\n",
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index 69a8e79c6d..ead3b07475 100644
+--- a/src/conf/domain_conf.h
++++ b/src/conf/domain_conf.h
+@@ -2420,6 +2420,14 @@ struct _virDomainLoaderDef {
+ virDomainLoaderDef *virDomainLoaderDefNew(void);
+ void virDomainLoaderDefFree(virDomainLoaderDef *loader);
+ 
++struct _virDomainVarstoreDef {
++    char *path;
++    char *template;
++};
++
++virDomainVarstoreDef *virDomainVarstoreDefNew(void);
++void virDomainVarstoreDefFree(virDomainVarstoreDef *varstore);
++
+ typedef enum {
+     VIR_DOMAIN_IOAPIC_NONE = 0,
+     VIR_DOMAIN_IOAPIC_QEMU,
+@@ -2573,6 +2581,7 @@ struct _virDomainOSDef {
+     size_t nacpiTables;
+     virDomainOSACPITableDef **acpiTables;
+     virDomainLoaderDef *loader;
++    virDomainVarstoreDef *varstore;
+     char *bootloader;
+     char *bootloaderArgs;
+     int smbios_mode;
+diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
+index 92f82c8fbf..7215db3fc1 100644
+--- a/src/conf/schemas/domaincommon.rng
++++ b/src/conf/schemas/domaincommon.rng
+@@ -349,7 +349,10 @@
+             </element>
+           </optional>
+           <optional>
+-            <ref name="osnvram"/>
++            <choice>
++              <ref name="osnvram"/>
++              <ref name="osvarstore"/>
++            </choice>
+           </optional>
+           <optional>
+             <ref name="osbootkernel"/>
+@@ -456,6 +459,23 @@
+     </element>
+   </define>
+ 
++  <define name="osvarstore">
++    <element name="varstore">
++      <interleave>
++        <optional>
++          <attribute name="template">
++            <ref name="absFilePath"/>
++          </attribute>
++        </optional>
++        <optional>
++          <attribute name="path">
++            <ref name="absFilePath"/>
++          </attribute>
++        </optional>
++      </interleave>
++    </element>
++  </define>
++
+   <define name="osexe">
+     <element name="os">
+       <interleave>
+diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
+index 6e2573035a..0596791a4d 100644
+--- a/src/conf/virconftypes.h
++++ b/src/conf/virconftypes.h
+@@ -164,6 +164,8 @@ typedef struct _virDomainLeaseDef virDomainLeaseDef;
+ 
+ typedef struct _virDomainLoaderDef virDomainLoaderDef;
+ 
++typedef struct _virDomainVarstoreDef virDomainVarstoreDef;
++
+ typedef struct _virDomainMemballoonDef virDomainMemballoonDef;
+ 
+ typedef struct _virDomainMemoryDef virDomainMemoryDef;
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index effe44fe57..1308fa2e51 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -718,6 +718,8 @@ virDomainTPMProfileRemoveDisabledTypeToString;
+ virDomainTPMVersionTypeFromString;
+ virDomainTPMVersionTypeToString;
+ virDomainUSBDeviceDefForeach;
++virDomainVarstoreDefFree;
++virDomainVarstoreDefNew;
+ virDomainVideoDefaultRAM;
+ virDomainVideoDefClear;
+ virDomainVideoDefFree;
+-- 
+2.53.0

libvirt-conf-Update-validation-to-consider-varstore-element.patch

@@ -0,0 +1,378 @@
+From f47031d4e6439d1daf5711d4117c0fa647196944 Mon Sep 17 00:00:00 2001
+Message-ID: <f47031d4e6439d1daf5711d4117c0fa647196944.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 22 Jan 2026 19:27:03 +0100
+Subject: [PATCH] conf: Update validation to consider varstore element
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code is reworked quite significantly, but most of the
+existing checks are preserved. Those that aren't, notably the
+one that allowed pflash as the only acceptable non-stateless
+firmware type, are intentionally removed because they will no
+longer reflect reality once support for the uefi-vars QEMU
+device is introduced.
+
+As a side effect, reworking the function in this fashion
+resolves a subtle bug: due to the early exits that were being
+performed when the loader element was missing, the checks at
+the bottom of the function (related to the shim and kernel
+elements) were effectively never performed. This is no longer
+the case.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 1c2dbdf3ac5bed84caeacf585d5143dcf32df75e)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_validate.c                    | 100 +++++++-----------
+ ...-auto-bios-not-stateless.x86_64-latest.err |   2 +-
+ ...-auto-bios-not-stateless.x86_64-latest.xml |  35 ++++++
+ ...firmware-auto-bios-nvram.x86_64-latest.err |   2 +-
+ ...nual-bios-not-stateless.x86_64-latest.args |  32 ++++++
+ ...anual-bios-not-stateless.x86_64-latest.err |   1 -
+ ...anual-bios-not-stateless.x86_64-latest.xml |  28 +++++
+ ...nual-efi-nvram-stateless.x86_64-latest.err |   2 +-
+ ...nvram-template-stateless.x86_64-latest.err |   2 +-
+ ...ware-manual-efi-rw-nvram.x86_64-latest.err |   2 +-
+ tests/qemuxmlconftest.c                       |   7 +-
+ 11 files changed, 144 insertions(+), 69 deletions(-)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.xml
+
+diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
+index 7346a61731..163095d55c 100644
+--- a/src/conf/domain_validate.c
++++ b/src/conf/domain_validate.c
+@@ -1723,95 +1723,46 @@ virDomainDefOSValidate(const virDomainDef *def,
+                        virDomainXMLOption *xmlopt)
+ {
+     virDomainLoaderDef *loader = def->os.loader;
++    virDomainVarstoreDef *varstore = def->os.varstore;
++    virDomainOsDefFirmware firmware = def->os.firmware;
++    int *firmwareFeatures = def->os.firmwareFeatures;
++    bool usesNvram = loader && (loader->nvram || loader->nvramTemplate || loader->nvramTemplateFormat);
+ 
+-    if (def->os.firmware) {
++    if (firmware) {
+         if (xmlopt && !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_FW_AUTOSELECT)) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("firmware auto selection not implemented for this driver"));
+             return -1;
+         }
+ 
+-        if (def->os.firmwareFeatures &&
+-            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES &&
+-            def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
++        if (firmwareFeatures &&
++            firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES &&
++            firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
+             return -1;
+         }
+-
+-        if (!loader)
+-            return 0;
+-
+-        if (loader->nvram && def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+-            virReportError(VIR_ERR_XML_DETAIL,
+-                           _("firmware type '%1$s' does not support nvram"),
+-                           virDomainOsDefFirmwareTypeToString(def->os.firmware));
+-            return -1;
+-        }
+     } else {
+-        if (def->os.firmwareFeatures) {
++        if (firmwareFeatures) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("cannot use feature-based firmware autoselection when firmware autoselection is disabled"));
+             return -1;
+         }
+ 
+-        if (!loader)
+-            return 0;
+-
+-        if (!loader->path) {
++        if (loader && !loader->path) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("no loader path specified and firmware auto selection disabled"));
+             return -1;
+         }
+     }
+ 
+-    if (loader->readonly == VIR_TRISTATE_BOOL_NO) {
+-        if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) {
++    if (loader && loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) {
++        if (loader->readonly == VIR_TRISTATE_BOOL_NO) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("ROM loader type cannot be used as read/write"));
+             return -1;
+         }
+ 
+-        if (loader->nvramTemplate) {
+-            virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                           _("NVRAM template is not permitted when loader is read/write"));
+-            return -1;
+-        }
+-
+-        if (loader->nvram) {
+-            virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                           _("NVRAM is not permitted when loader is read/write"));
+-            return -1;
+-        }
+-    }
+-
+-    if (loader->stateless == VIR_TRISTATE_BOOL_YES) {
+-        if (loader->nvramTemplate) {
+-            virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                           _("NVRAM template is not permitted when loader is stateless"));
+-            return -1;
+-        }
+-
+-        if (loader->nvram) {
+-            virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                           _("NVRAM is not permitted when loader is stateless"));
+-            return -1;
+-        }
+-    } else if (loader->stateless == VIR_TRISTATE_BOOL_NO) {
+-        if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) {
+-            if (def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+-                virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                               _("Only pflash loader type permits NVRAM"));
+-                return -1;
+-            }
+-        } else if (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+-            virReportError(VIR_ERR_XML_DETAIL, "%s",
+-                           _("Only EFI firmware permits NVRAM"));
+-            return -1;
+-        }
+-    }
+-
+-    if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) {
+         if (loader->format &&
+             loader->format != VIR_STORAGE_FILE_RAW) {
+             virReportError(VIR_ERR_XML_DETAIL,
+@@ -1821,6 +1772,33 @@ virDomainDefOSValidate(const virDomainDef *def,
+         }
+     }
+ 
++    if (usesNvram && varstore) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("Only one of NVRAM/varstore can be used"));
++            return -1;
++    }
++
++    if (usesNvram || varstore) {
++        if (firmware && firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
++            virReportError(VIR_ERR_XML_DETAIL,
++                           _("Firmware type '%1$s' does not support variable storage (NVRAM/varstore)"),
++                           virDomainOsDefFirmwareTypeToString(firmware));
++            return -1;
++        }
++
++        if (loader && loader->stateless == VIR_TRISTATE_BOOL_YES) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("Variable storage (NVRAM/varstore) is not permitted when loader is stateless"));
++            return -1;
++        }
++
++        if (loader && loader->readonly == VIR_TRISTATE_BOOL_NO) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("Variable storage (NVRAM/varstore) is not permitted when loader is read/write"));
++            return -1;
++        }
++    }
++
+     if (def->os.shim && !def->os.kernel) {
+         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                        _("shim only allowed with kernel option"));
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err
+index b058f970a4..743fe27a97 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err
+@@ -1 +1 @@
+-Only EFI firmware permits NVRAM
++operation failed: Unable to find 'bios' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml
+new file mode 100644
+index 0000000000..062835e351
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml
+@@ -0,0 +1,35 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='bios'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader stateless='no' format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
+index 772beb49e2..c4eeb92788 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-nvram.x86_64-latest.err
+@@ -1 +1 @@
+-firmware type 'bios' does not support nvram
++Firmware type 'bios' does not support variable storage (NVRAM/varstore)
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.args
+new file mode 100644
+index 0000000000..969c7ad68c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.args
+@@ -0,0 +1,32 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-i440fx-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
++-accel tcg \
++-cpu qemu64 \
++-bios /usr/share/seabios/bios.bin \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.err
+deleted file mode 100644
+index 188a5a4180..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-Only pflash loader type permits NVRAM
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.xml
+new file mode 100644
+index 0000000000..075da36d00
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.xml
+@@ -0,0 +1,28 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-i440fx-10.0'>hvm</type>
++    <loader type='rom' stateless='no' format='raw'>/usr/share/seabios/bios.bin</loader>
++    <boot dev='hd'/>
++  </os>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pci-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
+index de8db3763d..9bfd4465ab 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-stateless.x86_64-latest.err
+@@ -1 +1 @@
+-NVRAM is not permitted when loader is stateless
++Variable storage (NVRAM/varstore) is not permitted when loader is stateless
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
+index 95ec794c17..9bfd4465ab 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-stateless.x86_64-latest.err
+@@ -1 +1 @@
+-NVRAM template is not permitted when loader is stateless
++Variable storage (NVRAM/varstore) is not permitted when loader is stateless
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+index d0cf62061a..708b4838d4 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+@@ -1 +1 @@
+-NVRAM is not permitted when loader is read/write
++Variable storage (NVRAM/varstore) is not permitted when loader is read/write
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 822e29b888..a3d4d2de5c 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1575,7 +1575,10 @@ mymain(void)
+ 
+     DO_TEST_CAPS_LATEST("firmware-manual-bios");
+     DO_TEST_CAPS_LATEST("firmware-manual-bios-stateless");
+-    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-not-stateless");
++    /* This combination doesn't make sense (BIOS is stateless by definition)
++     * but unfortunately there's no way for libvirt to report an error in this
++     * scenario. The stateless=no attribute will effectively be ignored */
++    DO_TEST_CAPS_LATEST("firmware-manual-bios-not-stateless");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-rw");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-features");
+@@ -1628,7 +1631,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-bios");
+     DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
+     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-bios-rw");
+-    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-bios-not-stateless");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
+-- 
+2.53.0

libvirt-docs-Document-firmwareFeature-element-for-domaincaps.patch

@@ -0,0 +1,88 @@
+From 8754c491f66e5d13290aaf221a29b19bd855a171 Mon Sep 17 00:00:00 2001
+Message-ID: <8754c491f66e5d13290aaf221a29b19bd855a171.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 11 Feb 2026 00:48:18 +0100
+Subject: [PATCH] docs: Document firmwareFeature element for domaincaps
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit cf4dfcf7951779a815324adebcdaa8a845d4c0e1)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/formatdomaincaps.rst | 51 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 51 insertions(+)
+
+diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
+index 6ba7f84f96..cca827923c 100644
+--- a/docs/formatdomaincaps.rst
++++ b/docs/formatdomaincaps.rst
+@@ -111,6 +111,16 @@ be passed to its children.
+          <value>bios</value>
+          <value>efi</value>
+        </enum>
++       <firmwareFeatures supported='yes'>
++         <enum name='secureBoot'>
++           <value>yes</value>
++           <value>no</value>
++         </enum>
++         <enum name='enrolledKeys'>
++           <value>yes</value>
++           <value>no</value>
++         </enum>
++       </firmwareFeatures>
+        <loader supported='yes'>
+          <value>/usr/share/OVMF/OVMF_CODE.fd</value>
+          <enum name='type'>
+@@ -140,6 +150,47 @@ about a given BIOS or UEFI binary on the host, e.g. the firmware binary path,
+ its architecture, supported machine types, NVRAM template, etc. This ensures
+ that the reported values won't cause a failure on guest boot.
+ 
++The ``<firmwareFeatures/>`` element :since:`(since 12.1.0)` contains one
++enum for each of the features that can be used to fine-tune the firmware
++autoselection process. For example:
++
++::
++
++    <firmwareFeatures supported='yes'>
++      <enum name='secureBoot'>
++        <value>yes</value>
++      </enum>
++      <enum name='enrolledKeys'>
++        <value>yes</value>
++        <value>no</value>
++      </enum>
++    </firmwareFeatures>
++
++indicates that a domain XML such as:
++
++::
++
++    <os firmware='efi'>
++      <firmware>
++        <feature name='secure-boot' enabled='yes'/>
++        <feature name='enrolled-keys' enabled='no'/>
++      </firmware>
++    </os>
++
++can be used to allow unsigned operating system to run, whereas a domain XML
++such as:
++
++::
++
++    <os firmware='efi'>
++      <firmware>
++        <feature name='secure-boot' enabled='no'/>
++      </firmware>
++    </os>
++
++would not work, since ``no`` is not one of the valid values advertised by
++the ``secureBoot`` enum.
++
+ For the ``loader`` element, the following can occur:
+ 
+ ``value``
+-- 
+2.53.0

libvirt-docs-Improvement-related-to-firmware-selection.patch

@@ -0,0 +1,109 @@
+From 495763256a6e10ff90210d54efd53f1d4f9e2544 Mon Sep 17 00:00:00 2001
+Message-ID: <495763256a6e10ff90210d54efd53f1d4f9e2544.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 23 Feb 2026 14:58:15 +0100
+Subject: [PATCH] docs: Improvement related to firmware selection
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Recommend that users take advantage of firmware autoselection
+and discourage providing paths manually.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit a03a8205725efec69b1fc7cc0318fa6ce79b6aa9)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/formatdomaincaps.rst | 59 ++++++++++++++++++++++-----------------
+ 1 file changed, 34 insertions(+), 25 deletions(-)
+
+diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
+index 22a6d5d067..3426b7c9cd 100644
+--- a/docs/formatdomaincaps.rst
++++ b/docs/formatdomaincaps.rst
+@@ -145,15 +145,17 @@ domains.
+      ...
+    <domainCapabilities>
+ 
+-The ``firmware`` enum corresponds to the ``firmware`` attribute of the ``os``
+-element in the domain XML. The presence of this enum means libvirt is capable of
+-the so-called firmware auto-selection feature. And the listed firmware values
+-represent the accepted input in the domain XML. Note that the ``firmware`` enum
+-reports only those values for which a firmware "descriptor file" exists on the
+-host. Firmware descriptor file is a small JSON document that describes details
+-about a given BIOS or UEFI binary on the host, e.g. the firmware binary path,
+-its architecture, supported machine types, NVRAM template, etc. This ensures
+-that the reported values won't cause a failure on guest boot.
++The presence of the ``firmware`` enum means that libvirt can perform firmware
++autoselection, and each of the values is guaranteed to be usable. In the
++domain XML, firmware autoselection is enabled as follows:
++
++::
++
++    <os firmware='efi'>
++      ...
++
++Autoselection is the recommended mechanism for configuring the guest firmware.
++Providing paths and other information manually is discouraged.
+ 
+ The ``<firmwareFeatures/>`` element :since:`(since 12.1.0)` contains one
+ enum for each of the features that can be used to fine-tune the firmware
+@@ -196,27 +198,34 @@ such as:
+ would not work, since ``no`` is not one of the valid values advertised by
+ the ``secureBoot`` enum.
+ 
+-For the ``loader`` element, the following can occur:
++The information contained in the ``<loader/>`` element is not relevant when
++using firmware autoselection, which is the recommended approach to guest
++firmware configuration, and as such can largely be ignored. Its subelements
++are the following:
+ 
+ ``value``
+-   List of known firmware binary paths. Currently this is used only to advertise
+-   the known location of OVMF binaries for QEMU. OVMF binaries will only be
+-   listed if they actually exist on host.
++   One element for each known firmware binary present on the system.
++
++   Note that a binary being present here indicates that the file exists and it
++   is compatible with the architecture/machine type, but does not provide any
++   insight into which mechanism (see ``type`` below) should be used to load it.
+ ``type``
+-   Whether the boot loader is a typical BIOS (``rom``) or a UEFI firmware
+-   (``pflash``). Each ``value`` sub-element under the ``type`` enum represents a
+-   possible value for the ``type`` attribute for the <loader/> element in the
+-   domain XML. E.g. the presence of ``pfalsh`` under the ``type`` enum means
+-   that a domain XML can use UEFI firmware via: <loader/> type="pflash"
+-   ...>/path/to/the/firmware/binary/</loader>.
++   Whether firmware can be loaded using a ``pflash`` device (UEFI only) or as
++   a ``rom`` (either UEFI or BIOS).
+ ``readonly``
+-   Options for the ``readonly`` attribute of the <loader/> element in the domain
+-   XML.
++   Supported values for the ``readonly`` attribute of the ``<loader/>`` element
++   in the domain XML.
+ ``secure``
+-   Options for the ``secure`` attribute of the <loader/> element in the domain
+-   XML. Note that the value ``yes`` is listed only if libvirt detects a firmware
+-   descriptor file that has path to an OVMF binary that supports Secure boot,
+-   and lists its architecture and supported machine type.
++   Supported values for the ``secure`` attribute of the ``<loader/>`` element
++   in the domain XML.
++
++   Note that the value ``yes`` is listed if libvirt detects a firmware
++   descriptor file that points to a firmware binary that implements Secure
++   Boot and is compatible with the architecture/machine type, but the UEFI
++   variable store template associated with it might not have the usual set of
++   Secure Boot certificates enrolled. To figure out whether it's actually
++   possible to enforce Secure Boot, look at the ``enrolledKeys`` enum inside
++   the ``<firmwareFeatures/>`` element instead.
+ 
+ CPU configuration
+ ~~~~~~~~~~~~~~~~~
+-- 
+2.53.0

libvirt-docs-Rename-BIOS-bootloader-section-to-guest-firmware.patch

@@ -0,0 +1,159 @@
+From 807dfc5b7ce3d77d7343b896082d2ae3395b3fdc Mon Sep 17 00:00:00 2001
+Message-ID: <807dfc5b7ce3d77d7343b896082d2ae3395b3fdc.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 23 Feb 2026 14:55:20 +0100
+Subject: [PATCH] docs: Rename "BIOS bootloader" section to "guest firmware"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The new name is much more accurate since the documentation is
+applicable to firmware other than BIOS, notably UEFI.
+
+An empty container is used to keep old links working.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 38379f59c0d26d006414a1fd92bdf332dadd1ddd)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/formatcaps.rst       |  2 +-
+ docs/formatdomain.rst     | 24 ++++++++++++++----------
+ docs/formatdomaincaps.rst | 19 ++++++++++++-------
+ 3 files changed, 27 insertions(+), 18 deletions(-)
+
+diff --git a/docs/formatcaps.rst b/docs/formatcaps.rst
+index fa8ab5197f..9458e1289a 100644
+--- a/docs/formatcaps.rst
++++ b/docs/formatcaps.rst
+@@ -172,7 +172,7 @@ The ``<guest/>`` element will typically wrap up the following elements:
+       Emulator (device model) path, for use in
+       `emulator <formatdomain.html#devices>`__ element of domain XML.
+    ``loader``
+-      Loader path, for use in `loader <formatdomain.html#bios-bootloader>`__
++      Loader path, for use in `loader <formatdomain.html#guest-firmware>`__
+       element of domain XML.
+    ``machine``
+       Machine type, for use in
+diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
+index 31232deb3c..152fd7f530 100644
+--- a/docs/formatdomain.rst
++++ b/docs/formatdomain.rst
+@@ -103,12 +103,16 @@ Operating system booting
+ There are a number of different ways to boot virtual machines each with their
+ own pros and cons.
+ 
++Guest firmware
++~~~~~~~~~~~~~~
+ 
+-BIOS bootloader
+-~~~~~~~~~~~~~~~
++.. container::
++   :name: bios-bootloader
+ 
+-Booting via the BIOS is available for hypervisors supporting full
+-virtualization. In this case the BIOS has a boot order priority (floppy,
++   .. this container only exists to keep old links working
++
++Booting via a guest firmware is available for hypervisors supporting full
++virtualization. In this case the firmware has a boot order priority (floppy,
+ harddisk, cdrom, network) determining where to obtain/find the boot image.
+ 
+ ::
+@@ -411,10 +415,10 @@ and full virtualized guests.
+ 
+ ``type``
+    This element has the same semantics as described earlier in the
+-   `BIOS bootloader`_ section.
++   `guest firmware`_ section.
+ ``loader``
+    This element has the same semantics as described earlier in the
+-   `BIOS bootloader`_ section.
++   `guest firmware`_ section.
+ ``kernel``
+    The contents of this element specify the fully-qualified path to the kernel
+    image in the host OS.
+@@ -3732,7 +3736,7 @@ paravirtualized driver is specified via the ``disk`` element.
+    attribute is an 8 character string which can be queried by guests on S390 via
+    sclp or diag 308. Linux guests on S390 can use ``loadparm`` to select a boot
+    entry. :since:`Since 3.5.0` The per-device ``boot`` elements cannot be used
+-   together with general boot elements in `BIOS bootloader`_
++   together with general boot elements in `guest firmware`_
+    section. :since:`Since 0.8.8`
+ ``encryption``
+    since:`Since 3.9.0` the ``encryption`` element is preferred
+@@ -4897,7 +4901,7 @@ or:
+    Specifies that the device is bootable. The ``order`` attribute determines the
+    order in which devices will be tried during boot sequence. The per-device
+    ``boot`` elements cannot be used together with general boot elements in
+-   `BIOS bootloader`_ section. :since:`Since 0.8.8` for PCI
++   `guest firmware`_ section. :since:`Since 0.8.8` for PCI
+    devices, :since:`Since 1.0.1` for USB devices.
+ ``rom``
+    The ``rom`` element is used to change how a PCI device's ROM is presented to
+@@ -5121,7 +5125,7 @@ USB device redirection through a character device is supported
+    Specifies that the device is bootable. The ``order`` attribute determines the
+    order in which devices will be tried during boot sequence. The per-device
+    ``boot`` elements cannot be used together with general boot elements in
+-   `BIOS bootloader`_ section. ( :since:`Since 1.0.1` )
++   `guest firmware`_ section. ( :since:`Since 1.0.1` )
+ ``redirfilter``
+    The\ ``redirfilter``\ element is used for creating the filter rule to filter
+    out certain devices from redirection. It uses sub-element ``<usbdev>`` to
+@@ -6377,7 +6381,7 @@ Specifying boot order
+ For hypervisors which support this, you can set a specific NIC to be used for
+ network boot. The ``order`` attribute determines the order in which devices will
+ be tried during boot sequence. The per-device ``boot`` elements cannot be used
+-together with general boot elements in `BIOS bootloader`_
++together with general boot elements in `guest firmware`_
+ section. :since:`Since 0.8.8`
+ 
+ Interface ROM BIOS configuration
+diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
+index cca827923c..22a6d5d067 100644
+--- a/docs/formatdomaincaps.rst
++++ b/docs/formatdomaincaps.rst
+@@ -72,11 +72,11 @@ The root element that emulator capability XML document starts with has name
+    Describes the `virtualization type <formatdomain.html#element-and-attribute-overview>`__ (or so
+    called domain type).
+ ``machine``
+-   The domain's `machine type <formatdomain.html#bios-bootloader>`__. Since not
++   The domain's `machine type <formatdomain.html#guest-firmware>`__. Since not
+    every hypervisor has a sense of machine types this element might be omitted
+    in such drivers.
+ ``arch``
+-   The domain's `architecture <formatdomain.html#bios-bootloader>`__.
++   The domain's `architecture <formatdomain.html#guest-firmware>`__.
+ 
+ CPU Allocation
+ ~~~~~~~~~~~~~~
+@@ -95,12 +95,17 @@ capabilities, e.g. virtual CPUs:
+ ``vcpu``
+    The maximum number of supported virtual CPUs
+ 
+-BIOS bootloader
+-~~~~~~~~~~~~~~~
++Guest firmware
++~~~~~~~~~~~~~~
+ 
+-Sometimes users might want to tweak some BIOS knobs or use UEFI. For cases like
+-that, `os <formatdomain.html#bios-bootloader>`__ element exposes what values can
+-be passed to its children.
++.. container::
++   :name: bios-bootloader
++
++   .. this container only exists to keep old links working
++
++Exposes information about supported
++`guest firmware <formatdomain.html#guest-firmware>`__ configurations for
++domains.
+ 
+ ::
+ 
+-- 
+2.53.0

libvirt-domain_conf-initialize-network-hostdev-private-data.patch

@@ -0,0 +1,94 @@
+From 96d171449cb675b48838b955ddd0ba41a783dba1 Mon Sep 17 00:00:00 2001
+Message-ID: <96d171449cb675b48838b955ddd0ba41a783dba1.1772815314.git.jdenemar@redhat.com>
+From: Pavel Hrdina <phrdina@redhat.com>
+Date: Thu, 26 Feb 2026 10:18:23 +0100
+Subject: [PATCH] domain_conf: initialize network hostdev private data
+
+Currently virDomainNetDef and virDomainActualNetDef use
+virDomainHostdevDef directly as structure and the code doesn't call
+virDomainHostdevDefNew() that would initialize private data.
+
+This is hackish quick fix to solve a crash that happens in two
+scenarios:
+
+1. attaching any interface with hostdev backend
+
+0x0000fffbfc0e2a90 in qemuDomainAttachHostPCIDevice (driver=0xfffbb4006750, vm=0xfffbf001f790, hostdev=0xfffbf400b150) at ../src/qemu/qemu_hotplug.c:1652
+1652 if ((ret = qemuFDPassDirectTransferMonitor(hostdevPriv->vfioDeviceFd, priv->mon)) < 0)
+
+2. starting VM with interface with hostdev backend using iommufd
+
+0x00007f6638d5b9ca in qemuProcessOpenVfioDeviceFd (hostdev=hostdev@entry=0x7f6634425ee0) at ../src/qemu/qemu_process.c:7719
+7719	    hostdevPriv->vfioDeviceFd = qemuFDPassDirectNew(name, &vfioDeviceFd);
+
+Proper fix for this issue is to refactor network code to use pointer and to
+use virDomainHostdevDefNew().
+
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+(cherry picked from commit fe782ed334ea0d4373e6dad093f5815fc925a56b)
+
+https://issues.redhat.com/browse/RHEL-151916
+
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+---
+ src/conf/domain_conf.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 16ea9f0b2e..8877aefb7c 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -3489,6 +3489,20 @@ void virDomainVideoDefFree(virDomainVideoDef *def)
+ }
+ 
+ 
++static int
++virDomainHostdevDefPrivateDataNew(virDomainHostdevDef *def,
++                                  virDomainXMLOption *xmlopt)
++{
++    if (!xmlopt || !xmlopt->privateData.hostdevNew)
++        return 0;
++
++    if (!(def->privateData = xmlopt->privateData.hostdevNew()))
++        return -1;
++
++    return 0;
++}
++
++
+ virDomainHostdevDef *
+ virDomainHostdevDefNew(virDomainXMLOption *xmlopt)
+ {
+@@ -3498,8 +3512,7 @@ virDomainHostdevDefNew(virDomainXMLOption *xmlopt)
+ 
+     def->info = g_new0(virDomainDeviceInfo, 1);
+ 
+-    if (xmlopt && xmlopt->privateData.hostdevNew &&
+-        !(def->privateData = xmlopt->privateData.hostdevNew())) {
++    if (virDomainHostdevDefPrivateDataNew(def, xmlopt) < 0) {
+         VIR_FREE(def->info);
+         VIR_FREE(def);
+         return NULL;
+@@ -9675,6 +9688,9 @@ virDomainActualNetDefParseXML(xmlNodePtr node,
+         virDomainHostdevDef *hostdev = &actual->data.hostdev.def;
+         int type;
+ 
++        if (virDomainHostdevDefPrivateDataNew(hostdev, xmlopt) < 0)
++            goto error;
++
+         hostdev->parentnet = parent;
+         hostdev->info = &parent->info;
+         /* The helper function expects type to already be found and
+@@ -10368,6 +10384,9 @@ virDomainNetDefParseXML(virDomainXMLOption *xmlopt,
+         g_autofree char *addrtype = virXPathString("string(./source/address/@type)", ctxt);
+         int type;
+ 
++        if (virDomainHostdevDefPrivateDataNew(&def->data.hostdev.def, xmlopt) < 0)
++            return NULL;
++
+         def->data.hostdev.def.parentnet = def;
+         def->data.hostdev.def.info = &def->info;
+         def->data.hostdev.def.mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS;
+-- 
+2.53.0

libvirt-domain_validate-Reject-NVRAM-with-read-write-firmware.patch

@@ -0,0 +1,165 @@
+From 33766fc329d60ba7fcf467756a442dd83cc00987 Mon Sep 17 00:00:00 2001
+Message-ID: <33766fc329d60ba7fcf467756a442dd83cc00987.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 5 Dec 2025 18:34:38 +0100
+Subject: [PATCH] domain_validate: Reject NVRAM with read/write firmware
+
+The combination doesn't make sense.
+
+After this change the firmware-manual-bios-rw test cases starts
+failing, as it should have in the first place.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 46970217a8258538b5dd9d746ec4191ee6d48d98)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_validate.c                    | 14 +++++++
+ ...are-manual-efi-rw-nvram.x86_64-latest.args | 37 -----------------
+ ...ware-manual-efi-rw-nvram.x86_64-latest.err |  1 +
+ ...ware-manual-efi-rw-nvram.x86_64-latest.xml | 40 -------------------
+ tests/qemuxmlconftest.c                       |  2 +-
+ 5 files changed, 16 insertions(+), 78 deletions(-)
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
+
+diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
+index 4558e7b210..09c1b3f13f 100644
+--- a/src/conf/domain_validate.c
++++ b/src/conf/domain_validate.c
+@@ -1765,6 +1765,20 @@ virDomainDefOSValidate(const virDomainDef *def,
+         }
+     }
+ 
++    if (loader->readonly == VIR_TRISTATE_BOOL_NO) {
++        if (loader->nvramTemplate) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("NVRAM template is not permitted when loader is read/write"));
++            return -1;
++        }
++
++        if (loader->nvram) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("NVRAM is not permitted when loader is read/write"));
++            return -1;
++        }
++    }
++
+     if (loader->stateless == VIR_TRISTATE_BOOL_YES) {
+         if (loader->nvramTemplate) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
+deleted file mode 100644
+index 6b3eec0a27..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
++++ /dev/null
+@@ -1,37 +0,0 @@
+-LC_ALL=C \
+-PATH=/bin \
+-HOME=/var/lib/libvirt/qemu/domain--1-guest \
+-USER=test \
+-LOGNAME=test \
+-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+-/usr/bin/qemu-system-x86_64 \
+--name guest=guest,debug-threads=on \
+--S \
+--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.combined.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+--blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver":"raw","file":"libvirt-pflash0-storage"}' \
+--blockdev '{"driver":"file","filename":"/path/to/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
+--machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
+--accel kvm \
+--cpu qemu64 \
+--global driver=cfi.pflash01,property=secure,value=on \
+--m size=1048576k \
+--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+--overcommit mem-lock=off \
+--smp 1,sockets=1,cores=1,threads=1 \
+--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+--display none \
+--no-user-config \
+--nodefaults \
+--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+--mon chardev=charmonitor,id=monitor,mode=control \
+--rtc base=utc \
+--no-shutdown \
+--boot strict=on \
+--audiodev '{"id":"audio1","driver":"none"}' \
+--global ICH9-LPC.noreboot=off \
+--watchdog-action reset \
+--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+--msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+new file mode 100644
+index 0000000000..d0cf62061a
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err
+@@ -0,0 +1 @@
++NVRAM is not permitted when loader is read/write
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
+deleted file mode 100644
+index f6436df80f..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
++++ /dev/null
+@@ -1,40 +0,0 @@
+-<domain type='kvm'>
+-  <name>guest</name>
+-  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+-  <memory unit='KiB'>1048576</memory>
+-  <currentMemory unit='KiB'>1048576</currentMemory>
+-  <vcpu placement='static'>1</vcpu>
+-  <os firmware='efi'>
+-    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <firmware>
+-      <feature enabled='yes' name='secure-boot'/>
+-    </firmware>
+-    <loader readonly='no' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF.combined.fd</loader>
+-    <nvram format='raw'>/path/to/guest_VARS.fd</nvram>
+-    <boot dev='hd'/>
+-  </os>
+-  <features>
+-    <acpi/>
+-    <smm state='on'/>
+-  </features>
+-  <cpu mode='custom' match='exact' check='none'>
+-    <model fallback='forbid'>qemu64</model>
+-  </cpu>
+-  <clock offset='utc'/>
+-  <on_poweroff>destroy</on_poweroff>
+-  <on_reboot>restart</on_reboot>
+-  <on_crash>destroy</on_crash>
+-  <devices>
+-    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+-    <controller type='usb' index='0' model='none'/>
+-    <controller type='sata' index='0'>
+-      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+-    </controller>
+-    <controller type='pci' index='0' model='pcie-root'/>
+-    <input type='mouse' bus='ps2'/>
+-    <input type='keyboard' bus='ps2'/>
+-    <audio id='1' type='none'/>
+-    <watchdog model='itco' action='reset'/>
+-    <memballoon model='none'/>
+-  </devices>
+-</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 726281a4ab..5299f341cf 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1583,7 +1583,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-legacy-paths");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-modern-paths");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-implicit");
+-    DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-nvram");
++    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-rw-nvram");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-loader-secure");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-loader-no-path");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-loader-path-nonstandard");
+-- 
+2.53.0

libvirt-domain_validate-Reject-ROMs-with-format-other-than-raw.patch

@@ -0,0 +1,157 @@
+From 247090edf75839e13a23885a84cf090fbdd42228 Mon Sep 17 00:00:00 2001
+Message-ID: <247090edf75839e13a23885a84cf090fbdd42228.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 19 Dec 2025 15:19:26 +0100
+Subject: [PATCH] domain_validate: Reject ROMs with format other than raw
+
+The combination doesn't make sense.
+
+After this change the firmware-auto-efi-format-loader-qcow2-rom
+test case starts failing, as it should have in the first place.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit c74adb33e4d97202e08a53119f463c54370e5816)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_validate.c                    | 10 +++++
+ ...format-loader-qcow2-rom.x86_64-latest.args | 34 ----------------
+ ...-format-loader-qcow2-rom.x86_64-latest.err |  1 +
+ ...-format-loader-qcow2-rom.x86_64-latest.xml | 39 -------------------
+ tests/qemuxmlconftest.c                       |  2 +-
+ 5 files changed, 12 insertions(+), 74 deletions(-)
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.err
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
+
+diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
+index 93a54f8cc7..7346a61731 100644
+--- a/src/conf/domain_validate.c
++++ b/src/conf/domain_validate.c
+@@ -1811,6 +1811,16 @@ virDomainDefOSValidate(const virDomainDef *def,
+         }
+     }
+ 
++    if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) {
++        if (loader->format &&
++            loader->format != VIR_STORAGE_FILE_RAW) {
++            virReportError(VIR_ERR_XML_DETAIL,
++                           _("Invalid format '%1$s' for ROM loader type"),
++                           virStorageFileFormatTypeToString(loader->format));
++            return -1;
++        }
++    }
++
+     if (def->os.shim && !def->os.kernel) {
+         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                        _("shim only allowed with kernel option"));
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
+deleted file mode 100644
+index 417084d45e..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
++++ /dev/null
+@@ -1,34 +0,0 @@
+-LC_ALL=C \
+-PATH=/bin \
+-HOME=/var/lib/libvirt/qemu/domain--1-guest \
+-USER=test \
+-LOGNAME=test \
+-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+-/usr/bin/qemu-system-x86_64 \
+--name guest=guest,debug-threads=on \
+--S \
+--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
+--accel kvm \
+--cpu qemu64 \
+--bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
+--m size=1048576k \
+--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+--overcommit mem-lock=off \
+--smp 1,sockets=1,cores=1,threads=1 \
+--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+--display none \
+--no-user-config \
+--nodefaults \
+--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+--mon chardev=charmonitor,id=monitor,mode=control \
+--rtc base=utc \
+--no-shutdown \
+--boot strict=on \
+--audiodev '{"id":"audio1","driver":"none"}' \
+--global ICH9-LPC.noreboot=off \
+--watchdog-action reset \
+--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+--msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.err
+new file mode 100644
+index 0000000000..b7b1400f6a
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.err
+@@ -0,0 +1 @@
++Invalid format 'qcow2' for ROM loader type
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
+deleted file mode 100644
+index 862a50ddb4..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
++++ /dev/null
+@@ -1,39 +0,0 @@
+-<domain type='kvm'>
+-  <name>guest</name>
+-  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+-  <memory unit='KiB'>1048576</memory>
+-  <currentMemory unit='KiB'>1048576</currentMemory>
+-  <vcpu placement='static'>1</vcpu>
+-  <os firmware='efi'>
+-    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <firmware>
+-      <feature enabled='yes' name='enrolled-keys'/>
+-      <feature enabled='yes' name='secure-boot'/>
+-    </firmware>
+-    <loader type='rom' format='qcow2'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
+-    <boot dev='hd'/>
+-  </os>
+-  <features>
+-    <acpi/>
+-  </features>
+-  <cpu mode='custom' match='exact' check='none'>
+-    <model fallback='forbid'>qemu64</model>
+-  </cpu>
+-  <clock offset='utc'/>
+-  <on_poweroff>destroy</on_poweroff>
+-  <on_reboot>restart</on_reboot>
+-  <on_crash>destroy</on_crash>
+-  <devices>
+-    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+-    <controller type='usb' index='0' model='none'/>
+-    <controller type='sata' index='0'>
+-      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+-    </controller>
+-    <controller type='pci' index='0' model='pcie-root'/>
+-    <input type='mouse' bus='ps2'/>
+-    <input type='keyboard' bus='ps2'/>
+-    <audio id='1' type='none'/>
+-    <watchdog model='itco' action='reset'/>
+-    <memballoon model='none'/>
+-  </devices>
+-</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 0a4dab9fe0..3296f6f990 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1650,7 +1650,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
+-    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2-rom");
++    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2-nvram-path");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-path");
+-- 
+2.53.0

libvirt-domain_validate-Reject-read-write-ROMs.patch

@@ -0,0 +1,140 @@
+From 3872c63fb5af9e6d37f14b157171ab9fead24b83 Mon Sep 17 00:00:00 2001
+Message-ID: <3872c63fb5af9e6d37f14b157171ab9fead24b83.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 12 Dec 2025 16:31:09 +0100
+Subject: [PATCH] domain_validate: Reject read/write ROMs
+
+The combination doesn't make sense.
+
+After this change the firmware-manual-bios-rw test case starts
+failing, as it should have in the first place.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit a5ae34aa74647e06114d85601c146a991323284b)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_validate.c                    |  6 ++++
+ ...firmware-manual-bios-rw.x86_64-latest.args | 32 -------------------
+ .../firmware-manual-bios-rw.x86_64-latest.err |  1 +
+ .../firmware-manual-bios-rw.x86_64-latest.xml | 28 ----------------
+ tests/qemuxmlconftest.c                       |  2 +-
+ 5 files changed, 8 insertions(+), 61 deletions(-)
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.err
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
+
+diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
+index 09c1b3f13f..93a54f8cc7 100644
+--- a/src/conf/domain_validate.c
++++ b/src/conf/domain_validate.c
+@@ -1766,6 +1766,12 @@ virDomainDefOSValidate(const virDomainDef *def,
+     }
+ 
+     if (loader->readonly == VIR_TRISTATE_BOOL_NO) {
++        if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) {
++            virReportError(VIR_ERR_XML_DETAIL, "%s",
++                           _("ROM loader type cannot be used as read/write"));
++            return -1;
++        }
++
+         if (loader->nvramTemplate) {
+             virReportError(VIR_ERR_XML_DETAIL, "%s",
+                            _("NVRAM template is not permitted when loader is read/write"));
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
+deleted file mode 100644
+index 969c7ad68c..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
++++ /dev/null
+@@ -1,32 +0,0 @@
+-LC_ALL=C \
+-PATH=/bin \
+-HOME=/var/lib/libvirt/qemu/domain--1-guest \
+-USER=test \
+-LOGNAME=test \
+-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+-/usr/bin/qemu-system-x86_64 \
+--name guest=guest,debug-threads=on \
+--S \
+--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--machine pc-i440fx-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
+--accel tcg \
+--cpu qemu64 \
+--bios /usr/share/seabios/bios.bin \
+--m size=1048576k \
+--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+--overcommit mem-lock=off \
+--smp 1,sockets=1,cores=1,threads=1 \
+--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+--display none \
+--no-user-config \
+--nodefaults \
+--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+--mon chardev=charmonitor,id=monitor,mode=control \
+--rtc base=utc \
+--no-shutdown \
+--boot strict=on \
+--audiodev '{"id":"audio1","driver":"none"}' \
+--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+--msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.err
+new file mode 100644
+index 0000000000..13e9d7c0f1
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.err
+@@ -0,0 +1 @@
++ROM loader type cannot be used as read/write
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
+deleted file mode 100644
+index 65bb8493c9..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
++++ /dev/null
+@@ -1,28 +0,0 @@
+-<domain type='qemu'>
+-  <name>guest</name>
+-  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
+-  <memory unit='KiB'>1048576</memory>
+-  <currentMemory unit='KiB'>1048576</currentMemory>
+-  <vcpu placement='static'>1</vcpu>
+-  <os>
+-    <type arch='x86_64' machine='pc-i440fx-10.0'>hvm</type>
+-    <loader readonly='no' type='rom' format='raw'>/usr/share/seabios/bios.bin</loader>
+-    <boot dev='hd'/>
+-  </os>
+-  <cpu mode='custom' match='exact' check='none'>
+-    <model fallback='forbid'>qemu64</model>
+-  </cpu>
+-  <clock offset='utc'/>
+-  <on_poweroff>destroy</on_poweroff>
+-  <on_reboot>restart</on_reboot>
+-  <on_crash>destroy</on_crash>
+-  <devices>
+-    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+-    <controller type='usb' index='0' model='none'/>
+-    <controller type='pci' index='0' model='pci-root'/>
+-    <input type='mouse' bus='ps2'/>
+-    <input type='keyboard' bus='ps2'/>
+-    <audio id='1' type='none'/>
+-    <memballoon model='none'/>
+-  </devices>
+-</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index ba33267d4e..a45487b1b5 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1576,7 +1576,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-bios");
+     DO_TEST_CAPS_LATEST("firmware-manual-bios-stateless");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-not-stateless");
+-    DO_TEST_CAPS_LATEST("firmware-manual-bios-rw");
++    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-rw");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-features");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE_PARSE_ERROR("firmware-manual-efi-features");
+-- 
+2.53.0

libvirt-include-Mention-varstore-where-applicable.patch

@@ -0,0 +1,69 @@
+From af33f07936bd97081a626499700a872c9cfdbecb Mon Sep 17 00:00:00 2001
+Message-ID: <af33f07936bd97081a626499700a872c9cfdbecb.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 30 Jan 2026 18:34:40 +0100
+Subject: [PATCH] include: Mention varstore where applicable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We are not introducing additional API flags for varstore
+handling since that would require unnecessary churn in all
+libvirt-based apps, and the intent is the same: recreate
+the UEFI variable storage, be it NVRAM or varstore, from its
+template.
+
+In order to clarify that the existing flags affect varstore
+too, update their documentation.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 31e40b6229cd3bc1affaecdc577f1ec1dd85d54c)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ include/libvirt/libvirt-domain-snapshot.h | 2 +-
+ include/libvirt/libvirt-domain.h          | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/libvirt/libvirt-domain-snapshot.h b/include/libvirt/libvirt-domain-snapshot.h
+index a11cd3f823..e14b661e37 100644
+--- a/include/libvirt/libvirt-domain-snapshot.h
++++ b/include/libvirt/libvirt-domain-snapshot.h
+@@ -217,7 +217,7 @@ typedef enum {
+     VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING = 1 << 0, /* Run after revert (Since: 0.9.5) */
+     VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED  = 1 << 1, /* Pause after revert (Since: 0.9.5) */
+     VIR_DOMAIN_SNAPSHOT_REVERT_FORCE   = 1 << 2, /* Allow risky reverts (Since: 0.9.7) */
+-    VIR_DOMAIN_SNAPSHOT_REVERT_RESET_NVRAM = 1 << 3, /* Re-initialize NVRAM from template (Since: 8.1.0) */
++    VIR_DOMAIN_SNAPSHOT_REVERT_RESET_NVRAM = 1 << 3, /* Re-initialize NVRAM/varstore from template (Since: 8.1.0) */
+ } virDomainSnapshotRevertFlags;
+ 
+ /* Revert the domain to a point-in-time snapshot.  The
+diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
+index 8e62bd23d4..221e22443e 100644
+--- a/include/libvirt/libvirt-domain.h
++++ b/include/libvirt/libvirt-domain.h
+@@ -371,7 +371,7 @@ typedef enum {
+     VIR_DOMAIN_START_BYPASS_CACHE = 1 << 2, /* Avoid file system cache pollution (Since: 0.9.4) */
+     VIR_DOMAIN_START_FORCE_BOOT   = 1 << 3, /* Boot, discarding any managed save (Since: 0.9.5) */
+     VIR_DOMAIN_START_VALIDATE     = 1 << 4, /* Validate the XML document against schema (Since: 1.2.12) */
+-    VIR_DOMAIN_START_RESET_NVRAM  = 1 << 5, /* Re-initialize NVRAM from template (Since: 8.1.0) */
++    VIR_DOMAIN_START_RESET_NVRAM  = 1 << 5, /* Re-initialize NVRAM/varstore from template (Since: 8.1.0) */
+ } virDomainCreateFlags;
+ 
+ 
+@@ -1652,7 +1652,7 @@ typedef enum {
+     VIR_DOMAIN_SAVE_BYPASS_CACHE = 1 << 0, /* Avoid file system cache pollution (Since: 0.9.4) */
+     VIR_DOMAIN_SAVE_RUNNING      = 1 << 1, /* Favor running over paused (Since: 0.9.5) */
+     VIR_DOMAIN_SAVE_PAUSED       = 1 << 2, /* Favor paused over running (Since: 0.9.5) */
+-    VIR_DOMAIN_SAVE_RESET_NVRAM  = 1 << 3, /* Re-initialize NVRAM from template (Since: 8.1.0) */
++    VIR_DOMAIN_SAVE_RESET_NVRAM  = 1 << 3, /* Re-initialize NVRAM/varstore from template (Since: 8.1.0) */
+ } virDomainSaveRestoreFlags;
+ 
+ int                     virDomainSave           (virDomainPtr domain,
+-- 
+2.53.0

libvirt-qemu-Create-and-delete-varstore-file.patch

@@ -0,0 +1,118 @@
+From ab8dbe11d56790f6fd140919559ad7610cc1f535 Mon Sep 17 00:00:00 2001
+Message-ID: <ab8dbe11d56790f6fd140919559ad7610cc1f535.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 23 Jan 2026 19:47:13 +0100
+Subject: [PATCH] qemu: Create and delete varstore file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Simply mimicking what is currently done for NVRAM files does
+the trick. A few user-visible messages are updated to reflect
+the fact that they apply both to NVRAM and varstore.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 5dc97de2c4fb4c2097c29cbe0eb38e3cdb4e92b0)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_driver.c  | 14 +++++++++-----
+ src/qemu/qemu_process.c | 28 ++++++++++++++++++++++++++--
+ 2 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index d314aa94ce..ad894c7584 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -6639,22 +6639,26 @@ qemuDomainUndefineFlags(virDomainPtr dom,
+         }
+     }
+ 
+-    if (vm->def->os.loader && vm->def->os.loader->nvram &&
+-        virStorageSourceIsLocalStorage(vm->def->os.loader->nvram)) {
+-        nvram_path = g_strdup(vm->def->os.loader->nvram->path);
++    if (vm->def->os.loader) {
++        if (vm->def->os.loader->nvram &&
++            virStorageSourceIsLocalStorage(vm->def->os.loader->nvram)) {
++            nvram_path = g_strdup(vm->def->os.loader->nvram->path);
++        } else if (vm->def->os.varstore && vm->def->os.varstore->path) {
++            nvram_path = g_strdup(vm->def->os.varstore->path);
++        }
+     }
+ 
+     if (nvram_path && virFileExists(nvram_path)) {
+         if ((flags & VIR_DOMAIN_UNDEFINE_NVRAM)) {
+             if (unlink(nvram_path) < 0) {
+                 virReportSystemError(errno,
+-                                     _("failed to remove nvram: %1$s"),
++                                     _("Failed to remove NVRAM/varstore: %1$s"),
+                                      nvram_path);
+                 goto endjob;
+             }
+         } else if (!(flags & VIR_DOMAIN_UNDEFINE_KEEP_NVRAM)) {
+             virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+-                           _("cannot undefine domain with nvram"));
++                           _("Cannot undefine domain with NVRAM/varstore"));
+             goto endjob;
+         }
+     }
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 47deb9abb9..3ca87df284 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -5031,6 +5031,27 @@ qemuPrepareNVRAM(virQEMUDriver *driver,
+ }
+ 
+ 
++static int
++qemuPrepareVarstore(virQEMUDriver *driver,
++                    virDomainDef *def,
++                    bool reset_nvram)
++{
++    virDomainLoaderDef *loader = def->os.loader;
++    virDomainVarstoreDef *varstore = def->os.varstore;
++
++    if (!loader || !varstore)
++        return 0;
++
++    VIR_DEBUG("varstore='%s'", NULLSTR(varstore->path));
++
++    if (qemuPrepareNVRAMFileCommon(driver, varstore->path,
++                                   varstore->template, reset_nvram) < 0)
++        return -1;
++
++    return 0;
++}
++
++
+ static void
+ qemuLogOperation(virDomainObj *vm,
+                  const char *msg,
+@@ -7795,6 +7816,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
+     unsigned int hostdev_flags = 0;
+     qemuDomainObjPrivate *priv = vm->privateData;
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
++    bool reset_nvram = !!(flags & VIR_QEMU_PROCESS_START_RESET_NVRAM);
+ 
+     /*
+      * Create all per-domain directories in order to make sure domain
+@@ -7804,8 +7826,10 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
+         qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0)
+         return -1;
+ 
+-    if (qemuPrepareNVRAM(driver, vm->def,
+-                         !!(flags & VIR_QEMU_PROCESS_START_RESET_NVRAM)) < 0)
++    if (qemuPrepareNVRAM(driver, vm->def, reset_nvram) < 0)
++        return -1;
++
++    if (qemuPrepareVarstore(driver, vm->def, reset_nvram) < 0)
+         return -1;
+ 
+     if (vm->def->vsock) {
+-- 
+2.53.0

libvirt-qemu-Introduce-qemuPrepareNVRAMFileCommon.patch

@@ -0,0 +1,123 @@
+From 11e31d9728c42cbb9f4a3a564e9ddec5d09849ba Mon Sep 17 00:00:00 2001
+Message-ID: <11e31d9728c42cbb9f4a3a564e9ddec5d09849ba.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 3 Feb 2026 20:26:59 +0100
+Subject: [PATCH] qemu: Introduce qemuPrepareNVRAMFileCommon()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Most of the code in the qemuPrepareNVRAMFile() function can
+be reused to create a varstore file from template. Move the
+common parts to a generic helper, leaving only the parts
+that are NVRAM-specific in the original function.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 41fe1199bbad4ab9cc4bda078571cd7bc5897d44)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_process.c | 56 +++++++++++++++++++++++++++--------------
+ 1 file changed, 37 insertions(+), 19 deletions(-)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 1aff3a277b..47deb9abb9 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -4921,45 +4921,40 @@ qemuPrepareNVRAMBlock(virDomainLoaderDef *loader,
+ 
+ 
+ static int
+-qemuPrepareNVRAMFile(virQEMUDriver *driver,
+-                     virDomainLoaderDef *loader,
+-                     bool reset_nvram)
++qemuPrepareNVRAMFileCommon(virQEMUDriver *driver,
++                           const char *path,
++                           const char *template,
++                           bool reset_nvram)
+ {
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+     VIR_AUTOCLOSE srcFD = -1;
+     struct qemuPrepareNVRAMHelperData data;
+ 
+-    if (virFileExists(loader->nvram->path) && !reset_nvram)
++    if (!path)
+         return 0;
+ 
+-    if (!loader->nvramTemplate) {
++    if (virFileExists(path) && !reset_nvram)
++        return 0;
++
++    if (!template) {
+         virReportError(VIR_ERR_OPERATION_FAILED,
+                        _("unable to find any master var store for loader: %1$s"),
+-                       loader->path);
++                       path);
+         return -1;
+     }
+ 
+-    /* If 'nvramTemplateFormat' is empty it means that it's a user-provided
+-     * template which we couldn't verify. Assume the user knows what they're doing */
+-    if (loader->nvramTemplateFormat != VIR_STORAGE_FILE_NONE &&
+-        loader->nvram->format != loader->nvramTemplateFormat) {
+-        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+-                       _("conversion of the nvram template to another target format is not supported"));
+-        return -1;
+-    }
+-
+-    if ((srcFD = virFileOpenAs(loader->nvramTemplate, O_RDONLY,
++    if ((srcFD = virFileOpenAs(template, O_RDONLY,
+                                0, -1, -1, 0)) < 0) {
+         virReportSystemError(-srcFD,
+                              _("Failed to open file '%1$s'"),
+-                             loader->nvramTemplate);
++                             template);
+         return -1;
+     }
+ 
+     data.srcFD = srcFD;
+-    data.srcPath = loader->nvramTemplate;
++    data.srcPath = template;
+ 
+-    if (virFileRewrite(loader->nvram->path,
++    if (virFileRewrite(path,
+                        S_IRUSR | S_IWUSR,
+                        cfg->user, cfg->group,
+                        qemuPrepareNVRAMHelper,
+@@ -4971,6 +4966,29 @@ qemuPrepareNVRAMFile(virQEMUDriver *driver,
+ }
+ 
+ 
++static int
++qemuPrepareNVRAMFile(virQEMUDriver *driver,
++                     virDomainLoaderDef *loader,
++                     bool reset_nvram)
++{
++    /* If 'nvramTemplateFormat' is empty it means that it's a user-provided
++     * template which we couldn't verify. Assume the user knows what they're doing */
++    if (loader && loader->nvram &&
++        loader->nvramTemplateFormat != VIR_STORAGE_FILE_NONE &&
++        loader->nvram->format != loader->nvramTemplateFormat) {
++        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
++                       _("conversion of the nvram template to another target format is not supported"));
++        return -1;
++    }
++
++    if (qemuPrepareNVRAMFileCommon(driver, loader->nvram->path,
++                                   loader->nvramTemplate, reset_nvram) < 0)
++        return -1;
++
++    return 0;
++}
++
++
+ int
+ qemuPrepareNVRAM(virQEMUDriver *driver,
+                  virDomainDef *def,
+-- 
+2.53.0

libvirt-qemu-Introduce-varstoreDir.patch

@@ -0,0 +1,135 @@
+From b59cc7646f454eb6626e976f20649d2bce3f21e6 Mon Sep 17 00:00:00 2001
+Message-ID: <b59cc7646f454eb6626e976f20649d2bce3f21e6.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 4 Feb 2026 17:43:36 +0100
+Subject: [PATCH] qemu: Introduce varstoreDir
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is the same as the existing nvramDir, except it will be
+used to store the files used with the uefi-vars QEMU device.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit df3121d21ef257c601c0f15deb78deadcc6bffad)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ libvirt.spec.in        |  1 +
+ src/qemu/meson.build   |  1 +
+ src/qemu/qemu_conf.c   |  4 ++++
+ src/qemu/qemu_conf.h   |  1 +
+ src/qemu/qemu_driver.c | 12 ++++++++++++
+ tests/testutilsqemu.c  |  2 ++
+ 6 files changed, 21 insertions(+)
+
+diff --git a/src/qemu/meson.build b/src/qemu/meson.build
+index ff9a904277..b4fb62f14f 100644
+--- a/src/qemu/meson.build
++++ b/src/qemu/meson.build
+@@ -223,6 +223,7 @@ if conf.has('WITH_QEMU')
+     localstatedir / 'lib' / 'libvirt' / 'qemu' / 'ram',
+     localstatedir / 'lib' / 'libvirt' / 'qemu' / 'save',
+     localstatedir / 'lib' / 'libvirt' / 'qemu' / 'snapshot',
++    localstatedir / 'lib' / 'libvirt' / 'qemu' / 'varstore',
+     localstatedir / 'lib' / 'libvirt' / 'swtpm',
+     localstatedir / 'log' / 'libvirt' / 'qemu',
+     localstatedir / 'log' / 'swtpm' / 'libvirt' / 'qemu',
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 242955200a..0a2eae3d76 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -167,6 +167,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
+         cfg->checkpointDir = g_strdup_printf("%s/checkpoint", cfg->libDir);
+         cfg->autoDumpPath = g_strdup_printf("%s/dump", cfg->libDir);
+         cfg->nvramDir = g_strdup_printf("%s/nvram", cfg->libDir);
++        cfg->varstoreDir = g_strdup_printf("%s/varstore", cfg->libDir);
+         cfg->memoryBackingDir = g_strdup_printf("%s/ram", cfg->libDir);
+     } else if (privileged) {
+         cfg->logDir = g_strdup_printf("%s/log/libvirt/qemu", LOCALSTATEDIR);
+@@ -188,6 +189,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
+         cfg->checkpointDir = g_strdup_printf("%s/checkpoint", cfg->libDir);
+         cfg->autoDumpPath = g_strdup_printf("%s/dump", cfg->libDir);
+         cfg->nvramDir = g_strdup_printf("%s/nvram", cfg->libDir);
++        cfg->varstoreDir = g_strdup_printf("%s/varstore", cfg->libDir);
+         cfg->memoryBackingDir = g_strdup_printf("%s/ram", cfg->libDir);
+         cfg->swtpmStorageDir = g_strdup_printf("%s/lib/libvirt/swtpm",
+                                                LOCALSTATEDIR);
+@@ -215,6 +217,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
+                                              cfg->configBaseDir);
+         cfg->autoDumpPath = g_strdup_printf("%s/qemu/dump", cfg->configBaseDir);
+         cfg->nvramDir = g_strdup_printf("%s/qemu/nvram", cfg->configBaseDir);
++        cfg->varstoreDir = g_strdup_printf("%s/qemu/varstore", cfg->configBaseDir);
+         cfg->memoryBackingDir = g_strdup_printf("%s/qemu/ram", cfg->configBaseDir);
+         cfg->swtpmStorageDir = g_strdup_printf("%s/qemu/swtpm",
+                                                cfg->configBaseDir);
+@@ -367,6 +370,7 @@ static void virQEMUDriverConfigDispose(void *obj)
+     g_free(cfg->checkpointDir);
+     g_free(cfg->channelTargetDir);
+     g_free(cfg->nvramDir);
++    g_free(cfg->varstoreDir);
+ 
+     g_free(cfg->defaultTLSx509certdir);
+     g_free(cfg->defaultTLSx509secretUUID);
+diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
+index edb65c99f4..3b97d24622 100644
+--- a/src/qemu/qemu_conf.h
++++ b/src/qemu/qemu_conf.h
+@@ -120,6 +120,7 @@ struct _virQEMUDriverConfig {
+     char *checkpointDir;
+     char *channelTargetDir;
+     char *nvramDir;
++    char *varstoreDir;
+     char *swtpmStorageDir;
+ 
+     char *defaultTLSx509certdir;
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index f3e7410f9e..d314aa94ce 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -626,6 +626,11 @@ qemuStateInitialize(bool privileged,
+                              cfg->nvramDir);
+         goto error;
+     }
++    if (g_mkdir_with_parents(cfg->varstoreDir, 0777) < 0) {
++        virReportSystemError(errno, _("Failed to create varstore dir %1$s"),
++                             cfg->varstoreDir);
++        goto error;
++    }
+     if (g_mkdir_with_parents(cfg->memoryBackingDir, 0777) < 0) {
+         virReportSystemError(errno, _("Failed to create memory backing dir %1$s"),
+                              cfg->memoryBackingDir);
+@@ -784,6 +789,13 @@ qemuStateInitialize(bool privileged,
+                                  (int)cfg->group);
+             goto error;
+         }
++        if (chown(cfg->varstoreDir, cfg->user, cfg->group) < 0) {
++            virReportSystemError(errno,
++                                 _("unable to set ownership of '%1$s' to %2$d:%3$d"),
++                                 cfg->varstoreDir, (int)cfg->user,
++                                 (int)cfg->group);
++            goto error;
++        }
+         if (chown(cfg->memoryBackingDir, cfg->user, cfg->group) < 0) {
+             virReportSystemError(errno,
+                                  _("unable to set ownership of '%1$s' to %2$d:%3$d"),
+diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
+index 78ec521266..21dfd3141d 100644
+--- a/tests/testutilsqemu.c
++++ b/tests/testutilsqemu.c
+@@ -336,6 +336,8 @@ int qemuTestDriverInit(virQEMUDriver *driver)
+     cfg->memoryBackingDir = g_strdup("/var/lib/libvirt/qemu/ram");
+     VIR_FREE(cfg->nvramDir);
+     cfg->nvramDir = g_strdup("/var/lib/libvirt/qemu/nvram");
++    VIR_FREE(cfg->varstoreDir);
++    cfg->varstoreDir = g_strdup("/var/lib/libvirt/qemu/varstore");
+     VIR_FREE(cfg->passtStateDir);
+     cfg->passtStateDir = g_strdup("/var/run/libvirt/qemu/passt");
+     VIR_FREE(cfg->dbusStateDir);
+-- 
+2.53.0

libvirt-qemu-Validate-presence-of-uefi-vars-device.patch

@@ -0,0 +1,65 @@
+From 8b337691d19e1619f711b437b2618ac269e5e12f Mon Sep 17 00:00:00 2001
+Message-ID: <8b337691d19e1619f711b437b2618ac269e5e12f.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 21 Nov 2025 19:32:31 +0100
+Subject: [PATCH] qemu: Validate presence of uefi-vars device
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The use of varstore requires the uefi-vars device to be present
+in the QEMU binary.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit bd3504651759afac45e76b73912952bf2af2bcfa)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_validate.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
+index aa441188cb..25e1b9cf58 100644
+--- a/src/qemu/qemu_validate.c
++++ b/src/qemu/qemu_validate.c
+@@ -754,6 +754,23 @@ qemuValidateDomainDefNvram(const virDomainDef *def,
+ }
+ 
+ 
++static int
++qemuValidateDomainDefVarstore(const virDomainDef *def,
++                              virQEMUCaps *qemuCaps)
++{
++    if (!def->os.varstore)
++        return 0;
++
++    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_UEFI_VARS)) {
++        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
++                       _("The uefi-vars device is not supported by this QEMU binary"));
++        return -1;
++    }
++
++    return 0;
++}
++
++
+ static int
+ qemuValidateDomainDefBoot(const virDomainDef *def,
+                           virQEMUCaps *qemuCaps)
+@@ -797,6 +814,9 @@ qemuValidateDomainDefBoot(const virDomainDef *def,
+ 
+         if (qemuValidateDomainDefNvram(def, qemuCaps) < 0)
+             return -1;
++
++        if (qemuValidateDomainDefVarstore(def, qemuCaps) < 0)
++            return -1;
+     }
+ 
+     for (i = 0; i < def->os.nacpiTables; i++) {
+-- 
+2.53.0

libvirt-qemu_capabilities-Introduce-QEMU_CAPS_DEVICE_UEFI_VARS.patch

@@ -0,0 +1,172 @@
+From 9daca4f4b8e914a09d86db07d1c7292a6e9e4048 Mon Sep 17 00:00:00 2001
+Message-ID: <9daca4f4b8e914a09d86db07d1c7292a6e9e4048.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 21 Nov 2025 15:34:32 +0100
+Subject: [PATCH] qemu_capabilities: Introduce QEMU_CAPS_DEVICE_UEFI_VARS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This capability indicates the availability of the uefi-vars
+device.
+
+The actual name of the QEMU device varies slightly depending on
+the architecture: it's uefi-vars-x64 on x86_64, uefi-vars-sysbus
+on other UEFI architectures (aarch64, riscv64, loongarch64).
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 12cdd613832c77d143bfa2b87539a22ec6911f6d)
+
+Conflicts:
+
+  * tests/qemucapabilitiesdata/caps_10.1.0_s390x.xml
+    tests/qemucapabilitiesdata/caps_10.2.0_aarch64.xml
+    tests/qemucapabilitiesdata/caps_11.0.0_aarch64.xml
+    tests/qemucapabilitiesdata/caps_11.0.0_x86_64.xml
+
+    - Missing downstream
+
+  * tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
+    tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml
+    tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml
+
+    - Trivial context conflicts caused by capabilities files
+      being outdated downstream
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_capabilities.c                               | 3 +++
+ src/qemu/qemu_capabilities.h                               | 1 +
+ tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml         | 1 +
+ tests/qemucapabilitiesdata/caps_10.0.0_x86_64+amdsev.xml   | 1 +
+ tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml          | 1 +
+ tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml | 1 +
+ tests/qemucapabilitiesdata/caps_10.1.0_x86_64.xml          | 1 +
+ tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml     | 1 +
+ tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml          | 1 +
+ 9 files changed, 11 insertions(+)
+
+diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
+index 7d88b8521a..8b20ca9312 100644
+--- a/src/qemu/qemu_capabilities.c
++++ b/src/qemu/qemu_capabilities.c
+@@ -760,6 +760,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
+ 
+               /* 490 */
+               "iommufd", /* QEMU_CAPS_OBJECT_IOMMUFD */
++              "uefi-vars", /* QEMU_CAPS_DEVICE_UEFI_VARS */
+     );
+ 
+ 
+@@ -1468,6 +1469,8 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
+     { "tpm-passthrough", QEMU_CAPS_DEVICE_TPM_PASSTHROUGH },
+     { "acpi-generic-initiator", QEMU_CAPS_ACPI_GENERIC_INITIATOR },
+     { "iommufd", QEMU_CAPS_OBJECT_IOMMUFD },
++    { "uefi-vars-x64", QEMU_CAPS_DEVICE_UEFI_VARS },
++    { "uefi-vars-sysbus", QEMU_CAPS_DEVICE_UEFI_VARS },
+ };
+ 
+ 
+diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
+index f7c8680f94..4dcf464061 100644
+--- a/src/qemu/qemu_capabilities.h
++++ b/src/qemu/qemu_capabilities.h
+@@ -734,6 +734,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
+ 
+     /* 490 */
+     QEMU_CAPS_OBJECT_IOMMUFD, /* -object iommufd */
++    QEMU_CAPS_DEVICE_UEFI_VARS, /* -device uefi-vars-{x64,sysbus} */
+ 
+     QEMU_CAPS_LAST /* this must always be the last item */
+ } virQEMUCapsFlags;
+diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml b/tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml
+index bbb8b33cde..1243a56fb8 100644
+--- a/tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml
++++ b/tests/qemucapabilitiesdata/caps_10.0.0_aarch64.xml
+@@ -164,6 +164,7 @@
+   <flag name='usb-bot'/>
+   <flag name='acpi-generic-initiator'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10000000</version>
+   <microcodeVersion>61700285</microcodeVersion>
+   <package>v10.0.0</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64+amdsev.xml b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64+amdsev.xml
+index 5acd1a33fd..cd77e934c8 100644
+--- a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64+amdsev.xml
++++ b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64+amdsev.xml
+@@ -210,6 +210,7 @@
+   <flag name='usb-bot'/>
+   <flag name='acpi-generic-initiator'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10000000</version>
+   <microcodeVersion>43100285</microcodeVersion>
+   <package>v10.0.0</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
+index 50f58791e6..f2567a2025 100644
+--- a/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
++++ b/tests/qemucapabilitiesdata/caps_10.0.0_x86_64.xml
+@@ -210,6 +210,7 @@
+   <flag name='usb-bot'/>
+   <flag name='acpi-generic-initiator'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10000000</version>
+   <microcodeVersion>43100285</microcodeVersion>
+   <package>v10.0.0</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
+index e321c352a3..a80aca9244 100644
+--- a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
++++ b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64+inteltdx.xml
+@@ -192,6 +192,7 @@
+   <flag name='tdx-guest'/>
+   <flag name='acpi-generic-initiator'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10000050</version>
+   <microcodeVersion>43100286</microcodeVersion>
+   <package>v10.0.0-1724-gf9a3def17b</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64.xml
+index 2d52659520..03790f4e31 100644
+--- a/tests/qemucapabilitiesdata/caps_10.1.0_x86_64.xml
++++ b/tests/qemucapabilitiesdata/caps_10.1.0_x86_64.xml
+@@ -215,6 +215,7 @@
+   <flag name='qom-list-get'/>
+   <flag name='acpi-generic-initiator'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10001000</version>
+   <microcodeVersion>43100286</microcodeVersion>
+   <package>v10.1.0</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml
+index eb2ab001a6..0ba4d2f990 100644
+--- a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml
++++ b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64+mshv.xml
+@@ -202,6 +202,7 @@
+   <flag name='query-accelerators'/>
+   <flag name='mshv'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10001050</version>
+   <microcodeVersion>43100287</microcodeVersion>
+   <package>v10.1.0-1778-ge090e0312d</package>
+diff --git a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml
+index c4ea924c1f..47bb94527f 100644
+--- a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml
++++ b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml
+@@ -217,6 +217,7 @@
+   <flag name='query-accelerators'/>
+   <flag name='scsi-block.migrate-pr'/>
+   <flag name='iommufd'/>
++  <flag name='uefi-vars'/>
+   <version>10001091</version>
+   <microcodeVersion>43100287</microcodeVersion>
+   <package>v10.2.0-rc1-38-gfb241d0a1f</package>
+-- 
+2.53.0

libvirt-qemu_command-Use-uefi-vars-device-where-appropriate.patch

@@ -0,0 +1,154 @@
+From 71ed9b3cb411e469d78fd5203799f3086127b9c3 Mon Sep 17 00:00:00 2001
+Message-ID: <71ed9b3cb411e469d78fd5203799f3086127b9c3.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 11 Nov 2025 15:33:41 +0100
+Subject: [PATCH] qemu_command: Use uefi-vars device where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This makes guests actually functional.
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit bcda5b2efdf7c3472fd15dc758aad6842c214481)
+
+Conflicts:
+
+  * tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+    tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+    tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+
+    - GIC version mismatch caused by capabilities files
+      being outdated or missing downstream
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_command.c                       | 34 +++++++++++++++++++
+ ...-enrolled-keys-aarch64.aarch64-latest.args |  1 +
+ ...o-efi-varstore-aarch64.aarch64-latest.args |  1 +
+ ...e-auto-efi-varstore-q35.x86_64-latest.args |  1 +
+ ...l-efi-varstore-aarch64.aarch64-latest.args |  1 +
+ ...manual-efi-varstore-q35.x86_64-latest.args |  1 +
+ 6 files changed, 39 insertions(+)
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 521aefbc10..7b1b470398 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -9788,6 +9788,37 @@ qemuBuildDomainLoaderCommandLine(virCommand *cmd,
+ }
+ 
+ 
++static int
++qemuBuildUefiVarsCommandLine(virCommand *cmd,
++                             const virDomainDef *def,
++                             virQEMUCaps *qemuCaps)
++{
++    virDomainLoaderDef *loader = def->os.loader;
++    virDomainVarstoreDef *varstore = def->os.varstore;
++    g_autoptr(virJSONValue) props = NULL;
++    const char *model = NULL;
++
++    if (!loader || !varstore || !varstore->path)
++        return 0;
++
++    if (ARCH_IS_X86(def->os.arch))
++        model = "uefi-vars-x64";
++    else
++        model = "uefi-vars-sysbus";
++
++    if (virJSONValueObjectAdd(&props,
++                              "s:driver", model,
++                              "s:jsonfile", varstore->path,
++                              NULL) < 0)
++        return -1;
++
++    if (qemuBuildDeviceCommandlineFromJSON(cmd, props, def, qemuCaps) < 0)
++        return -1;
++
++    return 0;
++}
++
++
+ static int
+ qemuBuildTPMDevCmd(virCommand *cmd,
+                    const virDomainDef *def,
+@@ -10862,6 +10893,9 @@ qemuBuildCommandLine(virDomainObj *vm,
+ 
+     qemuBuildDomainLoaderCommandLine(cmd, def);
+ 
++    if (qemuBuildUefiVarsCommandLine(cmd, def, qemuCaps) < 0)
++        return NULL;
++
+     if (qemuBuildMemCommandLine(cmd, def, qemuCaps, priv) < 0)
+         return NULL;
+ 
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+index 1cd04c87b1..caf1933091 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+ -accel kvm \
+ -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
+ -m size=1048576k \
+ -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+ -overcommit mem-lock=off \
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+index 1cd04c87b1..caf1933091 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+ -accel kvm \
+ -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-device '{"driver":"uefi-vars-sysbus","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
+ -m size=1048576k \
+ -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+ -overcommit mem-lock=off \
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+index 9a899c2a65..392ea77c28 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+@@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -accel kvm \
+ -cpu qemu64 \
+ -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
++-device '{"driver":"uefi-vars-x64","jsonfile":"/var/lib/libvirt/qemu/varstore/guest.json"}' \
+ -m size=1048576k \
+ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+ -overcommit mem-lock=off \
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+index 1cd04c87b1..1989405e07 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+@@ -13,6 +13,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
+ -accel kvm \
+ -bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-device '{"driver":"uefi-vars-sysbus","jsonfile":"/path/to/guest.json"}' \
+ -m size=1048576k \
+ -object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
+ -overcommit mem-lock=off \
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+index 9a899c2a65..6c04c8c39f 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+@@ -14,6 +14,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -accel kvm \
+ -cpu qemu64 \
+ -bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
++-device '{"driver":"uefi-vars-x64","jsonfile":"/path/to/guest.json"}' \
+ -m size=1048576k \
+ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+ -overcommit mem-lock=off \
+-- 
+2.53.0

libvirt-qemu_firmware-Allow-matching-both-UEFI-and-BIOS-for-ROM-loader.patch

@@ -0,0 +1,131 @@
+From a11c975eb05296487023db1beb72d5575af6b05a Mon Sep 17 00:00:00 2001
+Message-ID: <a11c975eb05296487023db1beb72d5575af6b05a.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 18:02:15 +0100
+Subject: [PATCH] qemu_firmware: Allow matching both UEFI and BIOS for ROM
+ loader
+
+Currently we apply a 1:1 mapping between loader type and firmware
+type: ROM can only match BIOS and pflash can only match UEFI.
+
+That was accurate at the time when the check was introduced, but
+is no longer the case today: the Intel TDX build of edk2, for
+example, is loaded as a ROM but it still provides an UEFI
+implementation to the guest.
+
+Tweak the matching logic so that a ROM loader is allowed to match
+both BIOS and UEFI firmware descriptors.
+
+The firmware-manual-efi-tdx test case benefits from this change,
+as all the missing information is now correctly filled in.
+
+This will also solve an issue reported to the list, where
+firmware builds targeting the confidential VM use case on aarch64
+would not be usable at all, due to the way UEFI and ACPI are
+depending on each other on the architecture.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 563a47ea7fc255c08d834f8a2d0956bae84317a9)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                      | 43 +++++++++++--------
+ ...-manual-efi-tdx.x86_64-latest+inteltdx.xml |  6 ++-
+ 2 files changed, 30 insertions(+), 19 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 7953b297bc..52205b72f8 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -937,23 +937,6 @@ qemuFirmwareOSInterfaceTypeToOsDefFirmware(qemuFirmwareOSInterface interface)
+ }
+ 
+ 
+-static qemuFirmwareOSInterface
+-qemuFirmwareOSInterfaceTypeFromOsDefLoaderType(virDomainLoader type)
+-{
+-    switch (type) {
+-    case VIR_DOMAIN_LOADER_TYPE_ROM:
+-        return QEMU_FIRMWARE_OS_INTERFACE_BIOS;
+-    case VIR_DOMAIN_LOADER_TYPE_PFLASH:
+-        return QEMU_FIRMWARE_OS_INTERFACE_UEFI;
+-    case VIR_DOMAIN_LOADER_TYPE_NONE:
+-    case VIR_DOMAIN_LOADER_TYPE_LAST:
+-        break;
+-    }
+-
+-    return QEMU_FIRMWARE_OS_INTERFACE_NONE;
+-}
+-
+-
+ /**
+  * qemuFirmwareEnsureNVRAM:
+  * @def: domain definition
+@@ -1100,6 +1083,8 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+     const virDomainLoaderDef *loader = def->os.loader;
+     size_t i;
+     qemuFirmwareOSInterface want;
++    bool wantUEFI = false;
++    bool wantBIOS = false;
+     bool supportsS3 = false;
+     bool supportsS4 = false;
+     bool requiresSMM = false;
+@@ -1115,12 +1100,34 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+     want = qemuFirmwareOSInterfaceTypeFromOsDefFirmware(def->os.firmware);
+ 
+     if (want == QEMU_FIRMWARE_OS_INTERFACE_NONE && loader) {
+-        want = qemuFirmwareOSInterfaceTypeFromOsDefLoaderType(loader->type);
++        /* If an explicit request for a specific type of firmware is
++         * not present, we can still infer this information from
++         * other factors. Specifically, the pflash loader type is
++         * only used for UEFI, while the rom loader type can be used
++         * both for UEFI and BIOS */
++        switch (loader->type) {
++        case VIR_DOMAIN_LOADER_TYPE_PFLASH:
++            wantUEFI = true;
++            break;
++        case VIR_DOMAIN_LOADER_TYPE_ROM:
++            wantUEFI = true;
++            wantBIOS = true;
++            break;
++        case VIR_DOMAIN_LOADER_TYPE_NONE:
++        case VIR_DOMAIN_LOADER_TYPE_LAST:
++        default:
++            break;
++        }
+     }
+ 
+     for (i = 0; i < fw->ninterfaces; i++) {
+         if (fw->interfaces[i] == want)
+             break;
++
++        if ((fw->interfaces[i] == QEMU_FIRMWARE_OS_INTERFACE_UEFI && wantUEFI) ||
++            (fw->interfaces[i] == QEMU_FIRMWARE_OS_INTERFACE_BIOS && wantBIOS)) {
++            break;
++        }
+     }
+ 
+     if (i == fw->ninterfaces) {
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+index cdb92dcf1d..5b87857425 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+@@ -4,8 +4,12 @@
+   <memory unit='KiB'>1048576</memory>
+   <currentMemory unit='KiB'>1048576</currentMemory>
+   <vcpu placement='static'>1</vcpu>
+-  <os>
++  <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
+     <loader readonly='yes' type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
+     <boot dev='hd'/>
+   </os>
+-- 
+2.53.0

libvirt-qemu_firmware-Allow-matching-stateful-ROMs.patch

@@ -0,0 +1,259 @@
+From fccbbe89fadebe350bf2452ef4dd3368bcf41803 Mon Sep 17 00:00:00 2001
+Message-ID: <fccbbe89fadebe350bf2452ef4dd3368bcf41803.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 19 Jan 2026 18:48:50 +0100
+Subject: [PATCH] qemu_firmware: Allow matching stateful ROMs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Stateful ROMs are those that use the uefi-vars QEMU device to
+implement access to UEFI variable storage.
+
+Matching works much the same as it does for pflash-based
+firmware images. Notably, the <varstore> element is only
+allowed for ROM and the <nvram> element is only allowed for
+pflash.
+
+The firmware-auto-efi-varstore-q35 and
+firmware-auto-efi-varstore-aarch64 fail in a different way
+after this change: the input XML is now considered valid, and
+the only remaining issue is that the firmware autoselection
+process is unable to find a match.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit fa74aae490f9f13c469eba8b3837ab8cd84c64fd)
+
+Conflicts:
+
+  * tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+
+    - GIC version mismatch caused by capabilities files
+      being outdated or missing downstream
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                      | 40 +++++++++++++++++--
+ ...to-efi-varstore-aarch64.aarch64-latest.err |  2 +-
+ ...to-efi-varstore-aarch64.aarch64-latest.xml | 28 +++++++++++++
+ ...re-auto-efi-varstore-q35.x86_64-latest.err |  2 +-
+ ...re-auto-efi-varstore-q35.x86_64-latest.xml | 36 +++++++++++++++++
+ tests/qemuxmlconftest.c                       |  4 +-
+ 6 files changed, 104 insertions(+), 8 deletions(-)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 1851ed4a80..60635b559f 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -893,15 +893,18 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw,
+  * qemuFirmwareMatchesPaths:
+  * @fw: firmware definition
+  * @loader: loader definition
++ * @varstore: varstore definition
+  *
+  * Checks whether @fw is compatible with the information provided as
+  * part of the domain definition.
+  *
+- * Returns: true if @fw is compatible with @loader, false otherwise
++ * Returns: true if @fw is compatible with @loader and @varstore,
++ *          false otherwise
+  */
+ static bool
+ qemuFirmwareMatchesPaths(const qemuFirmware *fw,
+-                         const virDomainLoaderDef *loader)
++                         const virDomainLoaderDef *loader,
++                         const virDomainVarstoreDef *varstore)
+ {
+     const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
+     const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory;
+@@ -922,6 +925,9 @@ qemuFirmwareMatchesPaths(const qemuFirmware *fw,
+         if (loader && loader->path &&
+             !virFileComparePaths(loader->path, memory->filename))
+             return false;
++        if (varstore && varstore->template &&
++            !virFileComparePaths(varstore->template, memory->template))
++            return false;
+         break;
+     case QEMU_FIRMWARE_DEVICE_NONE:
+     case QEMU_FIRMWARE_DEVICE_LAST:
+@@ -1112,6 +1118,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+                         const char *path)
+ {
+     const virDomainLoaderDef *loader = def->os.loader;
++    const virDomainVarstoreDef *varstore = def->os.varstore;
+     size_t i;
+     qemuFirmwareOSInterface want;
+     bool wantUEFI = false;
+@@ -1166,7 +1173,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+         return false;
+     }
+ 
+-    if (!qemuFirmwareMatchesPaths(fw, def->os.loader)) {
++    if (!qemuFirmwareMatchesPaths(fw, def->os.loader, def->os.varstore)) {
+         VIR_DEBUG("No matching path in '%s'", path);
+         return false;
+     }
+@@ -1279,6 +1286,9 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+     if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_FLASH) {
+         const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
+ 
++        if (varstore)
++            return false;
++
+         if (loader && loader->type &&
+             loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
+             VIR_DEBUG("Discarding flash loader");
+@@ -1377,16 +1387,38 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+             }
+         }
+     } else if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_MEMORY) {
++        const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory;
++
++        if (loader && loader->nvram)
++            return false;
++
+         if (loader && loader->type &&
+             loader->type != VIR_DOMAIN_LOADER_TYPE_ROM) {
+             VIR_DEBUG("Discarding rom loader");
+             return false;
+         }
+ 
+-        if (loader && loader->stateless == VIR_TRISTATE_BOOL_NO) {
++        /* Explicit requests for either a stateless or stateful
++         * firmware should be fulfilled, but if no preference is
++         * provided either one is fine as long as the other match
++         * criteria are satisfied. varstore implies stateful */
++        if (loader &&
++            loader->stateless == VIR_TRISTATE_BOOL_NO &&
++            !memory->template) {
+             VIR_DEBUG("Discarding stateless loader");
+             return false;
+         }
++        if (varstore &&
++            !memory->template) {
++            VIR_DEBUG("Discarding stateless loader");
++            return false;
++        }
++        if (loader &&
++            loader->stateless == VIR_TRISTATE_BOOL_YES &&
++            memory->template) {
++            VIR_DEBUG("Discarding non-stateless loader");
++            return false;
++        }
+ 
+         if (loader && loader->readonly == VIR_TRISTATE_BOOL_NO) {
+             VIR_DEBUG("Discarding readonly loader");
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+index b45d304221..3edb2b3451 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+@@ -1 +1 @@
+-Only one of NVRAM/varstore can be used
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+new file mode 100644
+index 0000000000..867d8f03e3
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+@@ -0,0 +1,28 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <loader format='raw'/>
++    <varstore/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <gic version='3'/>
++  </features>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+index b45d304221..3edb2b3451 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+@@ -1 +1 @@
+-Only one of NVRAM/varstore can be used
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+new file mode 100644
+index 0000000000..c4d70c9fc5
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+@@ -0,0 +1,36 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
++    <loader format='raw'/>
++    <varstore/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 48c2649aa5..e38a80c57a 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1667,8 +1667,8 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
+-    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-varstore-q35");
+-    DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-auto-efi-varstore-aarch64", "aarch64");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-varstore-q35");
++    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-varstore-aarch64", "aarch64");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
+-- 
+2.53.0

libvirt-qemu_firmware-Consider-host-uefi-vars-feature-in-sanity-check.patch

@@ -0,0 +1,83 @@
+From 483c5c561743c4e685ffce1d238527f13c8e83a3 Mon Sep 17 00:00:00 2001
+Message-ID: <483c5c561743c4e685ffce1d238527f13c8e83a3.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 14:42:45 +0100
+Subject: [PATCH] qemu_firmware: Consider host-uefi-vars feature in sanity
+ check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just like with firmware builds targeting the confidential use
+case, use of the uefi-vars device obviates the need to have SMM
+emulation enabled while still guaranteeing that protected EFI
+variables work as intended.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit d0c6aa084f53c0c856d00b87255a31fbbc1237ad)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 5c923b5a02..f9cb9058ac 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1552,6 +1552,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+     bool requiresSMM = false;
+     bool supportsSecureBoot = false;
+     bool hasEnrolledKeys = false;
++    bool usesUefiVarsDevice = false;
+     bool isConfidential = false;
+ 
+     for (i = 0; i < fw->nfeatures; i++) {
+@@ -1565,6 +1566,9 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+         case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS:
+             hasEnrolledKeys = true;
+             break;
++        case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
++            usesUefiVarsDevice = true;
++            break;
+         case QEMU_FIRMWARE_FEATURE_AMD_SEV:
+         case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
+         case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+@@ -1574,7 +1578,6 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+         case QEMU_FIRMWARE_FEATURE_NONE:
+         case QEMU_FIRMWARE_FEATURE_ACPI_S3:
+         case QEMU_FIRMWARE_FEATURE_ACPI_S4:
+-        case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
+         case QEMU_FIRMWARE_FEATURE_LAST:
+@@ -1588,14 +1591,21 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+      * support SMM. This is OK, because EFI binaries for confidential
+      * VMs also don't support EFI variable storage in NVRAM, instead
+      * the secureboot state is hardcoded to enabled.
++     *
++     * Similarly, use of the uefi-vars QEMU device guarantees that
++     * protected EFI variables work as expected without requiring SMM
++     * emulation.
+      */
+     if (!isConfidential &&
++        !usesUefiVarsDevice &&
+         supportsSecureBoot != requiresSMM) {
+         VIR_WARN("Firmware description '%s' has invalid set of features: "
+-                 "%s = %d, %s = %d (isConfidential = %d)",
++                 "%s = %d, %s = %d, %s = %d (isConfidential = %d)",
+                  filename,
+                  qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_REQUIRES_SMM),
+                  requiresSMM,
++                 qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS),
++                 usesUefiVarsDevice,
+                  qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_SECURE_BOOT),
+                  supportsSecureBoot,
+                  isConfidential);
+-- 
+2.53.0

libvirt-qemu_firmware-Don-t-skip-autoselection-for-ROM.patch

@@ -0,0 +1,64 @@
+From 598e238bae3ca9409997f4ddf0002f7dac820e96 Mon Sep 17 00:00:00 2001
+Message-ID: <598e238bae3ca9409997f4ddf0002f7dac820e96.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 15:47:30 +0100
+Subject: [PATCH] qemu_firmware: Don't skip autoselection for ROM
+
+It's possible to have firmware descriptors for builds intended to
+be loaded as ROM, as is the case for those loaded as pflash.
+There is no reason to skip firmware autoselection in those cases,
+and doing so prevents useful information from being filled in.
+
+After this change, the firmware-manual-efi-tdx test case is
+augmented with some additional information. Even more information
+will be filled in later, when we improve the matching logic.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 9a041e61ec00fa61e94858c699f00eba95b3f226)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                               | 10 ++++------
+ .../firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml |  2 +-
+ 2 files changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 9ba5d899fa..7953b297bc 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1913,13 +1913,11 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+         return -1;
+     }
+ 
+-    /* If firmware autoselection is disabled and the loader is a ROM
+-     * instead of a PFLASH device, then we're using BIOS and we don't
+-     * need any information at all */
+-    if (!autoSelection &&
+-        (!loader || (loader && loader->type == VIR_DOMAIN_LOADER_TYPE_ROM))) {
++    /* If firmware autoselection is disabled and no information
++     * related to the loader was provided, then we're using the
++     * default built-in firmware and we can stop here */
++    if (!autoSelection && !loader)
+         return 0;
+-    }
+ 
+     /* Look for the information we need in firmware descriptors */
+     if ((ret = qemuFirmwareFillDomainModern(driver, def)) < 0)
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+index 7428a3dfef..cdb92dcf1d 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+@@ -6,7 +6,7 @@
+   <vcpu placement='static'>1</vcpu>
+   <os>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <loader readonly='yes' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
++    <loader readonly='yes' type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
+     <boot dev='hd'/>
+   </os>
+   <features>
+-- 
+2.53.0

libvirt-qemu_firmware-Drop-fallback-for-absent-nvramTemplateFormat.patch

@@ -0,0 +1,44 @@
+From 3273ec0979f661b5a00ce91e77c03427b5725df2 Mon Sep 17 00:00:00 2001
+Message-ID: <3273ec0979f661b5a00ce91e77c03427b5725df2.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 17:57:25 +0100
+Subject: [PATCH] qemu_firmware: Drop fallback for absent nvramTemplateFormat
+
+If this information is missing, the parsing code will consider
+the firmware descriptor to be invalid and matching against it will
+not even be attempted. So we can safely drop this redundant
+fallback.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 876a5d34d45afd71f509c971e37bdb45ceb8cc28)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 47a3987b64..9dff3828a2 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1421,14 +1421,8 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+             loader->nvramTemplateFormat = VIR_STORAGE_FILE_NONE;
+ 
+             if (!loader->nvram || virStorageSourceIsLocalStorage(loader->nvram)) {
+-                /* validation when parsing the JSON files ensures that we get
+-                 * only 'raw' and 'qcow2' here. Fall back to sharing format with loader */
+-                if (flash->nvram_template.format)
+-                    loader->nvramTemplateFormat = virStorageFileFormatTypeFromString(flash->nvram_template.format);
+-                else
+-                    loader->nvramTemplateFormat = loader->format;
+-
+                 loader->nvramTemplate = g_strdup(flash->nvram_template.filename);
++                loader->nvramTemplateFormat = virStorageFileFormatTypeFromString(flash->nvram_template.format);
+             }
+         }
+ 
+-- 
+2.53.0

libvirt-qemu_firmware-Drop-nvram-local-variable.patch

@@ -0,0 +1,58 @@
+From ede04a5034d7b97d06033e9ccf77471afab41e04 Mon Sep 17 00:00:00 2001
+Message-ID: <ede04a5034d7b97d06033e9ccf77471afab41e04.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Sun, 28 Dec 2025 18:31:38 +0100
+Subject: [PATCH] qemu_firmware: Drop 'nvram' local variable
+
+We access the NVRAM information via the 'loader' local variable
+throughout the file, and this is the only spot where the 'nvram'
+local variable exists. It makes things inconsistent and opens up
+the possibility of the values for 'loader' and 'nvram' going out
+of sync, especially after a future commit will introduce the
+need to set the former. Just get rid of the additional variable.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit aaa0db64b4e5d44d7bb8aeee9c7b71a4f277a675)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index b168ec7cf7..903b0a984d 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1780,7 +1780,6 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+                        bool abiUpdate)
+ {
+     virDomainLoaderDef *loader = def->os.loader;
+-    virStorageSource *nvram = loader ? loader->nvram : NULL;
+     bool autoSelection = (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE);
+     int ret;
+ 
+@@ -1804,13 +1803,14 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+                        virStorageFileFormatTypeToString(loader->format));
+         return -1;
+     }
+-    if (nvram &&
+-        nvram->format &&
+-        nvram->format != VIR_STORAGE_FILE_RAW &&
+-        nvram->format != VIR_STORAGE_FILE_QCOW2) {
++    if (loader &&
++        loader->nvram &&
++        loader->nvram->format &&
++        loader->nvram->format != VIR_STORAGE_FILE_RAW &&
++        loader->nvram->format != VIR_STORAGE_FILE_QCOW2) {
+         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                        _("Unsupported nvram format '%1$s'"),
+-                       virStorageFileFormatTypeToString(nvram->format));
++                       virStorageFileFormatTypeToString(loader->nvram->format));
+         return -1;
+     }
+ 
+-- 
+2.53.0

libvirt-qemu_firmware-Drop-support-for-kernel-descriptors.patch

@@ -0,0 +1,232 @@
+From 1cd291897b5a4f97d2ceaf318584760dbd410dc2 Mon Sep 17 00:00:00 2001
+Message-ID: <1cd291897b5a4f97d2ceaf318584760dbd410dc2.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 27 Nov 2025 20:14:46 +0100
+Subject: [PATCH] qemu_firmware: Drop support for kernel descriptors
+
+I have been able to find exactly zero evidence of this type of
+firmware descriptor actually existing in the wild, so this is
+essentialy dead code. Dropping it simplifies the task of further
+tweaking the firmware selection code.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3f7eea0e17a4db70820c256af9705731a9a54672)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 83 ++--------------------------------------
+ 1 file changed, 3 insertions(+), 80 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 5bd34ea87f..b168ec7cf7 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -92,12 +92,6 @@ struct _qemuFirmwareMappingFlash {
+ };
+ 
+ 
+-typedef struct _qemuFirmwareMappingKernel qemuFirmwareMappingKernel;
+-struct _qemuFirmwareMappingKernel {
+-    char *filename;
+-};
+-
+-
+ typedef struct _qemuFirmwareMappingMemory qemuFirmwareMappingMemory;
+ struct _qemuFirmwareMappingMemory {
+     char *filename;
+@@ -107,7 +101,6 @@ struct _qemuFirmwareMappingMemory {
+ typedef enum {
+     QEMU_FIRMWARE_DEVICE_NONE = 0,
+     QEMU_FIRMWARE_DEVICE_FLASH,
+-    QEMU_FIRMWARE_DEVICE_KERNEL,
+     QEMU_FIRMWARE_DEVICE_MEMORY,
+ 
+     QEMU_FIRMWARE_DEVICE_LAST
+@@ -118,7 +111,6 @@ VIR_ENUM_IMPL(qemuFirmwareDevice,
+               QEMU_FIRMWARE_DEVICE_LAST,
+               "",
+               "flash",
+-              "kernel",
+               "memory",
+ );
+ 
+@@ -129,7 +121,6 @@ struct _qemuFirmwareMapping {
+ 
+     union {
+         qemuFirmwareMappingFlash flash;
+-        qemuFirmwareMappingKernel kernel;
+         qemuFirmwareMappingMemory memory;
+     } data;
+ };
+@@ -222,13 +213,6 @@ qemuFirmwareMappingFlashFreeContent(qemuFirmwareMappingFlash *flash)
+ }
+ 
+ 
+-static void
+-qemuFirmwareMappingKernelFreeContent(qemuFirmwareMappingKernel *kernel)
+-{
+-    g_free(kernel->filename);
+-}
+-
+-
+ static void
+ qemuFirmwareMappingMemoryFreeContent(qemuFirmwareMappingMemory *memory)
+ {
+@@ -243,9 +227,6 @@ qemuFirmwareMappingFreeContent(qemuFirmwareMapping *mapping)
+     case QEMU_FIRMWARE_DEVICE_FLASH:
+         qemuFirmwareMappingFlashFreeContent(&mapping->data.flash);
+         break;
+-    case QEMU_FIRMWARE_DEVICE_KERNEL:
+-        qemuFirmwareMappingKernelFreeContent(&mapping->data.kernel);
+-        break;
+     case QEMU_FIRMWARE_DEVICE_MEMORY:
+         qemuFirmwareMappingMemoryFreeContent(&mapping->data.memory);
+         break;
+@@ -418,24 +399,6 @@ qemuFirmwareMappingFlashParse(const char *path,
+ }
+ 
+ 
+-static int
+-qemuFirmwareMappingKernelParse(const char *path,
+-                               virJSONValue *doc,
+-                               qemuFirmwareMappingKernel *kernel)
+-{
+-    const char *filename;
+-
+-    if (!(filename = virJSONValueObjectGetString(doc, "filename"))) {
+-        VIR_DEBUG("missing 'filename' in '%s'", path);
+-        return -1;
+-    }
+-
+-    kernel->filename = g_strdup(filename);
+-
+-    return 0;
+-}
+-
+-
+ static int
+ qemuFirmwareMappingMemoryParse(const char *path,
+                                virJSONValue *doc,
+@@ -485,10 +448,6 @@ qemuFirmwareMappingParse(const char *path,
+         if (qemuFirmwareMappingFlashParse(path, mapping, &fw->mapping.data.flash) < 0)
+             return -1;
+         break;
+-    case QEMU_FIRMWARE_DEVICE_KERNEL:
+-        if (qemuFirmwareMappingKernelParse(path, mapping, &fw->mapping.data.kernel) < 0)
+-            return -1;
+-        break;
+     case QEMU_FIRMWARE_DEVICE_MEMORY:
+         if (qemuFirmwareMappingMemoryParse(path, mapping, &fw->mapping.data.memory) < 0)
+             return -1;
+@@ -732,19 +691,6 @@ qemuFirmwareMappingFlashFormat(virJSONValue *mapping,
+ }
+ 
+ 
+-static int
+-qemuFirmwareMappingKernelFormat(virJSONValue *mapping,
+-                                qemuFirmwareMappingKernel *kernel)
+-{
+-    if (virJSONValueObjectAppendString(mapping,
+-                                       "filename",
+-                                       kernel->filename) < 0)
+-        return -1;
+-
+-    return 0;
+-}
+-
+-
+ static int
+ qemuFirmwareMappingMemoryFormat(virJSONValue *mapping,
+                                 qemuFirmwareMappingMemory *memory)
+@@ -774,10 +720,6 @@ qemuFirmwareMappingFormat(virJSONValue *doc,
+         if (qemuFirmwareMappingFlashFormat(mapping, &fw->mapping.data.flash) < 0)
+             return -1;
+         break;
+-    case QEMU_FIRMWARE_DEVICE_KERNEL:
+-        if (qemuFirmwareMappingKernelFormat(mapping, &fw->mapping.data.kernel) < 0)
+-            return -1;
+-        break;
+     case QEMU_FIRMWARE_DEVICE_MEMORY:
+         if (qemuFirmwareMappingMemoryFormat(mapping, &fw->mapping.data.memory) < 0)
+             return -1;
+@@ -920,21 +862,17 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw,
+  * qemuFirmwareMatchesPaths:
+  * @fw: firmware definition
+  * @loader: loader definition
+- * @kernelPath: path to kernel image
+  *
+  * Checks whether @fw is compatible with the information provided as
+  * part of the domain definition.
+  *
+- * Returns: true if @fw is compatible with @loader and @kernelPath,
+- *          false otherwise
++ * Returns: true if @fw is compatible with @loader, false otherwise
+  */
+ static bool
+ qemuFirmwareMatchesPaths(const qemuFirmware *fw,
+-                         const virDomainLoaderDef *loader,
+-                         const char *kernelPath)
++                         const virDomainLoaderDef *loader)
+ {
+     const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
+-    const qemuFirmwareMappingKernel *kernel = &fw->mapping.data.kernel;
+     const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory;
+ 
+     switch (fw->mapping.device) {
+@@ -954,11 +892,6 @@ qemuFirmwareMatchesPaths(const qemuFirmware *fw,
+             !virFileComparePaths(loader->path, memory->filename))
+             return false;
+         break;
+-    case QEMU_FIRMWARE_DEVICE_KERNEL:
+-        if (kernelPath &&
+-            !virFileComparePaths(kernelPath, kernel->filename))
+-            return false;
+-        break;
+     case QEMU_FIRMWARE_DEVICE_NONE:
+     case QEMU_FIRMWARE_DEVICE_LAST:
+         return false;
+@@ -1183,7 +1116,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+         return false;
+     }
+ 
+-    if (!qemuFirmwareMatchesPaths(fw, def->os.loader, def->os.kernel)) {
++    if (!qemuFirmwareMatchesPaths(fw, def->os.loader)) {
+         VIR_DEBUG("No matching path in '%s'", path);
+         return false;
+     }
+@@ -1424,7 +1357,6 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+                                  const qemuFirmware *fw)
+ {
+     const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
+-    const qemuFirmwareMappingKernel *kernel = &fw->mapping.data.kernel;
+     const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory;
+     virDomainLoaderDef *loader = NULL;
+     virStorageFileFormat format;
+@@ -1482,14 +1414,6 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+                   loader->path, NULLSTR(loader->nvramTemplate));
+         break;
+ 
+-    case QEMU_FIRMWARE_DEVICE_KERNEL:
+-        VIR_FREE(def->os.kernel);
+-        def->os.kernel = g_strdup(kernel->filename);
+-
+-        VIR_DEBUG("decided on kernel '%s'",
+-                  def->os.kernel);
+-        break;
+-
+     case QEMU_FIRMWARE_DEVICE_MEMORY:
+         if (!def->os.loader)
+             def->os.loader = virDomainLoaderDefNew();
+@@ -2056,7 +1980,6 @@ qemuFirmwareGetSupported(const char *machine,
+             fwpath = memory->filename;
+             break;
+ 
+-        case QEMU_FIRMWARE_DEVICE_KERNEL:
+         case QEMU_FIRMWARE_DEVICE_NONE:
+         case QEMU_FIRMWARE_DEVICE_LAST:
+             break;
+-- 
+2.53.0

libvirt-qemu_firmware-Fill-in-varstore-information.patch

@@ -0,0 +1,61 @@
+From 5dd010d79cb3625e01e9721cb770a7bf235b561e Mon Sep 17 00:00:00 2001
+Message-ID: <5dd010d79cb3625e01e9721cb770a7bf235b561e.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 21 Jan 2026 19:42:40 +0100
+Subject: [PATCH] qemu_firmware: Fill in varstore information
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the matching firmware requires the use of varstore, we
+have to bubble up information about it, namely the path to
+the template. If the struct member doesn't exist yet, we need
+to allocate it.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit da7eb72148ce787e719faf2ceeaa7ff3c458a50a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 60635b559f..5a07e3181f 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1492,6 +1492,7 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+     const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
+     const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory;
+     virDomainLoaderDef *loader = NULL;
++    virDomainVarstoreDef *varstore = NULL;
+     virStorageFileFormat format;
+     bool hasSecureBoot = false;
+     bool hasEnrolledKeys = false;
+@@ -1552,8 +1553,17 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+         VIR_FREE(loader->path);
+         loader->path = g_strdup(memory->filename);
+ 
+-        VIR_DEBUG("decided on loader '%s'",
+-                  loader->path);
++        if (memory->template) {
++            if (!def->os.varstore)
++                def->os.varstore = virDomainVarstoreDefNew();
++            varstore = def->os.varstore;
++
++            VIR_FREE(varstore->template);
++            varstore->template = g_strdup(memory->template);
++        }
++
++        VIR_DEBUG("decided on loader '%s' template '%s'",
++                  loader->path, NULLSTR(varstore ? varstore->template : NULL));
+         break;
+ 
+     case QEMU_FIRMWARE_DEVICE_NONE:
+-- 
+2.53.0

libvirt-qemu_firmware-Generate-varstore-path-when-necessary.patch

@@ -0,0 +1,86 @@
+From 5f0e8ea3a876e5bd88f1312cc5ffd90469c1e190 Mon Sep 17 00:00:00 2001
+Message-ID: <5f0e8ea3a876e5bd88f1312cc5ffd90469c1e190.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 21 Jan 2026 18:25:37 +0100
+Subject: [PATCH] qemu_firmware: Generate varstore path when necessary
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Introduce qemuFirmwareEnsureVarstore(), which performs the same
+task as the existing qemuFirmwareEnsureNVRAM() but for the
+varstore element.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 0dd118cceee833ff905e6c24785a2acda8ccc80b)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 39 ++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 36 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 5a07e3181f..d8633c6b28 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1069,6 +1069,38 @@ qemuFirmwareEnsureNVRAM(virDomainDef *def,
+ }
+ 
+ 
++/**
++ * qemuFirmwareEnsureVarstore:
++ * @def: domain definition
++ * @driver: QEMU driver
++ *
++ * Make sure that information for the varstore is present. This might
++ * involve automatically generating the corresponding path.
++ */
++static void
++qemuFirmwareEnsureVarstore(virDomainDef *def,
++                           virQEMUDriver *driver)
++{
++    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
++    virDomainLoaderDef *loader = def->os.loader;
++    virDomainVarstoreDef *varstore = def->os.varstore;
++
++    if (!loader)
++        return;
++
++    if (loader->type != VIR_DOMAIN_LOADER_TYPE_ROM)
++        return;
++
++    if (!varstore)
++        return;
++
++    if (varstore->path)
++        return;
++
++    varstore->path = g_strdup_printf("%s/%s.json",
++                                     cfg->varstoreDir, def->name);
++}
++
+ 
+ /**
+  * qemuFirmwareSetOsFeatures:
+@@ -2063,10 +2095,11 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+         }
+     }
+ 
+-    /* Always ensure that the NVRAM path is present, even if we
+-     * haven't found a match: the configuration might simply be
+-     * referring to a custom firmware build */
++    /* Always ensure that the NVRAM/varstore is configured where
++     * appropriate, even if we haven't found a match: the configuration
++     * might simply be referring to a custom firmware build */
+     qemuFirmwareEnsureNVRAM(def, driver, abiUpdate);
++    qemuFirmwareEnsureVarstore(def, driver);
+ 
+     return 0;
+ }
+-- 
+2.53.0

libvirt-qemu_firmware-Ignore-stateless-combined-when-NVRAM-is-configured.patch

@@ -0,0 +1,72 @@
+From 9c29beb017582822dc341bdc34d78b4b2b95162f Mon Sep 17 00:00:00 2001
+Message-ID: <9c29beb017582822dc341bdc34d78b4b2b95162f.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 26 Nov 2025 19:01:12 +0100
+Subject: [PATCH] qemu_firmware: Ignore stateless/combined when NVRAM is
+ configured
+
+For combined firmware builds, the variable storage is part of the
+same image as the executable code, whereas stateless builds don't
+support variable storage at all.
+
+In both cases, the use of a separate NVRAM storage area is not
+supported, so if attributes connected to one are present in the
+domain XML, firmware descriptors for stateless/combined builds
+should be ignored.
+
+ROM firmware builds are stateless by definition, so the same
+handling applies to them as well.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3463e543fec8ac7f8173f8f6712f05bc912319cd)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index a22853361b..47a3987b64 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1285,6 +1285,17 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+                           flash->nvram_template.format);
+                 return false;
+             }
++        } else {
++            if (loader && loader->nvram &&
++                (loader->nvram->path || loader->nvram->format)) {
++                VIR_DEBUG("Discarding non split loader (nvram configured)");
++                return false;
++            }
++            if (loader &&
++                (loader->nvramTemplate || loader->nvramTemplateFormat)) {
++                VIR_DEBUG("Discarding non split loader (nvram template configured)");
++                return false;
++            }
+         }
+     } else if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_MEMORY) {
+         if (loader && loader->type &&
+@@ -1302,6 +1313,17 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+             VIR_DEBUG("Discarding readonly loader");
+             return false;
+         }
++
++        if (loader && loader->nvram &&
++            (loader->nvram->path || loader->nvram->format)) {
++            VIR_DEBUG("Discarding rom loader (nvram configured)");
++            return false;
++        }
++        if (loader &&
++            (loader->nvramTemplate || loader->nvramTemplateFormat)) {
++            VIR_DEBUG("Discarding rom loader (nvram template configured)");
++            return false;
++        }
+     }
+ 
+     if (def->sec) {
+-- 
+2.53.0

libvirt-qemu_firmware-Introduce-qemuFirmwareFillDomainCustom.patch

@@ -0,0 +1,80 @@
+From 139ffa47b64ade1e88dbe17ef049bd1303305a79 Mon Sep 17 00:00:00 2001
+Message-ID: <139ffa47b64ade1e88dbe17ef049bd1303305a79.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 18:53:14 +0100
+Subject: [PATCH] qemu_firmware: Introduce qemuFirmwareFillDomainCustom()
+
+Simple helper for the case where completely custom firmware paths
+are in use. It's quite trivial right now, but it will be expanded
+slightly in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3acdcd2eb78a7cc8a17acc279dfbddf873dea1f8)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 38 ++++++++++++++++++++++++++++++--------
+ 1 file changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 9dff3828a2..9b6c14701f 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1601,6 +1601,32 @@ qemuFirmwareFetchParsedConfigs(bool privileged,
+ }
+ 
+ 
++/**
++ * qemuFirmwareFillDomainCustom:
++ * @def: domain definition
++ *
++ * Fill in whatever information we can when totally custom firmware
++ * paths are in use.
++ *
++ * Should only be used as a fallback in case looking at the firmware
++ * descriptors yielded no results, and neither did going through the
++ * legacy list of CODE:VARS pairs.
++ */
++static void
++qemuFirmwareFillDomainCustom(virDomainDef *def)
++{
++    virDomainLoaderDef *loader = def->os.loader;
++
++    if (!loader)
++        return;
++
++    if (!loader->format)
++        loader->format = VIR_STORAGE_FILE_RAW;
++
++    return;
++}
++
++
+ /**
+  * qemuFirmwareFillDomainLegacy:
+  * @driver: QEMU driver
+@@ -1890,15 +1916,11 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+             if ((ret = qemuFirmwareFillDomainLegacy(driver, def)) < 0)
+                 return -1;
+ 
+-            /* If we've gotten this far without finding a match, it
+-             * means that we're dealing with a set of completely
+-             * custom paths. In that case, unless the user has
+-             * specified otherwise, we have to assume that they're in
+-             * raw format */
+             if (ret == 1) {
+-                if (loader && !loader->format) {
+-                    loader->format = VIR_STORAGE_FILE_RAW;
+-                }
++                /* If we've gotten this far without finding a match,
++                 * it means that we're dealing with a set of completely
++                 * custom paths. We can still fill in some information */
++                qemuFirmwareFillDomainCustom(def);
+             }
+         } else {
+             virReportError(VIR_ERR_OPERATION_FAILED,
+-- 
+2.53.0

libvirt-qemu_firmware-Move-copying-of-nvram.format-to-loader.format.patch

@@ -0,0 +1,90 @@
+From 66c0e4b7a9b472c539701bede38cbe9278fec830 Mon Sep 17 00:00:00 2001
+Message-ID: <66c0e4b7a9b472c539701bede38cbe9278fec830.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 27 Nov 2025 19:05:17 +0100
+Subject: [PATCH] qemu_firmware: Move copying of nvram.format to loader.format
+
+As explained in the comment that comes along with it, this code
+ensures that the user's preference is taken into account when
+nvram.format is the only information that's provided. Currently
+it lives in the parser, but it makes more sense for it to be
+together with the rest of the firmware selection code instead.
+
+Note that this move is not completely seamless: once the code
+is moved outside of the parser, it can no longer reliably know
+whether the <loader> element actually existed in the domain
+XML. The difference is subtle enough that the test suite is
+completely unaffected, and we are going to rework the handling
+of this scenario in a way that restores the original behavior
+later anyway, so it ultimately doesn't matter.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 4df091dea4a41767561bab1bcd28c3fd9ac2dcea)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/domain_conf.c   | 18 +-----------------
+ src/qemu/qemu_firmware.c | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+), 17 deletions(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index cb047e5a3e..e72cda0048 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -17937,24 +17937,8 @@ virDomainLoaderDefParseXMLLoader(virDomainLoaderDef *loader,
+ {
+     unsigned int format = 0;
+ 
+-    if (!loaderNode) {
+-        /* If there is no <loader> element but the <nvram> element
+-         * was present, copy the format from the latter to the
+-         * former.
+-         *
+-         * This ensures that a configuration such as
+-         *
+-         *   <os>
+-         *     <nvram format='foo'/>
+-         *   </os>
+-         *
+-         * behaves as expected, that is, results in a firmware build
+-         * with format 'foo' being selected */
+-        if (loader->nvram)
+-            loader->format = loader->nvram->format;
+-
++    if (!loaderNode)
+         return 0;
+-    }
+ 
+     if (virXMLPropTristateBool(loaderNode, "readonly", VIR_XML_PROP_NONE,
+                                &loader->readonly) < 0)
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 6c609ece6a..a22853361b 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1783,6 +1783,21 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+     bool autoSelection = (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE);
+     int ret;
+ 
++    /* If there is no <loader> element but the <nvram> element
++     * was present, copy the format from the latter to the
++     * former.
++     *
++     * This ensures that a configuration such as
++     *
++     *   <os>
++     *     <nvram format='foo'/>
++     *   </os>
++     *
++     * behaves as expected, that is, results in a firmware build
++     * with format 'foo' being selected */
++    if (loader && loader->nvram && !loader->format)
++        loader->format = loader->nvram->format;
++
+     /* If we're loading an existing configuration from disk, we
+      * should try as hard as possible to preserve historical
+      * behavior. In particular, firmware autoselection being enabled
+-- 
+2.53.0

libvirt-qemu_firmware-Move-format-raw-compat-exception.patch

@@ -0,0 +1,86 @@
+From 053f28978ec5f7b3648ccb9b0b7af16b17a4c87a Mon Sep 17 00:00:00 2001
+Message-ID: <053f28978ec5f7b3648ccb9b0b7af16b17a4c87a.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 27 Nov 2025 18:25:07 +0100
+Subject: [PATCH] qemu_firmware: Move format=raw compat exception
+
+We currently apply this exception, which is critical to ensure
+that the correct firmware is selected when working with older VMs,
+in the postparse callback.
+
+Move it to the firmware selection process instead, where it should
+have been added in the first place.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 5b374c5e3fe621126327aad4398f48da288ba521)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c  | 20 ++++++++++++++++++++
+ src/qemu/qemu_postparse.c | 17 -----------------
+ 2 files changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 903b0a984d..6c609ece6a 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1783,6 +1783,26 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+     bool autoSelection = (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE);
+     int ret;
+ 
++    /* If we're loading an existing configuration from disk, we
++     * should try as hard as possible to preserve historical
++     * behavior. In particular, firmware autoselection being enabled
++     * could never have resulted, before libvirt 9.2.0, in anything
++     * but a raw firmware image being selected.
++     *
++     * In order to ensure that existing domains keep working even if
++     * a firmware descriptor for a build with a different format is
++     * given higher priority, explicitly add this requirement to the
++     * definition before performing firmware selection */
++    if (!abiUpdate && autoSelection) {
++        if (!loader) {
++            def->os.loader = virDomainLoaderDefNew();
++            loader = def->os.loader;
++        }
++        if (!loader->format) {
++            loader->format = VIR_STORAGE_FILE_RAW;
++        }
++    }
++
+     /* Start by performing a thorough validation of the input.
+      *
+      * We need to do this here because the firmware selection logic
+diff --git a/src/qemu/qemu_postparse.c b/src/qemu/qemu_postparse.c
+index 840d6a1174..8940cb09b3 100644
+--- a/src/qemu/qemu_postparse.c
++++ b/src/qemu/qemu_postparse.c
+@@ -1051,23 +1051,6 @@ qemuDomainDefBootPostParse(virDomainDef *def,
+ {
+     bool abiUpdate = !!(parseFlags & VIR_DOMAIN_DEF_PARSE_ABI_UPDATE);
+ 
+-    /* If we're loading an existing configuration from disk, we
+-     * should try as hard as possible to preserve historical
+-     * behavior. In particular, firmware autoselection being enabled
+-     * could never have resulted, before libvirt 9.2.0, in anything
+-     * but a raw firmware image being selected.
+-     *
+-     * In order to ensure that existing domains keep working even if
+-     * a firmware descriptor for a build with a different format is
+-     * given higher priority, explicitly add this requirement to the
+-     * definition before performing firmware selection */
+-    if (!abiUpdate && def->os.firmware) {
+-        if (!def->os.loader)
+-            def->os.loader = virDomainLoaderDefNew();
+-        if (!def->os.loader->format)
+-            def->os.loader->format = VIR_STORAGE_FILE_RAW;
+-    }
+-
+     /* Firmware selection can fail for a number of reasons, but the
+      * most likely one is that the requested configuration contains
+      * mistakes or includes constraints that are impossible to
+-- 
+2.53.0

libvirt-qemu_firmware-Only-set-format-for-custom-loader-if-path-is-present.patch

@@ -0,0 +1,45 @@
+From 9298881a07f0e25ec594d4157421eb61c9014c85 Mon Sep 17 00:00:00 2001
+Message-ID: <9298881a07f0e25ec594d4157421eb61c9014c85.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 3 Feb 2026 16:05:05 +0100
+Subject: [PATCH] qemu_firmware: Only set format for custom loader if path is
+ present
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We only set the template format if the template path is present,
+and we should be consistent with that. The format on its own is
+not very interesting anyway.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 375c82a0f8e61f3762f0a7ffa26624f841a79d76)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 436b06c388..519828f6f9 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1662,8 +1662,10 @@ qemuFirmwareFillDomainCustom(virDomainDef *def)
+     if (!loader)
+         return;
+ 
+-    if (!loader->format)
++    if (loader->path &&
++        !loader->format) {
+         loader->format = VIR_STORAGE_FILE_RAW;
++    }
+ 
+     if (loader->nvramTemplate &&
+         !loader->nvramTemplateFormat) {
+-- 
+2.53.0

libvirt-qemu_firmware-Parse-host-uefi-vars-firmware-feature.patch

@@ -0,0 +1,80 @@
+From eb8df5502f4a047e93faa872047b56f047e055a4 Mon Sep 17 00:00:00 2001
+Message-ID: <eb8df5502f4a047e93faa872047b56f047e055a4.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 14:14:36 +0100
+Subject: [PATCH] qemu_firmware: Parse host-uefi-vars firmware feature
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When present in a firmware descriptor, this feature indicates that
+the corresponding executable expects to access variable storage
+through the uefi-vars QEMU device.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 83679d7338869aaf19b59077164cd2da391c2283)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 6a074055ca..8b9b0d91ff 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -145,6 +145,7 @@ typedef enum {
+     QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS,
+     QEMU_FIRMWARE_FEATURE_REQUIRES_SMM,
+     QEMU_FIRMWARE_FEATURE_SECURE_BOOT,
++    QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS,
+     QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC,
+     QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC,
+ 
+@@ -164,6 +165,7 @@ VIR_ENUM_IMPL(qemuFirmwareFeature,
+               "enrolled-keys",
+               "requires-smm",
+               "secure-boot",
++              "host-uefi-vars",
+               "verbose-dynamic",
+               "verbose-static"
+ );
+@@ -1181,6 +1183,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+             hasEnrolledKeys = true;
+             break;
+ 
++        case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
+         case QEMU_FIRMWARE_FEATURE_NONE:
+@@ -1515,6 +1518,7 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+         case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
+         case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+         case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
++        case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
+         case QEMU_FIRMWARE_FEATURE_NONE:
+@@ -1570,6 +1574,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+         case QEMU_FIRMWARE_FEATURE_NONE:
+         case QEMU_FIRMWARE_FEATURE_ACPI_S3:
+         case QEMU_FIRMWARE_FEATURE_ACPI_S4:
++        case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
+         case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
+         case QEMU_FIRMWARE_FEATURE_LAST:
+@@ -2084,6 +2089,7 @@ qemuFirmwareGetSupported(const char *machine,
+             case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES:
+             case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP:
+             case QEMU_FIRMWARE_FEATURE_INTEL_TDX:
++            case QEMU_FIRMWARE_FEATURE_HOST_UEFI_VARS:
+             case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC:
+             case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC:
+             case QEMU_FIRMWARE_FEATURE_LAST:
+-- 
+2.53.0

libvirt-qemu_firmware-Prefer-template-format-to-loader-format.patch

@@ -0,0 +1,39 @@
+From 8c34553e1e77dcea4f86ee2c2668de251876b42e Mon Sep 17 00:00:00 2001
+Message-ID: <8c34553e1e77dcea4f86ee2c2668de251876b42e.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 28 Nov 2025 17:00:09 +0100
+Subject: [PATCH] qemu_firmware: Prefer template format to loader format
+
+In the vast majority of cases they will match, but it just makes
+more logical sense to copy the format from the NVRAM template to
+the NVRAM file itself.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit a92c1409568ac70bfa0a29099181452ef625d937)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index f32e46cc8c..b08fb95585 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -991,7 +991,10 @@ qemuFirmwareEnsureNVRAM(virDomainDef *def,
+          * NVRAM format if that's missing though */
+         if (!virStorageSourceIsEmpty(loader->nvram)) {
+             if (!loader->nvram->format) {
+-                loader->nvram->format = loader->format;
++                if (loader->nvramTemplateFormat)
++                    loader->nvram->format = loader->nvramTemplateFormat;
++                else
++                    loader->nvram->format = loader->format;
+             }
+             return;
+         }
+-- 
+2.53.0

libvirt-qemu_firmware-ROM-firmware-is-always-in-raw-format.patch

@@ -0,0 +1,33 @@
+From 4b9e4bf49a5891cae82bfbc4476b4046c8ee362d Mon Sep 17 00:00:00 2001
+Message-ID: <4b9e4bf49a5891cae82bfbc4476b4046c8ee362d.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 20:17:45 +0100
+Subject: [PATCH] qemu_firmware: ROM firmware is always in raw format
+
+By definition.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 1b78d647da26b101267eb86401ad0a7d722a773d)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 70ac88c373..9ba5d899fa 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1470,6 +1470,7 @@ qemuFirmwareEnableFeaturesModern(virDomainDef *def,
+         loader = def->os.loader;
+ 
+         loader->type = VIR_DOMAIN_LOADER_TYPE_ROM;
++        loader->format = VIR_STORAGE_FILE_RAW;
+ 
+         VIR_FREE(loader->path);
+         loader->path = g_strdup(memory->filename);
+-- 
+2.53.0

libvirt-qemu_firmware-Refactor-setting-NVRAM-format.patch

@@ -0,0 +1,53 @@
+From d03ee871a69a16ff2975e925150fa361a5b283b4 Mon Sep 17 00:00:00 2001
+Message-ID: <d03ee871a69a16ff2975e925150fa361a5b283b4.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 17 Dec 2025 01:12:35 +0100
+Subject: [PATCH] qemu_firmware: Refactor setting NVRAM format
+
+Instead of setting the format every single time, knowing that we
+might throw away the entire definition immediately afterwards,
+and duplicating a check, only set it if we are going to perform
+an early return due to the rest of the definition being properly
+filled in already.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit ab8efe6fd076d5e944902e4b2194a7db35a85101)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index a7bb8f7e45..f32e46cc8c 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -985,15 +985,16 @@ qemuFirmwareEnsureNVRAM(virDomainDef *def,
+     if (loader->stateless == VIR_TRISTATE_BOOL_YES)
+         return;
+ 
+-    /* If the NVRAM format hasn't been set yet, inherit the same as
+-     * the loader */
+-    if (loader->nvram && !loader->nvram->format)
+-        loader->nvram->format = loader->format;
+-
+     if (loader->nvram) {
+-        /* Nothing to do if a proper NVRAM backend is already configured */
+-        if (!virStorageSourceIsEmpty(loader->nvram))
++        /* If a proper NVRAM backend is already configured, we are
++         * done for the most part. We might still need to set the
++         * NVRAM format if that's missing though */
++        if (!virStorageSourceIsEmpty(loader->nvram)) {
++            if (!loader->nvram->format) {
++                loader->nvram->format = loader->format;
++            }
+             return;
++        }
+ 
+         /* otherwise we want to reset and re-populate the definition */
+         virObjectUnref(loader->nvram);
+-- 
+2.53.0

libvirt-qemu_firmware-Remove-NVRAM-to-loader-format-copy-hack.patch

@@ -0,0 +1,331 @@
+From 0af887be667a15eff3c7aa50f51a679786fec38b Mon Sep 17 00:00:00 2001
+Message-ID: <0af887be667a15eff3c7aa50f51a679786fec38b.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 28 Nov 2025 15:53:00 +0100
+Subject: [PATCH] qemu_firmware: Remove NVRAM to loader format copy hack
+
+Now that the hack is gone, a few test cases that were failing
+before start succeeding instead.
+
+The firmware-auto-efi-format-nvramtemplate-qcow2 test case
+originally passed but produced wrong results, then started
+failing once we began taking templateFormat into account, and now
+passes once again, finally producing the correct results.
+
+The firmware-auto-efi-format-nvram-raw-loader-path and
+firmware-auto-efi-format-nvram-raw-nvramtemplate-path test cases,
+on the other hand, never passed before now, because the hack
+resulted in information contradicting those provided by the user
+being injected into the configuration, which in turn made it
+impossible to successfully pick a firmware build. With the hack
+gone they can finally succeed, as they should have in the first
+place.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 0aa3fa2d621fe6e0c3063be0d74f339f5852ac8a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                      | 19 ++--------
+ ...t-nvram-raw-loader-path.x86_64-latest.args | 37 ++++++++++++++++++
+ ...at-nvram-raw-loader-path.x86_64-latest.err |  1 -
+ ...at-nvram-raw-loader-path.x86_64-latest.xml |  9 ++++-
+ ...-raw-nvramtemplate-path.x86_64-latest.args | 37 ++++++++++++++++++
+ ...m-raw-nvramtemplate-path.x86_64-latest.err |  1 -
+ ...m-raw-nvramtemplate-path.x86_64-latest.xml |  9 ++++-
+ ...mat-nvramtemplate-qcow2.x86_64-latest.args | 38 +++++++++++++++++++
+ ...rmat-nvramtemplate-qcow2.x86_64-latest.err |  1 -
+ ...rmat-nvramtemplate-qcow2.x86_64-latest.xml |  9 ++++-
+ tests/qemuxmlconftest.c                       |  6 +--
+ 11 files changed, 139 insertions(+), 28 deletions(-)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 8714538ba3..70ac88c373 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1859,21 +1859,6 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+     bool autoSelection = (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_NONE);
+     int ret;
+ 
+-    /* If there is no <loader> element but the <nvram> element
+-     * was present, copy the format from the latter to the
+-     * former.
+-     *
+-     * This ensures that a configuration such as
+-     *
+-     *   <os>
+-     *     <nvram format='foo'/>
+-     *   </os>
+-     *
+-     * behaves as expected, that is, results in a firmware build
+-     * with format 'foo' being selected */
+-    if (loader && loader->nvram && !loader->format)
+-        loader->format = loader->nvram->format;
+-
+     /* If we're loading an existing configuration from disk, we
+      * should try as hard as possible to preserve historical
+      * behavior. In particular, firmware autoselection being enabled
+@@ -1889,7 +1874,9 @@ qemuFirmwareFillDomain(virQEMUDriver *driver,
+             def->os.loader = virDomainLoaderDefNew();
+             loader = def->os.loader;
+         }
+-        if (!loader->format) {
++        if (!loader->format &&
++            !loader->nvramTemplateFormat &&
++            (!loader->nvram || !loader->nvram->format)) {
+             loader->format = VIR_STORAGE_FILE_RAW;
+         }
+     }
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.args
+new file mode 100644
+index 0000000000..14027c21db
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"qcow2","file":"libvirt-pflash0-storage","backing":null}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
+index 6bb1ad1507..a02714d7b9 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
+@@ -6,12 +6,17 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <loader type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
+-    <nvram format='raw'/>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='qcow2'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' templateFormat='qcow2' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+     <acpi/>
++    <smm state='on'/>
+   </features>
+   <cpu mode='custom' match='exact' check='none'>
+     <model fallback='forbid'>qemu64</model>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.args
+new file mode 100644
+index 0000000000..14027c21db
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"qcow2","file":"libvirt-pflash0-storage","backing":null}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
+index 8bb8f1b26c..a02714d7b9 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
+@@ -6,12 +6,17 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <loader format='raw'/>
+-    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' format='raw'/>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='qcow2'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' templateFormat='qcow2' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+     <acpi/>
++    <smm state='on'/>
+   </features>
+   <cpu mode='custom' match='exact' check='none'>
+     <model fallback='forbid'>qemu64</model>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+new file mode 100644
+index 0000000000..468ad4326c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+@@ -0,0 +1,38 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"qcow2","file":"libvirt-pflash0-storage","backing":null}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"qcow2","file":"libvirt-pflash1-storage","backing":null}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+index 1f039061ba..4061a0ae35 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+@@ -6,12 +6,17 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <loader format='raw'/>
+-    <nvram templateFormat='qcow2'/>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='qcow2'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' templateFormat='qcow2' format='qcow2'>/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+     <acpi/>
++    <smm state='on'/>
+   </features>
+   <cpu mode='custom' match='exact' check='none'>
+     <model fallback='forbid'>qemu64</model>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 03b3aeef86..0091840731 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1659,11 +1659,11 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-format-nvram-raw");
+-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-loader-path");
+-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-nvramtemplate-path");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw-loader-path");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw-nvramtemplate-path");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvramtemplate-qcow2");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvramtemplate-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-mismatch-nvramtemplate");
+ 
+-- 
+2.53.0

libvirt-qemu_firmware-Report-NVRAM-template-path-for-ROMs.patch

@@ -0,0 +1,49 @@
+From f4180272d119d8267d81d50035b421b06fd3a75c Mon Sep 17 00:00:00 2001
+Message-ID: <f4180272d119d8267d81d50035b421b06fd3a75c.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 16:59:40 +0100
+Subject: [PATCH] qemu_firmware: Report NVRAM template path for ROMs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This was not necessary until now since ROMs couldn't have an
+associate NVRAM template, and technically speaking they still
+can't; however, the varstore template serves essentialy the
+same purpose.
+
+The qemuFirmwareGetSupported() helper is used in two places:
+one is the code that is responsible for filling in domaincaps,
+where templates are ignored so this change has no impact on it;
+the other is the qemufirmware test program, where this value
+being reported is useful as it will allow us to confirm that
+the JSON firmware descriptors for uefi-vars enabled builds are
+parsed correctly.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit a440ada2148951c4abb105d5d19f7b3583243325)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 7af3f32b85..72aae73dcb 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -2161,6 +2161,7 @@ qemuFirmwareGetSupported(const char *machine,
+ 
+         case QEMU_FIRMWARE_DEVICE_MEMORY:
+             fwpath = memory->filename;
++            nvrampath = memory->template;
+             break;
+ 
+         case QEMU_FIRMWARE_DEVICE_NONE:
+-- 
+2.53.0

libvirt-qemu_firmware-Retain-user-specified-NVRAM-format.patch

@@ -0,0 +1,108 @@
+From b853a05f7fcf8c6c1a4f5b51071ab951d174e041 Mon Sep 17 00:00:00 2001
+Message-ID: <b853a05f7fcf8c6c1a4f5b51071ab951d174e041.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 1 Dec 2025 16:30:43 +0100
+Subject: [PATCH] qemu_firmware: Retain user-specified NVRAM format
+
+Right now we throw the entire definition away if the path is
+not present, including the format. This effectively results in
+discarding user-provided information.
+
+This change fixes the firmware-auto-efi-format-mismatch test
+case. Until now, the NVRAM format ended up being raw (matching
+the NVRAM template) despite the user explicitly asking for it
+to be qcow2 instead.
+
+While this means that libvirt will no longer be able to start
+such a VM without user intervention, since it does not
+automatically perform conversion between formats, that's still
+preferrable to silently overriding an explicit user's request.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 91b6dee6d14cd804529d1cd7fdd010af58643543)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                       | 18 +++++++++++++-----
+ ...auto-efi-format-mismatch.x86_64-latest.args |  5 +++--
+ ...-auto-efi-format-mismatch.x86_64-latest.xml |  2 +-
+ 3 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index b08fb95585..dca0a79868 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -971,6 +971,7 @@ qemuFirmwareEnsureNVRAM(virDomainDef *def,
+ {
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+     virDomainLoaderDef *loader = def->os.loader;
++    virStorageFileFormat nvramFormat = VIR_STORAGE_FILE_NONE;
+     const char *ext = NULL;
+ 
+     if (!loader)
+@@ -999,19 +1000,26 @@ qemuFirmwareEnsureNVRAM(virDomainDef *def,
+             return;
+         }
+ 
+-        /* otherwise we want to reset and re-populate the definition */
++        /* Otherwise we want to reset and re-populate the definition.
++         * In this case we still retain a single piece of information:
++         * the user-provided NVRAM format */
++        nvramFormat = loader->nvram->format;
++
+         virObjectUnref(loader->nvram);
+     }
+ 
+     loader->nvram = virStorageSourceNew();
+     loader->nvram->type = VIR_STORAGE_TYPE_FILE;
++    loader->nvram->format = nvramFormat;
+ 
+     /* The nvram template format should be always present but as a failsafe,
+      * duplicate the loader format if it is not available. */
+-    if (loader->nvramTemplateFormat > VIR_STORAGE_FILE_NONE)
+-        loader->nvram->format = loader->nvramTemplateFormat;
+-    else
+-        loader->nvram->format = loader->format;
++    if (!loader->nvram->format) {
++        if (loader->nvramTemplateFormat)
++            loader->nvram->format = loader->nvramTemplateFormat;
++        else
++            loader->nvram->format = loader->format;
++    }
+ 
+     if (loader->nvram->format == VIR_STORAGE_FILE_RAW) {
+         /* The extension used by raw edk2 builds has historically
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.args
+index e7c9110c95..468d7ee048 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.args
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.args
+@@ -12,8 +12,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+ -blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+ -blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
+--blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
+--machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"qcow2","file":"libvirt-pflash1-storage","backing":null}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,acpi=on \
+ -accel kvm \
+ -cpu qemu64 \
+ -global driver=cfi.pflash01,property=secure,value=on \
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.xml
+index f4df8c07ed..3a7536db2a 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch.x86_64-latest.xml
+@@ -11,7 +11,7 @@
+       <feature enabled='yes' name='secure-boot'/>
+     </firmware>
+     <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
+-    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='qcow2'>/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+-- 
+2.53.0

libvirt-qemu_firmware-Set-templateFormat-for-custom-paths.patch

@@ -0,0 +1,65 @@
+From b69d8a93d56c991e8d25059d241f845258008239 Mon Sep 17 00:00:00 2001
+Message-ID: <b69d8a93d56c991e8d25059d241f845258008239.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 18:59:03 +0100
+Subject: [PATCH] qemu_firmware: Set templateFormat for custom paths
+
+If an NVRAM template is used, its format should be set too.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3e1c110a4d409a32d2407df0e2c77e24d50b7d32)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                                     | 5 +++++
+ ...ware-manual-efi-loader-path-nonstandard.x86_64-latest.xml | 2 +-
+ ...e-manual-efi-nvram-template-nonstandard.x86_64-latest.xml | 2 +-
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 9b6c14701f..2b16d66818 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1623,6 +1623,11 @@ qemuFirmwareFillDomainCustom(virDomainDef *def)
+     if (!loader->format)
+         loader->format = VIR_STORAGE_FILE_RAW;
+ 
++    if (loader->nvramTemplate &&
++        !loader->nvramTemplateFormat) {
++        loader->nvramTemplateFormat = loader->format;
++    }
++
+     return;
+ }
+ 
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-loader-path-nonstandard.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-loader-path-nonstandard.x86_64-latest.xml
+index c17834b5e6..7baf6ebd40 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-loader-path-nonstandard.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-loader-path-nonstandard.x86_64-latest.xml
+@@ -7,7 +7,7 @@
+   <os>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+     <loader readonly='yes' type='pflash' format='raw'>/path/to/OVMF_CODE.fd</loader>
+-    <nvram template='/path/to/OVMF_VARS.fd' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <nvram template='/path/to/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml
+index cbadd0f0c8..beb146d35a 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml
+@@ -7,7 +7,7 @@
+   <os>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+     <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+-    <nvram template='/path/to/OVMF_VARS.fd' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <nvram template='/path/to/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
+     <boot dev='hd'/>
+   </os>
+   <features>
+-- 
+2.53.0

libvirt-qemu_firmware-Simplify-handling-of-legacy-paths.patch

@@ -0,0 +1,132 @@
+From 5843ef0b8e0939f2d8728d4760b1040751057ca0 Mon Sep 17 00:00:00 2001
+Message-ID: <5843ef0b8e0939f2d8728d4760b1040751057ca0.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 5 Dec 2025 16:44:09 +0100
+Subject: [PATCH] qemu_firmware: Simplify handling of legacy paths
+
+Currently we're doing a weird dance to avoid overwriting the
+user-provided path to the NVRAM template, which might potentially
+be one we actually know about but just so happens not to be
+listed first. Explaining why we're doing things this way requires
+a fairly long comment.
+
+We can make things simpler: if the NVRAM template path is present
+in the domain XML, include it into the matching criteria. This is
+consistent with how we match firmware descriptors.
+
+Handling of format, both for the firmware executable and the
+NVRAM template, is improved too. Legacy paths were used before
+non-raw firmware builds existed, so we can set the format to raw
+unconditionally.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit ee4c619b0924508682285e6aa445914f68b13a7a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 69 +++++++++++++++++++---------------------
+ 1 file changed, 32 insertions(+), 37 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 2b16d66818..a7bb8f7e45 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1653,6 +1653,7 @@ qemuFirmwareFillDomainLegacy(virQEMUDriver *driver,
+ {
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+     virDomainLoaderDef *loader = def->os.loader;
++    virFirmware *theone = NULL;
+     size_t i;
+ 
+     if (!loader)
+@@ -1681,6 +1682,13 @@ qemuFirmwareFillDomainLegacy(virQEMUDriver *driver,
+         return 1;
+     }
+ 
++    if (loader->nvramTemplateFormat &&
++        loader->nvramTemplateFormat != VIR_STORAGE_FILE_RAW) {
++        VIR_DEBUG("Ignoring legacy entries for loader with nvram template format '%s'",
++                  virStorageFileFormatTypeToString(loader->nvramTemplateFormat));
++        return 1;
++    }
++
+     for (i = 0; i < cfg->nfirmwares; i++) {
+         virFirmware *fw = cfg->firmwares[i];
+ 
+@@ -1690,47 +1698,34 @@ qemuFirmwareFillDomainLegacy(virQEMUDriver *driver,
+             continue;
+         }
+ 
+-        loader->type = VIR_DOMAIN_LOADER_TYPE_PFLASH;
+-        loader->readonly = VIR_TRISTATE_BOOL_YES;
+-        loader->format = VIR_STORAGE_FILE_RAW;
+-
+-        /* Only use the default template path if one hasn't been
+-         * provided by the user. Assume that the template is in 'raw' format.
+-         *
+-         * In addition to fully-custom templates, which are a valid
+-         * use case, we could simply be in a situation where
+-         * qemu.conf contains
+-         *
+-         *   nvram = [
+-         *     "/path/to/OVMF_CODE.secboot.fd:/path/to/OVMF_VARS.fd",
+-         *     "/path/to/OVMF_CODE.secboot.fd:/path/to/OVMF_VARS.secboot.fd"
+-         *   ]
+-         *
+-         * and the domain has been configured as
+-         *
+-         *   <os>
+-         *     <loader readonly='yes' type='pflash'>/path/to/OVMF_CODE.secboot.fd</loader>
+-         *     <nvram template='/path/to/OVMF/OVMF_VARS.secboot.fd'>
+-         *   </os>
+-         *
+-         * In this case, the global default is to have Secure Boot
+-         * disabled, but the domain configuration explicitly enables
+-         * it, and we shouldn't overrule this choice */
+-        if (!loader->nvramTemplate) {
+-            loader->nvramTemplate = g_strdup(cfg->firmwares[i]->nvram);
+-            loader->nvramTemplateFormat = VIR_STORAGE_FILE_RAW;
++        if (loader->nvramTemplate &&
++            !virFileComparePaths(fw->nvram, loader->nvramTemplate)) {
++            VIR_DEBUG("Not matching nvram template path '%s' for user provided path '%s'",
++                      fw->nvram, loader->nvramTemplate);
++            continue;
+         }
+ 
+-        if (loader->nvramTemplateFormat == VIR_STORAGE_FILE_NONE)
+-            loader->nvramTemplateFormat = VIR_STORAGE_FILE_RAW;
+-
+-        VIR_DEBUG("decided on firmware '%s' template '%s'",
+-                  loader->path, NULLSTR(loader->nvramTemplate));
+-
+-        return 0;
++        theone = fw;
++        break;
+     }
+ 
+-    return 1;
++    if (!theone)
++        return 1;
++
++    loader->type = VIR_DOMAIN_LOADER_TYPE_PFLASH;
++    loader->readonly = VIR_TRISTATE_BOOL_YES;
++
++    loader->format = VIR_STORAGE_FILE_RAW;
++    loader->nvramTemplateFormat = VIR_STORAGE_FILE_RAW;
++
++    if (!loader->nvramTemplate) {
++        loader->nvramTemplate = g_strdup(theone->nvram);
++    }
++
++    VIR_DEBUG("decided on firmware '%s' template '%s'",
++              loader->path, loader->nvramTemplate);
++
++    return 0;
+ }
+ 
+ 
+-- 
+2.53.0

libvirt-qemu_firmware-Split-sanity-check.patch

@@ -0,0 +1,66 @@
+From 7909339d97bca3113e521d07c1f3e876d2f0a9a2 Mon Sep 17 00:00:00 2001
+Message-ID: <7909339d97bca3113e521d07c1f3e876d2f0a9a2.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 14:36:55 +0100
+Subject: [PATCH] qemu_firmware: Split sanity check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The two checks are semantically different, so it makes sense to
+perform them separately. We will soon extend the first one.
+
+While at it, start printing out the value of isConfidential. We
+could print the value of each firmware feature it's derived from,
+but that would make things unnecessarily verbose; at the same
+time, knowing that libvirt believes that the firmware build is
+targeting the confidential use case can be useful for debugging
+so it's worth including it.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 91337ee06d8f8a1e34d59c21840ceeb6904aed70)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 8b9b0d91ff..5c923b5a02 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1589,16 +1589,23 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
+      * VMs also don't support EFI variable storage in NVRAM, instead
+      * the secureboot state is hardcoded to enabled.
+      */
+-    if ((!isConfidential &&
+-         (supportsSecureBoot != requiresSMM)) ||
+-        (hasEnrolledKeys && !supportsSecureBoot)) {
++    if (!isConfidential &&
++        supportsSecureBoot != requiresSMM) {
+         VIR_WARN("Firmware description '%s' has invalid set of features: "
+-                 "%s = %d, %s = %d, %s = %d",
++                 "%s = %d, %s = %d (isConfidential = %d)",
+                  filename,
+                  qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_REQUIRES_SMM),
+                  requiresSMM,
+                  qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_SECURE_BOOT),
+                  supportsSecureBoot,
++                 isConfidential);
++    }
++    if (hasEnrolledKeys && !supportsSecureBoot) {
++        VIR_WARN("Firmware description '%s' has invalid set of features: "
++                 "%s = %d, %s = %d",
++                 filename,
++                 qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_SECURE_BOOT),
++                 supportsSecureBoot,
+                  qemuFirmwareFeatureTypeToString(QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS),
+                  hasEnrolledKeys);
+     }
+-- 
+2.53.0

libvirt-qemu_firmware-Support-extended-syntax-for-ROM-firmware-descriptors.patch

@@ -0,0 +1,99 @@
+From 560b1e9ff0dd80b473894993371614df3c71a118 Mon Sep 17 00:00:00 2001
+Message-ID: <560b1e9ff0dd80b473894993371614df3c71a118.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 19 Jan 2026 17:34:23 +0100
+Subject: [PATCH] qemu_firmware: Support extended syntax for ROM firmware
+ descriptors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The existing syntax can only describe stateless firmware builds,
+while the extended one can additionally describe builds intended
+for use with the uefi-vars device. This involves including the
+path to the corresponding varstore template.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit cab5b6532d5f102b33af642a0a67b29477b44b0a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index f9cb9058ac..7af3f32b85 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -95,6 +95,7 @@ struct _qemuFirmwareMappingFlash {
+ typedef struct _qemuFirmwareMappingMemory qemuFirmwareMappingMemory;
+ struct _qemuFirmwareMappingMemory {
+     char *filename;
++    char *template;
+ };
+ 
+ 
+@@ -219,6 +220,7 @@ static void
+ qemuFirmwareMappingMemoryFreeContent(qemuFirmwareMappingMemory *memory)
+ {
+     g_free(memory->filename);
++    g_free(memory->template);
+ }
+ 
+ 
+@@ -406,7 +408,11 @@ qemuFirmwareMappingMemoryParse(const char *path,
+                                virJSONValue *doc,
+                                qemuFirmwareMappingMemory *memory)
+ {
++    virJSONValue *uefi_vars;
+     const char *filename;
++    const char *template;
++
++    uefi_vars = virJSONValueObjectGet(doc, "uefi-vars");
+ 
+     if (!(filename = virJSONValueObjectGetString(doc, "filename"))) {
+         VIR_DEBUG("missing 'filename' in '%s'", path);
+@@ -415,6 +421,15 @@ qemuFirmwareMappingMemoryParse(const char *path,
+ 
+     memory->filename = g_strdup(filename);
+ 
++    if (uefi_vars) {
++        if (!(template = virJSONValueObjectGetString(uefi_vars, "template"))) {
++            VIR_DEBUG("missing 'template' for 'uefi-vars' in '%s'", path);
++            return -1;
++        }
++
++        memory->template = g_strdup(template);
++    }
++
+     return 0;
+ }
+ 
+@@ -702,6 +717,20 @@ qemuFirmwareMappingMemoryFormat(virJSONValue *mapping,
+                                        memory->filename) < 0)
+         return -1;
+ 
++    if (memory->template) {
++        g_autoptr(virJSONValue) uefi_vars = virJSONValueNewObject();
++
++        if (virJSONValueObjectAppendString(uefi_vars,
++                                           "template",
++                                           memory->template) < 0)
++            return -1;
++
++        if (virJSONValueObjectAppend(mapping,
++                                     "uefi-vars",
++                                     &uefi_vars) < 0)
++            return -1;
++    }
++
+     return 0;
+ }
+ 
+-- 
+2.53.0

libvirt-qemu_firmware-Take-NVRAM-format-into-account-when-matching.patch

@@ -0,0 +1,66 @@
+From 5bf3d3a12744a55ab362d0d9aff41e9d0d217bf8 Mon Sep 17 00:00:00 2001
+Message-ID: <5bf3d3a12744a55ab362d0d9aff41e9d0d217bf8.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 28 Nov 2025 15:18:35 +0100
+Subject: [PATCH] qemu_firmware: Take NVRAM format into account when matching
+
+Commit d3016e47be5f removed a hunk very similar to the one we're
+adding with the rationale that there is no actual requirement for
+the NVRAM file and the NVRAM template to have the same format,
+which is completely correct: while libvirt will not perform the
+format conversion itself, the user can do that on their own and
+everything (except RESET_NVRAM) will work just fine.
+
+That said, we also need <nvram format='foo'/> specified on its
+own with no <loader> element to result in a firmware build with a
+foo-formatted NVRAM template to be picked. Right now this works
+thanks to the hack at the top of qemuFirmwareFillDomain() which
+copies nvram.format to loader.format, but we want to get rid of
+that because it has additional side effects that can lead to
+confusing outcomes in certain specific scenarios.
+
+So reintroduce this check, but make it extremely narrow: if any
+other information that can influence firmware selection is
+present in the domain XML, ignore the NVRAM format entirely; if
+however the NVRAM format is the only information that was
+provided, consider it when looking for a match.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 798528d2b64db88368c61e7e904e0b7d46de9bd4)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index e13cce0887..8714538ba3 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1304,6 +1304,21 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+                           virStorageFileFormatTypeToString(loader->nvramTemplateFormat));
+                 return false;
+             }
++            /* If nvram.format was specified and no other information
++             * that can influence firmware selection was, then treat it
++             * the same as if nvram.templateFormat had been specified.
++             * This ensures that <nvram format='foo'/> continues to work
++             * as a shorthand while not getting in the way otherwise */
++            if (loader && loader->nvram && loader->nvram->format &&
++                !loader->readonly && !loader->type && !loader->secure &&
++                !loader->stateless && !loader->format && !loader->path &&
++                !loader->nvramTemplateFormat && !loader->nvramTemplate &&
++                STRNEQ(flash->nvram_template.format, virStorageFileFormatTypeToString(loader->nvram->format))) {
++                VIR_DEBUG("Discarding loader with mismatching nvram template format '%s' != '%s'",
++                          flash->nvram_template.format,
++                          virStorageFileFormatTypeToString(loader->nvram->format));
++                return false;
++            }
+         } else {
+             if (loader && loader->nvram &&
+                 (loader->nvram->path || loader->nvram->format)) {
+-- 
+2.53.0

libvirt-qemu_firmware-Take-templateFormat-into-account-when-matching.patch

@@ -0,0 +1,231 @@
+From c42ea0c6e181c2702bc0e0809a7ad43f96b9a909 Mon Sep 17 00:00:00 2001
+Message-ID: <c42ea0c6e181c2702bc0e0809a7ad43f96b9a909.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 26 Nov 2025 19:05:18 +0100
+Subject: [PATCH] qemu_firmware: Take templateFormat into account when matching
+
+If the user has specified a desired format for the NVRAM
+template, we should take that information into account when
+looking for a suitable firmware build instead of ignoring it.
+
+Two test cases start failing as a result of this change.
+
+For firmware-auto-efi-format-nvramtemplate-qcow2, the failure
+is temporary and the test case will pass once again with an
+upcoming commit. It should be noted that, until now, the selected
+firmware used raw, not qcow2, as the NVRAM template format,
+meaning that though the test case passed the outcome was not the
+desired one.
+
+For firmware-auto-efi-format-mismatch-nvramtemplate, the failure
+is desired and the test case should not have succeeded in the
+first place, as there are no firmware descriptors for a build
+that uses raw format for the executable and qcow2 format for the
+NVRAM template.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 623fc1b4b5ee93e946d9928aced498dde0421ace)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c                      |  7 ++++
+ ...-mismatch-nvramtemplate.x86_64-latest.args | 37 -------------------
+ ...t-mismatch-nvramtemplate.x86_64-latest.err |  1 +
+ ...t-mismatch-nvramtemplate.x86_64-latest.xml |  9 +----
+ ...mat-nvramtemplate-qcow2.x86_64-latest.args | 37 -------------------
+ ...rmat-nvramtemplate-qcow2.x86_64-latest.err |  1 +
+ ...rmat-nvramtemplate-qcow2.x86_64-latest.xml |  9 +----
+ tests/qemuxmlconftest.c                       |  4 +-
+ 8 files changed, 15 insertions(+), 90 deletions(-)
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.err
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index dca0a79868..e13cce0887 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1297,6 +1297,13 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+                           flash->nvram_template.format);
+                 return false;
+             }
++            if (loader && loader->nvramTemplateFormat &&
++                STRNEQ(flash->nvram_template.format, virStorageFileFormatTypeToString(loader->nvramTemplateFormat))) {
++                VIR_DEBUG("Discarding loader with mismatching nvram template format '%s' != '%s'",
++                          flash->nvram_template.format,
++                          virStorageFileFormatTypeToString(loader->nvramTemplateFormat));
++                return false;
++            }
+         } else {
+             if (loader && loader->nvram &&
+                 (loader->nvram->path || loader->nvram->format)) {
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
+deleted file mode 100644
+index e7c9110c95..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
++++ /dev/null
+@@ -1,37 +0,0 @@
+-LC_ALL=C \
+-PATH=/bin \
+-HOME=/var/lib/libvirt/qemu/domain--1-guest \
+-USER=test \
+-LOGNAME=test \
+-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+-/usr/bin/qemu-system-x86_64 \
+--name guest=guest,debug-threads=on \
+--S \
+--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
+--blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
+--machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
+--accel kvm \
+--cpu qemu64 \
+--global driver=cfi.pflash01,property=secure,value=on \
+--m size=1048576k \
+--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+--overcommit mem-lock=off \
+--smp 1,sockets=1,cores=1,threads=1 \
+--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+--display none \
+--no-user-config \
+--nodefaults \
+--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+--mon chardev=charmonitor,id=monitor,mode=control \
+--rtc base=utc \
+--no-shutdown \
+--boot strict=on \
+--audiodev '{"id":"audio1","driver":"none"}' \
+--global ICH9-LPC.noreboot=off \
+--watchdog-action reset \
+--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+--msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
+index f4df8c07ed..1f039061ba 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
+@@ -6,17 +6,12 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <firmware>
+-      <feature enabled='yes' name='enrolled-keys'/>
+-      <feature enabled='yes' name='secure-boot'/>
+-    </firmware>
+-    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
+-    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <loader format='raw'/>
++    <nvram templateFormat='qcow2'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+     <acpi/>
+-    <smm state='on'/>
+   </features>
+   <cpu mode='custom' match='exact' check='none'>
+     <model fallback='forbid'>qemu64</model>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+deleted file mode 100644
+index e7c9110c95..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
++++ /dev/null
+@@ -1,37 +0,0 @@
+-LC_ALL=C \
+-PATH=/bin \
+-HOME=/var/lib/libvirt/qemu/domain--1-guest \
+-USER=test \
+-LOGNAME=test \
+-XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+-XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+-XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+-/usr/bin/qemu-system-x86_64 \
+--name guest=guest,debug-threads=on \
+--S \
+--object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
+--blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
+--blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
+--machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
+--accel kvm \
+--cpu qemu64 \
+--global driver=cfi.pflash01,property=secure,value=on \
+--m size=1048576k \
+--object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
+--overcommit mem-lock=off \
+--smp 1,sockets=1,cores=1,threads=1 \
+--uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
+--display none \
+--no-user-config \
+--nodefaults \
+--chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+--mon chardev=charmonitor,id=monitor,mode=control \
+--rtc base=utc \
+--no-shutdown \
+--boot strict=on \
+--audiodev '{"id":"audio1","driver":"none"}' \
+--global ICH9-LPC.noreboot=off \
+--watchdog-action reset \
+--sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+--msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+index f4df8c07ed..1f039061ba 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+@@ -6,17 +6,12 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
+-    <firmware>
+-      <feature enabled='yes' name='enrolled-keys'/>
+-      <feature enabled='yes' name='secure-boot'/>
+-    </firmware>
+-    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
+-    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <loader format='raw'/>
++    <nvram templateFormat='qcow2'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+     <acpi/>
+-    <smm state='on'/>
+   </features>
+   <cpu mode='custom' match='exact' check='none'>
+     <model fallback='forbid'>qemu64</model>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index b46caf9139..03b3aeef86 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1663,9 +1663,9 @@ mymain(void)
+     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-nvramtemplate-path");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+-    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvramtemplate-qcow2");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvramtemplate-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+-    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch-nvramtemplate");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-mismatch-nvramtemplate");
+ 
+     /* This test passes, but the outcome is not the desired one: the
+      * generic edk2 build gets selected instead of the AMD SEV one */
+-- 
+2.53.0

libvirt-qemu_firmware-Use-of-NVRAM-implies-stateful-firmware.patch

@@ -0,0 +1,54 @@
+From ca225465b1d7c3e931b319aad262a0c65d240cbc Mon Sep 17 00:00:00 2001
+Message-ID: <ca225465b1d7c3e931b319aad262a0c65d240cbc.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 3 Feb 2026 18:47:04 +0100
+Subject: [PATCH] qemu_firmware: Use of NVRAM implies stateful firmware
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently we only look at the value for the stateless attribute
+itself when matching, but the <nvram> element being included in
+the input XML is likewise a clear sign that a stateless firmware
+build will not satisfy the user's requirements.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit ffe37c698948b926bace57dc16106d3acb08c3ac)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/qemu/qemu_firmware.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 60cc92e46a..1851ed4a80 100644
+--- a/src/qemu/qemu_firmware.c
++++ b/src/qemu/qemu_firmware.c
+@@ -1288,13 +1288,19 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
+         /* Explicit requests for either a stateless or stateful
+          * firmware should be fulfilled, but if no preference is
+          * provided either one is fine as long as the other match
+-         * criteria are satisfied */
++         * criteria are satisfied. NVRAM implies stateful */
+         if (loader &&
+             loader->stateless == VIR_TRISTATE_BOOL_NO &&
+             flash->mode == QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+             VIR_DEBUG("Discarding stateless loader");
+             return false;
+         }
++        if (loader &&
++            loader->nvram &&
++            flash->mode == QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
++            VIR_DEBUG("Discarding stateless loader");
++            return false;
++        }
+         if (loader &&
+             loader->stateless == VIR_TRISTATE_BOOL_YES &&
+             flash->mode != QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
+-- 
+2.53.0

libvirt-qemu_hotplug-enter-monitor-in-order-to-rollback-passed-FD.patch

@@ -0,0 +1,46 @@
+From 1312b576ca64ad07aaee6fae9024bbdfa621c609 Mon Sep 17 00:00:00 2001
+Message-ID: <1312b576ca64ad07aaee6fae9024bbdfa621c609.1772815314.git.jdenemar@redhat.com>
+From: Pavel Hrdina <phrdina@redhat.com>
+Date: Thu, 26 Feb 2026 10:54:18 +0100
+Subject: [PATCH] qemu_hotplug: enter monitor in order to rollback passed FD
+
+Reported-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 4374dbbbf0d87f0052dd96be96baad6c20963713)
+
+https://issues.redhat.com/browse/RHEL-151916
+
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+---
+ src/qemu/qemu_hotplug.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index a455c2cd53..bb88815e27 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -1682,15 +1682,16 @@ qemuDomainAttachHostPCIDevice(virQEMUDriver *driver,
+     if (teardownmemlock && qemuDomainAdjustMaxMemLock(vm) < 0)
+         VIR_WARN("Unable to reset maximum locked memory on hotplug fail");
+ 
+-    if (removeiommufd) {
+-        qemuDomainObjEnterMonitor(vm);
++    qemuDomainObjEnterMonitor(vm);
++
++    if (removeiommufd)
+         ignore_value(qemuMonitorDelObject(priv->mon, "iommufd0", false));
+-        qemuDomainObjExitMonitor(vm);
+-    }
+ 
+     qemuFDPassDirectTransferMonitorRollback(hostdevPriv->vfioDeviceFd, priv->mon);
+     qemuFDPassDirectTransferMonitorRollback(priv->iommufd, priv->mon);
+ 
++    qemuDomainObjExitMonitor(vm);
++
+     if (releaseaddr)
+         qemuDomainReleaseDeviceAddress(vm, info);
+ 
+-- 
+2.53.0

libvirt-schema-Add-firmwareFeatures-element-for-domaincaps.patch

@@ -0,0 +1,49 @@
+From e80e42974e03a8c18bda11714608271d372558ae Mon Sep 17 00:00:00 2001
+Message-ID: <e80e42974e03a8c18bda11714608271d372558ae.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 9 Feb 2026 19:18:32 +0100
+Subject: [PATCH] schema: Add firmwareFeatures element for domaincaps
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 463322ec48d48886ac38604565923cb283dca26e)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/schemas/domaincaps.rng | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng
+index 8d0380951d..3b24caeca6 100644
+--- a/src/conf/schemas/domaincaps.rng
++++ b/src/conf/schemas/domaincaps.rng
+@@ -68,6 +68,15 @@
+     </element>
+   </define>
+ 
++  <define name="firmwareFeatures">
++    <element name="firmwareFeatures">
++      <ref name="supported"/>
++      <optional>
++        <ref name="enum"/>
++      </optional>
++    </element>
++  </define>
++
+   <define name="loader">
+     <element name="loader">
+       <ref name="supported"/>
+@@ -83,6 +92,9 @@
+       <interleave>
+         <ref name="supported"/>
+         <ref name="enum"/>
++        <optional>
++          <ref name="firmwareFeatures"/>
++        </optional>
+         <optional>
+           <ref name="loader"/>
+         </optional>
+-- 
+2.53.0

libvirt-schema-Introduce-osnvram-define.patch

@@ -0,0 +1,100 @@
+From b6ec9f3779a824879defc43172e1cc6e3aac4c29 Mon Sep 17 00:00:00 2001
+Message-ID: <b6ec9f3779a824879defc43172e1cc6e3aac4c29.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 23 Feb 2026 13:57:32 +0100
+Subject: [PATCH] schema: Introduce osnvram define
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This moves the definition of the <nvram> element out of the
+fairly complex oshvm define and will make it easier to later
+add the <varstore> element without making things unmanageable.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit b5da97c5b9b95b8b099e1c5aa7f04c17df636e70)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/schemas/domaincommon.rng | 54 +++++++++++++++++--------------
+ 1 file changed, 29 insertions(+), 25 deletions(-)
+
+diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
+index 152aa489f5..92f82c8fbf 100644
+--- a/src/conf/schemas/domaincommon.rng
++++ b/src/conf/schemas/domaincommon.rng
+@@ -349,31 +349,7 @@
+             </element>
+           </optional>
+           <optional>
+-            <element name="nvram">
+-              <optional>
+-                <attribute name="template">
+-                  <ref name="absFilePath"/>
+-                </attribute>
+-              </optional>
+-              <optional>
+-                <attribute name="templateFormat">
+-                  <ref name="pflashFormatTypes"/>
+-                </attribute>
+-              </optional>
+-              <optional>
+-                <ref name="pflashFormat"/>
+-              </optional>
+-              <optional>
+-                <choice>
+-                  <group>
+-                    <ref name="absFilePath"/>
+-                  </group>
+-                  <group>
+-                    <ref name="diskSource"/>
+-                  </group>
+-                </choice>
+-              </optional>
+-            </element>
++            <ref name="osnvram"/>
+           </optional>
+           <optional>
+             <ref name="osbootkernel"/>
+@@ -452,6 +428,34 @@
+     </element>
+   </define>
+ 
++  <define name="osnvram">
++    <element name="nvram">
++      <optional>
++        <attribute name="template">
++          <ref name="absFilePath"/>
++        </attribute>
++      </optional>
++      <optional>
++        <attribute name="templateFormat">
++          <ref name="pflashFormatTypes"/>
++        </attribute>
++      </optional>
++      <optional>
++        <ref name="pflashFormat"/>
++      </optional>
++      <optional>
++        <choice>
++          <group>
++            <ref name="absFilePath"/>
++          </group>
++          <group>
++            <ref name="diskSource"/>
++          </group>
++        </choice>
++      </optional>
++    </element>
++  </define>
++
+   <define name="osexe">
+     <element name="os">
+       <interleave>
+-- 
+2.53.0

libvirt-schemas-Allow-templateFormat-without-template-path.patch

@@ -0,0 +1,44 @@
+From 0ec84169d9163d94a209b2c5babf18841a4ccc66 Mon Sep 17 00:00:00 2001
+Message-ID: <0ec84169d9163d94a209b2c5babf18841a4ccc66.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 26 Nov 2025 18:18:06 +0100
+Subject: [PATCH] schemas: Allow templateFormat without template path
+
+Similarly to how we allow the format for the loader and the NVRAM
+file to be specified without the corresponding path being present,
+we should allow that to happen for the NVRAM template too.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 2bd0499294b145c6a4c36d431c39a5da9c6d57c0)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/conf/schemas/domaincommon.rng | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
+index 441328a08e..152aa489f5 100644
+--- a/src/conf/schemas/domaincommon.rng
++++ b/src/conf/schemas/domaincommon.rng
+@@ -354,11 +354,11 @@
+                 <attribute name="template">
+                   <ref name="absFilePath"/>
+                 </attribute>
+-                <optional>
+-                  <attribute name="templateFormat">
+-                    <ref name="pflashFormatTypes"/>
+-                  </attribute>
+-                </optional>
++              </optional>
++              <optional>
++                <attribute name="templateFormat">
++                  <ref name="pflashFormatTypes"/>
++                </attribute>
+               </optional>
+               <optional>
+                 <ref name="pflashFormat"/>
+-- 
+2.53.0

libvirt-security-Handle-varstore-file.patch

@@ -0,0 +1,221 @@
+From d1a6cd459afd2aeff61a36cf03d435dbcac3d840 Mon Sep 17 00:00:00 2001
+Message-ID: <d1a6cd459afd2aeff61a36cf03d435dbcac3d840.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 28 Jan 2026 15:42:16 +0100
+Subject: [PATCH] security: Handle varstore file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit bcbb2667e206340702ce6ec7a5e862f771a11f9d)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/security/security_dac.c     | 22 +++++++++++---
+ src/security/security_selinux.c | 53 +++++++++++++++++++++------------
+ src/security/virt-aa-helper.c   | 40 +++++++++++++++----------
+ 3 files changed, 76 insertions(+), 39 deletions(-)
+
+diff --git a/src/security/security_dac.c b/src/security/security_dac.c
+index 704c8dbfec..390dfc7578 100644
+--- a/src/security/security_dac.c
++++ b/src/security/security_dac.c
+@@ -2061,11 +2061,17 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
+             rc = -1;
+     }
+ 
+-    if (def->os.loader && def->os.loader->nvram) {
+-        if (virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
++    if (def->os.loader) {
++        if (def->os.loader->nvram &&
++            virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
+                                                def, def->os.loader->nvram,
+                                                migrated) < 0)
+             rc = -1;
++
++        if (def->os.varstore &&
++            def->os.varstore->path &&
++            virSecurityDACRestoreFileLabel(mgr, def->os.varstore->path) < 0)
++            rc = -1;
+     }
+ 
+     if (def->os.kernel &&
+@@ -2310,12 +2316,20 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
+             return -1;
+     }
+ 
+-    if (def->os.loader && def->os.loader->nvram) {
+-        if (virSecurityDACSetImageLabel(mgr, sharedFilesystems,
++    if (def->os.loader) {
++        if (def->os.loader->nvram &&
++            virSecurityDACSetImageLabel(mgr, sharedFilesystems,
+                                         def, def->os.loader->nvram,
+                                         VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                         VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+             return -1;
++
++        if (def->os.varstore &&
++            def->os.varstore->path &&
++            virSecurityDACSetOwnership(mgr, NULL,
++                                       def->os.varstore->path,
++                                       user, group, true) < 0)
++            return -1;
+     }
+ 
+     if (def->os.kernel &&
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 4a5f61d16b..9c498ab5f8 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -2993,11 +2993,18 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
+             rc = -1;
+     }
+ 
+-    if (def->os.loader && def->os.loader->nvram) {
+-        if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
++    if (def->os.loader) {
++        if (def->os.loader->nvram &&
++            virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
+                                                    def, def->os.loader->nvram,
+                                                    migrated) < 0)
+             rc = -1;
++
++        if (def->os.varstore &&
++            def->os.varstore->path &&
++            virSecuritySELinuxRestoreFileLabel(mgr, def->os.varstore->path,
++                                               true, false) < 0)
++            rc = -1;
+     }
+ 
+     if (def->os.kernel &&
+@@ -3341,6 +3348,22 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager *mgr,
+ }
+ 
+ 
++static int
++virSecuritySELinuxDomainSetPathLabel(virSecurityManager *mgr,
++                                     virDomainDef *def,
++                                     const char *path,
++                                     bool allowSubtree G_GNUC_UNUSED)
++{
++    virSecurityLabelDef *seclabel;
++
++    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
++    if (!seclabel || !seclabel->relabel)
++        return 0;
++
++    return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, true);
++}
++
++
+ static int
+ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
+                               char *const *sharedFilesystems,
+@@ -3421,12 +3444,19 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
+             return -1;
+     }
+ 
+-    if (def->os.loader && def->os.loader->nvram) {
+-        if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
++    if (def->os.loader) {
++        if (def->os.loader->nvram &&
++            virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
+                                             def, def->os.loader->nvram,
+                                             VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                             VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+             return -1;
++
++        if (def->os.varstore &&
++            def->os.varstore->path &&
++            virSecuritySELinuxDomainSetPathLabel(mgr, def,
++                                                 def->os.varstore->path, true) < 0)
++            return -1;
+     }
+ 
+     if (def->os.kernel &&
+@@ -3593,21 +3623,6 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManager *mgr,
+     return opts;
+ }
+ 
+-static int
+-virSecuritySELinuxDomainSetPathLabel(virSecurityManager *mgr,
+-                                     virDomainDef *def,
+-                                     const char *path,
+-                                     bool allowSubtree G_GNUC_UNUSED)
+-{
+-    virSecurityLabelDef *seclabel;
+-
+-    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+-    if (!seclabel || !seclabel->relabel)
+-        return 0;
+-
+-    return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, true);
+-}
+-
+ static int
+ virSecuritySELinuxDomainSetPathLabelRO(virSecurityManager *mgr,
+                                        virDomainDef *def,
+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
+index 3099e56ec3..9a4e82f4e6 100644
+--- a/src/security/virt-aa-helper.c
++++ b/src/security/virt-aa-helper.c
+@@ -1019,27 +1019,35 @@ get_files(vahControl * ctl)
+         return -1;
+     }
+ 
+-    if (ctl->def->os.loader && ctl->def->os.loader->path) {
+-        bool readonly = false;
++    if (ctl->def->os.loader) {
++        if (ctl->def->os.loader->path) {
++            bool readonly = false;
+ 
+-        /* Look at the readonly attribute, but also keep in mind that ROMs
+-         * are always loaded read-only regardless of whether the attribute
+-         * is present. Validation ensures that nonsensical configurations
+-         * (type=rom readonly=no) are rejected long before we get here */
+-        virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
+-        if (ctl->def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_ROM)
+-            readonly = true;
++            /* Look at the readonly attribute, but also keep in mind that ROMs
++             * are always loaded read-only regardless of whether the attribute
++             * is present. Validation ensures that nonsensical configurations
++             * (type=rom readonly=no) are rejected long before we get here */
++            virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
++            if (ctl->def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_ROM)
++                readonly = true;
+ 
+-        if (vah_add_file(&buf,
+-                         ctl->def->os.loader->path,
+-                         readonly ? "rk" : "rwk") != 0) {
++            if (vah_add_file(&buf,
++                             ctl->def->os.loader->path,
++                             readonly ? "rk" : "rwk") != 0) {
++                return -1;
++            }
++        }
++
++        if (ctl->def->os.loader->nvram &&
++            storage_source_add_files(ctl->def->os.loader->nvram, &buf, 0) < 0) {
+             return -1;
+         }
+-    }
+ 
+-    if (ctl->def->os.loader && ctl->def->os.loader->nvram &&
+-        storage_source_add_files(ctl->def->os.loader->nvram, &buf, 0) < 0) {
+-        return -1;
++        if (ctl->def->os.varstore &&
++            ctl->def->os.varstore->path &&
++            vah_add_file(&buf, ctl->def->os.varstore->path, "rw") != 0) {
++            return -1;
++        }
+     }
+ 
+     for (i = 0; i < ctl->def->ngraphics; i++) {
+-- 
+2.53.0

libvirt-security-Mark-ROMs-as-read-only-when-using-AppArmor.patch

@@ -0,0 +1,47 @@
+From d88443f1ff243e634ddb8576a363f7a91f8bcba1 Mon Sep 17 00:00:00 2001
+Message-ID: <d88443f1ff243e634ddb8576a363f7a91f8bcba1.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 6 Feb 2026 17:00:10 +0100
+Subject: [PATCH] security: Mark ROMs as read only when using AppArmor
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Before this, attempting to use a ROM that was not explictly
+marked at read only resulted in an error at startup time.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit a32b4a60372eb7907ad05aae924e40dff095efdd)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/security/virt-aa-helper.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
+index 29e844c7ff..3099e56ec3 100644
+--- a/src/security/virt-aa-helper.c
++++ b/src/security/virt-aa-helper.c
+@@ -1021,7 +1021,15 @@ get_files(vahControl * ctl)
+ 
+     if (ctl->def->os.loader && ctl->def->os.loader->path) {
+         bool readonly = false;
++
++        /* Look at the readonly attribute, but also keep in mind that ROMs
++         * are always loaded read-only regardless of whether the attribute
++         * is present. Validation ensures that nonsensical configurations
++         * (type=rom readonly=no) are rejected long before we get here */
+         virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
++        if (ctl->def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_ROM)
++            readonly = true;
++
+         if (vah_add_file(&buf,
+                          ctl->def->os.loader->path,
+                          readonly ? "rk" : "rwk") != 0) {
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-bios-rw.patch

@@ -0,0 +1,115 @@
+From cd12b9e8588920c2e6efb41b8fab73cd98fd88de Mon Sep 17 00:00:00 2001
+Message-ID: <cd12b9e8588920c2e6efb41b8fab73cd98fd88de.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 12 Dec 2025 16:18:24 +0100
+Subject: [PATCH] tests: Add firmware-auto-bios-rw
+
+This test cases demonstrates that the firmware autoselection
+process is unable to find a BIOS image that is read/write.
+
+This is expected, as BIOS is loaded as ROM and is thus by
+definition read-only.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 07bcd51bcb6a2370f83dadd9f066acebf3157dc2)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ .../firmware-auto-bios-rw.x86_64-latest.err   |  1 +
+ .../firmware-auto-bios-rw.x86_64-latest.xml   | 35 +++++++++++++++++++
+ .../qemuxmlconfdata/firmware-auto-bios-rw.xml | 18 ++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 55 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-rw.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.err
+new file mode 100644
+index 0000000000..743fe27a97
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'bios' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.xml
+new file mode 100644
+index 0000000000..b8916c30d9
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.xml
+@@ -0,0 +1,35 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='bios'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='no' format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-rw.xml b/tests/qemuxmlconfdata/firmware-auto-bios-rw.xml
+new file mode 100644
+index 0000000000..444273e9bb
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-bios-rw.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='bios'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='no'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 5299f341cf..c20db43cec 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1617,6 +1617,7 @@ mymain(void)
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-bios");
+     DO_TEST_CAPS_LATEST("firmware-auto-bios-stateless");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-bios-rw");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-not-stateless");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-bios-nvram");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-enrolled-keys-aarch64.patch

@@ -0,0 +1,181 @@
+From eaa18be2c7fa1a9ddd59c6888663a47ae6697881 Mon Sep 17 00:00:00 2001
+Message-ID: <eaa18be2c7fa1a9ddd59c6888663a47ae6697881.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 10 Dec 2025 00:02:52 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-enrolled-keys-aarch64
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This test case demonstrates how to automatically configure an
+aarch64 guest so that Secure Boot support is available and only
+signed operating systems are allowed to boot.
+
+It currently fails because there is no firmware descriptor that
+describes a suitable firmware build yet. That will change in a
+future commit.
+
+In addition to the latest version, the test case is also executed
+against QEMU 8.2.0 specifically. This version of the test case is
+intended to fail, because the uefi-vars device that we need to
+support Secure Boot on aarch64 was not yet available in that
+version of QEMU. The exact error message will change down the
+line.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 38c4c3f654473c6779b7afd00eb802b5550efb15)
+
+Conflicts:
+
+  * tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+
+    - GIC version mismatch caused by capabilities files
+      being outdated or missing downstream
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err |  1 +
+ ...fi-enrolled-keys-aarch64.aarch64-8.2.0.xml | 30 +++++++++++++++++++
+ ...i-enrolled-keys-aarch64.aarch64-latest.err |  1 +
+ ...i-enrolled-keys-aarch64.aarch64-latest.xml | 30 +++++++++++++++++++
+ ...irmware-auto-efi-enrolled-keys-aarch64.xml | 20 +++++++++++++
+ tests/qemuxmlconftest.c                       |  2 ++
+ 6 files changed, 84 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+new file mode 100644
+index 0000000000..5213a41b90
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+@@ -0,0 +1,30 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++    </firmware>
++    <loader format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <gic version='3'/>
++  </features>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+new file mode 100644
+index 0000000000..5213a41b90
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+@@ -0,0 +1,30 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++    </firmware>
++    <loader format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <gic version='3'/>
++  </features>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
+new file mode 100644
+index 0000000000..6cd382d0fa
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.xml
+@@ -0,0 +1,20 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++    </firmware>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 77a5a18384..48c2649aa5 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1651,6 +1651,8 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
++    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
++    DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-loader-qcow2-rom.patch

@@ -0,0 +1,154 @@
+From 6097f1893890d65d619ccdfc84ad25acf91dee05 Mon Sep 17 00:00:00 2001
+Message-ID: <6097f1893890d65d619ccdfc84ad25acf91dee05.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 19 Dec 2025 14:31:38 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-format-loader-qcow2-rom
+
+This test case demonstrates a flaw in the XML validation process.
+
+ROM images are by definition in raw format, so attempting to use
+any other format should have resulted in the domain XML being
+rejected.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 5bae6e36403599ecf4ec04468371e58d3404585b)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...format-loader-qcow2-rom.x86_64-latest.args | 34 ++++++++++++++++
+ ...-format-loader-qcow2-rom.x86_64-latest.xml | 39 +++++++++++++++++++
+ ...mware-auto-efi-format-loader-qcow2-rom.xml | 18 +++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 92 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
+new file mode 100644
+index 0000000000..417084d45e
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.args
+@@ -0,0 +1,34 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
+new file mode 100644
+index 0000000000..862a50ddb4
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.xml
+@@ -0,0 +1,39 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader type='rom' format='qcow2'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.xml
+new file mode 100644
+index 0000000000..abc2dc6d31
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader type='rom' format='qcow2'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index a45487b1b5..0a4dab9fe0 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1650,6 +1650,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2-rom");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2-nvram-path");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-path");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-mismatch-nvramtemplate.patch

@@ -0,0 +1,165 @@
+From 1c7d28d2e7fdb8e2bbed1e5e1ca1e4d4f6b917b9 Mon Sep 17 00:00:00 2001
+Message-ID: <1c7d28d2e7fdb8e2bbed1e5e1ca1e4d4f6b917b9.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 28 Nov 2025 16:15:25 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-format-mismatch-nvramtemplate
+
+This test case demonstrates an issue with the current
+implementation of firmware autoselection.
+
+While the test case passes, the outcome is not the desired one.
+The domain XML explicitly requests that the format for the
+firmware excutable is raw and the format for the NVRAM template
+is qcow2: since there are no firmware descriptors that satisfy
+these requirements, this should result in a failure. Instead, the
+second request is simply ignored and a firmware that uses raw
+format NVRAM template is selected.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 9ec9bdc8dca859801a881ca22197bafa8807f7e7)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...-mismatch-nvramtemplate.x86_64-latest.args | 37 +++++++++++++++++
+ ...t-mismatch-nvramtemplate.x86_64-latest.xml | 41 +++++++++++++++++++
+ ...auto-efi-format-mismatch-nvramtemplate.xml | 19 +++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 98 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
+new file mode 100644
+index 0000000000..e7c9110c95
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
+new file mode 100644
+index 0000000000..f4df8c07ed
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml
+@@ -0,0 +1,41 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.xml
+new file mode 100644
+index 0000000000..4dc1ffce31
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader format='raw'/>
++    <nvram templateFormat='qcow2'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 3df0780708..b46caf9139 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1665,6 +1665,7 @@ mymain(void)
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvramtemplate-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch-nvramtemplate");
+ 
+     /* This test passes, but the outcome is not the desired one: the
+      * generic edk2 build gets selected instead of the AMD SEV one */
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-loader-path.patch

@@ -0,0 +1,124 @@
+From c55ea39efc013456c4c7a1cf0109620673b2044d Mon Sep 17 00:00:00 2001
+Message-ID: <c55ea39efc013456c4c7a1cf0109620673b2044d.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 15 Dec 2025 19:56:19 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-format-nvram-raw-loader-path
+
+This test case demonstrates an issue with the current
+implementation of firmware autoselection.
+
+libvirt would normally be able to find the firmware descriptor
+for the binary mentioned in the domain XML, but the fact that at
+the same time we're asking for the NVRAM file to be of a
+different format throws a spanner in the works.
+
+Of course there is no requirement for the format of the NVRAM
+file to match that of the NVRAM template, so the fact that
+libvirt is unable to produce a working configuration out of this
+input is an issues that will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit ab92d773397b2b344bb568690baa30951408d43a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...at-nvram-raw-loader-path.x86_64-latest.err |  1 +
+ ...at-nvram-raw-loader-path.x86_64-latest.xml | 36 +++++++++++++++++++
+ ...-auto-efi-format-nvram-raw-loader-path.xml | 19 ++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 57 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
+new file mode 100644
+index 0000000000..6bb1ad1507
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml
+@@ -0,0 +1,36 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
++    <nvram format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.xml
+new file mode 100644
+index 0000000000..66e6910fc2
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2</loader>
++    <nvram format='raw'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index bba658bf2b..343af22303 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1659,6 +1659,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-format-nvram-raw");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-loader-path");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-nvramtemplate-path.patch

@@ -0,0 +1,120 @@
+From 72aea6c308d9885d16ea0b81d982cfe256048677 Mon Sep 17 00:00:00 2001
+Message-ID: <72aea6c308d9885d16ea0b81d982cfe256048677.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 15 Dec 2025 20:29:11 +0100
+Subject: [PATCH] tests: Add
+ firmware-auto-efi-format-nvram-raw-nvramtemplate-path
+
+This test case demonstrates an issue with the current
+implementation of firmware autoselection.
+
+There is no requirement for the format of the NVRAM file (raw in
+this case) to match that of the NVRAM template (qcow2 in this
+case), and yet libvirt incorrectly rejects the configuration.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit a4f33d72287f68789f1d288d78b872d42dfe3b12)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...m-raw-nvramtemplate-path.x86_64-latest.err |  1 +
+ ...m-raw-nvramtemplate-path.x86_64-latest.xml | 36 +++++++++++++++++++
+ ...fi-format-nvram-raw-nvramtemplate-path.xml | 18 ++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 56 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
+new file mode 100644
+index 0000000000..3edb2b3451
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.err
+@@ -0,0 +1 @@
++operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
+new file mode 100644
+index 0000000000..8bb8f1b26c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml
+@@ -0,0 +1,36 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader format='raw'/>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' format='raw'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.xml
+new file mode 100644
+index 0000000000..1e1174a11a
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2' format='raw'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 343af22303..88935b1e1b 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1660,6 +1660,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-format-nvram-raw");
+     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-loader-path");
++    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-nvramtemplate-path");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-nvram-raw.patch

@@ -0,0 +1,251 @@
+From 8a6f20dbce693ab8349866cf784c6647a7fbbe48 Mon Sep 17 00:00:00 2001
+Message-ID: <8a6f20dbce693ab8349866cf784c6647a7fbbe48.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 15 Dec 2025 23:21:16 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-format-nvram-raw
+
+This test case demonstrates that it's possible to explicitly
+select the format for the NVRAM template, and usually the
+firmware binary itself, by using the <nvram format='foo'/>
+shorthand syntax.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit c8536599f2c383d8a0d9216e2d6fb79417d7a9cd)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...at-nvram-raw.x86_64-latest.abi-update.args | 37 +++++++++++++++++
+ ...mat-nvram-raw.x86_64-latest.abi-update.xml | 41 +++++++++++++++++++
+ ...to-efi-format-nvram-raw.x86_64-latest.args | 37 +++++++++++++++++
+ ...uto-efi-format-nvram-raw.x86_64-latest.xml | 41 +++++++++++++++++++
+ .../firmware-auto-efi-format-nvram-raw.xml    | 18 ++++++++
+ tests/qemuxmlconftest.c                       |  2 +
+ 6 files changed, 176 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.args
+new file mode 100644
+index 0000000000..e7c9110c95
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.xml
+new file mode 100644
+index 0000000000..f4df8c07ed
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.xml
+@@ -0,0 +1,41 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.args
+new file mode 100644
+index 0000000000..e7c9110c95
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.xml
+new file mode 100644
+index 0000000000..f4df8c07ed
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.x86_64-latest.xml
+@@ -0,0 +1,41 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.xml
+new file mode 100644
+index 0000000000..c293d079d0
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <nvram format='raw'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index d7c732772e..bba658bf2b 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1657,6 +1657,8 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-path");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-qcow2-network-nbd");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvram-raw");
++    DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-format-nvram-raw");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-format-nvramtemplate-qcow2.patch

@@ -0,0 +1,161 @@
+From cb830f1506f2ce52a7f742fd962f74846e279666 Mon Sep 17 00:00:00 2001
+Message-ID: <cb830f1506f2ce52a7f742fd962f74846e279666.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 26 Nov 2025 18:19:12 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-format-nvramtemplate-qcow2
+
+This test case demonstrates an issue with the current
+implementation of firmware autoselection.
+
+While the test case passes, the outcome is not the desired one.
+The domain XML explicitly requests that the NVRAM template is in
+qcow2 format, and yet the selected firmware build uses the raw
+format for the NVRAM template instead.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 935879fb91cce1f1224500372de55aea2bfa8699)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...mat-nvramtemplate-qcow2.x86_64-latest.args | 37 +++++++++++++++++
+ ...rmat-nvramtemplate-qcow2.x86_64-latest.xml | 41 +++++++++++++++++++
+ ...re-auto-efi-format-nvramtemplate-qcow2.xml | 18 ++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 97 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+new file mode 100644
+index 0000000000..e7c9110c95
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+new file mode 100644
+index 0000000000..f4df8c07ed
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml
+@@ -0,0 +1,41 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
++    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.xml b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.xml
+new file mode 100644
+index 0000000000..582b2636e4
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <nvram templateFormat='qcow2'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 88935b1e1b..3df0780708 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1663,6 +1663,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-format-nvram-raw-nvramtemplate-path");
+     DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-format-loader-raw", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST_ABI_UPDATE("firmware-auto-efi-format-loader-raw", "aarch64");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-format-nvramtemplate-qcow2");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-mismatch");
+ 
+     /* This test passes, but the outcome is not the desired one: the
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-varstore-aarch64.patch

@@ -0,0 +1,84 @@
+From 17c942ba2e0eb25bf92b949badb6cf7137bbdf79 Mon Sep 17 00:00:00 2001
+Message-ID: <17c942ba2e0eb25bf92b949badb6cf7137bbdf79.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 22 Jan 2026 14:45:28 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-varstore-aarch64
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This test case demonstrates how to explicitly opt into using
+the uefi-vars device for an aarch64 guest.
+
+Normally the firmware autoselection process will pick a UEFI
+build that is loaded via pflash, but by including the <varstore>
+element in the input XML we can tell the QEMU driver that we
+want want the uefi-vars device to be used instead.
+
+Currently this results in an error, because the firmware
+autoselection algorithm doesn't yet know how to properly handle
+the scenario. A future commit will address this and make things
+work as expected.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 0653a2eae2ef7751f2d4f3dae20ff55332a90cc7)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...uto-efi-varstore-aarch64.aarch64-latest.err |  1 +
+ .../firmware-auto-efi-varstore-aarch64.xml     | 18 ++++++++++++++++++
+ tests/qemuxmlconftest.c                        |  1 +
+ 3 files changed, 20 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+new file mode 100644
+index 0000000000..b45d304221
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+@@ -0,0 +1 @@
++Only one of NVRAM/varstore can be used
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.xml
+new file mode 100644
+index 0000000000..e403c60643
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <varstore/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index b82ba0f205..77a5a18384 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1666,6 +1666,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-varstore-q35");
++    DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-auto-efi-varstore-aarch64", "aarch64");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
+-- 
+2.53.0

libvirt-tests-Add-firmware-auto-efi-varstore-q35.patch

@@ -0,0 +1,84 @@
+From ac7bc252920e687868b62596ac4b7b41abc228ff Mon Sep 17 00:00:00 2001
+Message-ID: <ac7bc252920e687868b62596ac4b7b41abc228ff.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Thu, 22 Jan 2026 14:42:34 +0100
+Subject: [PATCH] tests: Add firmware-auto-efi-varstore-q35
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This test case demonstrates how to explicitly opt into using
+the uefi-vars device for an x86_64 guest.
+
+Normally the firmware autoselection process will pick a UEFI
+build that is loaded via pflash, but by including the <varstore>
+element in the input XML we can tell the QEMU driver that we
+want want the uefi-vars device to be used instead.
+
+Currently this results in an error, because the firmware
+autoselection algorithm doesn't yet know how to properly handle
+the scenario. A future commit will address this and make things
+work as expected.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit d8e0e9c3cecbcc11f84b31d1ba50344ac1f2749d)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...are-auto-efi-varstore-q35.x86_64-latest.err |  1 +
+ .../firmware-auto-efi-varstore-q35.xml         | 18 ++++++++++++++++++
+ tests/qemuxmlconftest.c                        |  1 +
+ 3 files changed, 20 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+new file mode 100644
+index 0000000000..b45d304221
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+@@ -0,0 +1 @@
++Only one of NVRAM/varstore can be used
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.xml
+new file mode 100644
+index 0000000000..9cda95403e
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.xml
+@@ -0,0 +1,18 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
++    <varstore/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 4c97dac317..b82ba0f205 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1665,6 +1665,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
++    DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-varstore-q35");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
+-- 
+2.53.0

libvirt-tests-Add-firmware-descriptors-for-uefi-vars-builds.patch

@@ -0,0 +1,815 @@
+From 06806829491a9a5c758e3ede52813acc281b7a9c Mon Sep 17 00:00:00 2001
+Message-ID: <06806829491a9a5c758e3ede52813acc281b7a9c.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 20 Jan 2026 15:28:17 +0100
+Subject: [PATCH] tests: Add firmware descriptors for uefi-vars builds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Now that everything else is in place, we can finally add the
+firmware descriptors for the edk2 builds that use the uefi-vars
+QEMU device.
+
+Several existing test cases that were failing up until this
+point can pass now. This includes firmware-auto-efi-varstore-q35,
+firmware-auto-efi-varstore-aarch64 and
+firmware-auto-efi-enrolled-keys-aarch64, which were only failing
+because a matching firmware descriptor could not be found.
+
+firmware-manual-efi-varstore-aarch64 also passes now, because
+with the firmware descriptor in place libvirt is able to figure
+out that the manually-provided path corresponds to a UEFI
+firmware build, which means that the use of ACPI is fine.
+
+The test cases using older version of QEMU still fail, as is
+expected, though the error message is now slightly different and
+reflect the actual reason why that is.
+
+The qemufirmware and domaincaps tests are updated in the
+expected ways. In particular, versions QEMU 10.0 and newer now
+advertise varstore support as available.
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 0ea04024ef2963b1c348e2b634cd15b7fa381bc6)
+
+Conflicts:
+
+  * tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml
+    tests/domaincapsdata/qemu_10.2.0.aarch64.xml
+    tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml
+    tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml
+    tests/domaincapsdata/qemu_11.0.0.aarch64.xml
+
+    - Missing downstream
+
+  * tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+    tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+    tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+    tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
+
+    - GIC version mismatch caused by capabilities files
+      being outdated or missing downstream
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ .../qemu_10.0.0-q35.x86_64+amdsev.xml         |  2 +-
+ .../domaincapsdata/qemu_10.0.0-q35.x86_64.xml |  2 +-
+ .../qemu_10.0.0-virt.aarch64.xml              |  4 ++-
+ tests/domaincapsdata/qemu_10.0.0.aarch64.xml  |  4 ++-
+ .../qemu_10.1.0-q35.x86_64+inteltdx.xml       |  2 +-
+ .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml |  2 +-
+ .../qemu_10.2.0-q35.x86_64+mshv.xml           |  2 +-
+ .../domaincapsdata/qemu_10.2.0-q35.x86_64.xml |  2 +-
+ .../qemu_8.2.0-virt.aarch64.xml               |  2 ++
+ tests/domaincapsdata/qemu_8.2.0.aarch64.xml   |  2 ++
+ .../qemu_9.2.0-hvf.aarch64+hvf.xml            |  2 ++
+ .../90-edk2-aarch64-qemuvars-sb-enrolled.json | 29 ++++++++++++++++
+ ...90-edk2-ovmf-qemuvars-x64-sb-enrolled.json | 31 +++++++++++++++++
+ .../firmware/91-edk2-aarch64-qemuvars-sb.json | 28 +++++++++++++++
+ .../91-edk2-ovmf-qemuvars-x64-sb.json         | 30 ++++++++++++++++
+ tests/qemufirmwaretest.c                      | 20 ++++++++---
+ ...fi-enrolled-keys-aarch64.aarch64-8.2.0.err |  2 +-
+ ...-enrolled-keys-aarch64.aarch64-latest.args | 31 +++++++++++++++++
+ ...i-enrolled-keys-aarch64.aarch64-latest.err |  1 -
+ ...i-enrolled-keys-aarch64.aarch64-latest.xml |  4 ++-
+ ...o-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
+ ...to-efi-varstore-aarch64.aarch64-latest.err |  1 -
+ ...to-efi-varstore-aarch64.aarch64-latest.xml |  8 +++--
+ ...e-auto-efi-varstore-q35.x86_64-latest.args | 34 +++++++++++++++++++
+ ...re-auto-efi-varstore-q35.x86_64-latest.err |  1 -
+ ...re-auto-efi-varstore-q35.x86_64-latest.xml |  8 +++--
+ ...ual-efi-varstore-aarch64.aarch64-8.2.0.err |  2 +-
+ ...l-efi-varstore-aarch64.aarch64-latest.args | 31 +++++++++++++++++
+ ...al-efi-varstore-aarch64.aarch64-latest.err |  1 -
+ ...l-efi-varstore-aarch64.aarch64-latest.xml} |  4 ++-
+ ...-manual-efi-varstore-q35.x86_64-latest.xml |  8 +++--
+ tests/qemuxmlconftest.c                       | 10 +++---
+ 32 files changed, 310 insertions(+), 31 deletions(-)
+ create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
+ create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
+ create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
+ create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+ delete mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+ rename tests/qemuxmlconfdata/{firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml => firmware-manual-efi-varstore-aarch64.aarch64-latest.xml} (78%)
+
+diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
+index 1fff8c7fc7..bf6393dc03 100644
+--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
++++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml
+@@ -36,7 +36,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
+index 6c26e5b422..d6f710e56e 100644
+--- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
++++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml
+@@ -36,7 +36,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
+index 97064ea009..334aa5e31f 100644
+--- a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
++++ b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml
+@@ -11,9 +11,11 @@
+     </enum>
+     <firmwareFeatures supported='yes'>
+       <enum name='secureBoot'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+       <enum name='enrolledKeys'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+     </firmwareFeatures>
+@@ -32,7 +34,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
+index 97064ea009..334aa5e31f 100644
+--- a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
++++ b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml
+@@ -11,9 +11,11 @@
+     </enum>
+     <firmwareFeatures supported='yes'>
+       <enum name='secureBoot'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+       <enum name='enrolledKeys'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+     </firmwareFeatures>
+@@ -32,7 +34,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+index 3105469bdc..4632a816f5 100644
+--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
++++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+@@ -36,7 +36,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+index e55d7d8ba6..60cc9eee3d 100644
+--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
++++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+@@ -36,7 +36,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
+index 43fe2bff93..e30b64e068 100644
+--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
++++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml
+@@ -35,7 +35,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
+index 6327aa7043..640e9e8f87 100644
+--- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
++++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml
+@@ -36,7 +36,7 @@
+         <value>no</value>
+       </enum>
+     </loader>
+-    <varstore supported='no'/>
++    <varstore supported='yes'/>
+   </os>
+   <cpu>
+     <mode name='host-passthrough' supported='yes'>
+diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+index 420fbedd72..83fc9e37a7 100644
+--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
++++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+@@ -11,9 +11,11 @@
+     </enum>
+     <firmwareFeatures supported='yes'>
+       <enum name='secureBoot'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+       <enum name='enrolledKeys'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+     </firmwareFeatures>
+diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+index 420fbedd72..83fc9e37a7 100644
+--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
++++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+@@ -11,9 +11,11 @@
+     </enum>
+     <firmwareFeatures supported='yes'>
+       <enum name='secureBoot'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+       <enum name='enrolledKeys'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+     </firmwareFeatures>
+diff --git a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
+index f998177636..65bb9dc9bd 100644
+--- a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
++++ b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml
+@@ -11,9 +11,11 @@
+     </enum>
+     <firmwareFeatures supported='yes'>
+       <enum name='secureBoot'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+       <enum name='enrolledKeys'>
++        <value>yes</value>
+         <value>no</value>
+       </enum>
+     </firmwareFeatures>
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
+new file mode 100644
+index 0000000000..9142d8fecd
+--- /dev/null
++++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
+@@ -0,0 +1,29 @@
++{
++    "description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled",
++    "interface-types": [
++        "uefi"
++    ],
++    "mapping": {
++        "device": "memory",
++        "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
++        "uefi-vars": {
++            "template": "/usr/share/edk2/aarch64/vars.secboot.json"
++        }
++    },
++    "targets": [
++        {
++            "architecture": "aarch64",
++            "machines": [
++                "virt-*"
++            ]
++        }
++    ],
++    "features": [
++        "enrolled-keys",
++        "secure-boot",
++        "host-uefi-vars"
++    ],
++    "tags": [
++
++    ]
++}
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
+new file mode 100644
+index 0000000000..5b1b483c1c
+--- /dev/null
++++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
+@@ -0,0 +1,31 @@
++{
++    "description": "OVMF for qemu uefi-vars, SB enabled, MS certs enrolled",
++    "interface-types": [
++        "uefi"
++    ],
++    "mapping": {
++        "device": "memory",
++        "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
++        "uefi-vars": {
++            "template": "/usr/share/edk2/ovmf/vars.secboot.json"
++        }
++    },
++    "targets": [
++        {
++            "architecture": "x86_64",
++            "machines": [
++                "pc-q35-*"
++            ]
++        }
++    ],
++    "features": [
++        "acpi-s3",
++        "enrolled-keys",
++        "secure-boot",
++        "host-uefi-vars",
++        "verbose-dynamic"
++    ],
++    "tags": [
++
++    ]
++}
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
+new file mode 100644
+index 0000000000..95c25981dd
+--- /dev/null
++++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
+@@ -0,0 +1,28 @@
++{
++    "description": "UEFI firmware for ARM64 virtual machines, SB disabled",
++    "interface-types": [
++        "uefi"
++    ],
++    "mapping": {
++        "device": "memory",
++        "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
++        "uefi-vars": {
++            "template": "/usr/share/edk2/aarch64/vars.blank.json"
++        }
++    },
++    "targets": [
++        {
++            "architecture": "aarch64",
++            "machines": [
++                "virt-*"
++            ]
++        }
++    ],
++    "features": [
++        "secure-boot",
++        "host-uefi-vars"
++    ],
++    "tags": [
++
++    ]
++}
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
+new file mode 100644
+index 0000000000..b3fb98cbce
+--- /dev/null
++++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
+@@ -0,0 +1,30 @@
++{
++    "description": "OVMF for qemu uefi-vars, SB disabled",
++    "interface-types": [
++        "uefi"
++    ],
++    "mapping": {
++        "device": "memory",
++        "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
++        "uefi-vars": {
++            "template": "/usr/share/edk2/ovmf/vars.blank.json"
++        }
++    },
++    "targets": [
++        {
++            "architecture": "x86_64",
++            "machines": [
++                "pc-q35-*"
++            ]
++        }
++    ],
++    "features": [
++        "acpi-s3",
++        "secure-boot",
++        "host-uefi-vars",
++        "verbose-dynamic"
++    ],
++    "tags": [
++
++    ]
++}
+diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
+index ee585b67d2..075e3e1d4c 100644
+--- a/tests/qemufirmwaretest.c
++++ b/tests/qemufirmwaretest.c
+@@ -101,7 +101,11 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
+         SYSCONFDIR "/qemu/firmware/59-libvirt-combined.json",
+         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
+         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
++        PREFIX "/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json",
++        PREFIX "/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json",
+         PREFIX "/share/qemu/firmware/90-libvirt-combined.json",
++        PREFIX "/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json",
++        PREFIX "/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json",
+         PREFIX "/share/qemu/firmware/91-libvirt-bios.json",
+         PREFIX "/share/qemu/firmware/93-libvirt-invalid.json",
+         NULL
+@@ -296,7 +300,11 @@ mymain(void)
+     DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/90-libvirt-combined.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/91-libvirt-bios.json");
+     DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-libvirt-invalid.json");
+ 
+@@ -325,7 +333,7 @@ mymain(void)
+     DO_SUPPORTED_TEST("pc-i440fx-3.1", VIR_ARCH_I686, false, false,
+                       "/usr/share/seabios/bios-256k.bin:NULL",
+                       VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS);
+-    DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, false,
++    DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, true,
+                       "/usr/share/seabios/bios-256k.bin:NULL:"
+                       "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2:/usr/share/edk2/ovmf/OVMF_VARS_4M.secboot.qcow2:"
+                       "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd:"
+@@ -335,7 +343,9 @@ mymain(void)
+                       "/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd:"
+                       "/usr/share/edk2/ovmf/OVMF.combined.fd:NULL:"
+                       "/usr/share/edk2/ovmf/OVMF.amdsev.fd:NULL:"
+-                      "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL",
++                      "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd:NULL:"
++                      "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/vars.secboot.json:"
++                      "/usr/share/edk2/ovmf/OVMF.qemuvars.fd:/usr/share/edk2/ovmf/vars.blank.json",
+                       VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS,
+                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
+     DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_I686, false, false,
+@@ -344,11 +354,13 @@ mymain(void)
+     DO_SUPPORTED_TEST("microvm", VIR_ARCH_X86_64, false, false,
+                       "/usr/share/edk2/ovmf/MICROVM.fd:NULL",
+                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
+-    DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, false,
++    DO_SUPPORTED_TEST("virt-3.1", VIR_ARCH_AARCH64, false, true,
+                       "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
+                       "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
+                       "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2:/usr/share/edk2/aarch64/vars-template-pflash.qcow2:"
+-                      "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw",
++                      "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw:"
++                      "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars.secboot.json:"
++                      "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd:/usr/share/edk2/aarch64/vars.blank.json",
+                       VIR_DOMAIN_OS_DEF_FIRMWARE_EFI);
+     DO_SUPPORTED_TEST("virt", VIR_ARCH_RISCV64, false, false,
+                       "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2:/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+index 3edb2b3451..e64c2b21aa 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.err
+@@ -1 +1 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
++unsupported configuration: The uefi-vars device is not supported by this QEMU binary
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+new file mode 100644
+index 0000000000..1cd04c87b1
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.args
+@@ -0,0 +1,31 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-aarch64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
++-accel kvm \
++-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+index 5213a41b90..1509a65bf4 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-latest.xml
+@@ -8,8 +8,10 @@
+     <type arch='aarch64' machine='virt-8.2'>hvm</type>
+     <firmware>
+       <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
+     </firmware>
+-    <loader format='raw'/>
++    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
++    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+new file mode 100644
+index 0000000000..1cd04c87b1
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.args
+@@ -0,0 +1,31 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-aarch64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
++-accel kvm \
++-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+index 867d8f03e3..1509a65bf4 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-aarch64.aarch64-latest.xml
+@@ -6,8 +6,12 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='aarch64' machine='virt-8.2'>hvm</type>
+-    <loader format='raw'/>
+-    <varstore/>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
++    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+new file mode 100644
+index 0000000000..9a899c2a65
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.args
+@@ -0,0 +1,34 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
+deleted file mode 100644
+index 3edb2b3451..0000000000
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+index c4d70c9fc5..cfce35de3f 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-auto-efi-varstore-q35.x86_64-latest.xml
+@@ -6,8 +6,12 @@
+   <vcpu placement='static'>1</vcpu>
+   <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
+-    <loader format='raw'/>
+-    <varstore/>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
++    <varstore template='/usr/share/edk2/ovmf/vars.secboot.json' path='/var/lib/libvirt/qemu/varstore/guest.json'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+index 4fe79bdacf..e64c2b21aa 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+@@ -1 +1 @@
+-unsupported configuration: ACPI requires UEFI on this architecture
++unsupported configuration: The uefi-vars device is not supported by this QEMU binary
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+new file mode 100644
+index 0000000000..1cd04c87b1
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.args
+@@ -0,0 +1,31 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-aarch64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine virt-8.2,usb=off,gic-version=3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=on \
++-accel kvm \
++-bios /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+deleted file mode 100644
+index 4fe79bdacf..0000000000
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
++++ /dev/null
+@@ -1 +0,0 @@
+-unsupported configuration: ACPI requires UEFI on this architecture
+diff --git a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
+similarity index 78%
+rename from tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
+rename to tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
+index 5213a41b90..bdc50cb87e 100644
+--- a/tests/qemuxmlconfdata/firmware-auto-efi-enrolled-keys-aarch64.aarch64-8.2.0.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.xml
+@@ -8,8 +8,10 @@
+     <type arch='aarch64' machine='virt-8.2'>hvm</type>
+     <firmware>
+       <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
+     </firmware>
+-    <loader format='raw'/>
++    <loader type='rom' format='raw'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
++    <varstore template='/usr/share/edk2/aarch64/vars.secboot.json' path='/path/to/guest.json'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+index 296c6e8f59..a7b54a3fac 100644
+--- a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+@@ -4,10 +4,14 @@
+   <memory unit='KiB'>1048576</memory>
+   <currentMemory unit='KiB'>1048576</currentMemory>
+   <vcpu placement='static'>1</vcpu>
+-  <os>
++  <os firmware='efi'>
+     <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='enrolled-keys'/>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
+     <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
+-    <varstore path='/path/to/guest.json'/>
++    <varstore template='/usr/share/edk2/ovmf/vars.secboot.json' path='/path/to/guest.json'/>
+     <boot dev='hd'/>
+   </os>
+   <features>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index e38a80c57a..3ec49a325e 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1614,7 +1614,7 @@ mymain(void)
+ 
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
+     DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
+-    DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64");
++    DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-varstore-aarch64", "aarch64");
+     DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64", "8.2.0");
+ 
+     /* Make sure all combinations of ACPI and UEFI behave as expected */
+@@ -1651,8 +1651,8 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-enrolled-keys");
+-    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
+-    DO_TEST_CAPS_ARCH_VER_FAILURE("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
++    DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-enrolled-keys-aarch64", "aarch64");
++    DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-auto-efi-enrolled-keys-aarch64", "aarch64", "8.2.0");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-no-enrolled-keys");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-enrolled-keys-no-secboot");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-smm-off");
+@@ -1667,8 +1667,8 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-file");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-nbd");
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-nvram-network-iscsi");
+-    DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-varstore-q35");
+-    DO_TEST_CAPS_ARCH_LATEST_FAILURE("firmware-auto-efi-varstore-aarch64", "aarch64");
++    DO_TEST_CAPS_LATEST("firmware-auto-efi-varstore-q35");
++    DO_TEST_CAPS_ARCH_LATEST("firmware-auto-efi-varstore-aarch64", "aarch64");
+ 
+     DO_TEST_CAPS_LATEST("firmware-auto-efi-format-loader-qcow2");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-auto-efi-format-loader-qcow2-rom");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-bios-rw.patch

@@ -0,0 +1,138 @@
+From a0e5f0e040148a999fcd37e4fed50b7c6896702f Mon Sep 17 00:00:00 2001
+Message-ID: <a0e5f0e040148a999fcd37e4fed50b7c6896702f.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 12 Dec 2025 16:15:34 +0100
+Subject: [PATCH] tests: Add firmware-manual-bios-rw
+
+This test case demonstrates a flaw in the XML validation process.
+
+ROM images are by definition read-only, so attempting to use one
+as read/write should have resulted in the domain XML being
+rejected.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 26035762a96d77b8c78fa56a3a62a45ae4914597)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...firmware-manual-bios-rw.x86_64-latest.args | 32 +++++++++++++++++++
+ .../firmware-manual-bios-rw.x86_64-latest.xml | 28 ++++++++++++++++
+ .../firmware-manual-bios-rw.xml               | 15 +++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 76 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
+new file mode 100644
+index 0000000000..969c7ad68c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.args
+@@ -0,0 +1,32 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-i440fx-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \
++-accel tcg \
++-cpu qemu64 \
++-bios /usr/share/seabios/bios.bin \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
+new file mode 100644
+index 0000000000..65bb8493c9
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.xml
+@@ -0,0 +1,28 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-i440fx-10.0'>hvm</type>
++    <loader readonly='no' type='rom' format='raw'>/usr/share/seabios/bios.bin</loader>
++    <boot dev='hd'/>
++  </os>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pci-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-bios-rw.xml b/tests/qemuxmlconfdata/firmware-manual-bios-rw.xml
+new file mode 100644
+index 0000000000..b12aa67d1a
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-bios-rw.xml
+@@ -0,0 +1,15 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-i440fx-10.0'>hvm</type>
++    <loader readonly='no'>/usr/share/seabios/bios.bin</loader>
++  </os>
++  <devices>
++   <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index c20db43cec..ba33267d4e 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1576,6 +1576,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-bios");
+     DO_TEST_CAPS_LATEST("firmware-manual-bios-stateless");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-bios-not-stateless");
++    DO_TEST_CAPS_LATEST("firmware-manual-bios-rw");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-features");
+     DO_TEST_CAPS_LATEST_ABI_UPDATE_PARSE_ERROR("firmware-manual-efi-features");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-format.patch

@@ -0,0 +1,152 @@
+From 995eced3987e075405e4f7fac61c91b237707903 Mon Sep 17 00:00:00 2001
+Message-ID: <995eced3987e075405e4f7fac61c91b237707903.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 24 Nov 2025 18:29:59 +0100
+Subject: [PATCH] tests: Add
+ firmware-manual-efi-nvram-template-nonstandard-format
+
+This test case demonstrates that it's possible to associate a
+custom NVRAM template to a well-known firmware binary, specifying
+its format, and libvirt will behave correctly.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 17979f08b959a55f5a912acfa555858605445a16)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...late-nonstandard-format.x86_64-latest.args | 37 +++++++++++++++++++
+ ...plate-nonstandard-format.x86_64-latest.xml | 36 ++++++++++++++++++
+ ...-efi-nvram-template-nonstandard-format.xml | 19 ++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 93 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.args
+new file mode 100644
+index 0000000000..fa0626a8f3
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"qcow2","file":"libvirt-pflash0-storage","backing":null}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"qcow2","file":"libvirt-pflash1-storage","backing":null}' \
++-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.xml
+new file mode 100644
+index 0000000000..fc926db62e
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.xml
+@@ -0,0 +1,36 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' type='pflash' format='qcow2'>/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2</loader>
++    <nvram template='/path/to/OVMF_VARS.qcow2' templateFormat='qcow2' format='qcow2'>/var/lib/libvirt/qemu/nvram/guest_VARS.qcow2</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.xml b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.xml
+new file mode 100644
+index 0000000000..aa150973ec
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' type='pflash' format='qcow2'>/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2</loader>
++    <nvram template='/path/to/OVMF_VARS.qcow2' templateFormat='qcow2'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 3296f6f990..5c3d494065 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1594,6 +1594,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-stateless");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template-nonstandard");
++    DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template-nonstandard-format");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-stateless");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-legacy-paths.patch

@@ -0,0 +1,155 @@
+From dd70f22383e665b1cad5a6c4c1173f432e5f8662 Mon Sep 17 00:00:00 2001
+Message-ID: <dd70f22383e665b1cad5a6c4c1173f432e5f8662.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 5 Dec 2025 15:31:46 +0100
+Subject: [PATCH] tests: Add
+ firmware-manual-efi-nvram-template-nonstandard-legacy-paths
+
+This test cases demonstrates that it's possible to use a custom
+NVRAM template together with a standard firmware binary even when
+referring to the latter by its legacy path rather than its
+modern, canonical one.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 13ce34e6465cbd46ce1c733dff8f2d5b6a84d24d)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...onstandard-legacy-paths.x86_64-latest.args | 37 +++++++++++++++++++
+ ...nonstandard-legacy-paths.x86_64-latest.xml | 37 +++++++++++++++++++
+ ...vram-template-nonstandard-legacy-paths.xml | 20 ++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 95 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.args
+new file mode 100644
+index 0000000000..18ca736065
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel tcg \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.xml
+new file mode 100644
+index 0000000000..8073a042f9
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.xml
+@@ -0,0 +1,37 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' secure='yes' type='pflash' format='raw'>/usr/share/OVMF/OVMF_CODE.fd</loader>
++    <nvram template='/path/to/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.xml b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.xml
+new file mode 100644
+index 0000000000..f32d29c6f5
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.xml
+@@ -0,0 +1,20 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
++    <nvram template='/path/to/OVMF_VARS.fd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 5c3d494065..d7c732772e 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1595,6 +1595,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template-nonstandard");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template-nonstandard-format");
++    DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-template-nonstandard-legacy-paths");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-template-stateless");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-iscsi");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-network-nbd");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-rw-nvram.patch

@@ -0,0 +1,160 @@
+From 2a9e5ad8bd63161f84c71a8b729643b840e2ae14 Mon Sep 17 00:00:00 2001
+Message-ID: <2a9e5ad8bd63161f84c71a8b729643b840e2ae14.1772815312.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 5 Dec 2025 18:39:04 +0100
+Subject: [PATCH] tests: Add firmware-manual-efi-rw-nvram
+
+This test case demonstrates a flaw in the XML validation process.
+
+Read/write firmware images already contain an area dedicated to
+variable storage, which they use, so attempting to use a separate
+NVRAM file together with them should have resulted in the domain
+XML being rejected.
+
+The issue will be addressed in an upcoming commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 27313799ba1b50741ed7f67773511de0aa882047)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...are-manual-efi-rw-nvram.x86_64-latest.args | 37 +++++++++++++++++
+ ...ware-manual-efi-rw-nvram.x86_64-latest.xml | 40 +++++++++++++++++++
+ .../firmware-manual-efi-rw-nvram.xml          | 19 +++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 97 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
+new file mode 100644
+index 0000000000..6b3eec0a27
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.combined.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":false,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-blockdev '{"driver":"file","filename":"/path/to/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}' \
++-machine pc-q35-10.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-storage,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-global driver=cfi.pflash01,property=secure,value=on \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
+new file mode 100644
+index 0000000000..f6436df80f
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.xml
+@@ -0,0 +1,40 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='yes' name='secure-boot'/>
++    </firmware>
++    <loader readonly='no' secure='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF.combined.fd</loader>
++    <nvram format='raw'>/path/to/guest_VARS.fd</nvram>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++    <smm state='on'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.xml b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.xml
+new file mode 100644
+index 0000000000..81884f4913
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='no' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF.combined.fd</loader>
++    <nvram format='raw'>/path/to/guest_VARS.fd</nvram>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index bddd659fd4..726281a4ab 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1583,6 +1583,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-legacy-paths");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-modern-paths");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-implicit");
++    DO_TEST_CAPS_LATEST("firmware-manual-efi-rw-nvram");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-loader-secure");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-loader-no-path");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-loader-path-nonstandard");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-sev-snp.patch

@@ -0,0 +1,162 @@
+From fd3348c016cc5a0c06fd75cd121047afd4a46e9b Mon Sep 17 00:00:00 2001
+Message-ID: <fd3348c016cc5a0c06fd75cd121047afd4a46e9b.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 19:42:35 +0100
+Subject: [PATCH] tests: Add firmware-manual-efi-sev-snp
+
+This test cases demonstrates that firmware selection runs for
+domains manually configured to use the AMD SEV build of edk2, and
+that the missing information (firmware features, as well as the
+fact that firmware type is EFI) are correctly filled in.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit f65ef07dcf7086d0469bdf6f1c6e11f580ccdc59)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...nual-efi-sev-snp.x86_64-latest+amdsev.args | 36 ++++++++++++++++
+ ...anual-efi-sev-snp.x86_64-latest+amdsev.xml | 42 +++++++++++++++++++
+ .../firmware-manual-efi-sev-snp.xml           | 21 ++++++++++
+ tests/qemuxmlconftest.c                       |  4 ++
+ 4 files changed, 103 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args
+new file mode 100644
+index 0000000000..99350f600c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args
+@@ -0,0 +1,36 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
++-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
++-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-object '{"qom-type":"sev-snp-guest","id":"lsec0","cbitpos":51,"reduced-phys-bits":1,"policy":196608}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml
+new file mode 100644
+index 0000000000..6ea58f3361
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml
+@@ -0,0 +1,42 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os firmware='efi'>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <firmware>
++      <feature enabled='no' name='enrolled-keys'/>
++      <feature enabled='no' name='secure-boot'/>
++    </firmware>
++    <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++  <launchSecurity type='sev-snp'>
++    <policy>0x00030000</policy>
++  </launchSecurity>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml
+new file mode 100644
+index 0000000000..b52900406c
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml
+@@ -0,0 +1,21 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++  <launchSecurity type='sev-snp'>
++    <policy>0x00030000</policy>
++  </launchSecurity>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 0091840731..a1d26cdfa5 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1602,6 +1602,10 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-stateless");
+ 
++    DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-manual-efi-sev-snp", "x86_64",
++                                  ARG_CAPS_VARIANT, "+amdsev",
++                                  ARG_END);
++
+     /* Make sure all combinations of ACPI and UEFI behave as expected */
+     DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-acpi-aarch64", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-acpi-q35");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-tdx.patch

@@ -0,0 +1,164 @@
+From 196013b3a99e84453a4b9b5c7b364f42d7da0e8b Mon Sep 17 00:00:00 2001
+Message-ID: <196013b3a99e84453a4b9b5c7b364f42d7da0e8b.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 17 Nov 2025 19:48:43 +0100
+Subject: [PATCH] tests: Add firmware-manual-efi-tdx
+
+This test case demonstrates that firmware selection does not run
+for domains manually configured to use the Intel TDX build of
+edk2, and as a result some expected information is missing; in
+particular, the fact that the firmware type is EFI is not
+reflected in the domain XML.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 8d1bfa69b2cd84ffb677b771a33b5692446a0837)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...manual-efi-tdx.x86_64-latest+inteltdx.args | 34 +++++++++++++++
+ ...-manual-efi-tdx.x86_64-latest+inteltdx.xml | 42 +++++++++++++++++++
+ .../firmware-manual-efi-tdx.xml               | 25 +++++++++++
+ tests/qemuxmlconftest.c                       |  3 ++
+ 4 files changed, 104 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-tdx.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.args b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.args
+new file mode 100644
+index 0000000000..33a73bfc10
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.args
+@@ -0,0 +1,34 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-object '{"qom-type":"tdx-guest","id":"lsec0","mrconfigid":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","mrowner":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","mrownerconfig":"ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v","quote-generation-socket":{"type":"unix","path":"/var/run/tdx-qgs/qgs.socket"},"attributes":268435456}' \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+new file mode 100644
+index 0000000000..7428a3dfef
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml
+@@ -0,0 +1,42 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++  <launchSecurity type='tdx'>
++    <policy>0x10000000</policy>
++    <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrConfigId>
++    <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwner>
++    <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwnerConfig>
++    <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/>
++  </launchSecurity>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-tdx.xml b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.xml
+new file mode 100644
+index 0000000000..ee9d63c5fe
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-tdx.xml
+@@ -0,0 +1,25 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-10.0'>hvm</type>
++    <loader readonly='yes' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++  <launchSecurity type='tdx'>
++    <policy>0x10000000</policy>
++    <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrConfigId>
++    <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwner>
++    <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwnerConfig>
++    <quoteGenerationService path='/var/run/tdx-qgs/qgs.socket'/>
++  </launchSecurity>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index a1d26cdfa5..822e29b888 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1605,6 +1605,9 @@ mymain(void)
+     DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-manual-efi-sev-snp", "x86_64",
+                                   ARG_CAPS_VARIANT, "+amdsev",
+                                   ARG_END);
++    DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-manual-efi-tdx", "x86_64",
++                                  ARG_CAPS_VARIANT, "+inteltdx",
++                                  ARG_END);
+ 
+     /* Make sure all combinations of ACPI and UEFI behave as expected */
+     DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-acpi-aarch64", "aarch64");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-varstore-aarch64.patch

@@ -0,0 +1,89 @@
+From c4370fce703194eea2b2a812e9b0f9354bfa78fd Mon Sep 17 00:00:00 2001
+Message-ID: <c4370fce703194eea2b2a812e9b0f9354bfa78fd.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Tue, 18 Nov 2025 14:46:12 +0100
+Subject: [PATCH] tests: Add firmware-manual-efi-varstore-aarch64
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This test case demonstrates how to manually configure an aarch64
+guest to use the uefi-vars device.
+
+It currently fails because the QEMU driver does not yet recognize
+the firmware type as EFI, and so rejects the attempt to use ACPI
+together with it. That will change in a future commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 71d6399068d29a10433b95ff7eff264bd3db4211)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...ual-efi-varstore-aarch64.aarch64-8.2.0.err |  1 +
+ ...al-efi-varstore-aarch64.aarch64-latest.err |  1 +
+ .../firmware-manual-efi-varstore-aarch64.xml  | 19 +++++++++++++++++++
+ tests/qemuxmlconftest.c                       |  2 ++
+ 4 files changed, 23 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+new file mode 100644
+index 0000000000..4fe79bdacf
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-8.2.0.err
+@@ -0,0 +1 @@
++unsupported configuration: ACPI requires UEFI on this architecture
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+new file mode 100644
+index 0000000000..4fe79bdacf
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.aarch64-latest.err
+@@ -0,0 +1 @@
++unsupported configuration: ACPI requires UEFI on this architecture
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.xml
+new file mode 100644
+index 0000000000..5c545fe0ab
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-aarch64.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='aarch64' machine='virt-8.2'>hvm</type>
++    <loader type='rom'>/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd</loader>
++    <varstore path='/path/to/guest.json'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index 4bdbab5cad..4c97dac317 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1614,6 +1614,8 @@ mymain(void)
+ 
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
+     DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
++    DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64");
++    DO_TEST_CAPS_ARCH_VER_PARSE_ERROR("firmware-manual-efi-varstore-aarch64", "aarch64", "8.2.0");
+ 
+     /* Make sure all combinations of ACPI and UEFI behave as expected */
+     DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-acpi-aarch64", "aarch64");
+-- 
+2.53.0

libvirt-tests-Add-firmware-manual-efi-varstore-q35.patch

@@ -0,0 +1,168 @@
+From 48d9e7255c762375641194b2390b3e0f6c75a065 Mon Sep 17 00:00:00 2001
+Message-ID: <48d9e7255c762375641194b2390b3e0f6c75a065.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 7 Nov 2025 16:41:37 +0100
+Subject: [PATCH] tests: Add firmware-manual-efi-varstore-q35
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This test case demonstrates how to manually configure an x86_64
+guest to use the uefi-vars device.
+
+It fails when using an older version of QEMU which didn't have
+the device, and succeeds when using the latest version. The
+relevant bits of the QEMU command line are not generated yet,
+but that will come in a later commit.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 77b44120c5f55ddf3bbd36e877d4aedfc94386f9)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ ...e-manual-efi-varstore-q35.x86_64-8.2.0.err |  1 +
+ ...manual-efi-varstore-q35.x86_64-latest.args | 34 ++++++++++++++++++
+ ...-manual-efi-varstore-q35.x86_64-latest.xml | 36 +++++++++++++++++++
+ .../firmware-manual-efi-varstore-q35.xml      | 19 ++++++++++
+ tests/qemuxmlconftest.c                       |  3 ++
+ 5 files changed, 93 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-8.2.0.err
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.xml
+
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-8.2.0.err b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-8.2.0.err
+new file mode 100644
+index 0000000000..e64c2b21aa
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-8.2.0.err
+@@ -0,0 +1 @@
++unsupported configuration: The uefi-vars device is not supported by this QEMU binary
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+new file mode 100644
+index 0000000000..9a899c2a65
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.args
+@@ -0,0 +1,34 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-x86_64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine pc-q35-8.2,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
++-accel kvm \
++-cpu qemu64 \
++-bios /usr/share/edk2/ovmf/OVMF.qemuvars.fd \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-global ICH9-LPC.noreboot=off \
++-watchdog-action reset \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+new file mode 100644
+index 0000000000..296c6e8f59
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.x86_64-latest.xml
+@@ -0,0 +1,36 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
++    <loader type='rom' format='raw'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
++    <varstore path='/path/to/guest.json'/>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='sata' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <audio id='1' type='none'/>
++    <watchdog model='itco' action='reset'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.xml b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.xml
+new file mode 100644
+index 0000000000..c1dc00fde8
+--- /dev/null
++++ b/tests/qemuxmlconfdata/firmware-manual-efi-varstore-q35.xml
+@@ -0,0 +1,19 @@
++<domain type='kvm'>
++  <name>guest</name>
++  <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='x86_64' machine='pc-q35-8.2'>hvm</type>
++    <loader type='rom'>/usr/share/edk2/ovmf/OVMF.qemuvars.fd</loader>
++    <varstore path='/path/to/guest.json'/>
++  </os>
++  <features>
++    <acpi/>
++  </features>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index a3d4d2de5c..4bdbab5cad 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -1612,6 +1612,9 @@ mymain(void)
+                                   ARG_CAPS_VARIANT, "+inteltdx",
+                                   ARG_END);
+ 
++    DO_TEST_CAPS_LATEST("firmware-manual-efi-varstore-q35");
++    DO_TEST_CAPS_VER_PARSE_ERROR("firmware-manual-efi-varstore-q35", "8.2.0");
++
+     /* Make sure all combinations of ACPI and UEFI behave as expected */
+     DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-acpi-aarch64", "aarch64");
+     DO_TEST_CAPS_LATEST("firmware-manual-efi-acpi-q35");
+-- 
+2.53.0

libvirt-tests-Rename-custom-JSON-firmware-descriptors.patch

@@ -0,0 +1,151 @@
+From b4ac6b2fe5cc443ca41eaad3301137c2c47ced2d Mon Sep 17 00:00:00 2001
+Message-ID: <b4ac6b2fe5cc443ca41eaad3301137c2c47ced2d.1772815313.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Fri, 23 Jan 2026 14:34:05 +0100
+Subject: [PATCH] tests: Rename custom JSON firmware descriptors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Most of the JSON firmware descriptors in our test suite come from
+the Fedora package for edk2, but there are a few additional ones
+that we have created ourselves to ensure coverage of uncommon or
+problematic scenarios.
+
+In order to make sure that such descriptors are clearly marked as
+custom, rename them to include the string "libvirt" in the path.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit ccdff699ac30fc12691ad45b36951317d37e1030)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ .../etc/qemu/firmware/20-bios.json               |  1 -
+ .../etc/qemu/firmware/20-libvirt-bios.json       |  1 +
+ .../etc/qemu/firmware/59-combined.json           |  1 -
+ .../etc/qemu/firmware/59-libvirt-combined.json   |  1 +
+ .../{92-masked.json => 92-libvirt-masked.json}   |  0
+ .../{10-bios.json => 10-libvirt-bios.json}       |  0
+ ...90-combined.json => 90-libvirt-combined.json} |  0
+ .../{91-bios.json => 91-libvirt-bios.json}       |  0
+ .../{92-masked.json => 92-libvirt-masked.json}   |  0
+ .../{93-invalid.json => 93-libvirt-invalid.json} |  0
+ tests/qemufirmwaretest.c                         | 16 ++++++++--------
+ 11 files changed, 10 insertions(+), 10 deletions(-)
+ delete mode 120000 tests/qemufirmwaredata/etc/qemu/firmware/20-bios.json
+ create mode 120000 tests/qemufirmwaredata/etc/qemu/firmware/20-libvirt-bios.json
+ delete mode 120000 tests/qemufirmwaredata/etc/qemu/firmware/59-combined.json
+ create mode 120000 tests/qemufirmwaredata/etc/qemu/firmware/59-libvirt-combined.json
+ rename tests/qemufirmwaredata/etc/qemu/firmware/{92-masked.json => 92-libvirt-masked.json} (100%)
+ rename tests/qemufirmwaredata/home/user/.config/qemu/firmware/{10-bios.json => 10-libvirt-bios.json} (100%)
+ rename tests/qemufirmwaredata/usr/share/qemu/firmware/{90-combined.json => 90-libvirt-combined.json} (100%)
+ rename tests/qemufirmwaredata/usr/share/qemu/firmware/{91-bios.json => 91-libvirt-bios.json} (100%)
+ rename tests/qemufirmwaredata/usr/share/qemu/firmware/{92-masked.json => 92-libvirt-masked.json} (100%)
+ rename tests/qemufirmwaredata/usr/share/qemu/firmware/{93-invalid.json => 93-libvirt-invalid.json} (100%)
+
+diff --git a/tests/qemufirmwaredata/etc/qemu/firmware/20-bios.json b/tests/qemufirmwaredata/etc/qemu/firmware/20-bios.json
+deleted file mode 120000
+index 2c274dddc2..0000000000
+--- a/tests/qemufirmwaredata/etc/qemu/firmware/20-bios.json
++++ /dev/null
+@@ -1 +0,0 @@
+-../../../usr/share/qemu/firmware/91-bios.json
+\ No newline at end of file
+diff --git a/tests/qemufirmwaredata/etc/qemu/firmware/20-libvirt-bios.json b/tests/qemufirmwaredata/etc/qemu/firmware/20-libvirt-bios.json
+new file mode 120000
+index 0000000000..fab8877c3e
+--- /dev/null
++++ b/tests/qemufirmwaredata/etc/qemu/firmware/20-libvirt-bios.json
+@@ -0,0 +1 @@
++../../../usr/share/qemu/firmware/91-libvirt-bios.json
+\ No newline at end of file
+diff --git a/tests/qemufirmwaredata/etc/qemu/firmware/59-combined.json b/tests/qemufirmwaredata/etc/qemu/firmware/59-combined.json
+deleted file mode 120000
+index da9099ffb7..0000000000
+--- a/tests/qemufirmwaredata/etc/qemu/firmware/59-combined.json
++++ /dev/null
+@@ -1 +0,0 @@
+-../../../usr/share/qemu/firmware/90-combined.json
+\ No newline at end of file
+diff --git a/tests/qemufirmwaredata/etc/qemu/firmware/59-libvirt-combined.json b/tests/qemufirmwaredata/etc/qemu/firmware/59-libvirt-combined.json
+new file mode 120000
+index 0000000000..74e63c4574
+--- /dev/null
++++ b/tests/qemufirmwaredata/etc/qemu/firmware/59-libvirt-combined.json
+@@ -0,0 +1 @@
++../../../usr/share/qemu/firmware/90-libvirt-combined.json
+\ No newline at end of file
+diff --git a/tests/qemufirmwaredata/etc/qemu/firmware/92-masked.json b/tests/qemufirmwaredata/etc/qemu/firmware/92-libvirt-masked.json
+similarity index 100%
+rename from tests/qemufirmwaredata/etc/qemu/firmware/92-masked.json
+rename to tests/qemufirmwaredata/etc/qemu/firmware/92-libvirt-masked.json
+diff --git a/tests/qemufirmwaredata/home/user/.config/qemu/firmware/10-bios.json b/tests/qemufirmwaredata/home/user/.config/qemu/firmware/10-libvirt-bios.json
+similarity index 100%
+rename from tests/qemufirmwaredata/home/user/.config/qemu/firmware/10-bios.json
+rename to tests/qemufirmwaredata/home/user/.config/qemu/firmware/10-libvirt-bios.json
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/90-libvirt-combined.json
+similarity index 100%
+rename from tests/qemufirmwaredata/usr/share/qemu/firmware/90-combined.json
+rename to tests/qemufirmwaredata/usr/share/qemu/firmware/90-libvirt-combined.json
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/91-bios.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/91-libvirt-bios.json
+similarity index 100%
+rename from tests/qemufirmwaredata/usr/share/qemu/firmware/91-bios.json
+rename to tests/qemufirmwaredata/usr/share/qemu/firmware/91-libvirt-bios.json
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/92-masked.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/92-libvirt-masked.json
+similarity index 100%
+rename from tests/qemufirmwaredata/usr/share/qemu/firmware/92-masked.json
+rename to tests/qemufirmwaredata/usr/share/qemu/firmware/92-libvirt-masked.json
+diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/93-invalid.json b/tests/qemufirmwaredata/usr/share/qemu/firmware/93-libvirt-invalid.json
+similarity index 100%
+rename from tests/qemufirmwaredata/usr/share/qemu/firmware/93-invalid.json
+rename to tests/qemufirmwaredata/usr/share/qemu/firmware/93-libvirt-invalid.json
+diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c
+index 2eb9d8e701..e09f50592b 100644
+--- a/tests/qemufirmwaretest.c
++++ b/tests/qemufirmwaretest.c
+@@ -84,7 +84,7 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
+     g_autofree char *fakehome = NULL;
+     g_auto(GStrv) fwList = NULL;
+     const char *expected[] = {
+-        SYSCONFDIR "/qemu/firmware/20-bios.json",
++        SYSCONFDIR "/qemu/firmware/20-libvirt-bios.json",
+         PREFIX "/share/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json",
+         PREFIX "/share/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json",
+         PREFIX "/share/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json",
+@@ -98,12 +98,12 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED)
+         PREFIX "/share/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json",
+         PREFIX "/share/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json",
+         PREFIX "/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json",
+-        SYSCONFDIR "/qemu/firmware/59-combined.json",
++        SYSCONFDIR "/qemu/firmware/59-libvirt-combined.json",
+         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json",
+         PREFIX "/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json",
+-        PREFIX "/share/qemu/firmware/90-combined.json",
+-        PREFIX "/share/qemu/firmware/91-bios.json",
+-        PREFIX "/share/qemu/firmware/93-invalid.json",
++        PREFIX "/share/qemu/firmware/90-libvirt-combined.json",
++        PREFIX "/share/qemu/firmware/91-libvirt-bios.json",
++        PREFIX "/share/qemu/firmware/93-libvirt-invalid.json",
+         NULL
+     };
+     const char **e;
+@@ -285,9 +285,9 @@ mymain(void)
+     DO_PARSE_TEST("usr/share/qemu/firmware/53-edk2-aarch64-verbose-raw.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-amdsev.json");
+     DO_PARSE_TEST("usr/share/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json");
+-    DO_PARSE_TEST("usr/share/qemu/firmware/90-combined.json");
+-    DO_PARSE_TEST("usr/share/qemu/firmware/91-bios.json");
+-    DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-invalid.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/90-libvirt-combined.json");
++    DO_PARSE_TEST("usr/share/qemu/firmware/91-libvirt-bios.json");
++    DO_PARSE_FAILURE_TEST("usr/share/qemu/firmware/93-libvirt-invalid.json");
+ 
+     if (virTestRun("QEMU FW precedence test", testFWPrecedence, NULL) < 0)
+         ret = -1;
+-- 
+2.53.0

libvirt-virsh-Update-for-varstore-handling.patch

@@ -0,0 +1,150 @@
+From 284cc87f8c23f2a1baa2a7179421bb736277a5ef Mon Sep 17 00:00:00 2001
+Message-ID: <284cc87f8c23f2a1baa2a7179421bb736277a5ef.1772815314.git.jdenemar@redhat.com>
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 2 Feb 2026 15:49:22 +0100
+Subject: [PATCH] virsh: Update for varstore handling
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Document the fact that the existing flags which apply to
+NVRAM files also do the right thing when varstore files are
+used instead.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 0151db88c235ccb9c949c9a700fd325ca1044d0a)
+
+https://issues.redhat.com/browse/RHEL-82645
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+---
+ docs/manpages/virsh.rst | 23 ++++++++++++-----------
+ tools/virsh-domain.c    | 10 +++++-----
+ tools/virsh-snapshot.c  |  2 +-
+ 3 files changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
+index ff0cf1a715..b3e9289894 100644
+--- a/docs/manpages/virsh.rst
++++ b/docs/manpages/virsh.rst
+@@ -1722,8 +1722,8 @@ of open file descriptors which should be pass on into the guest. The
+ file descriptors will be re-numbered in the guest, starting from 3. This
+ is only supported with container based virtualization.
+ 
+-If *--reset-nvram* is specified, any existing NVRAM file will be deleted
+-and re-initialized from its pristine template.
++If *--reset-nvram* is specified, any existing NVRAM/varstore file will be
++deleted and re-initialized from its pristine template.
+ 
+ **Example:**
+ 
+@@ -4281,8 +4281,8 @@ save image to decide between running or paused; passing either the
+ *--running* or *--paused* flag will allow overriding which state the
+ domain should be started in.
+ 
+-If *--reset-nvram* is specified, any existing NVRAM file will be deleted
+-and re-initialized from its pristine template.
++If *--reset-nvram* is specified, any existing NVRAM/varstore file will be
++deleted and re-initialized from its pristine template.
+ 
+ *--parallel-channels* option can specify number of parallel IO channels
+ to be used when loading memory from file. Parallel save may significantly
+@@ -4925,8 +4925,8 @@ of open file descriptors which should be pass on into the guest. The
+ file descriptors will be re-numbered in the guest, starting from 3. This
+ is only supported with container based virtualization.
+ 
+-If *--reset-nvram* is specified, any existing NVRAM file will be deleted
+-and re-initialized from its pristine template.
++If *--reset-nvram* is specified, any existing NVRAM/varstore file will be
++deleted and re-initialized from its pristine template.
+ 
+ 
+ suspend
+@@ -4988,9 +4988,10 @@ domain.  Without the flag, attempts to undefine an inactive domain with
+ checkpoint metadata will fail.  If the domain is active, this flag is
+ ignored.
+ 
+-*--nvram* and *--keep-nvram* specify accordingly to delete or keep nvram
+-(/domain/os/nvram/) file. If the domain has an nvram file and the flags are
+-omitted, the undefine will fail.
++The *--nvram* and *--keep-nvram* flags specify whether to delete or keep the
++NVRAM (/domain/os/nvram/) or varstore (/domain/os/varstore) file respectively.
++If the domain has an NVRAM/varstore file and the flags are omitted, the
++undefine operation will fail.
+ 
+ The *--storage* flag takes a parameter ``volumes``, which is a comma separated
+ list of volume target names or source paths of storage volumes to be removed
+@@ -8174,8 +8175,8 @@ requires the use of *--force* to proceed:
+     likely cause extensive filesystem corruption or crashes due to swap content
+     mismatches when run.
+ 
+-If *--reset-nvram* is specified, any existing NVRAM file will be deleted
+-and re-initialized from its pristine template.
++If *--reset-nvram* is specified, any existing NVRAM/varstore file will be
++deleted and re-initialized from its pristine template.
+ 
+ 
+ snapshot-delete
+diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
+index 6e18d195e6..e73a33b709 100644
+--- a/tools/virsh-domain.c
++++ b/tools/virsh-domain.c
+@@ -3981,11 +3981,11 @@ static const vshCmdOptDef opts_undefine[] = {
+     },
+     {.name = "nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("remove nvram file")
++     .help = N_("remove NVRAM/varstore file")
+     },
+     {.name = "keep-nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("keep nvram file")
++     .help = N_("keep NVRAM/varstore file")
+     },
+     {.name = "tpm",
+      .type = VSH_OT_BOOL,
+@@ -4401,7 +4401,7 @@ static const vshCmdOptDef opts_start[] = {
+     },
+     {.name = "reset-nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("re-initialize NVRAM from its pristine template")
++     .help = N_("re-initialize NVRAM/varstore from its pristine template")
+     },
+     {.name = NULL}
+ };
+@@ -5707,7 +5707,7 @@ static const vshCmdOptDef opts_restore[] = {
+     },
+     {.name = "reset-nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("re-initialize NVRAM from its pristine template")
++     .help = N_("re-initialize NVRAM/varstore from its pristine template")
+     },
+     {.name = NULL}
+ };
+@@ -8499,7 +8499,7 @@ static const vshCmdOptDef opts_create[] = {
+     },
+     {.name = "reset-nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("re-initialize NVRAM from its pristine template")
++     .help = N_("re-initialize NVRAM/varstore from its pristine template")
+     },
+     {.name = NULL}
+ };
+diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
+index 8e5b9d635c..08184576a7 100644
+--- a/tools/virsh-snapshot.c
++++ b/tools/virsh-snapshot.c
+@@ -1714,7 +1714,7 @@ static const vshCmdOptDef opts_snapshot_revert[] = {
+     },
+     {.name = "reset-nvram",
+      .type = VSH_OT_BOOL,
+-     .help = N_("re-initialize NVRAM from its pristine template")
++     .help = N_("re-initialize NVRAM/varstore from its pristine template")
+     },
+     {.name = NULL}
+ };
+-- 
+2.53.0

libvirt.spec

@@ -294,7 +294,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 11.10.0
-Release: 10%{?dist}%{?extra_release}
+Release: 11%{?dist}%{?extra_release}
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/
 
@@ -381,6 +381,82 @@ Patch76: libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch
 Patch77: libvirt-qemu-Fill-iommufd-domain-capability.patch
 Patch78: libvirt-tests-properly-mock-VFIO-and-IOMMU-checks.patch
 Patch79: libvirt-iommufd-fix-FD-leak-in-case-of-error.patch
+Patch80: libvirt-qemu_firmware-Drop-support-for-kernel-descriptors.patch
+Patch81: libvirt-qemu_firmware-Drop-nvram-local-variable.patch
+Patch82: libvirt-qemu_firmware-Move-format-raw-compat-exception.patch
+Patch83: libvirt-qemu_firmware-Move-copying-of-nvram.format-to-loader.format.patch
+Patch84: libvirt-tests-Add-firmware-manual-efi-rw-nvram.patch
+Patch85: libvirt-domain_validate-Reject-NVRAM-with-read-write-firmware.patch
+Patch86: libvirt-tests-Add-firmware-auto-bios-rw.patch
+Patch87: libvirt-tests-Add-firmware-manual-bios-rw.patch
+Patch88: libvirt-domain_validate-Reject-read-write-ROMs.patch
+Patch89: libvirt-tests-Add-firmware-auto-efi-format-loader-qcow2-rom.patch
+Patch90: libvirt-domain_validate-Reject-ROMs-with-format-other-than-raw.patch
+Patch91: libvirt-qemu_firmware-Ignore-stateless-combined-when-NVRAM-is-configured.patch
+Patch92: libvirt-qemu_firmware-Drop-fallback-for-absent-nvramTemplateFormat.patch
+Patch93: libvirt-schemas-Allow-templateFormat-without-template-path.patch
+Patch94: libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-format.patch
+Patch95: libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-legacy-paths.patch
+Patch96: libvirt-tests-Add-firmware-auto-efi-format-nvram-raw.patch
+Patch97: libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-loader-path.patch
+Patch98: libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-nvramtemplate-path.patch
+Patch99: libvirt-tests-Add-firmware-auto-efi-format-nvramtemplate-qcow2.patch
+Patch100: libvirt-tests-Add-firmware-auto-efi-format-mismatch-nvramtemplate.patch
+Patch101: libvirt-qemu_firmware-Introduce-qemuFirmwareFillDomainCustom.patch
+Patch102: libvirt-qemu_firmware-Set-templateFormat-for-custom-paths.patch
+Patch103: libvirt-qemu_firmware-Simplify-handling-of-legacy-paths.patch
+Patch104: libvirt-qemu_firmware-Refactor-setting-NVRAM-format.patch
+Patch105: libvirt-qemu_firmware-Prefer-template-format-to-loader-format.patch
+Patch106: libvirt-qemu_firmware-Retain-user-specified-NVRAM-format.patch
+Patch107: libvirt-qemu_firmware-Take-templateFormat-into-account-when-matching.patch
+Patch108: libvirt-qemu_firmware-Take-NVRAM-format-into-account-when-matching.patch
+Patch109: libvirt-qemu_firmware-Remove-NVRAM-to-loader-format-copy-hack.patch
+Patch110: libvirt-tests-Add-firmware-manual-efi-sev-snp.patch
+Patch111: libvirt-tests-Add-firmware-manual-efi-tdx.patch
+Patch112: libvirt-qemu_firmware-ROM-firmware-is-always-in-raw-format.patch
+Patch113: libvirt-qemu_firmware-Don-t-skip-autoselection-for-ROM.patch
+Patch114: libvirt-qemu_firmware-Allow-matching-both-UEFI-and-BIOS-for-ROM-loader.patch
+Patch115: libvirt-schema-Add-firmwareFeatures-element-for-domaincaps.patch
+Patch116: libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch
+Patch117: libvirt-qemu-Fill-in-firmwareFeature-element-for-domaincaps.patch
+Patch118: libvirt-docs-Document-firmwareFeature-element-for-domaincaps.patch
+Patch119: libvirt-docs-Rename-BIOS-bootloader-section-to-guest-firmware.patch
+Patch120: libvirt-docs-Improvement-related-to-firmware-selection.patch
+Patch121: libvirt-qemu_firmware-Only-set-format-for-custom-loader-if-path-is-present.patch
+Patch122: libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch
+Patch123: libvirt-tests-Rename-custom-JSON-firmware-descriptors.patch
+Patch124: libvirt-schema-Introduce-osnvram-define.patch
+Patch125: libvirt-conf-Parse-and-format-varstore-element.patch
+Patch126: libvirt-conf-Update-validation-to-consider-varstore-element.patch
+Patch127: libvirt-qemu_capabilities-Introduce-QEMU_CAPS_DEVICE_UEFI_VARS.patch
+Patch128: libvirt-qemu-Validate-presence-of-uefi-vars-device.patch
+Patch129: libvirt-tests-Add-firmware-manual-efi-varstore-q35.patch
+Patch130: libvirt-tests-Add-firmware-manual-efi-varstore-aarch64.patch
+Patch131: libvirt-tests-Add-firmware-auto-efi-varstore-q35.patch
+Patch132: libvirt-tests-Add-firmware-auto-efi-varstore-aarch64.patch
+Patch133: libvirt-tests-Add-firmware-auto-efi-enrolled-keys-aarch64.patch
+Patch134: libvirt-qemu_firmware-Parse-host-uefi-vars-firmware-feature.patch
+Patch135: libvirt-qemu_firmware-Split-sanity-check.patch
+Patch136: libvirt-qemu_firmware-Consider-host-uefi-vars-feature-in-sanity-check.patch
+Patch137: libvirt-qemu_firmware-Support-extended-syntax-for-ROM-firmware-descriptors.patch
+Patch138: libvirt-qemu_firmware-Report-NVRAM-template-path-for-ROMs.patch
+Patch139: libvirt-conf-Include-varstore-element-in-domcaps.patch
+Patch140: libvirt-qemu-Fill-in-varstore-element-in-domcaps.patch
+Patch141: libvirt-qemu_firmware-Use-of-NVRAM-implies-stateful-firmware.patch
+Patch142: libvirt-qemu_firmware-Allow-matching-stateful-ROMs.patch
+Patch143: libvirt-qemu_firmware-Fill-in-varstore-information.patch
+Patch144: libvirt-qemu-Introduce-varstoreDir.patch
+Patch145: libvirt-qemu_firmware-Generate-varstore-path-when-necessary.patch
+Patch146: libvirt-qemu-Introduce-qemuPrepareNVRAMFileCommon.patch
+Patch147: libvirt-qemu-Create-and-delete-varstore-file.patch
+Patch148: libvirt-security-Mark-ROMs-as-read-only-when-using-AppArmor.patch
+Patch149: libvirt-security-Handle-varstore-file.patch
+Patch150: libvirt-tests-Add-firmware-descriptors-for-uefi-vars-builds.patch
+Patch151: libvirt-qemu_command-Use-uefi-vars-device-where-appropriate.patch
+Patch152: libvirt-include-Mention-varstore-where-applicable.patch
+Patch153: libvirt-virsh-Update-for-varstore-handling.patch
+Patch154: libvirt-domain_conf-initialize-network-hostdev-private-data.patch
+Patch155: libvirt-qemu_hotplug-enter-monitor-in-order-to-rollback-passed-FD.patch
 
 
 Requires: libvirt-daemon = %{version}-%{release}
@@ -2423,6 +2499,7 @@ exit 0
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ram/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/save/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/snapshot/
+%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/varstore/
 %dir %attr(0750, root, root) %{_localstatedir}/cache/libvirt/qemu/
 %{_datadir}/augeas/lenses/libvirtd_qemu.aug
 %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
@@ -2772,6 +2849,84 @@ exit 0
 %endif
 
 %changelog
+* Fri Mar  6 2026 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-11
+- qemu_firmware: Drop support for kernel descriptors (RHEL-82645)
+- qemu_firmware: Drop 'nvram' local variable (RHEL-82645)
+- qemu_firmware: Move format=raw compat exception (RHEL-82645)
+- qemu_firmware: Move copying of nvram.format to loader.format (RHEL-82645)
+- tests: Add firmware-manual-efi-rw-nvram (RHEL-82645)
+- domain_validate: Reject NVRAM with read/write firmware (RHEL-82645)
+- tests: Add firmware-auto-bios-rw (RHEL-82645)
+- tests: Add firmware-manual-bios-rw (RHEL-82645)
+- domain_validate: Reject read/write ROMs (RHEL-82645)
+- tests: Add firmware-auto-efi-format-loader-qcow2-rom (RHEL-82645)
+- domain_validate: Reject ROMs with format other than raw (RHEL-82645)
+- qemu_firmware: Ignore stateless/combined when NVRAM is configured (RHEL-82645)
+- qemu_firmware: Drop fallback for absent nvramTemplateFormat (RHEL-82645)
+- schemas: Allow templateFormat without template path (RHEL-82645)
+- tests: Add firmware-manual-efi-nvram-template-nonstandard-format (RHEL-82645)
+- tests: Add firmware-manual-efi-nvram-template-nonstandard-legacy-paths (RHEL-82645)
+- tests: Add firmware-auto-efi-format-nvram-raw (RHEL-82645)
+- tests: Add firmware-auto-efi-format-nvram-raw-loader-path (RHEL-82645)
+- tests: Add firmware-auto-efi-format-nvram-raw-nvramtemplate-path (RHEL-82645)
+- tests: Add firmware-auto-efi-format-nvramtemplate-qcow2 (RHEL-82645)
+- tests: Add firmware-auto-efi-format-mismatch-nvramtemplate (RHEL-82645)
+- qemu_firmware: Introduce qemuFirmwareFillDomainCustom() (RHEL-82645)
+- qemu_firmware: Set templateFormat for custom paths (RHEL-82645)
+- qemu_firmware: Simplify handling of legacy paths (RHEL-82645)
+- qemu_firmware: Refactor setting NVRAM format (RHEL-82645)
+- qemu_firmware: Prefer template format to loader format (RHEL-82645)
+- qemu_firmware: Retain user-specified NVRAM format (RHEL-82645)
+- qemu_firmware: Take templateFormat into account when matching (RHEL-82645)
+- qemu_firmware: Take NVRAM format into account when matching (RHEL-82645)
+- qemu_firmware: Remove NVRAM to loader format copy hack (RHEL-82645)
+- tests: Add firmware-manual-efi-sev-snp (RHEL-82645)
+- tests: Add firmware-manual-efi-tdx (RHEL-82645)
+- qemu_firmware: ROM firmware is always in raw format (RHEL-82645)
+- qemu_firmware: Don't skip autoselection for ROM (RHEL-82645)
+- qemu_firmware: Allow matching both UEFI and BIOS for ROM loader (RHEL-82645)
+- schema: Add firmwareFeatures element for domaincaps (RHEL-82645)
+- conf: Add firmwareFeatures element for domaincaps (RHEL-82645)
+- qemu: Fill in firmwareFeature element for domaincaps (RHEL-82645)
+- docs: Document firmwareFeature element for domaincaps (RHEL-82645)
+- docs: Rename "BIOS bootloader" section to "guest firmware" (RHEL-82645)
+- docs: Improvement related to firmware selection (RHEL-82645)
+- qemu_firmware: Only set format for custom loader if path is present (RHEL-82645)
+- conf: Move type=rom default for loader to drivers (RHEL-82645)
+- tests: Rename custom JSON firmware descriptors (RHEL-82645)
+- schema: Introduce osnvram define (RHEL-82645)
+- conf: Parse and format varstore element (RHEL-82645)
+- conf: Update validation to consider varstore element (RHEL-82645)
+- qemu_capabilities: Introduce QEMU_CAPS_DEVICE_UEFI_VARS (RHEL-82645)
+- qemu: Validate presence of uefi-vars device (RHEL-82645)
+- tests: Add firmware-manual-efi-varstore-q35 (RHEL-82645)
+- tests: Add firmware-manual-efi-varstore-aarch64 (RHEL-82645)
+- tests: Add firmware-auto-efi-varstore-q35 (RHEL-82645)
+- tests: Add firmware-auto-efi-varstore-aarch64 (RHEL-82645)
+- tests: Add firmware-auto-efi-enrolled-keys-aarch64 (RHEL-82645)
+- qemu_firmware: Parse host-uefi-vars firmware feature (RHEL-82645)
+- qemu_firmware: Split sanity check (RHEL-82645)
+- qemu_firmware: Consider host-uefi-vars feature in sanity check (RHEL-82645)
+- qemu_firmware: Support extended syntax for ROM firmware descriptors (RHEL-82645)
+- qemu_firmware: Report NVRAM template path for ROMs (RHEL-82645)
+- conf: Include varstore element in domcaps (RHEL-82645)
+- qemu: Fill in varstore element in domcaps (RHEL-82645)
+- qemu_firmware: Use of NVRAM implies stateful firmware (RHEL-82645)
+- qemu_firmware: Allow matching stateful ROMs (RHEL-82645)
+- qemu_firmware: Fill in varstore information (RHEL-82645)
+- qemu: Introduce varstoreDir (RHEL-82645)
+- qemu_firmware: Generate varstore path when necessary (RHEL-82645)
+- qemu: Introduce qemuPrepareNVRAMFileCommon() (RHEL-82645)
+- qemu: Create and delete varstore file (RHEL-82645)
+- security: Mark ROMs as read only when using AppArmor (RHEL-82645)
+- security: Handle varstore file (RHEL-82645)
+- tests: Add firmware descriptors for uefi-vars builds (RHEL-82645)
+- qemu_command: Use uefi-vars device where appropriate (RHEL-82645)
+- include: Mention varstore where applicable (RHEL-82645)
+- virsh: Update for varstore handling (RHEL-82645)
+- domain_conf: initialize network hostdev private data (RHEL-151916)
+- qemu_hotplug: enter monitor in order to rollback passed FD (RHEL-151916)
+
 * Wed Feb 18 2026 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-10
 - qemu: Introduce QEMU_CAPS_OBJECT_IOMMUFD (RHEL-150351)
 - qemu: Move IOMMUFD validation to qemu_validate (RHEL-150351)