Enable UEFI on KVM hosts (by default), and configure with some default settings

[sureshanaparti]

Description

This PR enables UEFI on KVM hosts (by default), and configure with some default settings.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Verified the UEFI packages and settings at /etc/cloudstack/agent/uefi.properties in ol8/ol9/debian12.

KVM Host / Agent (OL8):

[root@ol8-kvm1 ~]# yum list installed | grep -i swtpm
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel.repo; Configuration: OptionBinding with id "failovermethod" does not exist
swtpm.x86_64                                      0.7.0-1.20211109gitb79fd91.module+el8.6.0+20659+3dcf7c70     @ol8_appstream     
swtpm-libs.x86_64                                 0.7.0-1.20211109gitb79fd91.module+el8.6.0+20659+3dcf7c70     @ol8_appstream     
swtpm-tools.x86_64                                0.7.0-1.20211109gitb79fd91.module+el8.6.0+20659+3dcf7c70     @ol8_appstream     
[root@ol8-kvm1 ~]# yum list installed | grep -i edk2-ovmf
Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/epel.repo; Configuration: OptionBinding with id "failovermethod" does not exist
edk2-ovmf.noarch                                  20220126gitbb1bba3d77-13.el8_10.8                            @ol8_appstream     
[root@-ol8-kvm1 ~]#
[root@ol8-kvm1 ~]# cat /etc/cloudstack/agent/uefi.properties 
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

# Configuration file for UEFI

guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd
guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd
guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
[root@ol8-kvm1 ~]#
[root@ol8-kvm1 ~]# cd /usr/share/edk2/ovmf/
[root@ol8-kvm1 ovmf]# ls -lrt
total 11676
-rw-r--r--. 1 root root 2594816 Aug 26 08:45 UefiShell.iso
-rw-r--r--. 1 root root  949568 Aug 26 08:45 Shell.efi
-rw-r--r--. 1 root root  540672 Aug 26 08:45 OVMF_VARS.secboot.fd
-rw-r--r--. 1 root root  540672 Aug 26 08:45 OVMF_VARS.fd
-rw-r--r--. 1 root root 3653632 Aug 26 08:45 OVMF_CODE.secboot.fd
-rw-r--r--. 1 root root 3653632 Aug 26 08:45 OVMF_CODE.cc.fd
-rw-r--r--. 1 root root   19264 Aug 26 08:45 EnrollDefaultKeys.efi
[root@ol8-kvm1 ovmf]#

MS (OL8):

mysql> SELECT * FROM host_details WHERE name LIKE '%uefi%';
+----+---------+------------------+-------+
| id | host_id | name             | value |
+----+---------+------------------+-------+
| 13 |       1 | host.uefi.enable | true  |
+----+---------+------------------+-------+
1 row in set (0.00 sec)

KVM Host / Agent (Debian12):

root@debian12-kvm1:/etc/cloudstack/agent# dpkg -l | grep ovmf
ii  ovmf                                 2022.11-6+deb12u2               all          UEFI firmware for 64-bit x86 virtual machines
root@debian12-kvm1:/etc/cloudstack/agent#
root@debian12-kvm1:/etc/cloudstack/agent# dpkg -l | grep swtpm
ii  swtpm                                0.7.1-1.3                       amd64        Libtpms-based TPM emulator
ii  swtpm-libs:amd64                     0.7.1-1.3                       amd64        Common libraries for TPM emulators
ii  swtpm-tools                          0.7.1-1.3                       amd64        Tools for the TPM emulator
root@debian12-kvm1:/etc/cloudstack/agent#
root@debian12-kvm1:/etc/cloudstack/agent# cat uefi.properties 
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

# Configuration file for UEFI

guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS_4M.fd
guest.loader.legacy=/usr/share/OVMF/OVMF_CODE_4M.fd
guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS_4M.ms.fd
guest.loader.secure=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
root@debian12-kvm1:/etc/cloudstack/agent# 
root@debian12-kvm1:/etc/cloudstack/agent# cd /usr/share/OVMF
root@debian12-kvm1:/usr/share/OVMF# ls -lrt
total 12816
-rw-r--r-- 1 root root  131072 Nov  5  2024 OVMF_VARS.ms.fd
-rw-r--r-- 1 root root  131072 Nov  5  2024 OVMF_VARS.fd
-rw-r--r-- 1 root root  540672 Nov  5  2024 OVMF_VARS_4M.snakeoil.fd
-rw-r--r-- 1 root root  540672 Nov  5  2024 OVMF_VARS_4M.ms.fd
-rw-r--r-- 1 root root  540672 Nov  5  2024 OVMF_VARS_4M.fd
-rw-r--r-- 1 root root 1966080 Nov  5  2024 OVMF_CODE.secboot.fd
lrwxrwxrwx 1 root root      20 Nov  5  2024 OVMF_CODE.ms.fd -> OVMF_CODE.secboot.fd
-rw-r--r-- 1 root root 1966080 Nov  5  2024 OVMF_CODE.fd
lrwxrwxrwx 1 root root      23 Nov  5  2024 OVMF_CODE_4M.snakeoil.fd -> OVMF_CODE_4M.secboot.fd
-rw-r--r-- 1 root root 3653632 Nov  5  2024 OVMF_CODE_4M.secboot.fd
lrwxrwxrwx 1 root root      23 Nov  5  2024 OVMF_CODE_4M.ms.fd -> OVMF_CODE_4M.secboot.fd
-rw-r--r-- 1 root root 3653632 Nov  5  2024 OVMF_CODE_4M.fd
root@debian12-kvm1:/usr/share/OVMF# 

MS (Debian12):

mysql> SELECT * FROM host_details WHERE name LIKE '%uefi%';
+----+---------+------------------+-------+
| id | host_id | name             | value |
+----+---------+------------------+-------+
| 13 |       1 | host.uefi.enable | true  |
+----+---------+------------------+-------+
1 row in set (0.00 sec)

mysql>

How did you try to break this feature and the system with this change?

[sureshanaparti]

@blueorangutan package

[Copilot]

Pull Request Overview

Enables UEFI support on KVM hosts by default with appropriate configuration settings across multiple system components.

• Adds UEFI configuration properties for legacy and secure boot modes with OVMF firmware paths
• Integrates UEFI properties files into system VM agents and console proxy components
• Updates packaging dependencies to include required OVMF and swtpm packages

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
agent/conf/uefi.properties.in	Defines UEFI configuration properties with template placeholders for firmware paths
packaging/el8/replace.properties	Sets OVMF firmware file paths for CentOS/RHEL 8 systems
packaging/debian/replace.properties	Sets OVMF firmware file paths for Debian-based systems
packaging/el8/cloud.spec	Adds edk2-ovmf and swtpm package dependencies for RPM builds
debian/control	Adds ovmf and swtpm package dependencies for Debian builds
pom.xml	Excludes uefi.properties from license header checks
systemvm/systemvm-agent-descriptor.xml	Includes uefi.properties in system VM agent configuration

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.55%. Comparing base (4b74a99) to head (4a752ad).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #11740      +/-   ##
============================================
- Coverage     17.56%   17.55%   -0.01%     
+ Complexity    15533    15529       -4     
============================================
  Files          5909     5909              
  Lines        529013   529013              
  Branches      64605    64605              
============================================
- Hits          92911    92892      -19     
- Misses       425655   425675      +20     
+ Partials      10447    10446       -1     

Flag	Coverage Δ
uitests	3.58% <ø> (ø)
unittests	18.62% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15193

[weizhouapache]

code lgtm

checked the settings on ol8 and u24

[daviftorres]

Hey @sureshanaparti ,

I am having problem with Snapshots of Windows guest instances because they require UEFI.

Apparently, libvirt can't do Instance Snapshots when using UEFI. The workaround is to do the Volume Snapshot (or a full backup using the NAS Backup plugin). See https://utcc.utoronto.ca/~cks/space/blog/linux/LibvirtUEFISnapshots

Have you consider this condition?

[sureshanaparti]

Hey @sureshanaparti ,

I am having problem with Snapshots of Windows guest instances because they require UEFI.

Apparently, libvirt can't do Instance Snapshots when using UEFI. The workaround is to do the Volume Snapshot (or a full backup using the NAS Backup plugin). See https://utcc.utoronto.ca/~cks/space/blog/linux/LibvirtUEFISnapshots

Have you consider this condition?

will check it @daviftorres

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15298

[weizhouapache]

Hey @sureshanaparti ,

I am having problem with Snapshots of Windows guest instances because they require UEFI.

Apparently, libvirt can't do Instance Snapshots when using UEFI. The workaround is to do the Volume Snapshot (or a full backup using the NAS Backup plugin). See https://utcc.utoronto.ca/~cks/space/blog/linux/LibvirtUEFISnapshots

Have you consider this condition?

@daviftorres
instance snapshot with memory or without memory (disk-only) ?

btw: the issue does not block this PR as this only changes the KVM host setting, not vm settings

[DaanHoogland]

@sureshanaparti , ready to merge?

[sureshanaparti]

@sureshanaparti , ready to merge?

not yet @DaanHoogland , will update you.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 15463

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 15476

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✖️ debian ✔️ suse15. SL-JID 15480

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[sureshanaparti]

@sureshanaparti , ready to merge?

not yet @DaanHoogland , will update you.

@DaanHoogland this is ready after smoke tests

[rosi-shapeblue]

@blueorangutan package

[blueorangutan]

@rosi-shapeblue a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15491

[blueorangutan]

[SF] Trillian test result (tid-14704)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 54303 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11740-t14704-kvm-ol8.zip
Smoke tests completed. 148 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_vpc_site2site_vpn_multiple_options	Failure	311.04	test_vpc_vpn.py
test_01_vpc_site2site_vpn	Failure	265.51	test_vpc_vpn.py

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 15528

[weizhouapache]

@sureshanaparti
can you create doc PR to remove Ubuntu 20.04 from compatibility matrix ?

[rosi-shapeblue]

Test Results:

Test Case 1 - Deploy Pre-Upgrade BIOS VM (Control)

1.1 Deploy BIOS VM on Host1

(localcloud) 🐱 > deploy virtualmachine name=preupgrade-bios-vm displayname=preupgrade-bios-vm zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 hostid=809cab41-5034-434f-851b-522f651a4732 templateid=3d85fb88-aff6-11f0-8ff1-1e00110002e0

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "cpuOvercommitRatio": "2.0"
    },
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "/",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "fdf8b82d-79d9-4852-b5ca-8d54157432b9",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T14:39:52+0000",
    "memory": 512,
    "name": "preupgrade-bios-vm",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

Expected Result: VM deploys successfully and is in Running state

Actual Result: VM deploys successfully and is in Running state

1.2 Verified It's Using BIOS

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-3-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

[root@ref-trl-9867-k-Mol9-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-3-VM | grep nvram
[root@ref-trl-9867-k-Mol9-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-3-VM | grep loader

Expected Results:

• No output from grep loader (no loader element)
• Machine type shows pc-i440fx or similar (not q35)
• No or tags in OS section
• No NVRAM file in /var/lib/libvirt/qemu/nvram/

Actual Results:
ALL CHECKS PASSED - VM is using BIOS boot mode

• No loader element found (grep returned nothing)
• Machine type: pc-i440fx-rhel7.6.0 (traditional BIOS)
• No nvram element
• Traditional boot device order

1.3 Stop/Start VM Lifecycle Test

• Stop the VM

(localcloud) 🐱 > stop virtualmachine id=75a3c3e0-059b-4df3-b02c-55fe090a9068

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "0%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "/",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "0ee0bdd7-b7a9-4248-acdc-6a84dfbeccf1",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T14:51:29+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Start the VM

(localcloud) 🐱 > start virtualmachine id=75a3c3e0-059b-4df3-b02c-55fe090a9068

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "0%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "/",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "b78eb910-102b-445f-8458-ffbc58f0bd6b",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T14:52:09+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify it's running

(localcloud) 🐱 > list virtualmachines id=75a3c3e0-059b-4df3-b02c-55fe090a9068 filter=name,id,state
{
  "count": 1,
  "virtualmachine": [
    {
      "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
      "name": "preupgrade-bios-vm",
      "state": "Running"
    }
  ]
}

Expected Result: VM stops and starts successfully

Actual Result: VM stops and starts successfully

1.4 Migrate VM to Host2 (Pre-Upgrade)

(localcloud) 🐱 > migrate virtualmachine virtualmachineid=75a3c3e0-059b-4df3-b02c-55fe090a9068 hostid=f32bba83-2167-42fd-b44d-956748133215

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "68.34%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 3115,
    "diskiowrite": 667,
    "diskkbsread": 128041,
    "diskkbswrite": 6598,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "/",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "c5d93d07-3472-4545-b187-4d1baebbc950",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T14:53:48+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 1,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify on Host2:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-3-VM | grep -A 5 "<os>"
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

Expected Result: Migration succeeds, VM remains running on Host2

Actual Result:

• Migration completed successfully
• VM still using BIOS boot mode after migration
• No loader or nvram elements added

Test Case 2 – Upgrade to PR Version

2.1 Upgrade MS / Agents on Both KVM Hosts

• Host1

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# rpm -qa | grep cloudstack-agent

cloudstack-agent-4.22.0.0-shapeblue17703.noarch

• Host2

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# rpm -qa | grep cloudstack-agent

cloudstack-agent-4.22.0.0-shapeblue17703.noarch

• Management Server

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# rpm -qa | grep cloudstack-management
cloudstack-management-4.22.0.0-shapeblue17703.noarch
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# 

**Expected Result: Management Server / Agents upgraded successfully
Actual Results: Successfully upgraded MS + Hosts

2.2 Verify UEFI Config Files Created

• Check if uefi.properties exists on Host1 / Host2

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -l /etc/cloudstack/agent/uefi.properties
-rw-r--r--. 1 root root 297 Oct 23 10:17 /etc/cloudstack/agent/uefi.properties
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# cat /etc/cloudstack/agent/uefi.properties
guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd

and

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# cat /etc/cloudstack/agent/uefi.properties
guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd
guest.nvram.path=/var/lib/libvirt/qemu/nvram/
guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd

• Verify OVMF packages are installed

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# rpm -qa | grep -i ovmf

edk2-ovmf-20220126gitbb1bba3d77-13.el8_10.8.noarch
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# rpm -qa | grep -i swtpm

swtpm-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64
swtpm-tools-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64
swtpm-libs-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64

and

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# rpm -qa | grep -i ovmf

edk2-ovmf-20220126gitbb1bba3d77-13.el8_10.8.noarch
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# rpm -qa | grep -i swtpm

swtpm-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64
swtpm-tools-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64
swtpm-libs-0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8.x86_64

Actual Results:

• /etc/cloudstack/agent/uefi.properties exists
• File contains OVMF paths for legacy and secure boot
• edk2-ovmf package is installed
• swtpm package is installed

2.3 Restart Agents and Management Server

Expected Result: Agent restarts successfully with no errors
Actual Results: Agents restart successfully with no errors

2.5 Check Host UEFI Capabilities on Management Server

(localcloud) 🐱 > list hosts id=809cab41-5034-434f-851b-522f651a4732 | grep -i uefi
        "host.uefi.enable": "true",
      "ueficapability": true,

(localcloud) 🐱 > list hosts id=f32bba83-2167-42fd-b44d-956748133215 | grep -i uefi
        "host.uefi.enable": "true",
      "ueficapability": true,
(localcloud) 🐱 >  

Actual Result: UEFI is successfully enabled by default on both KVM hosts after the upgrade!

• "host.uefi.enable": "true" for both Hosts
• "ueficapability": true for both Hosts

Test Case 3 – Validate Old BIOS VM After Upgrade

• 3.1 Check State of Old Pre-Upgrade VM

(localcloud) 🐱 > list virtualmachines filter=id,name,state
{
  "count": 1,
  "virtualmachine": [
    {
      "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
      "name": "preupgrade-bios-vm",
      "state": "Running"
    }
  ]
}

• 3.2. Stop/Start the VM

(localcloud) 🐱 > stop virtualmachine id=75a3c3e0-059b-4df3-b02c-55fe090a9068

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "19.96%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 0,
    "diskiowrite": 4,
    "diskkbsread": 0,
    "diskkbswrite": 24,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "25168220-665c-41d8-a2ef-2863d5ec1e1e",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T15:53:55+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Start VM

(localcloud) 🐱 > start virtualmachine id=75a3c3e0-059b-4df3-b02c-55fe090a9068

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "19.96%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 0,
    "diskiowrite": 4,
    "diskkbsread": 0,
    "diskkbswrite": 24,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "2ae44cc1-4d28-46b2-ada7-cabd403d047e",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T15:54:30+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

Actual Result VM boots normally (still as BIOS)

3.2 Verify XML Still Shows BIOS (Not Converted)

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh list --all
 Id   Name       State
--------------------------
 1    s-1-VM     running
 3    i-2-3-VM   running

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxmle i-2-3-VM | grep -A 10 "<os>"
error: unknown command: 'dumpxmle'
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-3-VM | grep -A 10 "<os>"
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-3-VM | grep loader
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# ls -l /var/lib/libvirt/qemu/nvram/ | grep i-2-3-VM
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# 

3.3 Migrate Old BIOS VM Between Hosts

(localcloud) 🐱 > migrate virtualmachine virtualmachineid=75a3c3e0-059b-4df3-b02c-55fe090a9068 hostid=809cab41-5034-434f-851b-522f651a4732

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "30.16%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 681,
    "diskiowrite": 300,
    "diskkbsread": 13360,
    "diskkbswrite": 4252,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "jobid": "1c27cccd-c670-48db-99f1-6863692754da",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T15:57:16+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 1,
    "networkkbswrite": 6,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

Expected Result: BIOS VM migrates successfully between upgraded hosts

Actual Result: BIOS VM migrated successfully from Host2 to Host1

(localcloud) 🐱 > list virtualmachines filter=id,name,hostname,state
{
  "count": 1,
  "virtualmachine": [
    {
      "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
      "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
      "name": "preupgrade-bios-vm",
      "state": "Running"
    }
  ]
}

Actual Result: VM migrated successfully and in a Running state

Test Case 4 – Deploy New VM Post-Upgrade (Should Be UEFI)

4.1. Deploy New VM on Host1 After Upgrade

Expected Result: VM deploys successfully in Running state

Actual Result VM deploys successsfully in Running state:

(localcloud) 🐱 > deploy virtualmachine name=uefi-test-bootmode displayname=uefi-test-bootmode zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=3d85fb88-aff6-11f0-8ff1-1e00110002e0 networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 hostid=809cab41-5034-434f-851b-522f651a4732 bootmode=uefi

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T16:30:32+0000",
    "deleteprotection": false,
    "details": {
      "cpuOvercommitRatio": "2.0"
    },
    "displayname": "uefi-test-bootmode",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "60874661-e415-4894-acbd-ba98370c71be",
    "instancename": "i-2-7-VM",
    "ipaddress": "10.1.1.254",
    "isdynamicallyscalable": false,
    "jobid": "331acf24-8234-44d0-b2c8-bdc24a81baba",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T16:30:40+0000",
    "memory": 512,
    "name": "uefi-test-bootmode",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "aaf2d634-b52d-49ea-9662-fd5e3020f5ea",
        "ipaddress": "10.1.1.254",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:05",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

4.2 Verify New VM is Using UEFI

The VM deploys as UEFI only when explicitly specifying boottype=UEFI and bootmode=LEGACY or bootmode=SECURE during deployment. By default, the VM still boots with BIOS, even on UEFI-capable hosts.

• Default Deployment:

(localcloud) 🐱 > deploy virtualmachine name=force-uefi-test-with-bootmode-1 zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=96b4984d-cb7f-4821-8b13-02e6dc8192eb networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 details[0].key=uefi details[0].value=true

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T17:07:38+0000",
    "deleteprotection": false,
    "details": {
      "cpuOvercommitRatio": "2.0",
      "key": "uefi",
      "rootDiskController": "osdefault",
      "value": "true"
    },
    "displayname": "force-uefi-test-with-bootmode-1",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "8612e628-4e90-4622-9b8d-0798a4c5bc35",
    "instancename": "i-2-12-VM",
    "ipaddress": "10.1.1.44",
    "isdynamicallyscalable": false,
    "jobid": "6fc1f69d-207d-4cf8-9a13-55dc46f50341",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:07:48+0000",
    "memory": 512,
    "name": "force-uefi-test-with-bootmode-1",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "8d805169-f2ff-4db6-b8c8-f6750cc293bb",
        "ipaddress": "10.1.1.44",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0a",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-7-VM | grep -i loader
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-7-VM | grep -i nvram
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-7-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 

• Deployment with boottype=UEFI and bootmode=LEGACY

(localcloud) 🐱 > deploy virtualmachine name=uefi-test-boottype-UEFI zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=96b4984d-cb7f-4821-8b13-02e6dc8192eb networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 boottype=UEFI bootmode=LEGACY

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "legacy",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T17:20:26+0000",
    "deleteprotection": false,
    "details": {
      "UEFI": "LEGACY",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "displayname": "uefi-test-boottype-UEFI",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "61a14a40-1413-4fd7-bf37-fe300633edd4",
    "instancename": "i-2-13-VM",
    "ipaddress": "10.1.1.13",
    "isdynamicallyscalable": false,
    "jobid": "3efcb3eb-b44f-4033-9766-a18921eccc18",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:20:35+0000",
    "memory": 512,
    "name": "uefi-test-boottype-UEFI",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "b525e1fb-d53e-4369-90db-d53025d8bb1a",
        "ipaddress": "10.1.1.13",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0b",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-13-VM | grep -iE 'loader|nvram'
    <loader readonly='yes' secure='no' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.cc.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/61a14a40-1413-4fd7-bf37-fe300633edd4.fd</nvram>

and

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-13-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='no' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.cc.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/61a14a40-1413-4fd7-bf37-fe300633edd4.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Deployment with boottype=UEFI and bootmode=SECURE

(localcloud) 🐱 > deploy virtualmachine name=uefi-test-boottype-UEFI-bootmode-SECURE zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=96b4984d-cb7f-4821-8b13-02e6dc8192eb networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 boottype=UEFI bootmode=SECURE

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T17:21:03+0000",
    "deleteprotection": false,
    "details": {
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "displayname": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "instancename": "i-2-14-VM",
    "ipaddress": "10.1.1.206",
    "isdynamicallyscalable": false,
    "jobid": "e1c32936-d683-4b35-9c9b-808f1323133e",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:21:11+0000",
    "memory": 512,
    "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "c13b4668-22b2-469c-99c3-c1bdc530ac5e",
        "ipaddress": "10.1.1.206",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-14-VM | grep -iE 'loader|nvram'
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd</nvram>

and

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-14-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

4.4 Check NVRAM File Created

• List NVRAM files

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/
total 528K
-rw-------. 1 root root 528K Oct 23 17:21 5462d7a7-fe66-4779-9f9a-f1506a883e43.fd

• Check if i-2-14-VM references this NVRAM file

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-14-VM | grep "5462d7a7-fe66-4779-9f9a-f1506a883e43"
  <uuid>5462d7a7-fe66-4779-9f9a-f1506a883e43</uuid>
      <entry name='serial'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
      <entry name='uuid'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd</nvram>

4.5. Stop/Start and Migrate UEFI VM

• Stop VM on Host1

(localcloud) 🐱 >stop virtualmachine id=5462d7a7-fe66-4779-9f9a-f1506a883e43

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.6%",
    "created": "2025-10-23T17:21:03+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "instancename": "i-2-14-VM",
    "ipaddress": "10.1.1.206",
    "isdynamicallyscalable": false,
    "jobid": "e1b7c826-0abc-4d87-84a3-fa3cba0b04af",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:42:03+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "c13b4668-22b2-469c-99c3-c1bdc530ac5e",
        "ipaddress": "10.1.1.206",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Start VM on Host1

(localcloud) 🐱 >start virtualmachine id=5462d7a7-fe66-4779-9f9a-f1506a883e43

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.6%",
    "created": "2025-10-23T17:21:03+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "instancename": "i-2-14-VM",
    "ipaddress": "10.1.1.206",
    "isdynamicallyscalable": false,
    "jobid": "13268c81-e995-48e7-a3c3-97cea30948e3",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:45:16+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "c13b4668-22b2-469c-99c3-c1bdc530ac5e",
        "ipaddress": "10.1.1.206",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify NVRAM file still exists on Host

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-14-VM | grep "5462d7a7-fe66-4779-9f9a-f1506a883e43"
  <uuid>5462d7a7-fe66-4779-9f9a-f1506a883e43</uuid>
      <entry name='serial'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
      <entry name='uuid'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd</nvram>

• Verify VM has booted successfully

(localcloud) 🐱 > list virtualmachines id=5462d7a7-fe66-4779-9f9a-f1506a883e43 filter=name,state,hostname,hostid
{
  "count": 1,
  "virtualmachine": [
    {
      "hostid": "809cab41-5034-434f-851b-522f651a4732",
      "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
      "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
      "state": "Running"
    }
  ]
}

• Migrate to Host2

migrate virtualmachine virtualmachineid=5462d7a7-fe66-4779-9f9a-f1506a883e43 hostid=f32bba83-2167-42fd-b44d-956748133215

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "5.03%",
    "created": "2025-10-23T17:21:03+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "instancename": "i-2-14-VM",
    "ipaddress": "10.1.1.206",
    "isdynamicallyscalable": false,
    "jobid": "cf06a452-ad71-428c-8903-fb6f61994a88",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T17:51:59+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "c13b4668-22b2-469c-99c3-c1bdc530ac5e",
        "ipaddress": "10.1.1.206",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify migration succeeded

(localcloud) 🐱 > list virtualmachines id=5462d7a7-fe66-4779-9f9a-f1506a883e43 | grep hostname
      "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",

• Check NVRAM file was copied to Host2

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# ls -lh /var/lib/libvirt/qemu/nvram/
total 1.1M
-rw-------. 1 root root 528K Oct 23 17:51 5462d7a7-fe66-4779-9f9a-f1506a883e43.fd

• Check the VM XML references this exact file

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-14-VM | grep "5462d7a7-fe66-4779-9f9a-f1506a883e43"
  <uuid>5462d7a7-fe66-4779-9f9a-f1506a883e43</uuid>
      <entry name='serial'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
      <entry name='uuid'>5462d7a7-fe66-4779-9f9a-f1506a883e43</entry>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd</nvram>

• Verify VM still has UEFI config

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-14-VM | grep -i loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>

Actual Results:

• VM stops successfully
• NVRAM file persists on host during stop
• VM starts successfully
• VM migrates successfully to Host2
• NVRAM file is present on Host2 after migration
• VM still boots with UEFI on Host2

Test Case 5 - Snapshot Testing

5.1. Create VM Snapshot of BIOS VM

create create vmsnapshot virtualmachineid=75a3c3e0-059b-4df3-b02c-55fe090a9068

{
  "vmsnapshot": {
    "account": "admin",
    "created": "2025-10-23T18:09:59+0000",
    "current": true,
    "displayname": "i-2-3-VM_VS_20251023180959",
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "b72062fe-32b5-4ecb-a69d-a50b75ace24d",
    "name": "i-2-3-VM_VS_20251023180959",
    "state": "Ready",
    "tags": [],
    "type": "Disk",
    "virtualmachineid": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "virtualmachinename": "preupgrade-bios-vm",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

5.2. Create VM Snapshot of UEFI VM

create vmsnapshot virtualmachineid=5462d7a7-fe66-4779-9f9a-f1506a883e43

{
  "vmsnapshot": {
    "account": "admin",
    "created": "2025-10-23T18:08:32+0000",
    "current": true,
    "displayname": "i-2-14-VM_VS_20251023180831",
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "1a7b305c-5296-4c27-bb2d-d1331da8e21e",
    "name": "i-2-14-VM_VS_20251023180831",
    "state": "Ready",
    "tags": [],
    "type": "Disk",
    "virtualmachineid": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "virtualmachinename": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify snapshots are created for BIOS and UEFI VMs

(localcloud) 🐱 > list vmsnapshot

{
  "count": 2,
  "vmSnapshot": [
    {
      "account": "admin",
      "created": "2025-10-23T18:09:59+0000",
      "current": true,
      "displayname": "i-2-3-VM_VS_20251023180959",
      "domain": "ROOT",
      "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
      "domainpath": "ROOT",
      "hasannotations": false,
      "hypervisor": "KVM",
      "id": "b72062fe-32b5-4ecb-a69d-a50b75ace24d",
      "name": "i-2-3-VM_VS_20251023180959",
      "state": "Ready",
      "tags": [],
      "type": "Disk",
      "virtualmachineid": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
      "virtualmachinename": "preupgrade-bios-vm",
      "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
      "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
    },
    {
      "account": "admin",
      "created": "2025-10-23T18:08:32+0000",
      "current": true,
      "displayname": "i-2-14-VM_VS_20251023180831",
      "domain": "ROOT",
      "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
      "domainpath": "ROOT",
      "hasannotations": false,
      "hypervisor": "KVM",
      "id": "1a7b305c-5296-4c27-bb2d-d1331da8e21e",
      "name": "i-2-14-VM_VS_20251023180831",
      "state": "Ready",
      "tags": [],
      "type": "Disk",
      "virtualmachineid": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
      "virtualmachinename": "uefi-test-boottype-UEFI-bootmode-SECURE",
      "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
      "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
    }
  ]
}

5.3. Restore and Verify Boot Mode Preserved

• Stop VMs and revert to Snapshots

  • BIOS VM:

(localcloud) 🐱 >revert tovmsnapshot vmsnapshotid=b72062fe-32b5-4ecb-a69d-a50b75ace24d

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "18.05%",
    "created": "2025-10-23T14:38:07+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "diskioread": 0,
    "diskiowrite": 4,
    "diskkbsread": 0,
    "diskkbswrite": 24,
    "displayname": "preupgrade-bios-vm",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "75a3c3e0-059b-4df3-b02c-55fe090a9068",
    "instancename": "i-2-3-VM",
    "ipaddress": "10.1.1.201",
    "isdynamicallyscalable": false,
    "lastupdated": "2025-10-23T18:13:49+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "preupgrade-bios-vm",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ca4ca57b-7619-4c03-b2c2-130f988842b2",
        "ipaddress": "10.1.1.201",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:01",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

 - UEFI VM:

(localcloud) 🐱 >revert tovmsnapshot vmsnapshotid=1a7b305c-5296-4c27-bb2d-d1331da8e21e

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.54%",
    "created": "2025-10-23T17:21:03+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "5462d7a7-fe66-4779-9f9a-f1506a883e43",
    "instancename": "i-2-14-VM",
    "ipaddress": "10.1.1.206",
    "isdynamicallyscalable": false,
    "lastupdated": "2025-10-23T18:17:25+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "uefi-test-boottype-UEFI-bootmode-SECURE",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "c13b4668-22b2-469c-99c3-c1bdc530ac5e",
        "ipaddress": "10.1.1.206",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Start VMs and verify BIOS VM still BIOS

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-3-VM | grep loader
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-3-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Verify UEFI VM still UEFI

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-14-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>

• Verify NVRAM still exists for UEFI

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2 ~]# ls -lh /var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd 
-rw-------. 1 root root 528K Oct 23 18:18 /var/lib/libvirt/qemu/nvram/5462d7a7-fe66-4779-9f9a-f1506a883e43.fd

Test Case 6 - Template Creation

6.1. Stop VM and Create Template from BIOS VM

create template displaytext="BIOS VM Template" name=bios-vm-template ostypeid=3def23fa-aff6-11f0-8ff1-1e00110002e0 volumeid=74038472-0c2c-44e2-abcc-57c6dbef85a5

{
  "template": {
    "account": "admin",
    "arch": "x86_64",
    "bits": 0,
    "created": "2025-10-23T18:34:28+0000",
    "crossZones": false,
    "deployasis": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "directdownload": false,
    "displaytext": "BIOS VM Template",
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "downloaddetails": [
      {
        "datastore": "NFS://10.0.32.4/acs/secondary/ref-trl-9845-k-Mol8-rositsa-kyuchukova/ref-trl-9845-k-Mol8-rositsa-kyuchukova-sec1",
        "datastoreId": "7c34b1e2-81f1-4bb9-a315-af9d9abf0730",
        "datastoreRole": "Image",
        "downloadPercent": "100",
        "downloadState": "DOWNLOADED"
      }
    ],
    "forcks": false,
    "format": "QCOW2",
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "25d5f6ee-6ae2-43e0-97f3-c9c1e205efca",
    "isdynamicallyscalable": false,
    "isextractable": true,
    "isfeatured": false,
    "ispublic": false,
    "isready": true,
    "name": "bios-vm-template",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "ostypename": "CentOS 5.5 (64-bit)",
    "passwordenabled": false,
    "physicalsize": 1589182464,
    "requireshvm": true,
    "size": 8589934592,
    "sourcetemplateid": "3d85fb88-aff6-11f0-8ff1-1e00110002e0",
    "sshkeyenabled": false,
    "status": "Download Complete",
    "tags": [],
    "templatetype": "USER",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

6.2. Create Template from UEFI VM

create template displaytext="UEFI VM Template" name=uefi-vm-template ostypeid=bfc3d962-aff6-11f0-8ff1-1e00110002e0 volumeid=4fb1c738-27e5-4d93-a5e8-6b1c244a6a9a

{
  "template": {
    "account": "admin",
    "arch": "x86_64",
    "bits": 0,
    "created": "2025-10-23T18:38:09+0000",
    "crossZones": false,
    "deployasis": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "directdownload": false,
    "displaytext": "UEFI VM Template",
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "downloaddetails": [
      {
        "datastore": "NFS://10.0.32.4/acs/secondary/ref-trl-9845-k-Mol8-rositsa-kyuchukova/ref-trl-9845-k-Mol8-rositsa-kyuchukova-sec1",
        "datastoreId": "7c34b1e2-81f1-4bb9-a315-af9d9abf0730",
        "datastoreRole": "Image",
        "downloadPercent": "100",
        "downloadState": "DOWNLOADED"
      }
    ],
    "forcks": false,
    "format": "QCOW2",
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "35853bba-4bf2-44d7-9097-cb6f7136b3e0",
    "isdynamicallyscalable": false,
    "isextractable": false,
    "isfeatured": false,
    "ispublic": false,
    "isready": true,
    "name": "uefi-vm-template",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "ostypename": "Ubuntu 24.04 LTS",
    "passwordenabled": false,
    "physicalsize": 2586968064,
    "requireshvm": true,
    "size": 5368709120,
    "sourcetemplateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "sshkeyenabled": false,
    "status": "Download Complete",
    "tags": [],
    "templatetype": "USER",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

6.3. Deploy VM from BIOS and UEFI Templates

• BIOS:

deploy virtualmachine name=VM-from-bios-template displayname=from-bios-template zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=25d5f6ee-6ae2-43e0-97f3-c9c1e205efca networkids=89223ead-f632-4cb3-95b5-a9cf25085a15

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T18:41:51+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "cpuOvercommitRatio": "2.0"
    },
    "displayname": "from-bios-template",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "7fd62e21-167c-4a45-bbe6-27d3c76fad4f",
    "instancename": "i-2-15-VM",
    "ipaddress": "10.1.1.181",
    "isdynamicallyscalable": false,
    "jobid": "7ba2f82c-482d-4d2a-817b-df5e78efe466",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T18:42:15+0000",
    "memory": 512,
    "name": "VM-from-bios-template",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "ec25de46-463e-42ef-b267-f37162ba855a",
        "ipaddress": "10.1.1.181",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0d",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "3def23fa-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "BIOS VM Template",
    "templateformat": "QCOW2",
    "templateid": "25d5f6ee-6ae2-43e0-97f3-c9c1e205efca",
    "templatename": "bios-vm-template",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• UEFI:

deploy virtualmachine name=VM-from-uefi-template displayname=from-uefi-template zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=35853bba-4bf2-44d7-9097-cb6f7136b3e0 networkids=89223ead-f632-4cb3-95b5-a9cf25085a15

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T18:43:41+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "displayname": "from-uefi-template",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "5eb95a52-4e2c-4009-a5b1-828a163ec885",
    "instancename": "i-2-16-VM",
    "ipaddress": "10.1.1.205",
    "isdynamicallyscalable": false,
    "jobid": "b955ab3a-952b-4c77-b651-4b555c54efa2",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T18:44:07+0000",
    "memory": 512,
    "name": "VM-from-uefi-template",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "9da86f45-71d4-4ab1-b02e-4ac695f9b33a",
        "ipaddress": "10.1.1.205",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0e",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "UEFI VM Template",
    "templateformat": "QCOW2",
    "templateid": "35853bba-4bf2-44d7-9097-cb6f7136b3e0",
    "templatename": "uefi-vm-template",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

6.4. Check Boot Mode in libvirt XML for VMs deployed from BIOS Templates

• Check full OS section:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-15-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Check for loader and nvram (should be empty):

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-15-VM | grep loader
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-15-VM | grep nvram
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 

• Check machine type:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-15-VM | grep machine
    <partition>/machine</partition>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>

• Verify NO NVRAM file exists:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-15-VM | grep uuid | head -1
  <uuid>7fd62e21-167c-4a45-bbe6-27d3c76fad4f</uuid>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/ | grep 7fd62e21-167c-4a45-bbe6-27d3c76fad4f

Actual Results:

• No loader element - Empty grep result confirms no UEFI loader
• No NVRAM element - Empty grep result confirms no NVRAM configuration
• Machine type: pc-i440fx-rhel7.6.0 - Traditional BIOS chipset (not Q35)
• No NVRAM file on disk - File does not exist for UUID 7fd62e21-167c-4a45-bbe6-27d3c76fad4f
• Clean OS section - Only basic BIOS boot configuration (cdrom, hd)

6.7. Check Boot Mode in libvirt XML for VMs deployed from UEFI Templates

• Check full OS section:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-16-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5eb95a52-4e2c-4009-a5b1-828a163ec885.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Check for loader

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-16-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>

• Check for nvram

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-16-VM | grep nvram
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/5eb95a52-4e2c-4009-a5b1-828a163ec885.fd</nvram>

• Check machine type:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-16-VM | grep machine
    <partition>/machine</partition>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>

• Verify NVRAM file exists

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-16-VM | grep uuid | head -1
  <uuid>5eb95a52-4e2c-4009-a5b1-828a163ec885</uuid>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/ | grep 5eb95a52-4e2c-4009-a5b1-828a163ec885
-rw-------. 1 root root 528K Oct 23 18:44 5eb95a52-4e2c-4009-a5b1-828a163ec885.fd

Actual Results

• Loader: /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd with secure='yes'
• NVRAM template: /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
• NVRAM file path: /var/lib/libvirt/qemu/nvram/5eb95a52-4e2c-4009-a5b1-828a163ec885.fd
• Machine type: pc-q35-rhel8.6.0 (Q35 chipset for UEFI)
• File size: 528K (correct for OVMF)
• UUID correlation: Matches between VM and NVRAM filename

Test Case 7 - Unmanage/Import UEFI VM Lifecycle

7.1 Deploy UEFI VM for Unmanage Testing

deploy virtualmachine name=uefi-unmanage-test-VM displayname=uefi-unmanage-test-VM zoneid=ed28691c-(localcloud) 🐱 > deploy virtualmachine name=uefi-unmanage-test-VM displayname=uefi-unmanage-test-VM zoneid=ed28691c-(localcloud) 🐱 > deploy virtualmachine name=uefi-unmanage-test-VM displayname=uefi-unmanage-test-VM zoneid=ed28691c-(localcloud) 🐱 > deploy virtualmachine name=uefi-unmanage-test-VM displayname=uefi-unmanage-test-VM zoneid=ed28691c-cf37-456f-95c6-469903cff4e7 serviceofferingid=e29a0a7a-999c-4d5d-bd31-59cd4fdf5507 templateid=96b4984d-cb7f-4821-8b13-02e6dc8192eb networkids=89223ead-f632-4cb3-95b5-a9cf25085a15 boottype=UEFI bootmode=SECURE

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "created": "2025-10-23T19:00:54+0000",
    "deleteprotection": false,
    "details": {
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "rootDiskController": "osdefault"
    },
    "displayname": "uefi-unmanage-test-VM",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "7bf01e01-11a1-443a-be3f-74c6af6b3845",
    "instancename": "i-2-17-VM",
    "ipaddress": "10.1.1.117",
    "isdynamicallyscalable": false,
    "jobid": "b0327f2d-d9b6-4560-a7ad-4d2011f1422e",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T19:01:05+0000",
    "memory": 512,
    "name": "uefi-unmanage-test-VM",
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "4e45c99a-47e1-415b-823c-677bda62c7ec",
        "ipaddress": "10.1.1.117",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0f",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

Actual Result: Expected Result: VM deploys successfully with UEFI secure boot

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep nvram
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>

7.2. Record VM Configuration Before Unmanage

• Record VM details

cmk list virtualmachines id=7bf01e01-11a1-443a-be3f-74c6af6b3845 > /tmp/vm-before-unmanage.json

then

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# cat /tmp/vm-before-unmanage.json

{
  "count": 1,
  "virtualmachine": [
    {
      "account": "admin",
      "affinitygroup": [],
      "arch": "x86_64",
      "bootmode": "secure",
      "boottype": "Uefi",
      "cpunumber": 1,
      "cpuspeed": 500,
      "cpuused": "4.17%",
      "created": "2025-10-23T19:00:54+0000",
      "deleteprotection": false,
      "details": {
        "UEFI": "SECURE",
        "cpuOvercommitRatio": "2.0",
        "rootDiskController": "osdefault"
      },
      "diskioread": 0,
      "diskiowrite": 0,
      "diskkbsread": 0,
      "diskkbswrite": 0,
      "displayname": "uefi-unmanage-test-VM",
      "displayvm": true,
      "domain": "ROOT",
      "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
      "domainpath": "ROOT",
      "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
      "haenable": false,
      "hasannotations": false,
      "hostcontrolstate": "Enabled",
      "hostid": "809cab41-5034-434f-851b-522f651a4732",
      "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
      "hypervisor": "KVM",
      "id": "7bf01e01-11a1-443a-be3f-74c6af6b3845",
      "instancename": "i-2-17-VM",
      "ipaddress": "10.1.1.117",
      "isdynamicallyscalable": false,
      "lastupdated": "2025-10-23T19:01:05+0000",
      "memory": 512,
      "memoryintfreekbs": -1,
      "memorykbs": 524288,
      "memorytargetkbs": 524288,
      "name": "uefi-unmanage-test-VM",
      "networkkbsread": 0,
      "networkkbswrite": 0,
      "nic": [
        {
          "broadcasturi": "vlan://2587",
          "deviceid": "0",
          "extradhcpoption": [],
          "gateway": "10.1.1.1",
          "id": "4e45c99a-47e1-415b-823c-677bda62c7ec",
          "ipaddress": "10.1.1.117",
          "isdefault": true,
          "isolationuri": "vlan://2587",
          "macaddress": "02:01:00:cc:00:0f",
          "netmask": "255.255.255.0",
          "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
          "networkname": "test",
          "secondaryip": [],
          "traffictype": "Guest",
          "type": "Isolated"
        }
      ],
      "osdisplayname": "Ubuntu 24.04 LTS",
      "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
      "passwordenabled": false,
      "pooltype": "NetworkFilesystem",
      "receivedbytes": 0,
      "rootdeviceid": 0,
      "rootdevicetype": "ROOT",
      "securitygroup": [],
      "sentbytes": 0,
      "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
      "serviceofferingname": "Small Instance",
      "state": "Running",
      "tags": [],
      "templatedisplaytext": "Ubuntu-24.04",
      "templateformat": "QCOW2",
      "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
      "templatename": "Ubuntu-24.04",
      "templatetype": "USER",
      "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
      "username": "admin",
      "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
      "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
    }
  ]
}

• Verify boot configuration

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# cmk list virtualmachines id=7bf01e01-11a1-443a-be3f-74c6af6b3845 | grep -E "boottype|bootmode|UEFI" 
      "bootmode": "secure",
      "boottype": "Uefi",
        "UEFI": "SECURE",

• On KVM host - save libvirt XML

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM > /tmp/vm-libvirt-before.xml
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 

then

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# cat /tmp/vm-libvirt-before.xml

<domain type='kvm' id='14'>
  <name>i-2-17-VM</name>
  <uuid>7bf01e01-11a1-443a-be3f-74c6af6b3845</uuid>
  <description>Ubuntu 24.04 LTS</description>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <cputune>
    <shares>250</shares>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <sysinfo type='smbios'>
    <system>
      <entry name='manufacturer'>Apache Software Foundation</entry>
      <entry name='product'>CloudStack KVM Hypervisor</entry>
      <entry name='serial'>7bf01e01-11a1-443a-be3f-74c6af6b3845</entry>
      <entry name='uuid'>7bf01e01-11a1-443a-be3f-74c6af6b3845</entry>
    </system>
  </sysinfo>
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
    <smm state='on'/>
  </features>
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>qemu64</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='lahf_lm'/>
    <feature policy='disable' name='svm'/>
  </cpu>
  <clock offset='utc'>
    <timer name='kvmclock'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/mnt/8a56ab93-9d21-3088-9700-86088cddf664/039f2ac3-e111-4c04-a646-331df48d8ba4' index='2'/>
      <backingStore type='file' index='3'>
        <format type='qcow2'/>
        <source file='/mnt/8a56ab93-9d21-3088-9700-86088cddf664/96b4984d-cb7f-4821-8b13-02e6dc8192eb'/>
        <backingStore/>
      </backingStore>
      <target dev='vda' bus='virtio'/>
      <serial>039f2ac3e1114c04a646</serial>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu'/>
      <target dev='sdd' bus='sata'/>
      <readonly/>
      <alias name='sata0-0-3'/>
      <address type='drive' controller='0' bus='0' target='0' unit='3'/>
    </disk>
    <controller type='usb' index='0' model='qemu-xhci'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <controller type='sata' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'>
      <alias name='pcie.0'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </controller>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <alias name='pci.1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <alias name='pci.2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <alias name='pci.3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <alias name='pci.4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0x14'/>
      <alias name='pci.5'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='pci' index='6' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='6' port='0x15'/>
      <alias name='pci.6'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
    </controller>
    <controller type='pci' index='7' model='pcie-to-pci-bridge'>
      <model name='pcie-pci-bridge'/>
      <alias name='pci.7'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </controller>
    <controller type='pci' index='8' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='8' port='0x16'/>
      <alias name='pci.8'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
    </controller>
    <interface type='bridge'>
      <mac address='02:01:00:cc:00:0f'/>
      <source bridge='breth1-2587'/>
      <bandwidth>
        <inbound average='25000' peak='25000'/>
        <outbound average='25000' peak='25000'/>
      </bandwidth>
      <target dev='vnet19'/>
      <model type='virtio'/>
      <link state='up'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/9'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/9'>
      <source path='/dev/pts/9'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/i-2-17-VM.org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5908' autoport='yes' listen='10.0.34.104'>
      <listen type='address' address='10.0.34.104'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <watchdog model='i6300esb' action='none'>
      <alias name='watchdog0'/>
      <address type='pci' domain='0x0000' bus='0x07' slot='0x01' function='0x0'/>
    </watchdog>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+0</label>
    <imagelabel>+0:+0</imagelabel>
  </seclabel>
</domain>

• Record NVRAM UUID

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh domuuid i-2-17-VM
7bf01e01-11a1-443a-be3f-74c6af6b3845

• Record NVRAM file

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd
-rw-------. 1 root root 528K Oct 23 19:01 /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd

7.3 Unmanage the UEFI VM

(localcloud) 🐱 > unmanageVirtualMachine id=7bf01e01-11a1-443a-be3f-74c6af6b3845
{
  "unmanagevirtualmachineresponse": {
    "details": "VM unmanaged successfully",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "success": true
  }
}

Actual Result: VM is unmanaged, removed from CloudStack database but continues running

• VM not present on CS anymore

(localcloud) 🐱 > list virtualmachines id=7bf01e01-11a1-443a-be3f-74c6af6b3845
(localcloud) 🐱 >  

• VM still running on KVM Host:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh list | grep i-2-17-VM
 14   i-2-17-VM   running

7.4. Verify VM Still Runs with UEFI on KVM Host

• Verify UEFI configuration unchanged

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Verify loader still present

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secb

• Verify NVRAM still present

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep nvram
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>

• Verify NVRAM file still exists

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/ | grep 7bf01e01-11a1-443a-be3f-74c6af6b3845
-rw-------. 1 root root 528K Oct 23 19:01 7bf01e01-11a1-443a-be3f-74c6af6b3845.fd

• Compare with saved XML

7.5 List Unmanaged Instances

list unmanagedinstances clusterid=2256735d-0919-47af-a550-fd871fd3a2b5

{
  "count": 1,
  "unmanagedinstance": [
    {
      "bootmode": "SECURE",
      "boottype": "UEFI",
      "clusterid": "2256735d-0919-47af-a550-fd871fd3a2b5",
      "clustername": "p1-c1",
      "cpucorepersocket": 1,
      "cpunumber": 1,
      "cpuspeed": 250,
      "disk": [
        {
          "capacity": 5368709120,
          "controller": "virtio",
          "datastorehost": "10.0.32.4",
          "datastorename": "/acs/primary/ref-trl-9845-k-Mol8-rositsa-kyuchukova/ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm-pri1",
          "datastorepath": "/acs/primary/ref-trl-9845-k-Mol8-rositsa-kyuchukova/ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm-pri1",
          "datastoretype": "file",
          "id": "0",
          "imagepath": "/mnt/8a56ab93-9d21-3088-9700-86088cddf664/039f2ac3-e111-4c04-a646-331df48d8ba4",
          "label": "vda",
          "position": 0
        }
      ],
      "hostid": "809cab41-5034-434f-851b-522f651a4732",
      "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
      "memory": 512,
      "name": "i-2-17-VM",
      "nic": [
        {
          "adaptertype": "virtio",
          "id": "0",
          "macaddress": "02:01:00:cc:00:0f",
          "networkname": "vnet19",
          "vlanid": 2587
        }
      ],
      "powerstate": "PowerOn"
    }
  ]
}

7.6 Re-import the UEFI VM

Screencast.from.2025-10-23.22-33-46.webm

Actual Result: VM successfully imported back into CloudStack

**7.7 Verify UEFI Boot Mode Preserved After Import

• Check if boot mode metadata is present after import

(localcloud) 🐱 > list virtualmachines id=ebf73c5d-dbba-4370-96bd-41bb9dc794a5 | jq '.virtualmachine[0] | {boottype, bootmode, details}'
{
  "boottype": "Uefi",
  "bootmode": "secure",
  "details": {
    "UEFI": "SECURE",
    "deployvm": "true",
    "kvm.vnc.password": "lmDJ8HJCxHaldSYHpNAYdr",
    "nicAdapter": "virtio",
    "rootDiskController": "virtio"
  }
}

• On KVM host - verify libvirt XML

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM  | sed -n '/<os>/,/<\/os>/p'
  <os>
    <type arch='x86_64' machine='pc-q35-rhel8.6.0'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

• Verify loader:

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>

• Verify NVRAM

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep nvram
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd</nvram>

• Check NVRAM file

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh domuuid i-2-17-VM
7bf01e01-11a1-443a-be3f-74c6af6b3845

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd 
-rw-------. 1 root root 528K Oct 23 19:01 /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd

Actual Results:

• "boottype": "Uefi" present in VM details
• "bootmode": "secure" present in VM details
• "UEFI": "SECURE" in details metadata
• Libvirt XML has <loader> element
• Libvirt XML has <nvram> element
• NVRAM file exists with correct size (~528K)

7.8 Test Re-imported VM Lifecycle

• Stop VM

(localcloud) 🐱 > stop virtualmachine id=ebf73c5d-dbba-4370-96bd-41bb9dc794a5

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.12%",
    "created": "2025-10-23T19:34:04+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "deployvm": "true",
      "kvm.vnc.password": "lmDJ8HJCxHaldSYHpNAYdr",
      "nicAdapter": "virtio",
      "rootDiskController": "virtio"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "test-import-uefi-VM",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "ebf73c5d-dbba-4370-96bd-41bb9dc794a5",
    "instancename": "i-2-17-VM",
    "ipaddress": "10.1.1.125",
    "isdynamicallyscalable": false,
    "jobid": "aae70071-e8d5-48d9-bde2-3d877fcb766d",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T19:44:31+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "test-import-uefi-VM",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "894a9e11-5ab5-4917-8c52-3be37f795375",
        "ipaddress": "10.1.1.125",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:0f",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify NVRAM persists

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd 
-rw-------. 1 root root 528K Oct 23 19:01 /var/lib/libvirt/qemu/nvram/7bf01e01-11a1-443a-be3f-74c6af6b3845.fd

• Start VM

(localcloud) 🐱 > start virtualmachine id=ebf73c5d-dbba-4370-96bd-41bb9dc794a5

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.12%",
    "created": "2025-10-23T19:34:04+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "kvm.vnc.password": "lmDJ8HJCxHaldSYHpNAYdr",
      "nicAdapter": "virtio",
      "rootDiskController": "virtio"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "test-import-uefi-VM",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "f32bba83-2167-42fd-b44d-956748133215",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "ebf73c5d-dbba-4370-96bd-41bb9dc794a5",
    "instancename": "i-2-17-VM",
    "ipaddress": "10.1.1.125",
    "isdynamicallyscalable": false,
    "jobid": "07d4ae0c-c4ee-46e7-9eaa-444b01863b42",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T19:46:07+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "test-import-uefi-VM",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "894a9e11-5ab5-4917-8c52-3be37f795375",
        "ipaddress": "10.1.1.125",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0f",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

• Verify still UEFI

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>

• Migrate VM on Host1

(localcloud) 🐱 > migrate virtualmachine virtualmachineid=ebf73c5d-dbba-4370-96bd-41bb9dc794a5 hostid=809cab41-5034-434f-851b-522f651a4732

{
  "account": "admin",
  "accountid": "d8414bf0-aff6-11f0-8ff1-1e00110002e0",
  "cmd": "org.apache.cloudstack.api.command.admin.vm.MigrateVMCmd",
  "completed": "2025-10-23T19:48:09+0000",
  "created": "2025-10-23T19:48:07+0000",
  "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
  "domainpath": "ROOT",
  "jobid": "299b6f68-556a-4daa-84d5-999c3e0fef7a",
  "jobinstanceid": "ebf73c5d-dbba-4370-96bd-41bb9dc794a5",
  "jobinstancetype": "VirtualMachine",
  "jobprocstatus": 0,
  "jobresult": {
    "errorcode": 530,
    "errortext": "Exception during migrate: org.libvirt.LibvirtException: operation failed: domain 'i-2-17-VM' already exists with uuid 7bf01e01-11a1-443a-be3f-74c6af6b3845"
  },
  "jobresultcode": 530,
  "jobresulttype": "object",
  "jobstatus": 2,
  "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0"
}
🙈 Error: async API failed for job 299b6f68-556a-4daa-84d5-999c3e0fef7a

Screencast.from.2025-10-23.22-50-27.webm

Actual Result

• Old libvirt domain still exists on Host1 (from before unmanage)
• Same UUID: 7bf01e01-11a1-443a-be3f-74c6af6b3845
• Libvirt refuses: "domain with this UUID already exists"

Workaround:

• Clean up the old domain on Host1

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh undefine i-2-17-VM --nvram
Domain 'i-2-17-VM' has been undefined

• Re-attempt migration to Host1

(localcloud) 🐱 > migrate virtualmachine virtualmachineid=ebf73c5d-dbba-4370-96bd-41bb9dc794a5 hostid=809cab41-5034-434f-851b-522f651a4732

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "bootmode": "secure",
    "boottype": "Uefi",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "4.46%",
    "created": "2025-10-23T19:34:04+0000",
    "deleteprotection": false,
    "details": {
      "Message.ReservedCapacityFreed.Flag": "false",
      "UEFI": "SECURE",
      "cpuOvercommitRatio": "2.0",
      "kvm.vnc.password": "lmDJ8HJCxHaldSYHpNAYdr",
      "nicAdapter": "virtio",
      "rootDiskController": "virtio"
    },
    "diskioread": 0,
    "diskiowrite": 0,
    "diskkbsread": 0,
    "diskkbswrite": 0,
    "displayname": "test-import-uefi-VM",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "3d76a8c0-aff6-11f0-8ff1-1e00110002e0",
    "domainpath": "ROOT",
    "guestosid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "809cab41-5034-434f-851b-522f651a4732",
    "hostname": "ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "ebf73c5d-dbba-4370-96bd-41bb9dc794a5",
    "instancename": "i-2-17-VM",
    "ipaddress": "10.1.1.125",
    "isdynamicallyscalable": false,
    "jobid": "46183eb8-fc89-4c11-b8fb-b267917e4ac1",
    "jobstatus": 0,
    "lastupdated": "2025-10-23T19:55:54+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "test-import-uefi-VM",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2587",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "894a9e11-5ab5-4917-8c52-3be37f795375",
        "ipaddress": "10.1.1.125",
        "isdefault": true,
        "isolationuri": "vlan://2587",
        "macaddress": "02:01:00:cc:00:0f",
        "netmask": "255.255.255.0",
        "networkid": "89223ead-f632-4cb3-95b5-a9cf25085a15",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "Ubuntu 24.04 LTS",
    "ostypeid": "bfc3d962-aff6-11f0-8ff1-1e00110002e0",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "e29a0a7a-999c-4d5d-bd31-59cd4fdf5507",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "Ubuntu-24.04",
    "templateformat": "QCOW2",
    "templateid": "96b4984d-cb7f-4821-8b13-02e6dc8192eb",
    "templatename": "Ubuntu-24.04",
    "templatetype": "USER",
    "userid": "d8425aac-aff6-11f0-8ff1-1e00110002e0",
    "username": "admin",
    "zoneid": "ed28691c-cf37-456f-95c6-469903cff4e7",
    "zonename": "ref-trl-9845-k-Mol8-rositsa-kyuchukova"
  }
}

Actual Result: Migration succeeds.

• Verify UEFI on new Host1

[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep loader
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/
5462d7a7-fe66-4779-9f9a-f1506a883e43.fd  5eb95a52-4e2c-4009-a5b1-828a163ec885.fd  ebf73c5d-dbba-4370-96bd-41bb9dc794a5.fd
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# ls -lh /var/lib/libvirt/qemu/nvram/ebf73c5d-dbba-4370-96bd-41bb9dc794a5.fd 
-rw-------. 1 root root 528K Oct 23 19:55 /var/lib/libvirt/qemu/nvram/ebf73c5d-dbba-4370-96bd-41bb9dc794a5.fd
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# 
[root@ref-trl-9845-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-17-VM | grep nvram
    <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/ebf73c5d-dbba-4370-96bd-41bb9dc794a5.fd</nvram>

Actual Results:

• Stop/start works normally
• NVRAM file persists
• UEFI configuration maintained
• Migration successful after clean up of the old domain on Host1
• NVRAM copied to new host

[sureshanaparti]

@sureshanaparti can you create doc PR to remove Ubuntu 20.04 from compatibility matrix ?

@weizhouapache doc PR here: apache/cloudstack-documentation#589