/usr/share/edk2/ovmf-4m directory missing

I have a Windows 11 VM I have used for a while in KVM/QEMU. I tried to fire it up today after a while and it won’t load because the usr/share/edk2/ovmf-4m directory is missing. I was loading the UEFI secure boot firmware from /usr/share/edk2/ovmf-4m/OVMF_CODE.secboot.fd. I had updated the VM to the 4M version of the firmware a while back when I ran into this issue: Can't install KB5012170 in ed2k-ovmf in Qemu · tianocore/edk2 · Discussion #3221 · GitHub. I don’t know if the directory got removed when I upgraded to F39 or if maybe SELinux didn’t like it or something else.

I thought maybe Fedora just changed it so all the images are 4M now, but before trying that I wanted to ask here. There are some images with 4M, but I don’t see a *.fd with 4M in the name:

/usr/share/edk2/ovmf$ ls
DBXUpdate-20230509.x64.bin  OVMF_CODE_4M.secboot.pcr    OVMF_CODE.secboot.pcr       OVMF_VARS.fd
EnrollDefaultKeys.efi       OVMF_CODE_4M.secboot.qcow2  OVMF.inteltdx.fd            OVMF_VARS.secboot.fd
MICROVM.fd                  OVMF_CODE.cc.fd             OVMF.inteltdx.secboot.fd    Shell.efi
OVMF.amdsev.fd              OVMF_CODE.fd                OVMF_VARS_4M.qcow2          UefiShell.iso
OVMF_CODE_4M.qcow2          OVMF_CODE.secboot.fd        OVMF_VARS_4M.secboot.qcow2

Can you tell me what I need to do to find the 4M *.fd image?


Found this in the changelog for edk2-ovmf.

* Wed May 17 2023 Gerd Hoffmann <kraxel@redhat.com> - 20230301gitf80f052277c8-31
- drop /ovmf-4m/, move 4M builds to /ovmf/ instead

Thanks both of you. So does anyone know why there isn’t a OVMF_CODE_4M.secboot.fd in ovmf? Has it been replaced by the qcow2 file? I can try it, hopefully I wouldn’t need to recreate my VM from scratch.

OVMF_CODE_4M.qcow2  OVMF_CODE_4M.secboot.pcr  OVMF_CODE_4M.secboot.qcow2

Thanks for the pointers. I ended up having to follow the steps in this post to get it working again:

I tried just using qcow2 for the OVMF_Code, but that didn’t work. The VM tried to load but the CPUs were pegged for a long time until I killed it. I had to convert my vars to qcow2 as the post explained and now I’m up and running again.

Thanks all.

This should have been the correct fix. In my test choosing OVMF_CODE_4M.secboot.qcow2 works and you have secure boot and you can install the dbx updates without running out of space.