Enable UEFI Support For KVM Virtual Machines In Linux

The BIOS initializes the hardware and loads the OS into memory. BIOS is replaced with UEFI in the modern hardware. This guide explains what is UEFI and how to enable UEFI support for KVM virtual machines in Linux.

What is UEFI?

UEFI, short for Unified Extensible Firmware Interface, is the new replacement for traditional BIOS.

Unlike BIOS, UEFI is a tiny operating system that sits on the top of the computer's hardware and firmware. Remember BIOS is stored in firmware.

UEFI can do a lot more than a BIOS. We can store it in a flash memory on the motherboard, or it can be stored on a hard drive, or even on a network share.

The original motivation to replace legacy BIOS with UEFI was born during early development of the first Intel-HP Itanium systems in the mid-1990s.

Due to the BIOS limitations for larger server platforms, Intel started to work on the "Intel Boot Initiative" in 1998. It is later known as Extensible Firmware Interface (EFI).

Apple has adopted EFI for its Intel-based Mac systems and HP adopted EFI for its Itanium 2 servers. However, the other Chip vendors were not much interested to adopt Intel's EFI.

In 2005, a non-profit organization named Unified EFI Forum was formed by a group of leading technology companies including AMD, American Megatrends, ARM, Apple, Dell, Hewlett Packard Enterprise, HP Inc., IBM, Insyde Software, Intel, Lenovo, Microsoft, and Phoenix Technologies.

The board of directors of UEFI Forum includes representatives from all of these thirteen companies.

Using the EFI 1.10 Specification as the starting point, the UEFI Forum took over the development and renamed it as Unified EFI starting with version 2.0.

They agreed UEFI as the universal replacement for BIOS and took the responsibility for the management and promotion of UEFI specification.

UEFI Advantages

The UEFI specification provides many significant advantages over the legacy BIOS. Here are a few notable features:

• Support for hard drive partitions larger than 2.2 TB or more in size.
• UEFI replaces MBR with GPT partitioning, so you can now have for more than four primary  partitions on a drive.
• UEFI Secure Boot feature helps defend against malware attacks before the operating system loads,
• Faster boot time.
• Stylish user interface, including graphics and mouse cursor support.
• Efficient power and system management.
• Robust reliability and fault management.
• Backward and forward compatibility.

Please note that you can't replace BIOS with UEFI in the existing hardware. You need to buy a hardware that supports and includes UEFI.

UEFI specifications are platform-independent, supporting multiple platforms and architectures. Hope you got the basic understanding of UEFI. Let us now see how to enable UEFI support for KVM guests.

Enable UEFI Support for KVM Virtual Machines in Linux

I assume you already installed KVM on your system. If you haven't installed yet, check the following guides:

• Install And Configure KVM In CentOS 8 Server
• Install And Configure KVM In Ubuntu 20.04 Headless Server
• Install And Configure KVM In OpenSUSE Tumbleweed

Before creating virtual machines, we need to install OVMF package on the KVM host system.

OVMF is a port of Intel's tianocore firmware to the KVM/QEMU virtual machines. It contains sample UEFI firmware for both KVM and QEMU.

It allows easy debugging and experimentation with UEFI firmware either for testing virtual machines or using the (included) EFI shell.

The UEFI might be already installed as a dependency when installing KVM. Just in case if it is not installed, you can install it as shown below.

If your KVM host is running with CentOS/RHEL, run to install UEFI Firmware for Virtual Machines:

$ sudo dnf install edk2-ovmf

If you host system is Ubuntu, run:

$ sudo apt install ovmf

Done! We have just enabled UEFI support. Let us create a virtual machine with UEFI support.

Boot Virtual Machines with UEFI

If you prefer command line mode, add --boot uefi option when creating a new virtual machine:

$ virt-install --name centos8 --ram=2048 --vcpus=1 --cpu host --hvm --disk path=/var/lib/libvirt/images/centos8-vm1,size=10 --location /home/ostechnix/centos8.iso --network bridge=br0 --graphics vnc --boot uefi

Alternatively, you can use Virt-manager GUI application to create a new guest. It is very easier for newbies.

Open Virt-manager application and create a new virtual machine:

Choose the installation medium or ISO file location for your KVM guest:

Choose the memory and cpu core for the KVM guest:

Create a disk image for the KVM guest:

Check "Customize configuration before install" box and click Finish button:

You should now see the Virtual machine's hardware details. From the Overview section, choose "UEFI X86_64..." option from the Firmware drop-down box.

Click Apply button and  then click "Begin Installation" button on the top to continue installing the KVM guest machine.

Now your should see the TianoCore splash screen when initial boot:

Continue and finish the installation as usual.

UEFI settings interface

With traditional BIOS, you have to hit the appropriate Function key before boot menu appears to enter into BIOS and modify any BIOS settings. In UEFI, it is not necessary. You can access the UEFI settings screen right from the Grub boot menu.

If UEFI support is enabled on KVM, you should see the "System setup" menu entry in the Grub boot menu:

Enter into System setup to see how UEFI settings interface looks like.

You might see different UEFI interface with different features on your physical system. Many PCs still ship with text-mode UEFI settings interfaces that look and work like the old BIOS setup screen as shown here.

After making any changes in your PC's firmware, choose "Continue" and hit ENTER to go back to the boot menu.

Resource:

• UEFI Forum