SUSE-RU-2025:0113-1: moderate: Recommended update for ovmf

Wed Jan 15 08:34:38 UTC 2025

# Recommended update for ovmf

Announcement ID: SUSE-RU-2025:0113-1  
Release Date: 2025-01-15T03:34:36Z  
Rating: moderate  
References:

  * bsc#1232762

Affected Products:

  * openSUSE Leap 15.6
  * Server Applications Module 15-SP6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Package Hub 15 15-SP6

An update that has one fix can now be installed.

## Description:

This update for ovmf fixes the following issues:

  * Added ovmf-x86_64-sev flavor to X64 against AMD SEV (bsc#1232762):

    * Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64 because SEV can NOT work with secure boot.
    * Add "-D SECURE_BOOT_ENABLE" to BUILD_OPTIONS_X86 because the building option be removed from OVMF_FLAGS.
    * The ovmf-x86_64-sev-code.bin, ovmf-x86_64-sev-vars.bin and a unified image ovmf-x86_64-sev.bin can be used.
  * Added 50-ovmf-x86_64-sev.json and 60-ovmf-x86_64-sev.json to
    descriptors.tar.xz for SEV flavor:

    * Removed features tag:

    * "acpi-s4", "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys"

    * Added features tag:

    * "amd-sev", "amd-sev-es", "amd-sev-snp"

    * The 50-ovmf-x86_64-sev.json is for the ovmf-x86_64-sev.bin unified image which is stateless mode.

    * The 60-ovmf-x86_64-sev.json is for the ovmf-x86_64-sev-code/vars.bin. Please note that the -vars storage is non-secure because SEV does NOT support SMM (requires-smm).
  * Removed "amd-sev" and "amd-sev-es" from descriptors/60-ovmf-x86_64.json and
    descriptors/60-ovmf-x86_64-2m.json.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch SUSE-2025-113=1 openSUSE-SLE-15.6-2025-113=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-113=1

  * Server Applications Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-113=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 x86_64)
    * ovmf-tools-202308-150600.5.6.1
    * ovmf-202308-150600.5.6.1
  * openSUSE Leap 15.6 (noarch)
    * qemu-uefi-aarch32-202308-150600.5.6.1
    * qemu-ovmf-ia32-202308-150600.5.6.1
    * qemu-uefi-aarch64-202308-150600.5.6.1
    * qemu-ovmf-x86_64-202308-150600.5.6.1
  * openSUSE Leap 15.6 (x86_64)
    * qemu-ovmf-x86_64-debug-202308-150600.5.6.1
  * SUSE Package Hub 15 15-SP6 (noarch)
    * qemu-uefi-aarch32-202308-150600.5.6.1
    * qemu-uefi-aarch64-202308-150600.5.6.1
    * qemu-ovmf-x86_64-202308-150600.5.6.1
  * SUSE Package Hub 15 15-SP6 (x86_64)
    * qemu-ovmf-x86_64-debug-202308-150600.5.6.1
  * Server Applications Module 15-SP6 (aarch64 x86_64)
    * ovmf-tools-202308-150600.5.6.1
    * ovmf-202308-150600.5.6.1
  * Server Applications Module 15-SP6 (noarch)
    * qemu-uefi-aarch64-202308-150600.5.6.1
    * qemu-ovmf-x86_64-202308-150600.5.6.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1232762

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250115/48e0235c/attachment.htm>