Virtual devices, including virtual chipsets, are shipping alongside platform firmware.
SeaBIOS is an implementation of an x86 BIOS which relies on coreboot. It is used for legacy systems, but also to specialized and cloud optimized guests systems which don't require UEFI.
OVMF, which stands for Open Virtual Machine Firmware, is a UEFI-compatible firmware.
It is based on the TianoCore project, which provides an open-source implementation of a platform firmware that follows UEFI specifications.
It is the default method to boot UEFI-based operating systems in a virtual machine, and ddoes not support Compatibility Support Module (CSM). A virtual machine booting x86 BIOS won't be able to boot with OVMF.
Under Fedora-based systems such as Phyllome, firmware that can be used by virtual machines are stored in the following directory /usr/share/edk2/ovmf
| Name | Description |
|---|---|
| OVMF_CODE.fd | 2MB default OVMF firmware. Used by default |
| OVMF_VARS.fd | Variables store |
| OVMF_CODE.secboot.fd | 2MB firmware with secure boot enabled |
| OVMF_VARS.secboot.fd | Firmware variables with secure boot enabled |
| OVMF_CODE.secboot.pcrlock | Firmware with secure boot and PCR locking |
| OVMF_CODE_4M.qcow2 | 4MB firmware in qcow2 format for virtualization |
| OVMF_VARS_4M.qcow2 | 4MB variable store in qcow2 format for virtualization |
| OVMF_CODE_4M.secboot.pcrlock | 4MB firmware with secure boot and PCR locking |
| OVMF_CODE_4M.secboot.qcow2 | 4MB firmware with secure boot in qcow2 format |
| OVMF_VARS_4M.secboot.qcow2 | 4MB variable store with secure boot in qcow2 format |
| OVMF_CODE.cc.fd | Firmware code with confidential computing support |
| OVMF.qemuvars.fd | QEMU-specific firmware variables |
| OVMF.stateless.fd | Stateless firmware without persistent storage |
| OVMF.stateless.secboot.fd | Stateless firmware with secure boot |
| OVMF.stateless.secboot.pcrlock | Stateless firmware with secure boot and PCR locking |
| OVMF.amdsev.fd | AMD SEV (Secure Encrypted Virtualization) support. Allow the memory contents of a VM to be transparently encrypted with a key unique to that VM |
| OVMF.igvm | Firmware with IGVM loader. To be used alongside SEV platforms |
| OVMF.inteltdx.fd | Intel Trust Domain Extensions (TDX) support |
| OVMF.inteltdx.secboot.fd | TDX with secure boot support |
The Rust Hypervisor Firmware (RHF) is a UEFI-compatible firmware. It is focused on simplicity and performance and is designed to run cloud-centric operating systems.
It is developed alongside the Cloud Hypervisor.
| SeaBIOS | OVMF | RHF | |
|---|---|---|---|
| BIOS | Yes | No | No |
| UEFI | No | Yes | Yes |
| Secure Boot | No | Yes | ? |
| Chipset | i440fx, Q35 | i440f, Q35 | virt |
| Guests | Linux, Windows | Linux, Darwin, Windows | Linux, Windows |
| Virtual Function I/O (VFIO) | No | Yes | Yes |