guest_os_booting: enable secure boot firmware feature on aarch64

[hholoubk]

Summary

• Extend guest_os_booting.ovmf_firmware_feature.positive_test.enable_secure_boot to aarch64
• On ARM, libvirt selects the uefi-vars firmware (QEMU_EFI.qemuvars.fd + vars.secboot.json varstore) instead of pflash OVMF
• Gate the aarch64 variant on libvirt 12.1+ and QEMU 10.2+, where uefi-vars secure boot support is available
• Add QEMU version check in ovmf_firmware_feature.py via is_qemu_function_supported()

Test plan

• Run on x86 q35: avocado run --vt-type libvirt guest_os_booting.ovmf_firmware_feature.positive_test.enable_secure_boot — should pass unchanged
• Run on aarch64 with libvirt >= 12.1 and QEMU >= 10.2: same test name — should define varstore/rom loader and boot successfully
• Run on aarch64 with older libvirt/QEMU — test should cancel with unsupported version message

Summary by CodeRabbit

Release Notes

• Tests
  • Enhanced AArch64 OVMF firmware testing with version-specific configuration and loader support.
  • Added QEMU capability validation to ensure supported functionality before test execution.

[coderabbitai]

Warning

Review limit reached

@hholoubk, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 32 minutes and 19 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 471d1cce-ff1b-40ec-a337-4ba53bf3c164

📥 Commits

Reviewing files that changed from the base of the PR and between 3583806 and 2c583b5.

📒 Files selected for processing (1)

• libvirt/tests/cfg/guest_os_booting/ovmf_firmware/ovmf_firmware_feature.cfg

Walkthrough

The enable_secure_boot test case previously excluded AArch64 (no aarch64). This PR replaces that exclusion with an AArch64-specific configuration block in ovmf_firmware_feature.cfg that adds libvirt and QEMU version gating, sets loader_path to the AArch64 QEMU EFI firmware, defines a varstore_template, and updates firmware_xpath to use AArch64-specific varstore template lookup and a rom loader type instead of pflash. In the test runner ovmf_firmware_feature.py, utils_misc is imported from virttest and utils_misc.is_qemu_function_supported(params) is called at the start of run() before guest preparation proceeds.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: enabling secure boot firmware feature support on aarch64 architecture, which is the primary objective of this PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}