libvirt driver launcing VMs with stateless firmware

Registered by Takashi Kajinami

Since v8.6.0, libvirt supports disabling NVRAM used by uefi bootloder

https://libvirt.org/formatdomain.html#bios-bootloader
```
loader
... In some cases, however, it may be desirable for the loader to run without any NVRAM, discarding any config changes on shutdown. The stateless flag (Since 8.6.0) can be used to control this behaviour, when set to yes NVRAM will never be created.
```

This is specifically useful in case we attempt to measure boot chain with SEV encrypted guests to avoid undermining the trust of the secure guest.

https://libvirt.org/kbase/launch_security_sev.html#boot-loader
```
If intending to attest the boot measurement, it is required to use a firmware binary that is stateless, as persistent NVRAM can undermine the trust of the secure guest. This is achieved by telling libvirt that a stateless binary is required
```

However this option is not configurable in the guest VMs launched by Nova.

This works aims to allow users to use the stateless firmware, by a new image property (eg. hw_firmware_statelss = true).

Blueprint information

Status:
Started
Approver:
sean mooney
Priority:
Undefined
Drafter:
Takashi Kajinami
Direction:
Approved
Assignee:
Takashi Kajinami
Definition:
Approved
Series goal:
Accepted for 2024.2
Implementation:
Needs Code Review
Milestone target:
None
Started by
Sylvain Bauza

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/libvirt-stateless-firmware

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/908297
    libvirt: Stateless firmware support

Addressed by: https://review.opendev.org/c/openstack/nova/+/908888
    Report availability of stateless firmware support

Addressed by: https://review.opendev.org/c/openstack/nova/+/908890
    libvirt: Launch instances with stateless firmware

[20240717 bauzas] Spec approved for the Dalmatian release

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.