Seeing an "Image type X64 can't be loaded on AARCH64 UEFI system" error while following Ch. 1 Guide
Closed this issue · 26 comments
I'm following along with 01_Learning_How_to_Run_VMs_with_QEMU.md and I'm at the Running a headless VM step. Everything seems to have worked correctly up until this point. This is the command I'm running:
sudo qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on \
-cpu host \
-smp 2 \
-m 2G \
-bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
-nic vmnet-shared \
-hda /opt/homebrew/share/qemu/ubuntu0.img
The error I see is:
UEFI firmware (version edk2-stable202302-for-qemu built at 18:12:10 on Sep 11 2023)
Error: Image at 000BFD42000 start failed: Not Found
Error: Image at 000BFC94000 start failed: Unsupported
Error: Image at 000BFC13000 start failed: Not Found
Tpm2SubmitCommand - Tcg2 - Not Found
Tpm2GetCapabilityPcrs fail!
Tpm2SubmitCommand - Tcg2 - Not Found
Image type X64 can't be loaded on AARCH64 UEFI system.
I'm confused as to why it is trying to load an X64 image. In order to generate ubuntu0.img I followed the two commands above in the guide:
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-arm64.img
qemu-img create -F qcow2 -b jammy-server-cloudimg-arm64.img -f qcow2 ubuntu0.img 128G
I've confirmed that the two images (jammy-server-cloudimg-arm64.img & ubuntu0.img) exist in the /opt/homebrew/share/qemu directory. I ran a qemu-img info on both images and confirmed that they have qcow2 file format. This is the output of qemu-img info ubuntu0.img:
image: ubuntu0.img
file format: qcow2
virtual size: 128 GiB (137438953472 bytes)
disk size: 196 KiB
cluster_size: 65536
backing file: jammy-server-cloudimg-arm64.img
backing file format: qcow2
Format specific information:
compat: 1.1
compression type: zlib
lazy refcounts: false
refcount bits: 16
corrupt: false
extended l2: false
Child node '/file':
filename: ubuntu0.img
protocol type: file
file length: 194 KiB (198656 bytes)
disk size: 196 KiB
My other suspicion was that there's an issue with the UEFI step using edk2-aarch64-code.fd, but there were no errors with that up to this point. I've confirmed that the flash drive also exists at the same path (/opt/homebrew/share/qemu/).
Any suggestions on what may have gone wrong with my set-up / why an x64 image is being attempted to be loaded?
Note: I believe is the line for the error I'm seeing.
Hi, what's the system and hardware you're running this on?
Hi, I'm running this on my Macbook Pro with M2 Max chip with macOS Sonoma 14.2.1
I tried reproducing this on my M2 Max and QEMU does display this error message for me as well, but the VM launches fine anyway:
UEFI firmware (version edk2-stable202302-for-qemu built at 17:14:55 on Mar 15 2023)
Error: Image at 000BFD41000 start failed: Not Found
Error: Image at 000BFC91000 start failed: Unsupported
Error: Image at 000BFC19000 start failed: Not Found
Tpm2SubmitCommand - Tcg2 - Not Found
Tpm2GetCapabilityPcrs fail!
Tpm2SubmitCommand - Tcg2 - Not Found
Image type X64 can't be loaded on AARCH64 UEFI system.
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
EFI stub: Booting Linux Kernel...
...
I'm not sure what exactly is QEMU/EFI doing, but it seems that it tries many ways to initialize itself, and it displays errors when these attempts fail. That is probably completely fine - just an implementation detail of QEMU.
Does your VM launch? If not, the error you're getting is probably unrelated and the problem is somewhere else. I don't have a clear idea what it might be. However, it is a bit weird to me that you have your images in the /opt/homebrew/share/qemu directory, as it is meant only for the UEFI firmwares and other QEMU-distributed files. You should have your .img files in a separate, working directory.
I ran in to this too after everything had been working fine the last time I was working through the guide. I had recently updated to macos 14.2.1, also on am M2 MBP, and none of the vmlaunch scripts worked, and I backtracked through to find that when I introduce the -bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd line I can get the UEFI shell, but when I add the ubuntu jammy image -cdrom jammy-server-cloudimg-arm64.img I get the following:
$ sudo qemu-system-aarch64 -machine virt,accel=hvf,highmem=on -cpu host -smp 2 -m 2G -nographic -bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd -cdrom jammy-server-cloudimg-arm64.img
UEFI firmware (version edk2-stable202302-for-qemu built at 18:12:10 on Sep 11 2023)
Error: Image at 000BFD42000 start failed: Not Found
Error: Image at 000BFC94000 start failed: Unsupported
Error: Image at 000BFC13000 start failed: Not Found
Tpm2SubmitCommand - Tcg2 - Not Found
Tpm2GetCapabilityPcrs fail!
Tpm2SubmitCommand - Tcg2 - Not Found
Image type X64 can't be loaded on AARCH64 UEFI system.
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
Synchronous Exception at 0x00000000BC564000
PC 0x0000BC564000
PC 0x0000BC5C23F4
PC 0x0000BC5C2608
PC 0x0000BC5C332C
PC 0x0000BC5C0030
PC 0x000047685788 (0x00004767E000+0x00007788) [ 1] DxeCore.dll
PC 0x0000BFCCAECC (0x0000BFCC4000+0x00006ECC) [ 2] BdsDxe.dll
PC 0x0000BFCCDFD4 (0x0000BFCC4000+0x00009FD4) [ 2] BdsDxe.dll
PC 0x00004768900C (0x00004767E000+0x0000B00C) [ 3] DxeCore.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x00000000BE8B7F18 X1 0x00000000BFFD0018 X2 0x00000000BC564000 X3 0x0000000000000000
X4 0x00000000BFD3E088 X5 0x0000000000000001 X6 0x00000000BC560000 X7 0x0000000000000000
X8 0x00600000BC56070F X9 0x00000000BC560000 X10 0x0000000000000003 X11 0x00000000BC578FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x000000006ED9EBA1 X15 0x000000008F1BBCDC
X16 0x00000000BFD362BC X17 0x00000000C19CD528 X18 0x0000000000000011 X19 0x00000000BC641000
X20 0x0000000000000000 X21 0x00000000BE8B7F18 X22 0x00000000BC655930 X23 0x0000000000000001
X24 0x00000000BC655000 X25 0x00000000BC6559F8 X26 0x00000000BC655A00 X27 0x00000000BC655A08
X28 0x00000000BC655A10 FP 0x000000004767D720 LR 0x00000000BC5C23F4
V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0xFFFFFF80FFFFFFD0 000000004767D3A0
V2 0x554E65213A544C55 41464544464F544E V3 0x0000000000000000 0010000000000000
V4 0x0000000040000000 0000000000000000 V5 0x4010040140100401 4010040140100401
V6 0x0040000000001000 0040000000001000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x000000004767D720 ELR 0x00000000BC564000 SPSR 0x60000A05 FPSR 0x00000000
ESR 0x8600000F FAR 0x00000000BC564000
ESR : EC 0x21 IL 0x1 ISS 0x0000000F
Instruction abort: Permission fault, third level
Stack dump:
000004767D620: 0000000000000001 00000000BC655000 00000000BC6559F8 00000000BC655A00
000004767D640: 00000000BC655A08 00000000BC655A10 000000004767D690 00000000BC579018
000004767D660: 000000004767D6D0 000000004767D768 00000000BC56E000 00000000BC56E009
000004767D680: 00000000BC630607 00000000000000C3 000000004767D6B0 FE3688847501A94B
000004767D6A0: DE86230ED9A8988D 00000000E17B053C 16CF6509F217BF38 F2BD26032C1D0511
000004767D6C0: E54DFA145B8EB223 220B01409C0E646C 0000000000000000 0000000000018000
000004767D6E0: 0000000000004000 0000000000000400 000010000007D720 00000000BC5791A0
000004767D700: 00000000BC579148 00000000BC579140 0000000000000010 00000000BC579098
> 000004767D720: 000000004767D780 00000000BC5C2608 0000000000000001 00000000BC641000
000004767D740: 00000000BE8B7F18 0000000000000000 000160184767D780 00000000BC564000
000004767D760: 00000000BC560000 0000000000000019 00000000BCB41D18 00000000BC579018
000004767D780: 000000004767D7E0 00000000BC5C332C 0000000000000000 00000000BC5C0428
000004767D7A0: 00000000BC6559DF 00000000BE8B7F18 000000004767D850 00000000BC5C32F0
000004767D7C0: 00000000BEFFE540 00000000BEE31030 00000000BF007920 00000000BE8B7E20
000004767D7E0: 000000004767D880 00000000BC5C0030 0000000000000000 0000000000000000
000004767D800: 0000000000000000 0000000000000001 00000000BFCDE000 00000000BF007BE4
Synchronous Exception at 0x00000000BC564000
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))
This is the same results when I use the vmlaunch script from the guide which had been working without issue. The terminal locks hard and I have to force a reset on it.
I have a sneaking suspicion the issue has something to do with the jammy server image. I downloaded the ISO and it boots fine using the above qemu command. I tried to use the Jammy cloudinit image on VMWare Fusion and it hung in the UEFI firmware.
I may try a different cloudinit image later and see what happens.
Well, I probably just don't know what I'm doing on the one hand and the -cdrom option doesn't really work with that cloudinit image, but the above crash during the attempt to load the kernel is the same exact error output I get no matter how I try using that image, even when I build the OS image withvmsetup.sh and launch it with vmlaunch.sh.
I tried using a Debian generic qcow generic cloud image in place of jammy with vmsetup and vmlaunch and it doesn't crash, but also it doesn't boot. The UEFI network boot attempts and then just dumps to the UEFI shell.
I thought maybe something is weird with the kernel or something, like something else I had done maybe was messing with the mac virtualization stuff so I rebooted, but no change in behavior.
I need to get a better sense of what sorts of images will actually using this process because I don't think my attempts have been entirely valid.
@thedude42 passing cloud images as -cdrom definitely does not seem like a good idea - cloud images are not bootable Live CDs, they're preinstalled disk images.
I've just upgraded to Sonoma 14.2.1 and unfortunately I still can't reproduce the problem. My QEMU version is 8.1.2 and I am using a freshly downloaded Ubuntu cloud image.
My QEMU version is 8.1.2 and I am using a freshly downloaded Ubuntu cloud image
Hm, Homebrew is on 8.2.0 which is what I'm on. I think I stumbled on someone using the same qemu version with Trivy and had a similar issue and they had a PR for macports or something... need to figure out if downgrading is easier than waiting for an update.
What is interesting is that the last modified time of /opt/homebrew/Cellar/qemu/8.2.0/bin/qemu-system-aarch64 is different than /opt/homebrew/share/qemu/edk2-aarch64-code.fd, where qemu-system-aarch64 is newer. Of course this isn't definitive of anything, just something I noticed.
Yep, 8.2.0 crashes for me as well, so it may be a regression in QEMU.
I just posted same issue in discussion and noticed already discussion going on here.
Has anyone found possible reasons for this failure, it was working fine for me and suddenly it appeared last week and I am not able to progress further?
Update:
I tried using bionic-server-cloudimg-arm64.img and consoled same error but ask to continue and loaded ubuntu successfully. I will check if I can continue working with this image.
@ghik please confirm if this project has any hard dependency with jammy server? Or will bionic-server-cloudimg-arm64.img work?
@ashish-jadhao no, there isn't any hard dependency on Ubuntu version. You can try using bionic if it works for you.
So far, the problem looks like a regression in QEMU 8.2. The current workaround is to downgrade to 8.1, which you can do with the following steps:
brew uninstall qemu
wget https://raw.githubusercontent.com/Homebrew/homebrew-core/676c6922d79d24cc0794dd22250e3ea1167f2cd9/Formula/q/qemu.rb
brew install qemu.rb
Well, per my previous comment I looked at the QEMU download page:
https://www.qemu.org/download/
Looks like the files under /opt/homebrew/Cellar/qemu/8.2.0/bin/ all have the last modified date of 19 December 2023, the release date of QEMU 8.2.0
As for the files under /opt/homebrew/share/qemu/, they have a last modified date of 23 December 2023, the release date for QEMU 8.1.4
I need to do a little more digging to see if the actual files correlate to the packages and whether or not they actually differ between the version's packages to be sure this isn't just a red herring.
Upstream issue: https://gitlab.com/qemu-project/qemu/-/issues/2072
This has been identified as a problem with EDK2 (UEFI implementation): https://gitlab.com/qemu-project/qemu/-/issues/1990
This means that the currently recommended workaround is to use EDK2 that was bundled with QEMU 8.1.3. You can download it here and use it with:
-bios edk2-aarch64-qemu_1_8_3-code.fd
This should work with QEMU 8.2.0
This should work with QEMU 8.2.0
Yup! worked for me!
Interesting note... When I fixed me vmlaunch.sh script I set the file path incorrectly, and the result was the exact same error as I posted earlier which makes me suspect there is some qemu fallback when the firmware, for whatever reason, doesn't load as expected.
In either case, using the edk2-aarch64-qemu_1_8_3-code.fd firmware allows me to boot the VMs again. Thanks for following through on this! From what I can tell this issue should be resolved if we call out the issue in qemu 8.2.0, which anyone who picks up this project right now on a brand new Mac Book is going to end up with.
I tried the two solutions you mentioned above, but another problem occurred.
➜ kubernetes sudo qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on \
-cpu host \
-smp 2 \
-m 2G \
-bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
-nic vmnet-shared \
-hda ubuntu0.img
Password:
UEFI firmware (version edk2-stable202302-for-qemu built at 17:14:55 on Mar 15 2023)
Error: Image at 000BFD41000 start failed: Not Found
Synchronous Exception at 0x00000000BFD37E08
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37D00 (0x0000BFD35000+0x00002D00) [ 0] ArmCpuDxe.dll
PC 0x0000BFD380BC (0x0000BFD35000+0x000030BC) [ 0] ArmCpuDxe.dll
PC 0x0000476C36C0 (0x0000476BB000+0x000086C0) [ 1] DxeCore.dll
PC 0x0000476C8938 (0x0000476BB000+0x0000D938) [ 1] DxeCore.dll
PC 0x0000476C2F44 (0x0000476BB000+0x00007F44) [ 1] DxeCore.dll
PC 0x0000BFD38DA0 (0x0000BFD35000+0x00003DA0) [ 2] ArmCpuDxe.dll
PC 0x0000476C2848 (0x0000476BB000+0x00007848) [ 3] DxeCore.dll
PC 0x0000476CFF84 (0x0000476BB000+0x00014F84) [ 3] DxeCore.dll
PC 0x0000476C6340 (0x0000476BB000+0x0000B340) [ 3] DxeCore.dll
[ 0] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x0000000047FFE010 X1 0x00000000BF0D7003 X2 0x0000000000080000 X3 0x0000000000000000
X4 0x0000000000000200 X5 0x0000000000000004 X6 0x0060000000000000 X7 0xFF9F000000000F3F
X8 0x00000000BFFFF008 X9 0x0000000400000000 X10 0x00000000BF0D5000 X11 0x00000000BFA37FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x0000000000000000 X15 0x0000000000000000
X16 0x00000000BFD36208 X17 0x0000000047702000 X18 0x0000000000000000 X19 0x0000000080000000
X20 0x0000000047FFE000 X21 0x0000000000000001 X22 0x0000000000000010 X23 0x00000000BF0D7003
X24 0x000000003FFFFFFF X25 0x0000000000000000 X26 0x00000000BCAA0000 X27 0x0000000000000002
X28 0x00000000BFD3D020 FP 0x00000000476BA8A0 LR 0x00000000BFD37E08
V0 0x0000000000000000 0000000000000000 V1 0x0000000000000000 0000000000000000
V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000 0000000000000000
V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000 0000000000000000
V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x00000000476BA8A0 ELR 0x00000000BFD37E08 SPSR 0x80000205 FPSR 0x00000000
ESR 0x86000005 FAR 0x00000000BFD37E08
ESR : EC 0x21 IL 0x1 ISS 0x00000005
Instruction abort: Translation fault, first level
Stack dump:
00000476BA7A0: 00000000BF0D7000 00000000BF0D54F8 0060000000000000 FF9F000000000F3F
00000476BA7C0: 00000000BCAA0000 00000000BCAA0000 00000000BCA00000 0000000C00000001
00000476BA7E0: 0000000000000002 0000000000000F28 00000000476BA8A0 00000000BFD37D00
00000476BA800: 0000000080000000 0000000047FFE000 0000000000000001 0000000000000010
00000476BA820: 00000000BF0D7000 000000003FFFFFFF 00000000BF0D7000 00000000BCAA0000
00000476BA840: 0000000000000002 00000000BFD3D020 0000000047FFD000 00000000BF0D7F28
00000476BA860: 0060000000000000 FF9F000000000F3F 00000000BCC00000 00000000BCAA0000
00000476BA880: 0000000080000000 0000001500000001 0000000000000001 00000000BF0D5000
> 00000476BA8A0: 00000000476BA950 00000000BFD37D00 0000000047FFA000 0000000047FFF000
00000476BA8C0: 0000000000000000 0000000000000000 0000000047FFE000 0000007FFFFFFFFF
00000476BA8E0: 00000000BF0D8228 00000000BCAA0000 0000000000000001 00000000BFD3D020
00000476BA900: 00000000476BA940 0000000047FFE010 0060000000000000 FF9F000000000F3F
00000476BA920: 00000000C0000000 00000000BCAA0000 0000000147FFA000 0000001E00000001
00000476BA940: 0060000000000000 00000000BF0D7000 00000000476BAA00 00000000BFD380BC
00000476BA960: 002000000000041C 0000000047FFA000 0000000000004000 0000000074AA6000
00000476BA980: 0000000047FFF000 0000000000000001 00000000BF0D8228 00000000476E5648
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
There are some information of my host:
Hardware: MacBook Pro M3 Max
OS: macOS Sonoma 14.2.1
QEMU version: 8.1.3/8.2.0 (installed via Homebrew)
Guest: Ubuntu Jammy (ARM64)
What does this mean:
QEMU version: 8.1.3/8.2.0 (installed via Homebrew)
Do you have both versions installed? Which one is actually linked?
Here's the firmware 8.1.3 UEFI file I'm using with my QEMU 8.2.0 installation:
MD5 (edk2-aarch64-qemu_1_8_3-code.fd) = 744a1256db35b83598f2fdaad7b8c5bb
In your launch command I see this line:
-bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
Is that the firmware file bundled with 8.1.3 or 8.2.0?
Sorry I didn't describe it clearly enough.
I tried the two solutions you mentioned above, but another problem occurred.
First, I use the edk2 which from this repository: edk2-aarch64-qemu_1_8_3-code.fd, It does not work for me.
Then, I downgrade the qemu to 8.1.3, it doesn't work either.
They reported the error: Instruction abort: Translation fault, first level
UEFI firmware (version edk2-stable202302-for-qemu built at 17:14:55 on Mar 15 2023)
Error: Image at 000BFD41000 start failed: Not Found
Synchronous Exception at 0x00000000BFD37E08
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37D00 (0x0000BFD35000+0x00002D00) [ 0] ArmCpuDxe.dll
PC 0x0000BFD380BC (0x0000BFD35000+0x000030BC) [ 0] ArmCpuDxe.dll
PC 0x0000476C36C0 (0x0000476BB000+0x000086C0) [ 1] DxeCore.dll
PC 0x0000476C8938 (0x0000476BB000+0x0000D938) [ 1] DxeCore.dll
PC 0x0000476C2F44 (0x0000476BB000+0x00007F44) [ 1] DxeCore.dll
PC 0x0000BFD38DA0 (0x0000BFD35000+0x00003DA0) [ 2] ArmCpuDxe.dll
PC 0x0000476C2848 (0x0000476BB000+0x00007848) [ 3] DxeCore.dll
PC 0x0000476CFF84 (0x0000476BB000+0x00014F84) [ 3] DxeCore.dll
PC 0x0000476C6340 (0x0000476BB000+0x0000B340) [ 3] DxeCore.dll
[ 0] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x0000000047FFE010 X1 0x00000000BF0D7003 X2 0x0000000000080000 X3 0x0000000000000000
X4 0x0000000000000200 X5 0x0000000000000004 X6 0x0060000000000000 X7 0xFF9F000000000F3F
X8 0x00000000BFFFF008 X9 0x0000000400000000 X10 0x00000000BF0D5000 X11 0x00000000BFA37FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x0000000000000000 X15 0x0000000000000000
X16 0x00000000BFD36208 X17 0x0000000047702000 X18 0x0000000000000000 X19 0x0000000080000000
X20 0x0000000047FFE000 X21 0x0000000000000001 X22 0x0000000000000010 X23 0x00000000BF0D7003
X24 0x000000003FFFFFFF X25 0x0000000000000000 X26 0x00000000BCAA0000 X27 0x0000000000000002
X28 0x00000000BFD3D020 FP 0x00000000476BA8A0 LR 0x00000000BFD37E08
V0 0x0000000000000000 0000000000000000 V1 0x0000000000000000 0000000000000000
V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000 0000000000000000
V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000 0000000000000000
V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x00000000476BA8A0 ELR 0x00000000BFD37E08 SPSR 0x80000205 FPSR 0x00000000
ESR 0x86000005 FAR 0x00000000BFD37E08
ESR : EC 0x21 IL 0x1 ISS 0x00000005
Instruction abort: Translation fault, first level
Stack dump:
00000476BA7A0: 00000000BF0D7000 00000000BF0D54F8 0060000000000000 FF9F000000000F3F
00000476BA7C0: 00000000BCAA0000 00000000BCAA0000 00000000BCA00000 0000000C00000001
00000476BA7E0: 0000000000000002 0000000000000F28 00000000476BA8A0 00000000BFD37D00
00000476BA800: 0000000080000000 0000000047FFE000 0000000000000001 0000000000000010
00000476BA820: 00000000BF0D7000 000000003FFFFFFF 00000000BF0D7000 00000000BCAA0000
00000476BA840: 0000000000000002 00000000BFD3D020 0000000047FFD000 00000000BF0D7F28
00000476BA860: 0060000000000000 FF9F000000000F3F 00000000BCC00000 00000000BCAA0000
00000476BA880: 0000000080000000 0000001500000001 0000000000000001 00000000BF0D5000
> 00000476BA8A0: 00000000476BA950 00000000BFD37D00 0000000047FFA000 0000000047FFF000
00000476BA8C0: 0000000000000000 0000000000000000 0000000047FFE000 0000007FFFFFFFFF
00000476BA8E0: 00000000BF0D8228 00000000BCAA0000 0000000000000001 00000000BFD3D020
00000476BA900: 00000000476BA940 0000000047FFE010 0060000000000000 FF9F000000000F3F
00000476BA920: 00000000C0000000 00000000BCAA0000 0000000147FFA000 0000001E00000001
00000476BA940: 0060000000000000 00000000BF0D7000 00000000476BAA00 00000000BFD380BC
00000476BA960: 002000000000041C 0000000047FFA000 0000000000004000 0000000074AA6000
00000476BA980: 0000000047FFF000 0000000000000001 00000000BF0D8228 00000000476E5648
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
The md5 is right,
So one thing to note is that when you run the command:
md5 edk2-aarch64-qemu_1_8_3-code.fd
this is assuming that edk2-aarch64-qemu_1_8_3-code.fd that shows up in your path is the right one, but doesn't confirm it's the same one in your qemu command -bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd
The interesting thing I notice is that your exception looks a lot like my exception, except that mine is on DefaultExceptionHandler.c(343): and yours is on DefaultExceptionHandler.c(333)
I suspect this is because you're still using the broken 8.2.0 UEFI firmware but on QEMU 8.1.3, where as I was using the broken firmware on QEMU 8.2.0.
Try setting the line in your qemu command to the exact absolute path to the file edk2-aarch64-qemu_1_8_3-code.fd wherever that is for your system. For example, the section in my vmlaunch.sh looks like this:
qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on \
-cpu host \
-smp $vcpus \
-m $memory \
-bios "$dir/edk2-aarch64-qemu_1_8_3-code.fd" \
-nic vmnet-shared,start-address=192.168.1.1,end-address=192.168.1.20,subnet-mask=255.255.255.0,"mac=$mac" \
-hda "$vmdir/disk.img" \
-drive file="$vmdir/cidata.iso",driver=raw,if=virtio
where I put edk2-aarch64-qemu_1_8_3-code.fd in the same directory as vmlaunch.sh is in.
emm, It does not work.
Here is Qemu(8.2.0) and edk2-aarch64-qemu_1_8_3-code.fd :
➜ kubernetes sudo qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on -cpu host -smp 2 \
-m 2G \
-bios /Users/tulip/Desktop/2024-study/kubernetes/edk2-aarch64-qemu_1_8_3-code.fd \
-nic vmnet-shared \
-hda ubuntu1.img
Password:
UEFI firmware (version edk2-stable202302-for-qemu built at 17:14:55 on Mar 15 2023)
Error: Image at 000BFD41000 start failed: Not Found
Synchronous Exception at 0x00000000BFD37E08
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37E08 (0x0000BFD35000+0x00002E08) [ 0] ArmCpuDxe.dll
PC 0x0000BFD37D00 (0x0000BFD35000+0x00002D00) [ 0] ArmCpuDxe.dll
PC 0x0000BFD380BC (0x0000BFD35000+0x000030BC) [ 0] ArmCpuDxe.dll
PC 0x0000476C36C0 (0x0000476BB000+0x000086C0) [ 1] DxeCore.dll
PC 0x0000476C8938 (0x0000476BB000+0x0000D938) [ 1] DxeCore.dll
PC 0x0000476C2F44 (0x0000476BB000+0x00007F44) [ 1] DxeCore.dll
PC 0x0000BFD38DA0 (0x0000BFD35000+0x00003DA0) [ 2] ArmCpuDxe.dll
PC 0x0000476C2848 (0x0000476BB000+0x00007848) [ 3] DxeCore.dll
PC 0x0000476CFF84 (0x0000476BB000+0x00014F84) [ 3] DxeCore.dll
PC 0x0000476C6340 (0x0000476BB000+0x0000B340) [ 3] DxeCore.dll
[ 0] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x0000000047FFE010 X1 0x00000000BF0D7003 X2 0x0000000000080000 X3 0x0000000000000000
X4 0x0000000000000200 X5 0x0000000000000004 X6 0x0060000000000000 X7 0xFF9F000000000F3F
X8 0x00000000BFFFF008 X9 0x0000000400000000 X10 0x00000000BF0D5000 X11 0x00000000BFA37FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x0000000000000000 X15 0x0000000000000000
X16 0x00000000BFD36208 X17 0x0000000047702000 X18 0x0000000000000000 X19 0x0000000080000000
X20 0x0000000047FFE000 X21 0x0000000000000001 X22 0x0000000000000010 X23 0x00000000BF0D7003
X24 0x000000003FFFFFFF X25 0x0000000000000000 X26 0x00000000BCAA0000 X27 0x0000000000000002
X28 0x00000000BFD3D020 FP 0x00000000476BA8A0 LR 0x00000000BFD37E08
V0 0x0000000000000000 0000000000000000 V1 0x0000000000000000 0000000000000000
V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000 0000000000000000
V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000 0000000000000000
V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x00000000476BA8A0 ELR 0x00000000BFD37E08 SPSR 0x80000205 FPSR 0x00000000
ESR 0x86000005 FAR 0x00000000BFD37E08
ESR : EC 0x21 IL 0x1 ISS 0x00000005
Instruction abort: Translation fault, first level
Stack dump:
00000476BA7A0: 00000000BF0D7000 00000000BF0D54F8 0060000000000000 FF9F000000000F3F
00000476BA7C0: 00000000BCAA0000 00000000BCAA0000 00000000BCA00000 0000000C00000001
00000476BA7E0: 0000000000000002 0000000000000F28 00000000476BA8A0 00000000BFD37D00
00000476BA800: 0000000080000000 0000000047FFE000 0000000000000001 0000000000000010
00000476BA820: 00000000BF0D7000 000000003FFFFFFF 00000000BF0D7000 00000000BCAA0000
00000476BA840: 0000000000000002 00000000BFD3D020 0000000047FFD000 00000000BF0D7F28
00000476BA860: 0060000000000000 FF9F000000000F3F 00000000BCC00000 00000000BCAA0000
00000476BA880: 0000000080000000 0000001500000001 0000000000000001 00000000BF0D5000
> 00000476BA8A0: 00000000476BA950 00000000BFD37D00 0000000047FFA000 0000000047FFF000
00000476BA8C0: 0000000000000000 0000000000000000 0000000047FFE000 0000007FFFFFFFFF
00000476BA8E0: 00000000BF0D8228 00000000BCAA0000 0000000000000001 00000000BFD3D020
00000476BA900: 00000000476BA940 0000000047FFE010 0060000000000000 FF9F000000000F3F
00000476BA920: 00000000C0000000 00000000BCAA0000 0000000147FFA000 0000001E00000001
00000476BA940: 0060000000000000 00000000BF0D7000 00000000476BAA00 00000000BFD380BC
00000476BA960: 002000000000041C 0000000047FFA000 0000000000004000 0000000074AA6000
00000476BA980: 0000000047FFF000 0000000000000001 00000000BF0D8228 00000000476E5648
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
The error info is diffrent with /opt/homebrew/share/qemu/edk2-aarch64-code.fd:
➜ kubernetes sudo qemu-system-aarch64 \
-nographic \
-machine virt,accel=hvf,highmem=on -cpu host -smp 2 \
-m 2G \
-bios /opt/homebrew/share/qemu/edk2-aarch64-code.fd \
-nic vmnet-shared \
-hda ubuntu1.img
UEFI firmware (version edk2-stable202302-for-qemu built at 18:12:10 on Sep 11 2023)
Error: Image at 000BFD42000 start failed: Not Found
Error: Image at 000BFC94000 start failed: Unsupported
Error: Image at 000BFC13000 start failed: Not Found
Tpm2SubmitCommand - Tcg2 - Not Found
Tpm2GetCapabilityPcrs fail!
Tpm2SubmitCommand - Tcg2 - Not Found
Image type X64 can't be loaded on AARCH64 UEFI system.
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x0)
Synchronous Exception at 0x00000000BC564000
PC 0x0000BC564000
PC 0x0000BC5C23F4
PC 0x0000BC5C2608
PC 0x0000BC5C332C
PC 0x0000BC5C0030
PC 0x000047685788 (0x00004767E000+0x00007788) [ 1] DxeCore.dll
PC 0x0000BFCCAECC (0x0000BFCC4000+0x00006ECC) [ 2] BdsDxe.dll
PC 0x0000BFCCDFD4 (0x0000BFCC4000+0x00009FD4) [ 2] BdsDxe.dll
PC 0x00004768900C (0x00004767E000+0x0000B00C) [ 3] DxeCore.dll
[ 1] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /home/kraxel/projects/qemu/roms/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x00000000BE998F18 X1 0x00000000BFFD0018 X2 0x00000000BC564000 X3 0x0000000000000000
X4 0x00000000BFD3E088 X5 0x0000000000000001 X6 0x00000000BC560000 X7 0x0000000000000000
X8 0x00600000BC56070F X9 0x00000000BC560000 X10 0x0000000000000003 X11 0x00000000BC578FFF
X12 0x0000000000000000 X13 0x0000000000000008 X14 0x000000006ED9EBA1 X15 0x000000008F1BBCDC
X16 0x00000000BFD362BC X17 0x00000000C19CD528 X18 0x0000000000000011 X19 0x00000000BC641000
X20 0x0000000000000000 X21 0x00000000BE998F18 X22 0x00000000BC655930 X23 0x0000000000000001
X24 0x00000000BC655000 X25 0x00000000BC6559F8 X26 0x00000000BC655A00 X27 0x00000000BC655A08
X28 0x00000000BC655A10 FP 0x000000004767D720 LR 0x00000000BC5C23F4
V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0xFFFFFF80FFFFFFD0 000000004767D3A0
V2 0x554E65213A544C55 41464544464F544E V3 0x0000000000000000 0010000000000000
V4 0x0000000040000000 0000000000000000 V5 0x4010040140100401 4010040140100401
V6 0x0040000000001000 0040000000001000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000
SP 0x000000004767D720 ELR 0x00000000BC564000 SPSR 0x60000A05 FPSR 0x00000000
ESR 0x8600000F FAR 0x00000000BC564000
ESR : EC 0x21 IL 0x1 ISS 0x0000000F
Instruction abort: Permission fault, third level
Stack dump:
000004767D620: 0000000000000001 00000000BC655000 00000000BC6559F8 00000000BC655A00
000004767D640: 00000000BC655A08 00000000BC655A10 000000004767D690 00000000BC579018
000004767D660: 000000004767D6D0 000000004767D768 00000000BC56E000 00000000BC56E009
000004767D680: 00000000BC630607 00000000000000C3 000000004767D6B0 FE3688847501A94B
000004767D6A0: DE86230ED9A8988D 00000000E17B053C 16CF6509F217BF38 F2BD26032C1D0511
000004767D6C0: E54DFA145B8EB223 220B01409C0E646C 0000000000000000 0000000000018000
000004767D6E0: 0000000000004000 0000000000000400 000010000007D720 00000000BC5791A0
000004767D700: 00000000BC579148 00000000BC579140 0000000000000010 00000000BC579098
> 000004767D720: 000000004767D780 00000000BC5C2608 0000000000000001 00000000BC641000
000004767D740: 00000000BE998F18 0000000000000000 000160184767D780 00000000BC564000
000004767D760: 00000000BC560000 0000000000000019 00000000BCB41D18 00000000BC579018
000004767D780: 000000004767D7E0 00000000BC5C332C 0000000000000000 00000000BC5C0428
000004767D7A0: 00000000BC6559DF 00000000BE998F18 000000004767D850 00000000BC5C32F0
000004767D7C0: 00000000BEFFE6C0 00000000BEE31030 00000000BF0077A0 00000000BE998E20
000004767D7E0: 000000004767D880 00000000BC5C0030 0000000000000000 0000000000000000
000004767D800: 0000000000000000 0000000000000001 00000000BFCDE000 00000000BE8A6FE4
Synchronous Exception at 0x00000000BC564000
ASSERT [ArmCpuDxe] /home/kraxel/projects/qemu/roms/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))
Oh that is wild. This error is definitely in the UEFI part before even trying to load the kernel.
I'm on an M2 CPU, so I wonder if that's relevant. You hit the exact same line DefaultExceptionHandler.c(343) as I do with the 8.2.0 firmware, but then you end up hitting another exception path with the 8.1.3 firmware. We're on the same macos version. I know this exception dumps before the kernel loads and so it's definitely related to the firmware being able to load. You don't have the -drive stuff that cloudinit needs, but I don't think you're getting that far so that shouldn't matter.
Part of me wonders whether QEMU actually has proper support for M3 but someone with M3 hardware who has gotten this working would need to chime in.
but I don't think you're getting that far
It's so heartbreaking. This reminds me of an ancient Chinese poem: "出师未捷身先死" 😂. I'd better get started with vmware first. Thank you!!!
Yeah, I stumbled on this git repo coincidentally when I had just bought my M2 machine. Getting virtualization working was my priority specifically to support Vagrant. I got VMware Fusion working, and I also set up UTM for some USB passthrough stuff I needed to get access to serial interfaces that don't have Apple silicon drivers. It really feels like we're walking the edges of support for a some of open source projects where the details of the ISA really matter.
The problem seems to be resolved for me in QEMU 8.2.1
I'm going to assume this fixed. If you still observe problems, feel free to reopen this issue.