Summary:
Up until now, we've only been providing the golden firmware image in the primary flash to QEMU. This means we were always booting in recovery mode, because the secondary flash was undefined, and wouldn't pass verified boot.
Since openbmc.qemu:7, we now support specifying the secondary flash firmware image as an additional -drive MTD argument. We still specify the same firmware file, but this allows verified boot to pass for unsigned images in QEMU, allowing us to run in non-recovery mode in QEMU. We still can't boot signed images in non-recovery mode because the TPM is not emulated at all, so all requests sent to the TPM are ignored and fail. But unsigned images don't require that the TPM verifies the image.
Summary: Up until now, we've only been providing the golden firmware image in the primary flash to QEMU. This means we were always booting in recovery mode, because the secondary flash was undefined, and wouldn't pass verified boot.
Since openbmc.qemu:7, we now support specifying the secondary flash firmware image as an additional -drive MTD argument. We still specify the same firmware file, but this allows verified boot to pass for unsigned images in QEMU, allowing us to run in non-recovery mode in QEMU. We still can't boot signed images in non-recovery mode because the TPM is not emulated at all, so all requests sent to the TPM are ignored and fail. But unsigned images don't require that the TPM verifies the image.