[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cannot get libvirt/qemu to use secure boot

From: Felix Rubio Dalmau
Subject: Re: cannot get libvirt/qemu to use secure boot
Date: Tue, 29 Dec 2020 09:41:55 +0100

Hi everybody,

        Just to report it: I managed to find the issue (as usual, between the 
keyboard and the chair). The problem was that ovmf in arch does not ship with 
default keys enrolled. I got a pair OVMF_CODE/VARS from anoter distro (with 
default keys already enrolled), and everything worked.

        Thank you for your time!

On Monday, December 28, 2020 5:08:15 PM CET you wrote:
> Hi everybody,
>       I am having serious trouble enabling secure boot via virt-install... 
> and I do not see clearly even where to look for help :-/. Maybe somebody can 
> point me on the right direction? I am running:
>       arch linux
>       edk2-ovmf 202011-1
>       libvirt 6.5
>       virt-install 3.2
>       qemu 5.2
> I am creating the domain with virt-install, and the parameters
>       --features smm.state=on
>       --boot 
> loader=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd,nvram.template=/usr/share/ovmf/x64/OVMF_VARS.fd,loader.readonly=yes,loader.type=pflash,loader_secure=yes
> when running the VM, I can see on the command line that those ovmf code and 
> vars are used.
> If I boot into the UEFI I can see there is the menu for the OVMF and Secure 
> Boot available, but when I get into the Secure Boot entry, I only see it is 
> "disabled" and I cannot tick the "Attempt secure boot" box.
> As far as I understand, by using OVMF_CODE.secboot.f I should already get the 
> default keys working, so I should be good to go to test this setup, but... to 
> no success.
> Does anybody have any idea on what might be wrong/where can I get help 
> (should this not be the place?)
> Thank you!
> Felix

reply via email to

[Prev in Thread] Current Thread [Next in Thread]