cannot get Libvirt/qemu to use secure boot
Felix Rubio Dalmau
felix at kngnt.org
Mon Dec 28 07:58:53 UTC 2020
Hi everybody,
I am having serious trouble enabling secure boot via virt-install... and I do not see clearly even where to look for help :-/. Maybe somebody can point me on the right direction? I am running:
arch linux
edk2-ovmf 202011-1
libvirt 6.5
virt-install 3.2
qemu 5.2
I am creating the domain with virt-install, and the parameters
--features smm.state=on
--boot loader=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd,nvram.template=/usr/share/ovmf/x64/OVMF_VARS.fd,loader.readonly=yes,loader.type=pflash,loader_secure=yes
If I boot into the UEFI I can see there is the menu for the OVMF and Secure Boot available, but when I get into the Secure Boot entry, I only see it is "disabled" and I cannot tick the "Attempt secure boot" box.
As far as I understand, by using OVMF_CODE.secboot.f I should already get the default keys working, so I should be good to go to test this setup, but... to no success.
Does anybody have any idea on what might be wrong/where can I get help (should this not be the place?)
Thank you!
Felix
More information about the libvirt-users
mailing list