[vfio-users] OVMF secureboot question.
Hagbard Celine
hagbardcelin at gmail.com
Fri Aug 11 10:50:23 UTC 2017
Hi, I used to update at every new version form kraxel.org, but at one
point I had to stop updating due to secure-boot changes. As far as I
could see, Q35 was needed for secure-boot on newer versions due to
i440FX not emulating SMM.
Today I did a search to see if anything had changed on the i440FX
front, which it had not, but I fount this mail:
https://lists.nongnu.org/archive/html/qemu-devel/2017-07/msg00942.html
Wherein the important part for me is the following sub-quote:
--snip
OVMF's default upstream build works fine with
i440fx. But, if you build OVMF with "-D SMM_REQUIRE" -- which is
required for making "-D SECURE_BOOT_ENABLE" actually secure --,
--snip
Does this say that there exits a build that will let me update my OVMF
and keep i440FX with not-actually-secure secure-boot as with older
version? If so, where can I download this build?
The reason I need this is:
-I got software that needs to believe it runs on a secure-boot environment.
-If I change to Q35 I get noticeable degraded performance in VM
-Windows-licensing seriously dislikes having the chipset swapped, one
time I almost totally lost my licence after changing chipset in Qemu.
More information about the vfio-users
mailing list