How can I disable secure boot using virt-install cli?
Lucas Liu
hongzliu at redhat.com
Wed Aug 3 05:24:01 UTC 2022
@Cole Robinson <crobinso at redhat.com> @Jonathon Jongsma <jjongsma at redhat.com>
I would like to invite you to this conversation.
Thanks!
Lucas
On Wed, Aug 3, 2022 at 1:17 PM Lucas Liu <hongzliu at redhat.com> wrote:
> Hello all:
>
> I am looking for a way to disable secure boot for UEFI guests:
> In 3.2.0 I use the command blow to achieve it:
>
> # virt-install --name GuestOne --location #URL --machine q35 --vcpus=2
> --memory 4096 --file-size=20 --boot uefi --boot
> nvram.template=/usr/share/edk2/ovmf/OVMF_VARS.fd
>
> However, in 4.0.0 I cannot get the same result for this cmd
>
> Expect VM is booted with secureboot disabled. But the actual result is the
> VM is booted with secureboot enabled.
>
> # mokutil --sb-state
> SecureBoot enabled
>
> ...
> <os>
> <type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type>
> <loader readonly='yes' secure='no'
> type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
> <nvram
> template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/rhel9_VARS.fd</nvram>
> <boot dev='hd'/>
> </os>
> ...
>
> It seems it still creates guests with
> "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd" as the nvram template.
>
>
> Thanks a lot!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20220803/44b8c9b2/attachment.htm>
More information about the virt-tools-list
mailing list