Hi everybody,
Just to report it: I managed to find the issue (as usual, between the
keyboard and the chair). The problem was that ovmf in arch does not ship with
default keys enrolled. I got a pair OVMF_CODE/VARS from anoter distro (with
default keys already enrolled), and everything worked.
Thank you for your time!
Felix
On Monday, December 28, 2020 5:08:15 PM CET you wrote:
>
> Hi everybody,
>
> I am having serious trouble enabling secure boot via virt-install...
> and I do not see clearly even where to look for help :-/. Maybe somebody can
> point me on the right direction? I am running:
> arch linux
> edk2-ovmf 202011-1
> libvirt 6.5
> virt-install 3.2
> qemu 5.2
>
> I am creating the domain with virt-install, and the parameters
> --features smm.state=on
> --boot
> loader=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd,nvram.template=/usr/share/ovmf/x64/OVMF_VARS.fd,loader.readonly=yes,loader.type=pflash,loader_secure=yes
>
> when running the VM, I can see on the command line that those ovmf code and
> vars are used.
>
> If I boot into the UEFI I can see there is the menu for the OVMF and Secure
> Boot available, but when I get into the Secure Boot entry, I only see it is
> "disabled" and I cannot tick the "Attempt secure boot" box.
>
> As far as I understand, by using OVMF_CODE.secboot.f I should already get the
> default keys working, so I should be good to go to test this setup, but... to
> no success.
>
> Does anybody have any idea on what might be wrong/where can I get help
> (should this not be the place?)
>
> Thank you!
> Felix
