@Cole Robinson <crobi...@redhat.com> @Jonathon Jongsma <jjong...@redhat.com> I would like to invite you to this conversation.
Thanks! Lucas On Wed, Aug 3, 2022 at 1:17 PM Lucas Liu <hongz...@redhat.com> wrote: > Hello all: > > I am looking for a way to disable secure boot for UEFI guests: > In 3.2.0 I use the command blow to achieve it: > > # virt-install --name GuestOne --location #URL --machine q35 --vcpus=2 > --memory 4096 --file-size=20 --boot uefi --boot > nvram.template=/usr/share/edk2/ovmf/OVMF_VARS.fd > > However, in 4.0.0 I cannot get the same result for this cmd > > Expect VM is booted with secureboot disabled. But the actual result is the > VM is booted with secureboot enabled. > > # mokutil --sb-state > SecureBoot enabled > > ... > <os> > <type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type> > <loader readonly='yes' secure='no' > type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader> > <nvram > template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/rhel9_VARS.fd</nvram> > <boot dev='hd'/> > </os> > ... > > It seems it still creates guests with > "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd" as the nvram template. > > > Thanks a lot! >
