FS#78419 - edk2-ovmf should include an OVMF_VARS.secboot.fd

Attached to Project: Arch Linux
Opened by krumelmonster (krumelmonster) - Friday, 05 May 2023, 16:47 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 21:14 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No



Archs package for odk2-ovmf does not include an OVMF_VARS.secboot.fd to accompany OVMF_CODE.secboot.fd. Therefore, the "secboot" variant of the firmware comes without any pk or kek signatures preinstalled which results in secure boot being disabled and unavailable as an option. I worked around this problem by overwriting the VARS file of my VM with OVMF_VARS.secboot.fd from fedora but this solution to the lack of secureboot was very non-obvious.

Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
- Set up an EFI VM using qemu or libvirt and either of the ovmf secboot firmwares
- immediately press ESC when booting the machine to enter the setup menu
- choose "device manager" then "secure boot configuration"
- you will not be able to change "current boot state" to enabled or to activate "attempt secure boot"
This task depends upon

Closed by  Toolybird (Toolybird)
Friday, 05 May 2023, 21:14 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#71383