FS#78419 - edk2-ovmf should include an OVMF_VARS.secboot.fd
Attached to Project:
Arch Linux
Opened by krumelmonster (krumelmonster) - Friday, 05 May 2023, 16:47 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 21:14 GMT
Opened by krumelmonster (krumelmonster) - Friday, 05 May 2023, 16:47 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 21:14 GMT
|
Details
Description:
Archs package for odk2-ovmf does not include an OVMF_VARS.secboot.fd to accompany OVMF_CODE.secboot.fd. Therefore, the "secboot" variant of the firmware comes without any pk or kek signatures preinstalled which results in secure boot being disabled and unavailable as an option. I worked around this problem by overwriting the VARS file of my VM with OVMF_VARS.secboot.fd from fedora but this solution to the lack of secureboot was very non-obvious. Additional info: * package version(s) 202302-1 * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: - Set up an EFI VM using qemu or libvirt and either of the ovmf secboot firmwares - immediately press ESC when booting the machine to enter the setup menu - choose "device manager" then "secure boot configuration" - you will not be able to change "current boot state" to enabled or to activate "attempt secure boot" |
This task depends upon
Closed by Toolybird (Toolybird)
Friday, 05 May 2023, 21:14 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#71383
Friday, 05 May 2023, 21:14 GMT
Reason for closing: Duplicate
Additional comments about closing: