FS#78419 : edk2-ovmf should include an OVMF

FS#78419 - edk2-ovmf should include an OVMF_VARS.secboot.fd

Attached to Project: Arch Linux
Opened by krumelmonster (krumelmonster) - Friday, 05 May 2023, 16:47 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 21:14 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 noctavian (noctavian) (2023-05-05)
Private	No

Details

Description:

Archs package for odk2-ovmf does not include an OVMF_VARS.secboot.fd to accompany OVMF_CODE.secboot.fd. Therefore, the "secboot" variant of the firmware comes without any pk or kek signatures preinstalled which results in secure boot being disabled and unavailable as an option. I worked around this problem by overwriting the VARS file of my VM with OVMF_VARS.secboot.fd from fedora but this solution to the lack of secureboot was very non-obvious.

Additional info:
* package version(s)
202302-1
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
- Set up an EFI VM using qemu or libvirt and either of the ovmf secboot firmwares
- immediately press ESC when booting the machine to enter the setup menu
- choose "device manager" then "secure boot configuration"
- you will not be able to change "current boot state" to enabled or to activate "attempt secure boot"

This task depends upon

Closed by Toolybird (Toolybird)
Friday, 05 May 2023, 21:14 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#71383~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#78419 - edk2-ovmf should include an OVMF_VARS.secboot.fd

Details

Loading...