[opensuse-virtual] Booting Debian9 installer as Xen VM guest in UEFI mode requires *dis*abling SecureBoot. How, in TianoCore setup?
I've got an OpenSUSE Leap 42.3 Xen Host, with kernel-default-4.13.6-3.1.ga8d2202.x86_64 grub2-x86_64-xen-2.02-13.2.x86_64 qemu-ovmf-x86_64-2017+git1505340320.5afa5b8159-63.1.noarch ovmf-2017+git1505340320.5afa5b8159-63.1.x86_64 ovmf-tools-2017+git1505340320.5afa5b8159-63.1.x86_64 xen-4.9.0_50-535.6.x86_64 xen-libs-4.9.0_50-535.6.x86_64 xen-tools-4.9.0_50-535.6.x86_64 I'm attempting to boot the Debian9 installer as a UEFI Xen Guest. When I launch the guest, for Debian9 -- unlike Ubuntu & OpenSUSE guests -- it drops to EFI Shell. @ #debian irc suggests that SecureBoot is *not* supported, and that it needs to be toggled off. When I enter TianoCore config -> "Secure Boot Configuration", it's currently setup: Current Secure Boot State Enabled Attempt Secure Boot [ ] Secure Boot Mode <Standard Mode> There appears to be no option to toggle the Boot State. How do I boot this guest, with SecureBoot *DISABLED*? &/or, is there some other magic required for booting Debian9 in UEFI on OpenSUSE Xen Host? -- To unsubscribe, e-mail: opensuse-virtual+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-virtual+owner@opensuse.org
Looks like problems 'tween OpenSUSE Xen hosts's SecureBoot/ovmf support, and Debian9 installer's lack of it ... cref: [Xen-users] booting debian/stretch as EFI guest on Xen 4.9.0 host -- \EFI\debian\grubx64.efi "not recognized"? https://lists.xen.org/archives/html/xen-users/2017-10/msg00048.html -- To unsubscribe, e-mail: opensuse-virtual+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-virtual+owner@opensuse.org
Looks like problems 'tween OpenSUSE Xen hosts's SecureBoot/ovmf support, and Debian9 installer's lack of it ...
cref:
[Xen-users] booting debian/stretch as EFI guest on Xen 4.9.0 host -- \EFI\debian\grubx64.efi "not recognized"? https://lists.xen.org/archives/html/xen-users/2017-10/msg00048.html By default, openSUSE uses "/usr/share/qemu/ovmf-x86_64-ms.bin" which enables secureboot and contains the MS certificates as the machines in
On Wed, Oct 18, 2017 at 09:04:33AM -0700, PGNet Dev wrote: the wild. If you don't need it, try to add the following line to your config file: bios_override = '/usr/share/qemu/ovmf-x86_64.bin' Then, secureboot will not be enabled by default. Cheers, Gary Lin -- To unsubscribe, e-mail: opensuse-virtual+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-virtual+owner@opensuse.org
On 10/18/17 6:51 PM, Gary Lin wrote:
Looks like problems 'tween OpenSUSE Xen hosts's SecureBoot/ovmf support, and Debian9 installer's lack of it ...
cref:
[Xen-users] booting debian/stretch as EFI guest on Xen 4.9.0 host -- \EFI\debian\grubx64.efi "not recognized"? https://lists.xen.org/archives/html/xen-users/2017-10/msg00048.html By default, openSUSE uses "/usr/share/qemu/ovmf-x86_64-ms.bin" which enables secureboot and contains the MS certificates as the machines in
On Wed, Oct 18, 2017 at 09:04:33AM -0700, PGNet Dev wrote: the wild. If you don't need it, try to add the following line to your config file:
bios_override = '/usr/share/qemu/ovmf-x86_64.bin'
It's already there :-/ ( https://lists.xen.org/archives/html/xen-users/2017-10/msg00051.html )
Then, secureboot will not be enabled by default.
Did not realize (or, remember ...) that. If so configured, wouldn't I then expect to see SecureBoot "DISabled" in the TianoCore settings? Currently, it reads "ENabled" ... -- To unsubscribe, e-mail: opensuse-virtual+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-virtual+owner@opensuse.org
participants (2)
-
Gary Lin -
PGNet Dev