XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. ASUSEagle
    A
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 2
    • Groups 0

    ASUSEagle

    @ASUSEagle

    0
    Reputation
    1
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online
    ASUSEagle Unfollow Follow

    Latest posts made by ASUSEagle

    • RE: Guest UEFI Secure Boot on XCP-ng

      @stormi

      I disabled it through advanced boot options. It does not persist through a restart so it has to be set every time the VM boots. The VM also took significantly longer to restart. It sits at the firmware splash screen for 30 minutes to an hour then boots the rest of the way in about a minute like normal. While sitting at the splash screen CPU0 utilization is hover around 90% while CPU1-3 are at 0%, memory is showing max at the 16GB I've assigned, and disk throughput is at 2-3 MiB(r) after an initial spike of 28 MiB(r).

      These are the steps I took to boot with driver signature enforcement disabled:

      • Once secure boot has been enabled, I start the VM. The VM fails to start Windows and boots to Windows Recovery.
      • On the Windows Recovery screen I select "Troubleshoot".
      • Then I select "Startup Settings", this brings up the "Advanced Boot Options" screen.
      • I then key down and select "Disable Driver Signature Enforcement"

      Once I've selected "Disable Driver Signature Enforcement" the VM restarts and hangs at the firmware splash screen as I described above before finally booting to Windows.

      I didn't think I would have needed secure boot to install KB4535680 either but for some reason it would fail to install until I turned secure boot on. Thanks for the info on the guest drivers, I'll have to keep an eye out for when the signed drivers are released.

      posted in Development
      A
      ASUSEagle
    • RE: Guest UEFI Secure Boot on XCP-ng

      @stormi

      I'm having issues with a Windows Server 2019 VM. I am running XCP-ng 8.2 with Xen Orchestra. After enabling secure boot the VM boots to Windows Recovery and will not boot to Windows Server. The VM will boot fine with secure boot off. These are the steps I followed is there something I am missing?

      # yum update uefistored varstored-tools --enablerepo=xcp-ng-testing

# secureboot-certs install default default default latest

# varstore-sb-state d4960d10-e6dc-4bf7-daf4-5684c66cdb9e setup

      I then enabled secure boot through Xen Orchestra and started the VM.

      Update:
      There appears to be some problem with a driver signatures. The VM would not boot into safe mode but I was able to get it to boot by disabling driver signature enforcement. I've run sigverif.exe and it show all drivers are signed so I'm not sure what to do from here.

      Also I forgot to mention earlier, the VM is set for UEFI firmware and is running the XCP guest tools. This is an existing VM that was setup with secure boot off I'm trying to turn it on so I can install KB4535680.

      posted in Development
      A
      ASUSEagle