Is Rewritten UEFI Secure Boot Code Available Now?
-
After reading the latest XCP-ng blog entry, I thought that I'd give this a try. Is the newly rewritten secure boot code deployed to production? I am running XCP-ng 8.2 with all the latest fixes. Xen Orchestra from source is also completely up-to-date. VM, Advanced, Secure boot setting is toggled on. Entering command xe vm-param-get param-name=platform uuid=<MyVMuuid> shows secureboot: true. However, Tiano firmware settings show current secure boot state = Disabled (see picture). Also, the PowerShell command: Confirm-SecureUEFIBoot from Windows 10 (20H2) guest shows secure boot is off as does the msinfo32.exe command. Any ideas?
-
Hi,
That's a question for @beshleman and/or @stormi
-
It's not available yet as packages for users but we want to make it available through an update to users of XCP-ng 8.2.
The code is available at https://github.com/xcp-ng/uefistored but unless you really want to dig into it, you should probably just wait for the instructions we'll provide as soon as we're ready.
-
@stormi Sounds good. We'll wait for the wizards at Vates to do their thing. With great admiration and appreciation for all that you do. XCP-ng just keeps getting better and better! We thank you!!
-
@xcp-ng-justgreat
What is going on with this? -
@noship Hello. The secure boot feature is currently available as pre-release code. My personal experience is that it works well for my use case. Some others are reporting boot issues after installing the updates so it continues to evolve and is not yet released for production. Search the forum for UEFI and you will find the relevant threads for obtaining and installing secure boot support. Here's one: https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot
