XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Is Rewritten UEFI Secure Boot Code Available Now?

    Scheduled Pinned Locked Moved Compute
    6 Posts 4 Posters 1.3k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      XCP-ng-JustGreat
      last edited by

      After reading the latest XCP-ng blog entry, I thought that I'd give this a try. Is the newly rewritten secure boot code deployed to production? I am running XCP-ng 8.2 with all the latest fixes. Xen Orchestra from source is also completely up-to-date. VM, Advanced, Secure boot setting is toggled on. Entering command xe vm-param-get param-name=platform uuid=<MyVMuuid> shows secureboot: true. However, Tiano firmware settings show current secure boot state = Disabled (see picture). Also, the PowerShell command: Confirm-SecureUEFIBoot from Windows 10 (20H2) guest shows secure boot is off as does the msinfo32.exe command. Any ideas?
      393ee8c5-f6fe-4eec-a018-0ca1815581d1-image.png

      1 Reply Last reply Reply Quote 1
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Hi,

        That's a question for @beshleman and/or @stormi

        1 Reply Last reply Reply Quote 0
        • stormiS Offline
          stormi Vates 🪐 XCP-ng Team
          last edited by

          It's not available yet as packages for users but we want to make it available through an update to users of XCP-ng 8.2.

          The code is available at https://github.com/xcp-ng/uefistored but unless you really want to dig into it, you should probably just wait for the instructions we'll provide as soon as we're ready.

          X 1 Reply Last reply Reply Quote 2
          • X Offline
            XCP-ng-JustGreat @stormi
            last edited by

            @stormi Sounds good. We'll wait for the wizards at Vates to do their thing. With great admiration and appreciation for all that you do. XCP-ng just keeps getting better and better! We thank you!!

            N 1 Reply Last reply Reply Quote 2
            • N Offline
              noship @XCP-ng-JustGreat
              last edited by

              @xcp-ng-justgreat
              What is going on with this?

              X 1 Reply Last reply Reply Quote 0
              • X Offline
                XCP-ng-JustGreat @noship
                last edited by

                @noship Hello. The secure boot feature is currently available as pre-release code. My personal experience is that it works well for my use case. Some others are reporting boot issues after installing the updates so it continues to evolve and is not yet released for production. Search the forum for UEFI and you will find the relevant threads for obtaining and installing secure boot support. Here's one: https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post