XCP-ng

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Is Rewritten UEFI Secure Boot Code Available Now?

    Compute
    4
    6
    822
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XCP-ng-JustGreat last edited by

      After reading the latest XCP-ng blog entry, I thought that I'd give this a try. Is the newly rewritten secure boot code deployed to production? I am running XCP-ng 8.2 with all the latest fixes. Xen Orchestra from source is also completely up-to-date. VM, Advanced, Secure boot setting is toggled on. Entering command xe vm-param-get param-name=platform uuid=<MyVMuuid> shows secureboot: true. However, Tiano firmware settings show current secure boot state = Disabled (see picture). Also, the PowerShell command: Confirm-SecureUEFIBoot from Windows 10 (20H2) guest shows secure boot is off as does the msinfo32.exe command. Any ideas?
      393ee8c5-f6fe-4eec-a018-0ca1815581d1-image.png

      1 Reply Last reply Reply Quote 1
      • olivierlambert
        olivierlambert Vates 🪐 Co-Founder🦸 CEO 🧑‍💼 last edited by

        Hi,

        That's a question for @beshleman and/or @stormi

        1 Reply Last reply Reply Quote 0
        • stormi
          stormi Vates 🪐 XCP-ng Team 🚀 last edited by

          It's not available yet as packages for users but we want to make it available through an update to users of XCP-ng 8.2.

          The code is available at https://github.com/xcp-ng/uefistored but unless you really want to dig into it, you should probably just wait for the instructions we'll provide as soon as we're ready.

          X 1 Reply Last reply Reply Quote 2
          • X
            XCP-ng-JustGreat @stormi last edited by

            @stormi Sounds good. We'll wait for the wizards at Vates to do their thing. With great admiration and appreciation for all that you do. XCP-ng just keeps getting better and better! We thank you!!

            N 1 Reply Last reply Reply Quote 2
            • N
              noship @XCP-ng-JustGreat last edited by

              @xcp-ng-justgreat
              What is going on with this?

              X 1 Reply Last reply Reply Quote 0
              • X
                XCP-ng-JustGreat @noship last edited by

                @noship Hello. The secure boot feature is currently available as pre-release code. My personal experience is that it works well for my use case. Some others are reporting boot issues after installing the updates so it continues to evolve and is not yet released for production. Search the forum for UEFI and you will find the relevant threads for obtaining and installing secure boot support. Here's one: https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post