Guest UEFI Secure Boot on XCP-ng
I don't think you can imagine the amout of time @beshleman and myself spent on it ^^'
The release of this feature to everyone will come soon, so it's time for the last testing sprint on UEFI and Secure Boot.
See https://xcp-ng.org/forum/topic/5492/xcp-ng-8-2-1-maintenance-update-ready-for-testing for how to update to the latest. If you had installed test packages from this thread, you can update to the testing 8.2.1 packages without changing anything to the procedure.
@ASUSEagle and @JurgenDM, and everyone else: if you still have a way to reproduce the issue where even with updated packages the installation of update KB4535680 would fail unless you'd enable Secure Boot on the VM (which should not be necessary), I'm interested in trying to find a way to reproduce and analyze that with you.
@stormi SB not working for me with 8.2.1 and Windows 2016. I have not tested SB before on this VM.
FAILED_TO_START_EMULATOR(OpaqueRef:f93634e8-f7af-4213-b940-131471a773f5, varstored, Daemon exited unexpectedly)
I also tried booting Ubuntu 20.04 with SB and it failed too. I would swear that it worked before with the SB option on (may be it did nothing).
FAILED_TO_START_EMULATOR(OpaqueRef:64891f0c-1d38-4d64-9b82-435759c9d552, varstored, Daemon exited unexpectedly)
@andrew Can you get the output of /var/log/daemon.log around the time of the failure?
Does your pool have certificates installed as described in https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot ?
@stormi Nope.... my mistake. Now ubuntu 20.04 and Windows 2016 boot with UEFI Secure Boot enabled.
# secureboot-certs install No arguments provided to command install, default arguments will be used: - PK: default - KEK: default - db: default - dbx: latest Downloading https://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt... Downloading https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt... Downloading https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt... Downloading https://uefi.org/sites/default/files/resources/dbxupdate_x64.bin... Successfully installed certificates to the XAPI DB for pool.