XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Guest UEFI Secure Boot on XCP-ng

    Development
    12
    25
    7.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stormiS
      stormi Vates 🪐 XCP-ng Team 🚀
      last edited by

      I don't think you can imagine the amout of time @beshleman and myself spent on it ^^'

      1 Reply Last reply Reply Quote 1
      • stormiS
        stormi Vates 🪐 XCP-ng Team 🚀
        last edited by

        The release of this feature to everyone will come soon, so it's time for the last testing sprint on UEFI and Secure Boot.

        See https://xcp-ng.org/forum/topic/5492/xcp-ng-8-2-1-maintenance-update-ready-for-testing for how to update to the latest. If you had installed test packages from this thread, you can update to the testing 8.2.1 packages without changing anything to the procedure.

        @ASUSEagle and @JurgenDM, and everyone else: if you still have a way to reproduce the issue where even with updated packages the installation of update KB4535680 would fail unless you'd enable Secure Boot on the VM (which should not be necessary), I'm interested in trying to find a way to reproduce and analyze that with you.

        A 1 Reply Last reply Reply Quote 0
        • A
          Andrew Top contributor 💪 @stormi
          last edited by

          @stormi SB not working for me with 8.2.1 and Windows 2016. I have not tested SB before on this VM.

          FAILED_TO_START_EMULATOR(OpaqueRef:f93634e8-f7af-4213-b940-131471a773f5, varstored, Daemon exited unexpectedly)

          I also tried booting Ubuntu 20.04 with SB and it failed too. I would swear that it worked before with the SB option on (may be it did nothing).

          FAILED_TO_START_EMULATOR(OpaqueRef:64891f0c-1d38-4d64-9b82-435759c9d552, varstored, Daemon exited unexpectedly)
          stormiS 1 Reply Last reply Reply Quote 0
          • stormiS
            stormi Vates 🪐 XCP-ng Team 🚀 @Andrew
            last edited by

            @andrew Can you get the output of /var/log/daemon.log around the time of the failure?

            Does your pool have certificates installed as described in https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot ?

            A 1 Reply Last reply Reply Quote 1
            • A
              Andrew Top contributor 💪 @stormi
              last edited by

              @stormi Nope.... my mistake. Now ubuntu 20.04 and Windows 2016 boot with UEFI Secure Boot enabled.

              # secureboot-certs install

No arguments provided to command install, default arguments will be used:
- PK: default
- KEK: default
- db: default
- dbx: latest

Downloading https://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt...
Downloading https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt...
Downloading https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt...
Downloading https://uefi.org/sites/default/files/resources/dbxupdate_x64.bin...
Successfully installed certificates to the XAPI DB for pool.
              1 Reply Last reply Reply Quote 1
              • First post
                Last post