virtualisation/incus: secureboot is not working #365950
Labels
0.kind: bug
Something is broken
Comments
cmspam
changed the title
cmspam
changed the title
cmspam
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I noticed that incus is probably using the wrong EDK2/OVMF. Although qemu includes edk2-x86_64-secure-code.fd which probably supports secureboot and seems most likely to be the right choice, incus is using OVMF_CODE.4MB.fd from an incus-ovmf folder in nix store, which is a symlink to files in OVMF-202408.01-fd/FV folder.
I previously troubleshooted a similar problem in opensuse, and it was an issue regarding incorrect links to EDK2/OVMF files, so I suspect there may be a simple way to have it use the correct files for secureboot to function properly when enabled.
Steps To Reproduce
Steps to reproduce the behavior:
incus launch images:debian/bookworm debvm -c security.secureboot=true --vmto start a debian vmmokutil --sb-stateand see that secureboot is not enabled.Expected behavior
modutil --sb-state should show secureboot as enabled, as it does on other distributions.
Screenshots
Additional context
Metadata
Notify maintainers
Note for maintainers: Please tag this issue in your PR.
Add a 👍 reaction to issues you find important.
The text was updated successfully, but these errors were encountered: