How can I disable secure boot using virt-install cli?
Lucas Liu
hongzliu at redhat.com
Wed Aug 3 05:17:33 UTC 2022
Hello all:
I am looking for a way to disable secure boot for UEFI guests:
In 3.2.0 I use the command blow to achieve it:
# virt-install --name GuestOne --location #URL --machine q35 --vcpus=2
--memory 4096 --file-size=20 --boot uefi --boot
nvram.template=/usr/share/edk2/ovmf/OVMF_VARS.fd
However, in 4.0.0 I cannot get the same result for this cmd
Expect VM is booted with secureboot disabled. But the actual result is the
VM is booted with secureboot enabled.
# mokutil --sb-state
SecureBoot enabled
...
<os>
<type arch='x86_64' machine='pc-q35-rhel9.0.0'>hvm</type>
<loader readonly='yes' secure='no'
type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
<nvram
template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/rhel9_VARS.fd</nvram>
<boot dev='hd'/>
</os>
...
It seems it still creates guests with
"/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd" as the nvram template.
Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20220803/8aafdbf0/attachment.htm>
More information about the virt-tools-list
mailing list