Secure Boot enabled VMX appliance

Skip to first unread message


Feb 17, 2023, 1:27:37 PMFeb 17
to kiwi
I want to build Secure Boot enabled vmx appliance(SLES 15.4 based) and below is my kiwi profile. Per documentation (to enabled Secure Boot), I chose firmware type as "uefi" but the generated .vmx file doesn't have
firmware and uefi.secureBoot.enabled attributes. If I manually add these 2 attributes, then my VM boots with EFI Secure Boot enabled.
Please suggest if these can be added by kiwi tool or if I need to add afterwards?

Also, as mentioned in the code comments (, for .vmx profile, how/what stage do we run shim-install script or is there something else we need to do (such as setting an attribute in vmx?) to add boot loader entry in efi variable?  The above mentioned appliance is booting from default location (/EFI/BOOT/bootx64.efi)


Attributes that I added in .vmx file:
firmware = "efi"
uefi.secureBoot.enabled = "TRUE" profile:
        <preferences profiles="ovf">
                <type image="vmx" filesystem="ext4" format="vmdk" firmware="uefi" efipartsize="512" bootpartition="false" bootkernel="custom">
                        <bootloader name="grub2"/>
                        <machine memory="16384" guestOS="sles15-64" ovftype="vmware" HWversion="19">
                        <size additive="true" unit="G">40</size>
                        <systemdisk name="VG">
                                <volume name="swap" freespace="8192M"/>


Feb 21, 2023, 10:20:20 AMFeb 21
to kiwi
Just to try out, tried creating the image with type as oem but still didn't see those 2 attributes getting added. Wondering if I need to add the attributes myself or if I am missing something..

<type image="oem" filesystem="ext4" format="vmdk"

Also, my kiwi version is :
KIWI (next generation) version 9.24.57

Reply all
Reply to author
0 new messages