Secure Boot enabled VMX appliance
17 views
Skip to first unread message
Santosh
Feb 17, 2023, 1:27:37 PMFeb 17
to kiwi
Hi,
I want to build Secure Boot enabled vmx appliance(SLES 15.4 based) and below is my kiwi profile. Per documentation (to enabled Secure Boot), I chose firmware type as "uefi" but the generated .vmx file doesn't have
firmware and uefi.secureBoot.enabled attributes. If I manually add these 2 attributes, then my VM boots with EFI Secure Boot enabled.
Please suggest if these can be added by kiwi tool or if I need to add afterwards?
Also, as mentioned in the code comments (grub2.py), for .vmx profile, how/what stage do we run shim-install script or is there something else we need to do (such as setting an attribute in vmx?) to add boot loader entry in efi variable? The above mentioned appliance is booting from default location (/EFI/BOOT/bootx64.efi)
Thanks
Attributes that I added in .vmx file:
I want to build Secure Boot enabled vmx appliance(SLES 15.4 based) and below is my kiwi profile. Per documentation (to enabled Secure Boot), I chose firmware type as "uefi" but the generated .vmx file doesn't have
firmware and uefi.secureBoot.enabled attributes. If I manually add these 2 attributes, then my VM boots with EFI Secure Boot enabled.
Please suggest if these can be added by kiwi tool or if I need to add afterwards?
Also, as mentioned in the code comments (grub2.py), for .vmx profile, how/what stage do we run shim-install script or is there something else we need to do (such as setting an attribute in vmx?) to add boot loader entry in efi variable? The above mentioned appliance is booting from default location (/EFI/BOOT/bootx64.efi)
Thanks
Attributes that I added in .vmx file:
============================
firmware = "efi"
uefi.secureBoot.enabled = "TRUE"
config.kiwi profile:
firmware = "efi"
uefi.secureBoot.enabled = "TRUE"
config.kiwi profile:
===============
<preferences profiles="ovf">
<version>15.0</version>
<type image="vmx" filesystem="ext4" format="vmdk" firmware="uefi" efipartsize="512" bootpartition="false" bootkernel="custom">
<bootloader name="grub2"/>
<machine memory="16384" guestOS="sles15-64" ovftype="vmware" HWversion="19">
......
</machine>
<size additive="true" unit="G">40</size>
<systemdisk name="VG">
<volume name="swap" freespace="8192M"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ovf">
<version>15.0</version>
<type image="vmx" filesystem="ext4" format="vmdk" firmware="uefi" efipartsize="512" bootpartition="false" bootkernel="custom">
<bootloader name="grub2"/>
<machine memory="16384" guestOS="sles15-64" ovftype="vmware" HWversion="19">
......
</machine>
<size additive="true" unit="G">40</size>
<systemdisk name="VG">
<volume name="swap" freespace="8192M"/>
</systemdisk>
</type>
</preferences>
Santosh
Feb 21, 2023, 10:20:20 AMFeb 21
to kiwi
Just to try out, tried creating the image with type as oem but still didn't see those 2 attributes getting added. Wondering if I need to add the attributes myself or if I am missing something..
Also, my kiwi version is :
KIWI (next generation) version 9.24.57
Thanks
Reply all
Reply to author
Forward
0 new messages