discuss@edk2.groups.io | running lastest OVMF(secure boot+smm) with stock QEMU ( Ubintu 20.04)

Home Messages Hashtags

Date Date 1 - 4 of 4

running lastest OVMF(secure boot+smm) with stock QEMU ( Ubintu 20.04)

alys <alys-work@...> #824 Hello All. I am playing with OVMF and want to run lastest Ubuntu 20.04 ISO disk, booting it securely from OVMF. I've got lastest edk2 repository, and have it built with options for secure_boot and smm, and without it. then i tried to run OVMF_CODE.fd and OVMF_VARS.fd (for unsecured and no smm build) under QEMU. and everything was fine. it normally started Ubuntu installation. next, i tried to run the same for SEC_BOOT+smm, but qemu said - graphics not initialized. OK. may be i've built something wrong, and I tried to run OVMF from stock ubuntu 20.04 package(sec_boot+smm) after few experiments I found needed options to run in successfully. this is an options script to run QEMU. ******************************* opts="-machine q35,smm=on,accel=kvm -m 2048" opts="$opts -global driver=cfi.pflash01,property=secure,value=on" #add two flashes opts="$opts -drive file=OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on" opts="$opts -drive file=OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1,readonly=off" ##virtual fat disk - where to unstall Ubuntu opts="$opts -hda fat:rw:hda_" ##virtual cdrom with ubuntu installation opts="$opts -drive file=ubuntu.iso,media=cdrom" ##disable net opts="$opts -net none" ## to avoid warning that something is not supperted opts="$opts -cpu host" ##would not run without it!!! if the build has smm support!!! ##at least for me opts="$opts -global ICH9-LPC.disable_s3=1" opts="$opts -boot menu=on" ############################ qemu-system-x86_64 $opts ******************************* and this script normally starts my Ubuntu stock OVMF. and because OVMF_VARS.ms.fd from there already has all needed keys inside, I enjoy the Ubuntu installation started in secured boot mode. But though i can run stock ovmf, I still cannot start ovmf, which I've built manually... it normally starts ovmf, which I've built with secured boot enabled, but without smm. so, facts - stock ovmf (from Ubuntu packet) has been started normally by my script in QEMU. build from lastest git starts normally, only if there is no SMM support, but SECURED_BOOT support is on. But I need to start lastest OVMF with secured boot and smm support. All advises appreciated. Thank you. Alex.
More
dann frazier #825 On Thu, Aug 12, 2021 at 09:49:10PM +0300, alys via groups.io wrote: Hello All. I am playing with OVMF and want to run lastest Ubuntu 20.04 ISO disk, booting it securely from OVMF. I've got lastest edk2 repository, and have it built with options for secure_boot and smm, and without it. then i tried to run OVMF_CODE.fd and OVMF_VARS.fd (for unsecured and no smm build) under QEMU. and everything was fine. it normally started Ubuntu installation. next, i tried to run the same for SEC_BOOT+smm, but qemu said - graphics not initialized. hey Alex, This sounds like LP: #1903681: https://launchpad.net/ubuntu/+source/edk2/2020.11-1 Try an Ubuntu build of 2020.11-1 or newer. -dann OK. may be i've built something wrong, and I tried to run OVMF from stock ubuntu 20.04 package(sec_boot+smm) after few experiments I found needed options to run in successfully. this is an options script to run QEMU. ******************************* opts="-machine q35,smm=on,accel=kvm -m 2048" opts="$opts -global driver=cfi.pflash01,property=secure,value=on" #add two flashes opts="$opts -drive file=OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on" opts="$opts -drive file=OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1,readonly=off" ##virtual fat disk - where to unstall Ubuntu opts="$opts -hda fat:rw:hda_" ##virtual cdrom with ubuntu installation opts="$opts -drive file=ubuntu.iso,media=cdrom" ##disable net opts="$opts -net none" ## to avoid warning that something is not supperted opts="$opts -cpu host" ##would not run without it!!! if the build has smm support!!! ##at least for me opts="$opts -global ICH9-LPC.disable_s3=1" opts="$opts -boot menu=on" ############################ qemu-system-x86_64 $opts ******************************* and this script normally starts my Ubuntu stock OVMF. and because OVMF_VARS.ms.fd from there already has all needed keys inside, I enjoy the Ubuntu installation started in secured boot mode. But though i can run stock ovmf, I still cannot start ovmf, which I've built manually... it normally starts ovmf, which I've built with secured boot enabled, but without smm. so, facts - stock ovmf (from Ubuntu packet) has been started normally by my script in QEMU. build from lastest git starts normally, only if there is no SMM support, but SECURED_BOOT support is on. But I need to start lastest OVMF with secured boot and smm support. All advises appreciated. Thank you. Alex.
More All Messages By This Member
alys.the.work@... #827 People, forget about my this trouble. I was just running the CODE section from fresh build, with VAR section from stock OVMF. Obviously they could be different in structure, and seems it's happened. when i've got VARS from fresh build, it starts smoothly. and this script is working.
More
alys.the.work@... #828 Dann, thank you for reply... but is was just my fault. trying to run manually build OVMF, I used OVMF_VARS.ms.fd from ubuntu stock... and it seems they are different in format. So when i replaced it with OVMF_VARS.fd generated during build, OVMF started smoothly. i'm a newbie in this uefi questions...but may be there is must be a check of OVMF_CODE.fd is compatible with OVMF_VARS.fd? else we see quite undefined behavior at start. - it says kinda - "graphics is not initialized" and hangs. -alex
More

1 - 4 of 4

1

Previous Topic Next Topic

Home Hashtags About Features Pricing Updates Terms Help Twitter