running lastest OVMF(secure boot+smm) with stock QEMU ( Ubintu 20.04)
I am playing with OVMF and want to run lastest Ubuntu 20.04 ISO disk, booting it securely from OVMF.
I've got lastest edk2 repository, and have it built with options for secure_boot and smm, and without it.
then i tried to run OVMF_CODE.fd and OVMF_VARS.fd (for unsecured and no smm build) under QEMU. and everything was fine. it normally started Ubuntu installation.
next, i tried to run the same for SEC_BOOT+smm, but qemu said - graphics not initialized.
OK. may be i've built something wrong, and I tried to run OVMF from stock ubuntu 20.04 package(sec_boot+smm)
after few experiments I found needed options to run in successfully.
this is an options script to run QEMU.
opts="-machine q35,smm=on,accel=kvm -m 2048"
opts="$opts -global driver=cfi.pflash01,property=secure,value=on"
#add two flashes
opts="$opts -drive file=OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on"
opts="$opts -drive file=OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1,readonly=off"
##virtual fat disk - where to unstall Ubuntu
opts="$opts -hda fat:rw:hda_"
##virtual cdrom with ubuntu installation
opts="$opts -drive file=ubuntu.iso,media=cdrom"
opts="$opts -net none"
## to avoid warning that something is not supperted
opts="$opts -cpu host"
##would not run without it!!! if the build has smm support!!!
##at least for me
opts="$opts -global ICH9-LPC.disable_s3=1"
opts="$opts -boot menu=on"
and this script normally starts my Ubuntu stock OVMF. and because OVMF_VARS.ms.fd from there already
has all needed keys inside, I enjoy the Ubuntu installation started in secured boot mode.
But though i can run stock ovmf, I still cannot start ovmf, which I've built manually...
it normally starts ovmf, which I've built with secured boot enabled, but without smm.
so, facts - stock ovmf (from Ubuntu packet) has been started normally by my script in QEMU.
build from lastest git starts normally, only if there is no SMM support, but SECURED_BOOT support is on.
But I need to start lastest OVMF with secured boot and smm support.
All advises appreciated.
Thank you. Alex.
On Thu, Aug 12, 2021 at 09:49:10PM +0300, alys via groups.io wrote:
Hello All.hey Alex,
This sounds like LP: #1903681:
Try an Ubuntu build of 2020.11-1 or newer.
OK. may be i've built something wrong, and I tried to run
People, forget about my this trouble.
I was just running the CODE section from fresh build, with VAR section from stock OVMF.
Obviously they could be different in structure, and seems it's happened.
when i've got VARS from fresh build, it starts smoothly.
and this script is working.
Dann, thank you for reply... but is was just my fault.
trying to run manually build OVMF, I used OVMF_VARS.ms.fd from ubuntu stock... and it seems they are different in format.
So when i replaced it with OVMF_VARS.fd generated during build, OVMF started smoothly.
i'm a newbie in this uefi questions...but may be there is must be a check of OVMF_CODE.fd is compatible with OVMF_VARS.fd?
else we see quite undefined behavior at start. - it says kinda - "graphics is not initialized" and hangs.