Creating secure-boot VM in virt-manager in 22.04
Sam Varshavchik
mrsam at courier-mta.com
Fri Jun 7 22:01:03 UTC 2024
Ralf Mardorf via ubuntu-users writes:
> On Fri, 2024-06-07 at 07:08 -0400, Sam Varshavchik wrote:
> > But I also know Microsoft, too. Just because there's an undocumented hack
> to
> > bypass Windows 11 requirements doesn't mean that it will work forever, or
> if
> > a future Windows update doesn't start doing something revolting on seats
> > that don't meet their stated (as BS as they are) requirements.
>
> Microsoft unlikely will render Windows 11 installs activated with a
> digital license linked to our Microsoft accounts or to our company's
> license servers useless. Yes, they might not allow to continue those
> bypasses when upgrading to Windows 12+, but that time we can undo the
> bypasses, since the hypervisors provided by our distro's packages will
> support all that bullshit that time. Just my opinion.
Well, that's neither here, nor there. The important thing right now is to
figure out the path of least resistance. I pulled apart Fedora's source rpm.
I didn't understand most of it, but I figured out some of the pieces. I also
pulled apart the source deb for the ovmf package, and figured out a few
other pieces.
The remaining pieces came from jammy's /usr/share/doc/ovmf/README.Debian
which made it clear that OVMF_VARS_4M.ms.fd in jammy was equivalent to
Fedora's OVMF_VARS_4M.secboot.qcow2. Fedora's build does an extra step of
converting raw images to qcow2, for some odd reason, which jammy does not
do; but the "ms" of jammy's filename means "Microsoft", as in their secure
boot keys. Splendid.
I think I'll still update to noble before actually trying to migrate my VM.
I peeked into noble's ovmf package, and its layout is the same as jammy's,
but it's a newer version that's closer to the one in Fedora.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20240607/edc0e2e1/attachment.sig>
More information about the ubuntu-users
mailing list