Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68043

Support direct kernel boot with secure boot protection

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • libvirt-11.2.0-1.el10
    • None
    • rhel-virt-core-libvirt-1
    • ssg_virtualization
    • 14
    • 5
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Enhancement
    • Hide
      .Direct kernel boot supported for SecureBoot VMs

      With this update, you can set up direct kernel boot in virtual machines (VM) that are configured with the SecureBoot feature. To do so, use the `<shim>` parameter in the XML configuration of the VM, for example as follows:  

      ----
       <os firmware="efi">
         ...
         <shim>/var/lib/libvirt/images/BOOTX64.EFI</shim>
       </os>
      ----
      Show
      .Direct kernel boot supported for SecureBoot VMs With this update, you can set up direct kernel boot in virtual machines (VM) that are configured with the SecureBoot feature. To do so, use the `<shim>` parameter in the XML configuration of the VM, for example as follows:   ----  <os firmware="efi">    ...    <shim>/var/lib/libvirt/images/BOOTX64.EFI</shim>  </os> ----
    • Done
    • 11.2.0
    • None

      qemu will get a new '-shim $path/to/shim.efi' command line switch, which is needed to enable direct kernel boot with proper secure boot verification.

      libvirt should add support for that.

              mprivozn@redhat.com Michal Privoznik
              rhn-engineering-ghoffman Gerd Hoffmann
              Zhen Tang
              virt-maint virt-maint
              Zhen Tang Zhen Tang
              Jiří Herrmann Jiří Herrmann
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: