You are not logged in.
I have qemu/libvirt/virt-manager installed on both my Arch Linux machine and my Ubuntu machine, and its behaviour with Secure Boot and self-signed keys is not consistent between the two installations. On my Ubuntu machine, I am able to install Arch Linux in a VM with grub as a boot manager and set up Secure Boot with sbctl (using the instructions here) without issue. On my Arch Linux machine, however, performing the same steps produces a grub error saying
error: verification requested but nobody cares: (cryptouuid/$PARTITION_UUID)/grub/x86_64-efi/normal.modand the VM refuses to boot with Secure Boot enabled. I am able to get Secure Boot working in the VM with systemd-boot and sbctl, however. That behaviour (sbctl/grub working with guest on Ubuntu but not on Arch) is also consistent when I am working with a Void Linux guest. On my bare-metal Arch Linux machine, I have Secure Boot working with grub and sbctl.
I installed qemu/libvirt/virt-manager by installing the packages "qemu-full" and "virt-manager". I am using the firmware option "UEFI x86_64: /usr/share/OVMF/OVMF_CODE_4M.secboot.fd" in virt-manager on both host systems.
In the VM, grub was installed using
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=Arch_Linux --modules="tpm" --disable-shim-lockI enrolled both my personal and Microsoft's Secure Boot signing keys (using sbctl enroll-keys -m) and the files signed with sbctl were
/boot/EFI/Arch_Linux/grubx64.efi
/boot/grub/x86_64-efi/core.efi
/boot/grub/x86_64-efi/grub.efi
/boot/vmlinuz-linuxIs there something else I need to install or some configuration change I need to make to make the behaviour match up with what I am getting on Ubuntu? Was there a change in a recent version of qemu/libvirt/virt-manager that broke something?
Any assistance would be greatly appreciated.
Last edited by 4729275 (2024-12-09 18:48:34)
Offline