Of all the gin joints in all the towns in all the world, Jason Dickens had to walk into mine at 10:31:18 on Thursday 06 July 2017 and say:
> All, > > I'm trying to understand why the secure boot variables (PK, KEK, db, > etc) when using the OVMF build are not retained across reboot? It seems > that this code uses roughly the same SetVariable, GetVariable2 approach > as say the PlatformConfig uses to store screen resolution (which is > retained). Additionally, the NvVars file is being at least touched by > the secure boot configuration. So why are none of the keys retained on > the next reboot? If you're running OVMF in the QEMU simulator, and you're using the -bios option, try using the -pflash option instead. I know that when using -bios, QEMU only pretends to allow writes to the firmware region, and if you stop QEMU all changes are discarded. The same might be true if you just trigger a hard reboot in the simulator too. If you use -pflash instead, your changes will be saved. Note that this means your OVMF image will be modified, so keep a copy of the original elsewhere so that you can start over fresh again if you need to. (Unfortunately I don't think OVMF has a "load factor defaults" option in its internal menus.) -Bill > I know this was an issue in the past, but I haven't found the resolution? > > Jason > > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel -- ============================================================================= -Bill Paul (510) 749-2329 | Senior Member of Technical Staff, [email protected] | Master of Unix-Fu - Wind River Systems ============================================================================= "I put a dollar in a change machine. Nothing changed." - George Carlin ============================================================================= _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
