Yes, I have tested and am able to run Windows Server 2016 and Server 2019 in secure mode with cloudstack as part of https://github.com/apache/cloudstack/pull/3638 pull request with cloudstack.
With the recent version I haven't checked. Thanks & Regards, Pavan Aravapalli. Architect. https://www.linkedin.com/in/pavan-a-70995a27/ On Tue, 24 Jan 2023 at 16:18, Gary Dixon <gary.di...@quadris.co.uk.invalid> wrote: > Thanks Pavan > > Are you successfully running Windows Server VM's in uefi secure boot mode > in Cloudstack ? > > Gary Dixon > Senior Technical Consultant > T: +44 161 537 4990 > E: *v* <+44%207989717661>ms@quadris‑support.com > W: www.quadris.co.uk > The information contained in this e-mail from Quadris may be confidential > and privileged for the private use of the named recipient. The contents of > this e-mail may not necessarily represent the official views of Quadris. > If you have received this information in error you must not copy, > distribute or take any action or reliance on its contents. Please destroy > any hard copies and delete this message. > -----Original Message----- > From: pavan aravapalli <aravapalli.by...@gmail.com> > Sent: 24 January 2023 07:47 > To: users@cloudstack.apache.org > Subject: Re: KVM host UEFI allow guest UEFI Secure boot > > Hi Gary, > > If you don't have any specific dependencies with Ubunut version try with > the latest Ubuntu 22.04, it has secure files. I verified and it supports > secure files. > > Thanks & Regards, > Pavan Aravapalli. > Architect. > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpavan-a-70995a27%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lorVxhzKY8skt0LMTiDaby63B%2BA7EpSJv02hHNvzZls%3D&reserved=0 > > > > On Mon, 23 Jan 2023 at 23:08, Gary Dixon <gary.di...@quadris.co.uk.invalid > > > wrote: > > > Thanks Pavan > > > > Unfortunately, in the Ubuntu OVMF package it does not install a > > "OVMF_VARS.secboot.fd" file in the /usr/share/OVMF/ path This VARS > > file does not exist it appears on an ubuntu system. > > > > BR > > > > Gary > > > > Gary Dixon > > Senior Technical Consultant > > T: +44 161 537 4990 > > E: *v* <+44%207989717661>ms@quadris‑support.com > > W: > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.q > > uadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788c > > ae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63 > > 8101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9sQKrpy2Xs > > 1yrXYliGQSfPtARsaafISJIJ17JTFhB4s%3D&reserved=0 > > The information contained in this e-mail from Quadris may be > > confidential and privileged for the private use of the named > > recipient. The contents of this e-mail may not necessarily represent the > official views of Quadris. > > If you have received this information in error you must not copy, > > distribute or take any action or reliance on its contents. Please > > destroy any hard copies and delete this message. > > -----Original Message----- > > From: pavan aravapalli <aravapalli.by...@gmail.com> > > Sent: 23 January 2023 11:48 > > To: gary.di...@quadris.co.uk.invalid > > Cc: users@cloudstack.apache.org > > Subject: Re: KVM host UEFI allow guest UEFI Secure boot > > > > I see wrong vars configured for secure VAR. *<nvram > > template='/usr/share/OVMF/OVMF_VARS.fd'> * > > > > It should be something like > > "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", > > or the file should be like path to the OVMF_VARS.secboot.fd inside > > uefi.properties on the Ubuntu Host. I hope this helps. > > > > > > Thanks & Regards, > > Pavan Aravapalli. > > Architect. > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > > linkedin.com%2Fin%2Fpavan-a-70995a27%2F&data=05%7C01%7CGary.Dixon%40qu > > adris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16d > > b0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWI > > joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7 > > C%7C%7C&sdata=lorVxhzKY8skt0LMTiDaby63B%2BA7EpSJv02hHNvzZls%3D&reserve > > d=0 > > > > > > > > > > On Fri, 20 Jan 2023 at 16:01, Gary Dixon > > <gary.di...@quadris.co.uk.invalid > > > > > wrote: > > > > > I think this is possibly a bug in CS 4.15.2 with KVM hypervisor on > > > Ubuntu > > > 20.04 > > > > > > > > > > > > I have evicted one of our hosts from the cloudstack cluster and > > > added the /etc/cloudstack/agent/uefi.properties file. > > > > > > > > > > > > Cleared out the keystore and set the libvirtd.conf file back to > > > listen_tls=0, listen_tcp=1 and re-added the host back in to the > > > cluster in Cloudstack > > > > > > > > > > > > In the agent logs I can see that it detects the uefi.properties file > > > and enumerates the paths. > > > > > > > > > > > > The host is added back into Cloudstack – but in the database in the > > > “host_details” table I see the “host.uefi.enable” value is set to > “false” > > > for this host ? > > > > > > > > > > > > We then manually set “host.uefi.enable” to true in the database > > > > > > > > > > > > I then provision a new instance and use a Windows Server2016 ISO to > > > provision the machine on this uefi enabled host. I set the adv > > > settings to > > > BIOS: UEFI BOOT MODE: Secure > > > > > > The VM starts but when I console on to it there is an error message > > > on the console window saying “*Guest has not initialized the display > > > (yet)”* > > > > > > So at this point it appears we are unable to create any VM’s with > > > uefi – secure boot enabled > > > > > > > > > > > > Has anyone suucessfully managed to get Windows VM’s with uefi secure > > > boot enabled working in Cloudstack 4.15.2 with KVM hypervisor on > > > Ubuntu 20.04 hosts ? > > > > > > > > > > > > > > > > > > A virsh dumpxml shows this: > > > > > > > > > > > > <description>Windows Server 2016 (64-bit)</description> > > > > > > <memory unit='KiB'>8388608</memory> > > > > > > <currentMemory unit='KiB'>8388608</currentMemory> > > > > > > <vcpu placement='static'>4</vcpu> > > > > > > <cputune> > > > > > > <shares>3240</shares> > > > > > > </cputune> > > > > > > <resource> > > > > > > <partition>/machine</partition> > > > > > > </resource> > > > > > > <sysinfo type='smbios'> > > > > > > <system> > > > > > > <entry name='manufacturer'>Apache Software Foundation</entry> > > > > > > <entry name='product'>CloudStack KVM Hypervisor</entry> > > > > > > <entry name='uuid'>39c9fa33-0ef2-463a-aff6-45b6e77d1c4d</entry> > > > > > > </system> > > > > > > </sysinfo> > > > > > > <os> > > > > > > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > > > > > > <loader readonly='yes' secure='yes' > > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> > > > > > > <nvram > > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/ > > > 39 c9fa33-0ef2-463a-aff6-45b6e77d1c4d.fd</nvram> > > > > > > <boot dev='cdrom'/> > > > > > > <boot dev='hd'/> > > > > > > <smbios mode='sysinfo'/> > > > > > > </os> > > > > > > <features> > > > > > > <acpi/> > > > > > > <apic/> > > > > > > <pae/> > > > > > > <smm state='on'/> > > > > > > </features> > > > > > > <cpu mode='host-passthrough' check='none'> > > > > > > <topology sockets='1' cores='4' threads='1'/> > > > > > > </cpu> > > > > > > <clock offset='localtime'> > > > > > > <timer name='hypervclock' present='yes'/> > > > > > > </clock> > > > > > > <on_poweroff>destroy</on_poweroff> > > > > > > <on_reboot>restart</on_reboot> > > > > > > <on_crash>destroy</on_crash> > > > > > > <devices> > > > > > > <emulator>/usr/bin/qemu-system-x86_64</emulator> > > > > > > <disk type='block' device='disk'> > > > > > > <driver name='qemu' type='raw' cache='none'/> > > > > > > <source dev='/dev/storpool-byid/n91t.b.brrdr' index='2'/> > > > > > > <backingStore/> > > > > > > <target dev='sda' bus='sata'/> > > > > > > <serial>69bcfffc3c8a41ab876b</serial> > > > > > > <alias name='sata0-0-0'/> > > > > > > <address type='drive' controller='0' bus='0' target='0' > > > unit='0'/> > > > > > > </disk> > > > > > > <disk type='file' device='cdrom'> > > > > > > <driver name='qemu' type='raw'/> > > > > > > <source > > > > > > file='/mnt/45d6d957-afa2-371a-b0dc-b6e70ef17d97/035fa65a-4556-47b0-95c1-ac2db8ee054e.iso' > > > index='1'/> > > > > > > <backingStore/> > > > > > > <target dev='sdd' bus='sata'/> > > > > > > <readonly/> > > > > > > <alias name='sata0-0-3'/> > > > > > > <address type='drive' controller='0' bus='0' target='0' > > > unit='3'/> > > > > > > </disk> > > > > > > <controller type='usb' index='0' model='qemu-xhci'> > > > > > > <alias name='usb'/> > > > > > > <address type='pci' domain='0x0000' bus='0x03' slot='0x00' > > > function='0x0'/> > > > > > > </controller> > > > > > > <controller type='sata' index='0'> > > > > > > <alias name='ide'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' > > > function='0x2'/> > > > > > > </controller> > > > > > > <controller type='pci' index='0' model='pcie-root'> > > > > > > <alias name='pcie.0'/> > > > > > > </controller> > > > > > > <controller type='virtio-serial' index='0'> > > > > > > <alias name='virtio-serial0'/> > > > > > > <address type='pci' domain='0x0000' bus='0x04' slot='0x00' > > > function='0x0'/> > > > > > > </controller> > > > > > > <controller type='pci' index='1' model='pcie-root-port'> > > > > > > <model name='pcie-root-port'/> > > > > > > <target chassis='1' port='0x10'/> > > > > > > <alias name='pci.1'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x02' > > > function='0x0' multifunction='on'/> > > > > > > </controller> > > > > > > <controller type='pci' index='2' model='pcie-to-pci-bridge'> > > > > > > <model name='pcie-pci-bridge'/> > > > > > > <alias name='pci.2'/> > > > > > > <address type='pci' domain='0x0000' bus='0x01' slot='0x00' > > > function='0x0'/> > > > > > > </controller> > > > > > > <controller type='pci' index='3' model='pcie-root-port'> > > > > > > <model name='pcie-root-port'/> > > > > > > <target chassis='3' port='0x11'/> > > > > > > <alias name='pci.3'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x02' > > > function='0x1'/> > > > > > > </controller> > > > > > > <controller type='pci' index='4' model='pcie-root-port'> > > > > > > <model name='pcie-root-port'/> > > > > > > <target chassis='4' port='0x12'/> > > > > > > <alias name='pci.4'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x02' > > > function='0x2'/> > > > > > > </controller> > > > > > > <controller type='pci' index='5' model='pcie-root-port'> > > > > > > <model name='pcie-root-port'/> > > > > > > <target chassis='5' port='0x13'/> > > > > > > <alias name='pci.5'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x02' > > > function='0x3'/> > > > > > > </controller> > > > > > > <interface type='bridge'> > > > > > > <mac address='02:00:0d:ea:00:0f'/> > > > > > > <source bridge='brvx-17906'/> > > > > > > <bandwidth> > > > > > > <inbound average='25600' peak='25600'/> > > > > > > <outbound average='25600' peak='25600'/> > > > > > > </bandwidth> > > > > > > <target dev='vnet0'/> > > > > > > <model type='e1000'/> > > > > > > <link state='up'/> > > > > > > <alias name='net0'/> > > > > > > <address type='pci' domain='0x0000' bus='0x02' slot='0x01' > > > function='0x0'/> > > > > > > </interface> > > > > > > <serial type='pty'> > > > > > > <source path='/dev/pts/2'/> > > > > > > <target type='isa-serial' port='0'> > > > > > > <model name='isa-serial'/> > > > > > > </target> > > > > > > <alias name='serial0'/> > > > > > > </serial> > > > > > > <console type='pty' tty='/dev/pts/2'> > > > > > > <source path='/dev/pts/2'/> > > > > > > <target type='serial' port='0'/> > > > > > > <alias name='serial0'/> > > > > > > </console> > > > > > > <channel type='unix'> > > > > > > <source mode='bind' > > > path='/var/lib/libvirt/qemu/i-2-1811-VM.org.qemu.guest_agent.0'/> > > > > > > <target type='virtio' name='org.qemu.guest_agent.0' > > > state='disconnected'/> > > > > > > <alias name='channel0'/> > > > > > > <address type='virtio-serial' controller='0' bus='0' port='1'/> > > > > > > </channel> > > > > > > <input type='tablet' bus='usb'> > > > > > > <alias name='input0'/> > > > > > > <address type='usb' bus='0' port='1'/> > > > > > > </input> > > > > > > <input type='mouse' bus='ps2'> > > > > > > <alias name='input1'/> > > > > > > </input> > > > > > > <input type='keyboard' bus='ps2'> > > > > > > <alias name='input2'/> > > > > > > </input> > > > > > > <graphics type='vnc' port='5900' autoport='yes' > > > listen='10.255.4.14'> > > > > > > <listen type='address' address='10.255.4.14'/> > > > > > > </graphics> > > > > > > <video> > > > > > > <model type='cirrus' vram='16384' heads='1' primary='yes'/> > > > > > > <alias name='video0'/> > > > > > > <address type='pci' domain='0x0000' bus='0x00' slot='0x01' > > > function='0x0'/> > > > > > > </video> > > > > > > <watchdog model='i6300esb' action='none'> > > > > > > <alias name='watchdog0'/> > > > > > > <address type='pci' domain='0x0000' bus='0x02' slot='0x02' > > > function='0x0'/> > > > > > > </watchdog> > > > > > > <memballoon model='none'/> > > > > > > </devices> > > > > > > <seclabel type='dynamic' model='dac' relabel='yes'> > > > > > > <label>+0:+0</label> > > > > > > <imagelabel>+0:+0</imagelabel> > > > > > > </seclabel> > > > > > > </domain> > > > > > > > > > > > > > > > > > > > > > > > > > > > Gary Dixon > > > Senior Technical Consultant > > > T: +44 161 537 4990 > > > E: *v* <+44%207989717661>ms@quadris‑support.com > > > W: > > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > > .q%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BRsJ%2B2rg > > > Sn4XcuwIANRcMI3xdLjr6K%2FDW7GwzzGpUjU%3D&reserved=0 > > > uadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4a > > > a7 > > > ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > > 63 > > > 8100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > > iV > > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CvI%2BIr > > > 5b > > > FQFMJZOnJOwfko9874LnCsZKKzSRc6lHzPw%3D&reserved=0 > > > The information contained in this e-mail from Quadris may be > > > confidential and privileged for the private use of the named > > > recipient. The contents of this e-mail may not necessarily represent > > > the > > official views of Quadris. > > > If you have received this information in error you must not copy, > > > distribute or take any action or reliance on its contents. Please > > > destroy any hard copies and delete this message. > > > > > > *From:* Gary Dixon <gary.di...@quadris.co.uk.INVALID> > > > *Sent:* 19 January 2023 14:35 > > > *To:* users@cloudstack.apache.org > > > *Subject:* RE: KVM host UEFI allow guest UEFI Secure boot > > > > > > > > > > > > I think I just solved this myself – in the qemu.conf file I see : > > > > > > > > > > > > #nvram = [ > > > > > > # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", > > > > > > # > > > "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", > > > > > > # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", > > > > > > # > > > "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd", > > > > > > # "/usr/share/OVMF/OVMF_CODE.ms.fd:/usr/share/OVMF/OVMF_VARS.ms.fd" > > > > > > #] > > > > > > > > > > > > So in Ubuntu 20.04 there is no reference to OVMF_VARS.secure.fd for > > > the nvram template > > > > > > > > > > > > > > > > > > *Gary Dixon*** > > > > > > Senior Technical Consultant > > > > > > T: +44 161 537 4990 > > > > > > E: *v* <+44%207989717661>ms@quadris‑support.com > > > > > > W: > > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > > .q%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BRsJ%2B2rg > > > Sn4XcuwIANRcMI3xdLjr6K%2FDW7GwzzGpUjU%3D&reserved=0 > > > uadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4a > > > a7 > > > ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > > 63 > > > 8100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > > iV > > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CvI%2BIr > > > 5b > > > FQFMJZOnJOwfko9874LnCsZKKzSRc6lHzPw%3D&reserved=0 > > > > > > *The information contained in this e-mail from Quadris may be > > > confidential and privileged for the private use of the named > > > recipient. The contents of this e-mail may not necessarily represent > > > the > > official views of Quadris. > > > If you have received this information in error you must not copy, > > > distribute or take any action or reliance on its contents. Please > > > destroy any hard copies and delete this message.* > > > > > > *From:* Gary Dixon <gary.di...@quadris.co.uk.INVALID> > > > *Sent:* 19 January 2023 13:55 > > > *To:* users@cloudstack.apache.org > > > *Subject:* RE: KVM host UEFI allow guest UEFI Secure boot > > > > > > > > > > > > Thanks for all your quick responses > > > > > > On our Ubuntu 20.04 hosts it appears that the OVMF files are located > > > in "/usr/share/OVMF/" directory - however the OVMF_VARS.secboot.fd > > > file is not there ? : > > > > > > root@qcloud-s2-p1-c1-kvm4:~# ls -al /usr/share/OVMF/ total 4232 > > > drwxr-xr-x 2 root root 4096 Mar 9 2022 . > > > drwxr-xr-x 151 root root 4096 Apr 2 2022 .. > > > -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.fd lrwxrwxrwx 1 > > > root root 20 Sep 20 2021 OVMF_CODE.ms.fd -> OVMF_CODE.secboot.fd > > > -rw-r--r-- 1 root root 1966080 Sep 20 2021 OVMF_CODE.secboot.fd > > > -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.fd > > > -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.ms.fd > > > -rw-r--r-- 1 root root 131072 Sep 20 2021 OVMF_VARS.snakeoil.fd > > > > > > Is this needed in the uefi.properties config file ? > > > > > > > > > BR > > > > > > Gary > > > > > > *Gary Dixon*** > > > > > > Senior Technical Consultant > > > > > > T: +44 161 537 4990 > > > > > > E: *v* <+44%207989717661>ms@quadris‑support.com > > > > > > W: > > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww > > > .q%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BRsJ%2B2rg > > > Sn4XcuwIANRcMI3xdLjr6K%2FDW7GwzzGpUjU%3D&reserved=0 > > > uadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4a > > > a7 > > > ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C > > > 63 > > > 8100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > > iV > > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CvI%2BIr > > > 5b > > > FQFMJZOnJOwfko9874LnCsZKKzSRc6lHzPw%3D&reserved=0 > > > < > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NiHb9GkcaVicr%2BYgT2iwVbkus2iOVt94B6Dnqltpc4M%3D&reserved=0 > . > > > quadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4 > > > aa > > > 7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7 > > > C6 > > > 38100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIj > > > oi > > > V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CvI%2BI > > > r5 bFQFMJZOnJOwfko9874LnCsZKKzSRc6lHzPw%3D&reserved=0> > > > > > > *The information contained in this e-mail from Quadris may be > > > confidential and privileged for the private use of the named > > > recipient. The contents of this e-mail may not necessarily represent > > > the > > official views of Quadris. > > > If you have received this information in error you must not copy, > > > distribute or take any action or reliance on its contents. Please > > > destroy any hard copies and delete this message.* > > > > > > -----Original Message----- > > > From: vas...@gmx.de <vas...@gmx.de> > > > Sent: 19 January 2023 13:42 > > > To: users@cloudstack.apache.org > > > Subject: Re: KVM host UEFI allow guest UEFI Secure boot > > > > > > Not the direct solution but maybe some bits of information for your > > > further > > > efforts: > > > > > > Overall description of the feature > > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcw > > > ik%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=p6SsRbXhoRwg > > > qZA%2BHq%2BuB8eOAB1KDo%2FT6OX2wkVCxQA%3D&reserved=0 > > > i.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FEnable%2BUEFI%2Bb > > > oo > > > ting%2Bfor%2BInstance&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd6 > > > 5b > > > 0c4aa7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0% > > > 7C > > > 0%7C638100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > > > CJ > > > QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2 > > > B3 > > > xMHAdxbXmMo3zOR0BbkYTZanjtB2uuyC0DIdtByu4%3D&reserved=0 > > > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc > > > wi%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XRSqtKEeOaaK > > > toem9veFyBG69I8VxyTEstw%2FynIRPvU%3D&reserved=0 > > > ki.apache.org%2Fconfluence%2Fdisplay%2FCLOUDSTACK%2FEnable%2BUEFI%2B > > > bo > > > oting%2Bfor%2BInstance&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd > > > 65 > > > b0c4aa7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0 > > > %7 > > > C0%7C638100713210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi > > > LC > > > JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=% > > > 2B 3xMHAdxbXmMo3zOR0BbkYTZanjtB2uuyC0DIdtByu4%3D&reserved=0> > > > > > > User guide + example to enable secure boot > > > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flab%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gBUW6JAJ3g6ZyDSGmdNka2%2BqwKopgFGuOrmvn3YxkRI%3D&reserved=0 > . > > > piszki.pl%2Fcloudstack-vm-with-vtpm-and-secure-boot-uefi%2F&data=05% > > > 7C > > > 01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4aa7ee4160b06c08dafd37c31d%7 > > > Cf > > > 1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638100713210482703%7CUnkno > > > wn > > > %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > > > CJ > > > XVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9dMCVhwcFEizLkLejx204wPAX7kBrpKlpK > > > P0 > > > vKUOjDA%3D&reserved=0 > > > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fl > > > ab%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gBUW6JAJ3g6Z > > > yDSGmdNka2%2BqwKopgFGuOrmvn3YxkRI%3D&reserved=0 > > > .piszki.pl%2Fcloudstack-vm-with-vtpm-and-secure-boot-uefi%2F&data=05 > > > %7 > > > C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4aa7ee4160b06c08dafd37c31d% > > > 7C > > > f1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638100713210482703%7CUnkn > > > ow > > > n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi > > > LC > > > JXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9dMCVhwcFEizLkLejx204wPAX7kBrpKlp > > > KP > > > 0vKUOjDA%3D&reserved=0> > > > > > > Gitlab - Issue with further informations on deploying that > > > capability > > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > > th%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=POKDA0xGQh31 > > > zymO2S96oeOCS3AnKhQJZpsIxozaiPA%3D&reserved=0 > > > ub.com%2Fapache%2Fcloudstack%2Fissues%2F4238&data=05%7C01%7CGary.Dix > > > on > > > %40quadris.co.uk%7Cd65b0c4aa7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b448 > > > 94 > > > ae16db0fb93a96a2%7C0%7C0%7C638100713210482703%7CUnknown%7CTWFpbGZsb3 > > > d8 > > > eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7 > > > C3 > > > 000%7C%7C%7C&sdata=oztk%2F9Q0hPlLrgPvFUomx18kO9zlOBzyJXrz%2BKVByzc%3 > > > D& > > > reserved=0 > > > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fg > > > it%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af > > > 3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810143 > > > 2282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t9bM15PwC0RH > > > B6MYIPU%2BfnzGIdthXiyLnlsGfu3GL00%3D&reserved=0 > > > hub.com%2Fapache%2Fcloudstack%2Fissues%2F4238&data=05%7C01%7CGary.Di > > > xo > > > n%40quadris.co.uk%7Cd65b0c4aa7ee4160b06c08dafd37c31d%7Cf1d6abf3d3b44 > > > 89 > > > 4ae16db0fb93a96a2%7C0%7C0%7C638100713210482703%7CUnknown%7CTWFpbGZsb > > > 3d > > > 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D% > > > 7C > > > 3000%7C%7C%7C&sdata=oztk%2F9Q0hPlLrgPvFUomx18kO9zlOBzyJXrz%2BKVByzc% > > > 3D > > > &reserved=0> > > > > > > regards, > > > Chris > > > > > > Am Do., 19. Jan. 2023 um 14:09 Uhr schrieb Gary Dixon > > > <gary.di...@quadris.co.uk.invalid>: > > > > > > > Hi everyone > > > > > > > > > > > > > > > > CS : 4.15.2 > > > > > > > > Hypervisor: KVM > > > > > > > > OS: Ubuntu 20.04 > > > > > > > > > > > > > > > > Apologies if this has been discussed before. > > > > > > > > We have a requirement to create Windows server templates with UEFI > > > > Secure boot enabled and in testing find that our instances are > > > > being created with Legacy BIOS enabled. > > > > > > > > I checked our KVM hosts and they have the ovmf package installed – > > > > however there is no uefi.properties file in the > > > > /etc/cloudstack/agent directory > > > > > > > > How do I enable the KVM hosts to support Cloudstack guests with > > > > UEFI Secure boot bios ? > > > > > > > > Also will this ‘break’ all current running VM’s that have the > > > > Legacy BIOS enabled or will they still be able to run ? > > > > > > > > > > > > > > > > BR > > > > > > > > > > > > > > > > Gary > > > > Gary Dixon > > > > Senior Technical Consultant > > > > T: +44 161 537 4990 > > > > E: *v* <+44%207989717661>ms@quadris‑support.com > > > <ms@quadris%1esupport.com> > > > > W: > > > > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fw > > > > ww%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190 > > > > af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6381 > > > > 01432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo > > > > iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NiHb > > > > 9GkcaVicr%2BYgT2iwVbkus2iOVt94B6Dnqltpc4M%3D&reserved=0 > > > > .q%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4aa7ee4160 > > > > b0 > > > > 6c08dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638100 > > > > 71 > > > > 3210482703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > > > > uM > > > > zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=n%2FW0gLeh > > > > %2 > > > > BX0kzNDYIJlvbJEWi9KFzKRx6Y%2FQ7oNGJ%2Fw%3D&reserved=0 > > > < > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cf26e2c788cae4190af3008dafddf2f3a%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C638101432282521311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NiHb9GkcaVicr%2BYgT2iwVbkus2iOVt94B6Dnqltpc4M%3D&reserved=0 > . > > > q%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7Cd65b0c4aa7ee4160b06 > > > c0 > > > 8dafd37c31d%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63810071321 > > > 04 > > > 82703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC > > > JB > > > TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=n%2FW0gLeh%2BX0kzND > > > YI JlvbJEWi9KFzKRx6Y%2FQ7oNGJ%2Fw%3D&reserved=0> > > > > uadris.co.uk%2F&data=05%7C01%7CGary.Dixon%40quadris.co.uk%7C8057c1 > > > > b2 > > > > e3 > > > > bd4f13beae08dafa231af3%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0% > > > > 7C > > > > 63 > > > > 8097325927612509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI > > > > jo > > > > iV > > > > 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=M9uXGY > > > > 9a > > > > AT > > > > 4z8oYezjiqrFQ6%2FH9nDV4ZmDOXn6RxUB4%3D&reserved=0 > > > > The information contained in this e-mail from Quadris may be > > > > confidential and privileged for the private use of the named > > > > recipient. The contents of this e-mail may not necessarily > > > > represent the > > > official views of Quadris. > > > > If you have received this information in error you must not copy, > > > > distribute or take any action or reliance on its contents. Please > > > > destroy any hard copies and delete this message. > > > > > > > > > >
