Re: UEFI Secure boot using qemu-kvm

[joeyli]

æ åï2012-06-28 æ 11:22 +0100ïJames Bottomley æåï
> 
> joeyli <jlee@xxxxxxxx> wrote:
> 
> >Hi James, 
> >
> >On Wed, Jun 27, 2012 at 06:34:05PM +0100, James Bottomley wrote:
> >
> >> The purpose of this email is to widen the pool of people who are
> >playing
> >> with UEFI Secure boot.  The Linux Foundation Technical Advisory Board
> >> have been looking into this because it turns out to be rather
> >difficult
> >> to lay your hands on real UEFI Secure Boot enabled hardware.
> > 
> >
> >I am following your approach to reproduce your UEFI environment with
> >qemu-kvm. After run qemu-system-x86_64 the kvm launched and go to UEFI
> >shell success. So far so good!
> >
> >But, I got a problem is the keyboard layout is not US keyboard, So I
> >need build a mapping table for reference when key-in any letter:
> >
> >[		e
> >/		x
> >s		i
> >enter		t
> >down		enter
> >page up		down
> >...
> >
> >
> >Did you meet this issue on your side? 
> 
> Well no. I've got a US keyboard. You probably need the keymap directory from qemu-kvm. 
> 
> The best thing is probably to copy all the qemu files to a new directory and then copy in the qemu-ovmf ones (assuming standard qemu-kvm works for you).
> 
> James

Yes, I just found the problem happen on using SSH login to the machine
that have qemu-kvm and launch it with UEFI shell.
If I direct launch kvm on the machine, everything is OK!

I already import your PK.cer and KEK.cer and run
HelloWorld.efi/HelloWorld-signed.efi to verify the secure boot success.

When running non-signed file, shell show up:
	Error reported: Access Denied

Thanks a lot for your document and RPMs on OBS, it's really useful to me
for verify secure boot.


Regards
Joey Lee 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/