Re: [OvmfPkg] Secure Boot issues

From: Laszlo Ersek <lersek@redhat.com>
To: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Cc: edk2-devel@lists.01.org
Subject: Re: [OvmfPkg] Secure Boot issues
Date: Thu, 14 Jun 2018 19:29:37 +0200	[thread overview]
Message-ID: <d22e9063-5fa2-2386-a44a-3d12777137cd@redhat.com> (raw)
In-Reply-To: <3c921d7e-32de-7fc4-38ef-87de340688f6@gmail.com>

On 06/13/18 23:25, Philipp Deppenwiese wrote:
> We are getting the error after the Windows 10 installation.
> 
> Windows boots up for few seconds and then crashes.

I've installed a brand new libvirt domain from the installer ISO
discussed below, reusing the virtual hardware config from my previous
Windows 10 domain -- after enabling SB with EnrollDefaultKeys.efi as
very first step.

I've installed a bunch of virtio drivers in the guest. As I mentioned
earlier, Windows would permit the installation of those drivers from the
Fedora virtio-win ISO, but it would also block those drivers from being
launched:

"Windows cannot verify the digital signature for the drivers required
for this device. A recent hardware or software change might have
installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown source. (Code 52)"

Using the WHQL'd RHEL variants, the virtio drivers work fine. I also
installed Firefox in the guest, Cygwin (for having an openssh server),
and the QEMU guest agent.

I haven't experienced any issues with the guest, beyond the usual
"Windows Update hogs resources beyond recognition" (once I installed the
virtio-net driver).

Thanks,
Laszlo

> On 13.06.2018 23:18, Laszlo Ersek wrote:
>> On 06/13/18 21:41, Philipp Deppenwiese wrote:
>>> Hey Laszlo,
>>>
>>> It's free for trial and available under:
>>>
>>> https://www.microsoft.com/de-de/evalcenter/evaluate-windows-10-enterprise
>> I tried the following ISO:
>>
>> af9a46ddd2a88ea01e9d3a52f56cf48e6e9d989e5a35f6e88d68be48dccfcb8d
>> 14393.0.160715-1616.rs1_release_cliententerprise_s_eval_x64fre_en-us.iso
>>
>> I simply took my Windows 10 libvirt domain that I used yesterday for
>> testing, and booted it off of the above ISO, rather than the virtual
>> hard disk. I didn't go through with the entire installation, just until
>> it asked for the virtio-win driver CD (so that it could continue reading
>> the virtio-scsi Windows installer ISO, post-EFI), at which point I
>> forced off the VM. Nonetheless, until that point, everything seemed to
>> work fine. Did you encounter the crash after that point, or before it?
>>
>> Thanks
>> Laszlo
>>
>>> On 13.06.2018 21:21, Laszlo Ersek wrote:
>>>> On 06/13/18 15:45, Philipp Deppenwiese wrote:
>>>>> Hey Laszlo,
>>>>>
>>>>> We are using VirtualBox as virtualization solution and
>>>>> don't load guest drivers. But we had the same issue with
>>>>> the current Qemu version as well.
>>>>>
>>>>> Can you try to test your setup with the latest Windows 10 LTSB ?
>>>>> That would help us to understand if that's a general EDK2
>>>>> issue or just our problem.
>>>> My testing yesterday was supposed to cover the "latest in Windows 10
>>>> LTSB" -- I had indeed installed the OS earlier from a Windows 10
>>>> Enterprise N 2015 LTSB ISO, but yesterday that long-term guest of mine
>>>> pulled down all pending updates.
>>>>
>>>> Is that not what you mean? Can you give me an ISO filename and a SHA1
>>>> checksum then? I could try looking it up in MSDN. (It's not guaranteed
>>>> that my subscription will allow me access to it though.)
>>>>
>>>> Thanks
>>>> Laszlo
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
> 