From: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: edk2-devel@lists.01.org
Subject: Re: [OvmfPkg] Secure Boot issues
Date: Wed, 13 Jun 2018 15:45:12 +0200 [thread overview]
Message-ID: <efcddc43-e0b6-24a8-3323-5783760a3240@gmail.com> (raw)
In-Reply-To: <4146cdc8-0812-4ee0-bb20-51883fbddbee@redhat.com>
Hey Laszlo,
We are using VirtualBox as virtualization solution and
don't load guest drivers. But we had the same issue with
the current Qemu version as well.
Can you try to test your setup with the latest Windows 10 LTSB ?
That would help us to understand if that's a general EDK2
issue or just our problem.
Best Regards, Philipp
On 12.06.2018 20:14, Laszlo Ersek wrote:
> On 06/12/18 16:51, Philipp Deppenwiese wrote:
>
>> Also Windows 10 in safe mode with secure boot works but not the
>> normal mode.
>>
>> We use the
>> 14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISE_S_EVAL_X64 LTSB
>> release for testing.
> Interesting, this reminds me of the "new" driver signing requirements
> when Secure Boot is enabled. Something something about cross-signed
> drivers not being accepted by recent Windows 10 when SB is enabled.
>
> I could imagine that some of your native guest drivers (paravirt /
> virtio drivers) aren't "appropriately signed" (whatever that may mean),
> and then something crashes when windows *rejects* loading those drivers.
>
> In safe mode, I could imagine Windows doesn't even attempt to load those
> drivers.
>
> Really I'm just speculating here. In support of the speculation:
>
> https://docs.fedoraproject.org/quick-docs/en-US/creating-windows-virtual-machines-using-virtio-drivers.html
>
> """
> Fedora VirtIO Drivers vs. RHEL VirtIO Drivers
>
> The RPMs in the virtio-win-stable repository are the same driver builds
> as what is shipped with Red Hat Enterprise Linux. All the Windows
> binaries are from builds done on Red Hat’s internal build system, which
> are generated using publicly available code. For more details about how
> the RPM and repo are built, see the README for this repo.
>
> The drivers are cryptographically signed with Red Hat’s vendor
> signature. However they are not signed with Microsoft’s WHQL signature.
> """
>
> In addition, please see
> <https://bugzilla.redhat.com/show_bug.cgi?id=1376048#c0>.
>
> Thanks
> Laszlo
next prev parent reply other threads:[~2018-06-13 13:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 13:12 [OvmfPkg] Secure Boot issues Philipp Deppenwiese
2018-06-12 13:59 ` Laszlo Ersek
2018-06-12 14:51 ` Philipp Deppenwiese
2018-06-12 18:14 ` Laszlo Ersek
2018-06-13 13:45 ` Philipp Deppenwiese [this message]
2018-06-13 19:21 ` Laszlo Ersek
2018-06-13 19:41 ` Philipp Deppenwiese
2018-06-13 21:18 ` Laszlo Ersek
2018-06-13 21:25 ` Philipp Deppenwiese
2018-06-14 17:29 ` Laszlo Ersek
2018-06-18 12:14 ` Philipp Deppenwiese
2018-06-18 12:30 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efcddc43-e0b6-24a8-3323-5783760a3240@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox