From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c0c::242; helo=mail-wr0-x242.google.com; envelope-from=zaolin.daisuki@gmail.com; receiver=edk2-devel@lists.01.org Received: from mail-wr0-x242.google.com (mail-wr0-x242.google.com [IPv6:2a00:1450:400c:c0c::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 459EA2125110F for ; Wed, 13 Jun 2018 06:45:16 -0700 (PDT) Received: by mail-wr0-x242.google.com with SMTP id d2-v6so2814585wrm.10 for ; Wed, 13 Jun 2018 06:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=dtuZJvdEEhCLqKTKx2fnt+JEWa6BFYSW/Xy1IsvDq5o=; b=gWe5NJVXsY1YAKJsb1gxnHisnrqhyvjb/1t/a5NGZ/pbZUcMw28Kl4dr+QRVnUUj5Y /e8nsM2putQOd7rbCzKiG2+o3bpMuZq7CbF4RgrSSQsyBd8YFph4InUp1RADYfuMiq2F Vkx7iMnKqWdZ1zdmSukHCptHTOkORrHyR6XGIGm+Mw+9RtMUDspmkvvwmk+VQ3AB3JAp RxnTXCEEBV/nDYqpGNLXYbFw9/5ECnF+zOG7QMupVQ4KWlhgwZvx2XW5/lWsoiQcM4hx BOgTvFDgmyJPDTBORmZyu8QBQWbp6nnG96c+6bK6n0bI3FbdSoC/jGIj0fHSeiOwBv/O nUew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=dtuZJvdEEhCLqKTKx2fnt+JEWa6BFYSW/Xy1IsvDq5o=; b=YLxF5iKRu/rfw9S3z6sOjJYyJBKqclzZhGulFd4vomACcnT+RVwvzVkvj0Uoqovp2N WmZ9yR0QU10dmEVr2l46qbhDNRBIxewbmOPOiSjoIeWNp6ZfhXkQ7YTAp1v7rKOK+J/W xf7Dw4g71XzKF4K6WijWSzQaoBMuj1RLv1TRhce2gtsl1Qwyg2TAEHl7sz0YRKhBAYcl ByDoUWKG1Sx17yAqeBLS7DsFAqrGyUmyKJSR5VGz35FwOwj9tjSV06aeCGfbYU6tZuBx lWEAGc2Yl2IUYgFBQFXAchHIZzZm0WkvR25AU/TL9lkE8XPQFyiOKCGg7TDfj7QvJNQf ajeA== X-Gm-Message-State: APt69E3kZdAhOYQcuf9F6Xw+pA/lAA1gYmc8cKFlG3fya/8C+YFrpJQ9 HUPrVX5pNtbpdQfrppG04VQ/3ZJu X-Google-Smtp-Source: ADUXVKJy12oXKGjz4ZuC7eJis4t0QlMc8n0qBS0L3ZaV42Kr0i54s1TU9QGVnj5GaZUzohkXztUA7Q== X-Received: by 2002:adf:ae8b:: with SMTP id y11-v6mr4579951wrc.234.1528897514344; Wed, 13 Jun 2018 06:45:14 -0700 (PDT) Received: from [172.25.20.115] (b2b-78-94-0-50.unitymedia.biz. [78.94.0.50]) by smtp.gmail.com with ESMTPSA id c129-v6sm2572763wma.37.2018.06.13.06.45.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Jun 2018 06:45:13 -0700 (PDT) To: Laszlo Ersek Cc: edk2-devel@lists.01.org References: <2660d487-aa83-e92c-c816-dd205470fea3@redhat.com> <6583409f-e15f-bc73-d16e-bb59be8f2a2c@gmail.com> <4146cdc8-0812-4ee0-bb20-51883fbddbee@redhat.com> From: Philipp Deppenwiese Message-ID: Date: Wed, 13 Jun 2018 15:45:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <4146cdc8-0812-4ee0-bb20-51883fbddbee@redhat.com> Subject: Re: [OvmfPkg] Secure Boot issues X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2018 13:45:16 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Hey Laszlo, We are using VirtualBox as virtualization solution and don't load guest drivers. But we had the same issue with the current Qemu version as well. Can you try to test your setup with the latest Windows 10 LTSB ? That would help us to understand if that's a general EDK2 issue or just our problem. Best Regards, Philipp On 12.06.2018 20:14, Laszlo Ersek wrote: > On 06/12/18 16:51, Philipp Deppenwiese wrote: > >> Also Windows 10 in safe mode with secure boot works but not the >> normal mode. >> >> We use the >> 14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISE_S_EVAL_X64 LTSB >> release for testing. > Interesting, this reminds me of the "new" driver signing requirements > when Secure Boot is enabled. Something something about cross-signed > drivers not being accepted by recent Windows 10 when SB is enabled. > > I could imagine that some of your native guest drivers (paravirt / > virtio drivers) aren't "appropriately signed" (whatever that may mean), > and then something crashes when windows *rejects* loading those drivers. > > In safe mode, I could imagine Windows doesn't even attempt to load those > drivers. > > Really I'm just speculating here. In support of the speculation: > > https://docs.fedoraproject.org/quick-docs/en-US/creating-windows-virtual-machines-using-virtio-drivers.html > > """ > Fedora VirtIO Drivers vs. RHEL VirtIO Drivers > > The RPMs in the virtio-win-stable repository are the same driver builds > as what is shipped with Red Hat Enterprise Linux. All the Windows > binaries are from builds done on Red Hat’s internal build system, which > are generated using publicly available code. For more details about how > the RPM and repo are built, see the README for this repo. > > The drivers are cryptographically signed with Red Hat’s vendor > signature. However they are not signed with Microsoft’s WHQL signature. > """ > > In addition, please see > . > > Thanks > Laszlo