English Spanish
You should see the string 'Secure boot enabled' in dmesg. Secureboot is now enabled for every subsequent boot.
Using UEFI with QEMU
Using UEFI with AArch64 VMs
Use virt-manager to change the VM boot settings to boot off the CDROM
Use virt-manager to attach the ISO media to your VM
UEFI for x86 QEMU/KVM VMs is called OVMF (Open Virtual Machine Firmware). It comes from EDK2 (EFI Development Kit), which is the UEFI reference implementation.
This page was automatically converted from https://fedoraproject.org/wiki/Using_UEFI_with_QEMU
The VM will restart. Let it boot into Fedora as normal. Log in
These steps describe how to test Fedora Secureboot support inside a KVM VM. The audience here is QA folks that want to test secureboot, and any other curious parties. This requires configuring the VM to use UEFI, so it builds upon the previous UEFI steps.
The boot screen you'll see should use `linuxefi` commands to boot the installer, and you should be able to run `efibootmgr` inside that system, to verify that you're running an UEFI OS.
Testing Secureboot in a VM
Testing Fedora CD/DVD Secure Boot in a VM
Switch to a terminal inside the VM, verify Secureboot is enabled by checking dmesg
` sudo virt-install --name f20-uefi \`
`   --ram 2048 --disk size=20 \`
`   --boot uefi \`
`   --location `https://dl.fedoraproject.org/pub/fedora/linux/releases/22/Workstation/x86_64/os/[`https://dl.fedoraproject.org/pub/fedora/linux/releases/22/Workstation/x86_64/os/`]
` sudo dnf install dnf-plugins-core`
` sudo dnf config-manager --add-repo `http://www.kraxel.org/repos/firmware.repo[`http://www.kraxel.org/repos/firmware.repo`]
` sudo dnf install edk2.git-ovmf-x64`
Start the VM
Since OVMF doesn't ship with any SecureBoot keys installed, we need to install some to mimic what an MS certified UEFI machine will ship with. OVMF now ships with the binaries required to set up a default set of keys. The easiest way is to use UefiShell.iso which is available at `/usr/share/edk2/ovmf/UefiShell.iso`. Boot your VM with this as the CD-ROM image and it should boot into the UEFI shell. At the prompt
Since June 2016, OVMF is available in Fedora repositories. All you need to have installed is `edk2-ovmf` RPM. Furthermore, it should be now a dependency of the package, so you probably have it installed already. This includes firmware for secureboot (`OVMF_CODE.secboot.fd`)