Secureboot/Testing

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Secure boot testing can be performed under qemu using OVMF. To build a OVMF image that can be used, follow these instructions:

Create a working directory.
git clone git://tianocore.git.sourceforge.net/gitroot/tianocore/edk2
cd edk2/CryptoPkg/Library/OpensslLib/
wget http://www.openssl.org/source/openssl-0.9.8w.tar.gz
tar xvf openssl-0.9.8w.tar.gz
cd openssl-0.9.8w/
patch -p0 <../EDKII_openssl-0.9.8w.patch
cd ..
./Install.sh
cd ../../..
. edksetup.sh
vi Conf/target.txt and change the parameters to those described below:

ACTIVE_PLATFORM       = OvmfPkg/OvmfPkgX64.dsc 
TOOL_CHAIN_TAG        = GCC46
TARGET_ARCH           = X64

If you're running gcc 4.7 or later, vi Conf/tools_def.txt and modify _GCC46_X64_ASM_FLAGS so it reads as follows:

*_GCC46_X64_ASM_FLAGS            = DEF(GCC46_ASM_FLAGS) -m64

make -C BaseTools
build -DSECURE_BOOT_ENABLE=TRUE
mkdir bios
ln -s ../Build/OvmfX64/DEBUG_GCC46/FV/OVMF.fd bios/bios.bin
ln -s ../Build/OvmfX64/DEBUG_GCC46/X64/QemuVideoDxe.rom bios/vgabios-cirrus.bin

You can now start qemu with -L bios in order to run the OVMF image. Press any key while the TianoCore logo is showing to enter the setup menu. Select "Device Manager" in order to access the secure boot configuration. Note that any changes you make will persist over the qemu session, but may not persist once you've exited qemu.

Search

Secureboot/Testing