run your windows vm, press esc to access ovmf settingsĨ. Unmount vdisk.img, modify your windows vm to include the new vdisk.img, for example add:ħ. Mount vdisk.img somewhere and copy inside:Ħ. Qemu-img create -f raw /path/to/vdisk.img 2Gĥ. Create a new vdisk with unraid terminal to copy all the needed files to inject certificates: ![]() Openssl x509 -in PKtestDER.crt -outform der -out rģ. ![]() NOTE: the certificate will expire after 980 years!!!(358000 days) for security you may want to decrease this amount of time.Ĭonvert the created certificate from. Openssl req -newkey rsa:2048 -nodes -keyout PKpriv.key -x509 -days 358000 -out PKtestDER.crt ![]() der certificate: I used a linux virtual machine with openssl installed, run these commands in a terminal: Download attachment Microsoft.zip, extract it somewhere, it contains files for KEK and DB: if you don't trust me download files directly from microsoftĢ. It isn't needed you can boot your windows virtual machine and inject files from there, check my point (3)ġ. If it's not clear what that tutorial describes:ġ- Create a private key and certificate to be used for PKĢ- Download microsoft files (certificates for KEK and DB)ģ- Run a basic virtual machine, with a virtual disk with certificates in it, to boot into uefi shell, ovmf bios and inject the files into the ovmf VARS file (maybe this wasn't clear.:it runs qemu via command line then it manages that basic vm through virt manager to access the gui of the uefi shell and ovmf bios) -> by injecting certificates with a basic vm your ovmf vars file will be "cleaner", because it contains only injected certificates, otherwise vars file contains other info, such as the boot drive and other uefi variables.īut the command seem to fail at "-hda fat:hda-contents You can use only your actual windows machine even for creating the certificate for PK, or use another vm or another pc with linux. What you have to do is to simply inject files by booting the ovmf bios setup of your current windows virtual machine. Wish the process of getting secure boot enabled was easier. Is there a way to convert the guide to fit with Unraid? I also tried creating a ubuntu VM to run qemu within, but the command seem to fail at "-hda fat:hda-contents \" I got to "Use QEMU to Inject Secure Boot Keys Into OVMF" section of the guide and started to have problems.
0 Comments
Leave a Reply. |