Bug 190131
| Summary: | VirtIO Windows Drivers doesn't support SecureBoot. | ||
|---|---|---|---|
| Product: | Virtualization | Reporter: | okudayukiko0 |
| Component: | kvm | Assignee: | virtualization_kvm |
| Status: | NEW --- | ||
| Severity: | normal | CC: | heri16, vkuznets, vrozenfe |
| Priority: | P1 | ||
| Hardware: | x86-64 | ||
| OS: | Linux | ||
| Kernel Version: | 4.4.0 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
|
Description
okudayukiko0
2016-12-12 07:50:17 UTC
Any updates on this? I am also seeing the error during boot if SecureBoot via OVMF is enabled. According to MS new driver signing policy, Windows 10 1607 and newer versions require the drivers to be signed via their Dev Portal. Cross-signed drivers, will not load when Secure Boot is enabled in the BIOS. Fedora's virtio drivers are cross-signed and therefore were not being loaded. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later- The drivers need to be WHQL or attestation signed to work with UEFI/Secure Boot. If you're using upstream drivers available through e.g. fedoraproject.org it definitely will not work. Please see https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/index.html Please see the following RH bug for your reference https://bugzilla.redhat.com/show_bug.cgi?id=1844726 |