Re: Disable secure boot in EFI mode?

hostasaurus · ‎11-13-2015

Can anyone tell me if it's possible to disable secure boot functionality in a guest running in EFI mode? I just converted a CentOS 7 box to RHEL 7, not realizing it was going to replace the efi and grub files, which resulted in an unbootable guest; each attempt just dumps you into the MOK manager to import a key or hash to allow booting. Still not quite sure why this occurred given the same shim file that's signed by MS should be used for either distro. I booted off a rescue image and reinstalled the RHEL kernel, didn't help, reinstalled efiboot and shim packages, didn't help. Simply turning off secure boot in the 'bios' or efi manager would fix this, but I'm guessing vmware hasn't implemented this yet?

dariusd · ‎11-13-2015

The problem you're encountering can't be exactly as you describe, because our EFI implementation doesn't yet include Secure Boot functionality at all... there is nothing to disable. The absence of Secure Boot support in our firmware shouldn't prevent you from booting a Secure Boot enabled OS though, unless the guest OS itself (or its bootloader) is explicitly designed or configured to fail in the absence of Secure Boot.

Might be worth checking the grub.cfg or menu.lst (or whichever config file ends up being used) to make sure that it is still sane. That would seem to me to be the most likely point of failure.

Cheers,

--

Darius

hostasaurus · ‎11-14-2015

Ah, thanks; will investigate further. I gave up and reinstalled RHEL fresh but will investigate this again and will post if I figure out how to get it working.

All

Disable secure boot in EFI mode?