Users

Download

users@lists.libvirt.org

October 2025

3 participants
2 discussions

Gueat with secure boot & PXE ?
by lejeczek 22 Oct '25

22 Oct '25

Hi guys. I'm trying to boot securely a guest - ultimately will be Windows, I hear only secure boot for win11 - via PXE but I fail to figure it out - my first foray into it. VM fails with: iPXE initialising devices... autoexec. ipxe... Not found (https:// ipxe .org/2d12618e iPXE 1.21.1+ (g5c49e) -- Open Source Network Boot Firmware —- https://ipxe.org Features: DNS HITP iSCSI TETP ULAN SRP AoE EFI Menu net@: 02:2d:7a:34:9f:90 using virtio-net on 0000:01:00.0 (Ethernet) [open] ULink:up, T:@ TKE:1 RX:@ RXE:0] ITKE: 1 x "Netuork unreachable (https://ipxe .org/28086090) "] Configuring (net 02:2d:7a:34:9F:90) ...... ok netO: 10.3.1.14/255.255.252.0 gu 10.3.1.254 netO: fe80::2d: Taff: fe34:9£90/64 Next server: 10.3.1.99 Filenane: ipxe-shinx64-ef i t£tp://10.3.1.99/ ipxe-shimx64-ef i... ok ipxe-shinx64.efi : 961448 bytes [EFI] Fetching Netboot Inage ipxe-efi Nalforned binary after Attribute Certificate Table datasize: 4194304 SunOfBytesHashed: 1044480 SecDir->Size: 1536 hashsize: 3148288 SecDir->VirtualAddress: 0x000FFO00 Failed to load image: Invalid Paraneter start_imageQ returned Invalid Paraneter, falling back to default loader Fetching Netboot Inage ipxe-efi Nalforned binary after Attribute Certificate Table datasize: 4194304 SunOfBytesHashed: 1044480 SecDir->Size: 1536 hashsize: 3148288 SecDir-VirtualAddress: 0x000FFO00 Failed to load inage: Invalid Paraneter start_imageQ returned Invalid Paraneter Guest domain is like so: ... <firmware> <feature enabled='no' name='enrolled-keys'/> <feature enabled='no' name='secure-boot'/> </firmware> <loader readonly='yes' type='pflash' format='raw'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader> <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd' templateFormat='raw' format='raw'>/var/lib/libvirt/qemu/nvram/dzien-win-secbot_VARS.fd</nvram> ... Here boot is not secure secure - but when is secure, also fails - so I could capture pxe process which is more verbose here, as opposed to secure which pop-ups with blue screen with only a short message. I'm presuming I sign something - bootloaders |& efi vars store - wrong? I'm on centos 9 with biners up-to-today. Any/all thoughts are much appreciated. many thanks, L.

1 0

download certificate issue
by daan.hoogland＠gmail.com 20 Oct '25

20 Oct '25

we (apache/cloudstack) are seeing issues downloading libvirt java 0.5.3 lately. It seems to be due to certificates errors on downloads.libvirt.org . I am not sure what the appropriate way to report this is, so asking here first. regards, Daan Hoogland

2 1