Cannot disable secure-boot with EFI firmware on a arm64 VM
Software environment
- Operating system: Ubuntu Noble Numbat (development branch)
- Architecture: Host x84_64, VM ARM64
- kernel version: 6.7.0
- libvirt version: 9.6.0
- Hypervisor and version: KVM 6.7.0
Description of problem
I'm trying to disable secure boot in my VM following the configuration in https://libvirt.org/kbase/secureboot.html but any combination of a disabled secure boot results in the following error message:
Unable to find any firmware to satisfy 'efi'
This is the os information that virt-install generated:
<os firmware='efi'>
<type arch='aarch64' machine='virt-8.1'>hvm</type>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
<feature enabled='yes' name='secure-boot'/>
</firmware>
<loader readonly='yes' type='pflash'>/usr/share/AAVMF/AAVMF_CODE.ms.fd</loader>
<nvram template='/usr/share/AAVMF/AAVMF_VARS.ms.fd'>/var/lib/libvirt/qemu/nvram/jammy-arm64_VARS.fd</nvram>
<boot dev='hd'/>
</os>
and following the wiki I have tried
<firmware>
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='yes' name='secure-boot'/>
</firmware>
and
<firmware>
<feature enabled='no' name='enrolled-keys'/>
<feature enabled='no' name='secure-boot'/>
</firmware>
and they all fail with Unable to find any firmware to satisfy 'efi'
Steps to reproduce
- Create a VM with
sudo virt-install -n jammy-arm64 --os-variant=generic --ram=4096 --vcpus=6 --disk ./jammy-server-cloudimg-arm64.img --import --graphics none --network bridge:virbr0 --arch=aarch64
- I used ubuntu's jammy cloud image - Edit the XML to disable secure boot following the recommendation from the wiki
- The following error message appears:
$ virsh edit jammy-arm64
error: operation failed: Unable to find any firmware to satisfy 'efi'
Failed. Try again? [y,n,i,f,?]: