Creating secure-boot VM in virt-manager in 22.04

[Jeffrey Walton]

On Fri, Jun 7, 2024 at 9:19 AM Sam Varshavchik <mrsam at courier-mta.com> wrote:
>
> Jeffrey Walton writes:
>
> > On Fri, Jun 7, 2024 at 7:09 AM Sam Varshavchik <mrsam at courier-mta.com> wrote:
> > >  [...]
> > >
> > > Now I want to move that VM to Ubuntu, but looks like Ubuntu 22 might have
> > an
> > > older version of the virtual firmware, unless I'm missing something (which
> > > was my question). I'll see what Ubuntu 24 brings to the plate…
> >
> > I think you have crossed into diminishing returns while studying the issue.
> >
> > At this point, on your Fedora 40 machine, shut down the Windows 11 VM.
> > Then, scp the Windows 11 folder to your Ubuntu 22 machine. Import the
> > appliance into the VM software. Finally, start the VM on your Ubuntu
> > 22 machine. It will either work or it won't.
>
> It won't. There is no "appliance". The "VM Software" is just virt-manager,
> running a QEMU VM. The VM configuration, as I explained in my first message,
> references OVMF firmware paths that are different, and do not exist on
> Ubuntu 22.
>
> > If it works, then your job is done. There's no reason to discuss
> > hypothetical problems that don't exist.
>
> The problem exists. It's not hypothetical. The firmware paths referenced in
> the domain configuration do not exist on Ubuntu.
>
> It is very unlikely that importing a domain configuration that specifies a
> firmware image known as "/usr/share/edk2/ovmf/OVMF_CODE_4M.secboot.qcow2",
> as I wrote initially, will do anything useful on Ubuntu, because this file
> does not exist. That seems very obvious, and no extensive discussion was
> needed to establish this fact.

Maybe I am missing something... Your question was:

    The version of ovmf in 22.04 is older than the one in Fedora, so perhaps
    24.04 might have the requisite support, does anyone know?

The easiest way to find out is, try to run the image. If the image
runs on Ubuntu 24, then Ubuntu 24 has the support you need.

Jeff