![]() ![]() Openssl req -newkey rsa:2048 -nodes -keyout PKpriv.key -x509 -days 358000 -out PKtestDER.crt der certificate: I used a linux virtual machine with openssl installed, run these commands in a terminal: Download attachment Microsoft.zip, extract it somewhere, it contains files for KEK and DB: if you don't trust me download files directly from microsoftĢ. It isn't needed you can boot your windows virtual machine and inject files from there, check my point (3)ġ. If it's not clear what that tutorial describes:ġ- Create a private key and certificate to be used for PKĢ- Download microsoft files (certificates for KEK and DB)ģ- Run a basic virtual machine, with a virtual disk with certificates in it, to boot into uefi shell, ovmf bios and inject the files into the ovmf VARS file (maybe this wasn't clear.:it runs qemu via command line then it manages that basic vm through virt manager to access the gui of the uefi shell and ovmf bios) -> by injecting certificates with a basic vm your ovmf vars file will be "cleaner", because it contains only injected certificates, otherwise vars file contains other info, such as the boot drive and other uefi variables.īut the command seem to fail at "-hda fat:hda-contents You can use only your actual windows machine even for creating the certificate for PK, or use another vm or another pc with linux. What you have to do is to simply inject files by booting the ovmf bios setup of your current windows virtual machine. ![]() ![]() ![]() Wish the process of getting secure boot enabled was easier. Is there a way to convert the guide to fit with Unraid? I also tried creating a ubuntu VM to run qemu within, but the command seem to fail at "-hda fat:hda-contents \" I got to "Use QEMU to Inject Secure Boot Keys Into OVMF" section of the guide and started to have problems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |