Created attachment 1712253 [details] virsh xml defination of windows guest using ovmf firmware Description of problem: Cannot set a Custom Secure boot mode and register your own keys. Version-Release number of selected component (if applicable): Name : edk2-ovmf Version : 20200201stable Release : 1.fc32 Architecture : noarch Size : 6.8 M Source : edk2-20200201stable-1.fc32.src.rpm How reproducible: Steps to Reproduce: 1. create vm (e.g. attached virsh dumpxml defination) 2. cp /usr/share/edk2/ovmf/OVMF_VARS.secboot.fd /var/lib/libvirt/qemu/nvram/win2k19_VARS.fd 3. permission fix on copied file ls -laZ /var/lib/libvirt/qemu/nvram/win2k19_VARS.fd -rw-------. 1 dan qemu system_u:object_r:svirt_image_t:s0:c596,c1010 131072 Aug 23 14:32 /var/lib/libvirt/qemu/nvram/win2k19_VARS.fd 4. start vm - esc/del to get bios Select Device Manager -> Secure Boot Configuration -> Secure Boot Mode -> change to "Custom Mode" - F10 - "Y" (Confirm save) 5. escape to go back menu, enter "Secure Boot Configuration" again. Actual results: Secure Boot mode is back at "Standard Mode". Alternate path from 5: 5a Customer Secure Boot Options -> DB Options -> Enroll Signature -> Enroll Signature Using File 6a Select 509 Der certificate (in this case the Red Hat one that I extracted from the virtio-win sys files). 7a Commit Chnages and Exit 8a esc - Back at "Secure Boot Confiugration" where it has reverted to "Secure Boot Mode: Standard Mode" again. Expected results: Still on "Custom Mode"
Repeatable behaviour in upstream code as reported: https://bugzilla.tianocore.org/show_bug.cgi?id=2923
Hello Daniel, some words about "Custom Mode": "Custom Mode" is not defined in the UEFI specification, it is an edk2-specific Secure Boot operational mode. "Custom Mode" means that updates to the PK, KEK, db, and dbx authenticated UEFI variables are not verified. Therefore, you certainly do *not* want to boot a guest operating system in "Custom Mode" (as long as you care for Secure Boot at all, that is, with that particular guest OS). Because in "Custom Mode", the guest OS could trivially replace the certificates and hashes that control Secure Boot. "Custom Mode" is therefore a shortcut for a "trusted agent" to enroll PK, KEK, db, dbx, without being subject to verification against existent PK, KEK, etc contents. Thus, "Custom Mode" is temporary. Once you have your certificates enrolled, the SB operational mode flips back to "Standard Mode" -- meaning that *further* updates against those authenticated UEFI variables will be verified (as they should). The visual form on which you manipulate these settings in the Setup TUI is implemented in edk2 by the "SecurityPkg/VariableAuthenticated/SecureBootConfigDxe" driver. In "SecureBootConfigImpl.c", function SecureBootCallback(), which is sort of the "user action handler" for the form (EFI_HII_ACCESS_FORM_CALLBACK), we have the following snippet: } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) { // // Force the platform back to Standard Mode once user leave the setup screen. // GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) { IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; SetSecureBootMode(STANDARD_SECURE_BOOT_MODE); } (This comes from historical commit f71ed839e1b5, dated 2013-01-09, which says "Set the secure boot state to Standard Mode when user leaving secure boot setup page".) Another example, from "OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c": // // Enter Custom Mode so we can enroll PK, KEK, db, and dbx without signature // checks on those variable writes. // ... // // Leave Custom Mode, so that updates to PK, KEK, db, and dbx require valid // signatures. // ... So the behavior you are seeing is by design -- "Custom Mode" is not a permanent setting, but a temporary mode for agents such as SecureBootConfigDxe, and OVMF's "EnrollDefaultKeys.efi". At the end of "EnrollDefaultKeys/EnrollDefaultKeys.c", there is a "diagram" which attempts to organize the SB-related "control variables" into a tree: // [SetupMode] // (read-only, standardized by UEFI) // / \_ // 0 1, default // / \_ // PK enrolled no PK enrolled yet, // (this is called "User Mode") PK enrollment possible // | // | // [SecureBootEnable] // (read-write, edk2-specific, boot service only) // / \_ // 0 1, default // / \_ // [SecureBoot]=0 [SecureBoot]=1 // (read-only, standardized by UEFI) (read-only, standardized by UEFI) // images are not verified images are verified, platform is // operating in Secure Boot mode // | // | // [CustomMode] // (read-write, edk2-specific, boot service only) // / \_ // 0, default 1 // / \_ // PK, KEK, db, dbx PK, KEK, db, dbx // updates are verified updates are not verified "Standard mode" is just a symbolic name for CustomMode=0. I'm closing this as NOTABUG now; please reopen it if you encounter further issues. Thanks!