Secureboot/Testing

Secure boot testing can be performed under qemu using OVMF. To build a OVMF image that can be used, follow these instructions:

• Create a working directory.
• git clone git://tianocore.git.sourceforge.net/gitroot/tianocore/edk2
• cd edk2/CryptoPkg/Library/OpensslLib/
• wget http://www.openssl.org/source/openssl-0.9.8w.tar.gz
• tar xvf openssl-0.9.8w.tar.gz
• cd openssl-0.9.8w/
• patch -p0 <../EDKII_openssl-0.9.8w.patch
• cd ..
• ./Install.sh
• cd ../../..
• . edksetup.sh
• vi Conf/target.txt and change the parameters to those described below:

ACTIVE_PLATFORM       = OvmfPkg/OvmfPkgX64.dsc 
TOOL_CHAIN_TAG        = GCC46
TARGET_ARCH           = X64

• If you're running gcc 4.7 or later, vi Conf/tools_def.txt and modify _GCC46_X64_ASM_FLAGS so it reads as follows:

*_GCC46_X64_ASM_FLAGS            = DEF(GCC46_ASM_FLAGS) -m64

• make -C BaseTools
• build -DSECURE_BOOT_ENABLE=TRUE
• mkdir bios
• ln -s ../Build/OvmfX64/DEBUG_GCC46/FV/OVMF.fd bios/bios.bin
• ln -s ../Build/OvmfX64/DEBUG_GCC46/X64/QemuVideoDxe.rom bios/vgabios-cirrus.bin

You can now start qemu with -L bios in order to run the OVMF image. Press any key while the TianoCore logo is showing to enter the setup menu. Select "Device Manager" in order to access the secure boot configuration. Note that any changes you make will persist over the qemu session, but may not persist once you've exited qemu.