I use libvirtd modules OVMFFull from unstable.
virtualisation.libvirtd = {
enable = true;
qemu.ovmf.package = pkgs.unstable.OVMFFull;
};
In documents from other distributions there is a OVMF_CODE.secboot.fd but I can only find a OVMF_CODE.fd. Finally I just use OVMF_CODE.secboot.fd and OVMF_VARS.ms.fd from debian and everything just works. What’s the recommanded method to do this? Something like the debian packages which works out of the box is helpful.
Qemu includes edk2-x86_64-secure-code.fd and edk2-i386-vars.fd
/nix/store/d2v4yzk2n9hl8nakbsb1sd4wvmk5k8bp-qemu-6.0.0/share/qemu/edk2-x86_64-secure-code.fd
Oh, yes! Not sure how I should use it. It’s not shown in virt-manager.
I don’t know how they’re registered in virt-manager, but in any case you should be able to edit the libvirt xml directly. Use your OVMF workaround to see what the xml should look like if necessary.
Yes, editing the xml works. It would be great to have it out of the box if possible.
Is there a solution to this that doesn’t involve manually editing an xml file?
If not, could someone post the instructions for manually editing the xml file.
Is it necessary to use the unstable OVMFFull package?
There are many posts on the Internet about the xml file. Basically this is needed.
<os>
<loader readonly="yes" secure="yes" type="pflash">/path/to/OVMF_CODE.secboot.fd</loader>
<nvram>/path/to/OVMF_VARS.secboot.fd</nvram>
</os>
<features>
<smm state="on"/>
</features>
You can edit the xml file in virt-manager or gnome boxes.
I didn’t use the OVMF from NixOS. It doesn’t work for me. I guess it’s not signed by Microsoft. The files from CentOS works for me. You can get them from CentOS Mirror, search the edk2-ovmf.