From 7706a5ad0030571aa389b8f469e9c496622be3df Mon Sep 17 00:00:00 2001 From: Alex Haydock Date: Sun, 2 Feb 2025 08:37:44 +0000 Subject: [PATCH 1/3] fix: Enable SMM for Linux guests on Linux hosts when Secure Boot is enabled --- quickemu | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/quickemu b/quickemu index 97acd6ee4f..71097f447f 100755 --- a/quickemu +++ b/quickemu @@ -395,6 +395,16 @@ function configure_cpu() { fi fi + # SMM is also required for Linux guests when Secure Boot is enabled + if [ "${secureboot}" == "on" ]; then + if [ "${guest_os}" == "linux" ]; then + # SMM is not available on QEMU for macOS via Homebrew + if [ "${OS_KERNEL}" == "Linux" ]; then + SMM="on" + fi + fi + fi + case ${guest_os} in batocera|freedos|haiku|solaris) MACHINE_TYPE="pc";; kolibrios|reactos) From 0bc34668034048dec32b05c3aa3bdaf268440ad2 Mon Sep 17 00:00:00 2001 From: Alex Haydock Date: Sun, 2 Feb 2025 08:38:16 +0000 Subject: [PATCH 2/3] fix: Select OVMF_VARS file with preloaded MS Platform Keys (Fedora/RHEL-family hosts) --- quickemu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickemu b/quickemu index 71097f447f..7eb3dda5d5 100755 --- a/quickemu +++ b/quickemu @@ -674,7 +674,7 @@ function configure_bios() { case ${secureboot} in on) # shellcheck disable=SC2054,SC2140 ovmfs=("${SHARE_PATH}/OVMF/OVMF_CODE_4M.secboot.fd","${SHARE_PATH}/OVMF/OVMF_VARS_4M.fd" \ - "${SHARE_PATH}/edk2/ovmf/OVMF_CODE.secboot.fd","${SHARE_PATH}/edk2/ovmf/OVMF_VARS.fd" \ + "${SHARE_PATH}/edk2/ovmf/OVMF_CODE.secboot.fd","${SHARE_PATH}/edk2/ovmf/OVMF_VARS.secboot.fd" \ "${SHARE_PATH}/OVMF/x64/OVMF_CODE.secboot.fd","${SHARE_PATH}/OVMF/x64/OVMF_VARS.fd" \ "${SHARE_PATH}/edk2-ovmf/OVMF_CODE.secboot.fd","${SHARE_PATH}/edk2-ovmf/OVMF_VARS.fd" \ "${SHARE_PATH}/qemu/ovmf-x86_64-smm-ms-code.bin","${SHARE_PATH}/qemu/ovmf-x86_64-smm-ms-vars.bin" \ From 003e8eaac914ad92b7920f8ff894f28e6731b4b6 Mon Sep 17 00:00:00 2001 From: Alex Haydock Date: Sun, 2 Feb 2025 08:38:32 +0000 Subject: [PATCH 3/3] fix: Select OVMF_VARS file with preloaded MS Platform Keys (Debian/Ubuntu hosts) --- quickemu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickemu b/quickemu index 7eb3dda5d5..e347184cd3 100755 --- a/quickemu +++ b/quickemu @@ -673,7 +673,7 @@ function configure_bios() { if [ -n "${EFI_CODE}" ] || [ ! -e "${EFI_CODE}" ]; then case ${secureboot} in on) # shellcheck disable=SC2054,SC2140 - ovmfs=("${SHARE_PATH}/OVMF/OVMF_CODE_4M.secboot.fd","${SHARE_PATH}/OVMF/OVMF_VARS_4M.fd" \ + ovmfs=("${SHARE_PATH}/OVMF/OVMF_CODE_4M.secboot.fd","${SHARE_PATH}/OVMF/OVMF_VARS_4M.ms.fd" \ "${SHARE_PATH}/edk2/ovmf/OVMF_CODE.secboot.fd","${SHARE_PATH}/edk2/ovmf/OVMF_VARS.secboot.fd" \ "${SHARE_PATH}/OVMF/x64/OVMF_CODE.secboot.fd","${SHARE_PATH}/OVMF/x64/OVMF_VARS.fd" \ "${SHARE_PATH}/edk2-ovmf/OVMF_CODE.secboot.fd","${SHARE_PATH}/edk2-ovmf/OVMF_VARS.fd" \