Issue
What were you trying to do that didn't work?
I was trying to use UEFI secureboot in a VM. This fails for hard disk, CDROM or PXE boot. Installing edk2-ovmf from Rocky Linux 9 fixes the issue.
Please provide the package NVR for which bug is seen:
AFFECTED:
edk2-ovmf-20230524-3.el9.noarch
edk2-ovmf-20230301gitf80f052277c8-5.el9.noarch
NOT AFFECTED:
edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch
How reproducible: 100%
Steps to reproduce
virt-install \
--machine q35 \
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=yes,firmware.feature1.name=enrolled-keys,firmware.feature1.enabled=yes \
--name test-edk2 \
--memory 4096 \
--vcpus 2 \
--disk size=16 \
--graphics none \
--os-variant centos-stream9 \
--cpu host \
--cdrom CentOS-Stream-9-20231002.0-x86_64-boot.iso
Expected results
CDROM boot menu
Actual results
BdsDxe: loading Boot0001 "UEFI QEMU DVD-ROM QM00001 " from PciRoot(0x0)/Pci(0x1F,0x2)/Sata(0x0,0xFFFF,0x0)
BdsDxe: failed to load Boot0001 "UEFI QEMU DVD-ROM QM00001 " from PciRoot(0x0)/Pci(0x1F,0x2)/Sata(0x0,0xFFFF,0x0): Access Denied
BdsDxe: failed to load Boot0002 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0): Not Found
BdsDxe: No bootable option or device was found.
BdsDxe: Press any key to enter the Boot Manager Menu.
Additional notes
There is a workaround: by installing edk2-ovmf from Rocky Linux, the VM boots successfully.
https://download.rockylinux.org/pub/rocky/9.2/AppStream/x86_64/os/Packages/e/edk2-ovmf-20221207gitfff6d81270b5-9.el9_2.noarch.rpm
