Build QEMU v9.2.1<\/h2>\n\n\n\n\n- Install QEMU dependencies and build<\/li>\n<\/ul>\n\n\n\n
cd ${HOME}\ngit clone -b v9.2.1 https:\/\/github.com\/qemu\/qemu\ncd qemu\nmkdir build\ncd build\n\nsudo apt-get install -y python3-venv python3-pip python3-setuptools \\\n ninja-build rustc bindgen meson \\\n sparse pkg-config libglib2.0-dev flex bison \\\n libcap-ng-dev libasound2-dev \\\n libbpf-dev libxdp-dev libbrlapi-dev \\\n libbz2-dev libcapstone-dev libpam0g-dev \\\n libcurl4-openssl-dev \\\n libncurses5-dev libncursesw5-dev libgcrypt20-dev \\\n libfuse3-dev libglusterfs-dev libgnutls28-dev \\\n libpixman-1-dev libgtk-3-dev \\\n gettext libjack-jackd2-dev libnfs-dev \\\n libiscsi-dev libudev-dev libssh-dev \\\n libcbor-dev libusb-1.0-0-dev libpmem-dev \\\n libdaxctl-dev libkeyutils-dev libdw-dev \\\n libaio-dev liburing-dev liblzfse-dev \\\n liblzo2-dev multipath-tools libpulse-dev \\\n libpipewire-0.3-dev libnuma-dev libqatzip-dev \\\n qatzip libsdl2-dev \\\n librados-dev librgw-dev libradosstriper-dev \\\n librados-dev librgw-dev librbd-dev \\\n librdmacm-dev libibverbs-dev \\\n libseccomp-dev libsdl2-image-dev libcacard-dev \\\n libspice-protocol-dev libspice-server-dev \\\n libsnappy-dev libvde-dev libvdeplug-dev \\\n libusbredirparser-dev libjson-c-dev \\\n libcmocka-dev libvirglrenderer-dev \\\n libsasl2-dev libxen-dev libvte-2.91-dev \\\n clang\n \n..\/configure \\\n --enable-af-xdp --enable-alsa --enable-attr --enable-auth-pam --enable-avx2 --enable-avx512bw \\\n --enable-bochs --enable-bpf --enable-brlapi --enable-bzip2 \\\n --enable-cap-ng --enable-capstone --enable-cloop --enable-colo-proxy \\\n --enable-crypto-afalg --enable-curl --enable-curses --enable-dbus-display --enable-dmg --enable-docs \\\n --enable-fuse --enable-fuse-lseek --enable-gcrypt --enable-gettext --enable-gio \\\n --enable-glusterfs --enable-gnutls --enable-gtk --enable-gtk-clipboard --enable-guest-agent \\\n --enable-hv-balloon --enable-iconv --enable-jack --enable-keyring \\\n --enable-kvm --enable-l2tpv3 --enable-libcbor --enable-libdaxctl --enable-libdw --enable-libiscsi \\\n --enable-libkeyutils --enable-libnfs --enable-libpmem --enable-libssh --enable-libudev --enable-libusb \\\n --enable-libvduse --enable-linux-aio --enable-linux-io-uring --enable-lzfse --enable-lzo --enable-malloc-trim \\\n --enable-membarrier --enable-modules --enable-multiprocess \\\n --enable-numa --enable-opengl --enable-oss --enable-pa --enable-parallels --enable-pipewire \\\n --enable-pixman --enable-plugins --enable-png --enable-qcow1 --enable-qed \\\n --enable-rbd --enable-rdma --enable-replication --enable-sdl \\\n --enable-sdl-image --enable-seccomp --enable-selinux --enable-slirp --enable-slirp-smbd --enable-smartcard \\\n --enable-snappy --enable-sndio --enable-sparse --enable-spice --enable-spice-protocol --enable-stack-protector \\\n --enable-tcg --enable-tools --enable-tpm --enable-usb-redir --enable-vde --enable-vdi \\\n --enable-vduse-blk-export --enable-vhdx --enable-vhost-crypto --enable-vhost-kernel \\\n --enable-vhost-net --enable-vhost-user --enable-vhost-user-blk-server --enable-vhost-vdpa --enable-virglrenderer \\\n --enable-virtfs --enable-vmdk --enable-vnc --enable-vnc-jpeg --enable-vnc-sasl --enable-vpc \\\n --enable-vte --enable-vvfat --enable-werror --enable-xen --enable-xen-pci-passthrough \\\n --enable-xkbcommon --enable-zstd --enable-system --enable-user --enable-linux-user \\\n --enable-pie\n \nmake -j$(nproc) <\/pre>\n\n\n\nOVMF Build with SecureBoot support<\/h2>\n\n\n\n\n- Install Dependencies<\/li>\n<\/ul>\n\n\n\n
sudo apt install -y nasm iasl<\/pre>\n\n\n\n
\n- Setup build Configuration<\/li>\n<\/ul>\n\n\n\n
cd ${HOME}\ngit clone -b edk2-stable202502 https:\/\/github.com\/tianocore\/edk2\ncd edk2\ngit submodule update --init\nmake -C BaseTools -j$(nproc)\n. edksetup.sh<\/pre>\n\n\n\n\n- Open target.txt to edit<\/li>\n<\/ul>\n\n\n\n
open .\/Conf\/target.txt<\/pre>\n\n\n\n
\n- Edit as below<\/li>\n<\/ul>\n\n\n\n
ACTIVE_PLATFORM = EmulatorPkg\/EmulatorPkg.dsc\n\nTOOL_CHAIN_TAG = GCC5\n\nTARGET_ARCH = X64<\/pre>\n\n\n\n
\n- Build<\/li>\n<\/ul>\n\n\n\n
build -DSECURE_BOOT_ENABLE=TRUE -DDEBUG_ON_SERIAL_PORT=TRUE<\/pre>\n\n\n\nBuilt Folder:<\/p>\n\n\n\n
${HOME}\/Build\/OvmfX64\/DEBUG_GCC5\/FV<\/p>\n\n\n\n
Setup SecureBoot Configuration<\/h2>\n\n\n\ncd ${HOME}\nmkdir work\ncd work\nmkdir hda-contents\n\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/X64\/ShellPkg\/Application\/Shell\/Shell\/DEBUG\/Shell.efi hda-contents\/Shell.efi\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/FV\/OVMF_CODE.fd .\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/FV\/OVMF_VARS.fd .\n\n# Generate PK\nopenssl req -newkey rsa:2048 -nodes -keyout PKpriv.key -x509 -days 3650 -out PK.crt\nopenssl x509 -in PK.crt -outform der -out PK.der\n\ncp PK.der .\/hda-contents\/PK.der<\/pre>\n\n\n\nPut KEK, DB to .\/hda-contents\/PK.der<\/h3>\n\n\n\n
Download KEK (Key Exchange Key)<\/strong><\/p>\n\n\n\nallows updates to DB and DBX.<\/p>\n\n\n\n
\n- Microsoft Corporation KEK CA 2011: https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=321185<\/a>
\u2192 MicCorKEKCA2011_2011-06-24.crt<\/li>\n\n\n\n- Microsoft Corporation KEK 2K CA 2023: https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=2239775<\/a>
\u2192 microsoft corporation kek 2k ca 2023.crt<\/li>\n<\/ul>\n\n\n\nDownload DB (Allowed Signature database)<\/strong><\/p>\n\n\n\nThis CA in the Signature Database (DB) allows Windows to boot.<\/p>\n\n\n\n
\n- Microsoft Windows Production CA 2011 https:\/\/go.microsoft.com\/fwlink\/?LinkId=321192<\/a>
\u2192 MicWinProPCA2011_2011-10-19.crt<\/li>\n\n\n\n- Windows UEFI CA 2023 https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=2239776<\/a>
\u2192 windows uefi ca 2023.crt<\/li>\n<\/ul>\n\n\n\nMicrosoft signer for third party UEFI binaries via DevCenter program.<\/p>\n\n\n\n
\n- Microsoft Corporation UEFI CA 2011<\/strong> https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=321194<\/a>
\u2192 MicCorUEFCA2011_2011-06-27.crt<\/li>\n\n\n\n- Microsoft UEFI CA 2023<\/strong> https:\/\/go.microsoft.com\/fwlink\/?linkid=2239872<\/a>
\u2192microsoft uefi ca 2023.crt<\/li>\n\n\n\n- Microsoft Option ROM UEFI CA 2023<\/strong> https:\/\/go.microsoft.com\/fwlink\/?linkid=2284009<\/a>
\u2192 microsoft option rom uefi ca 2023.crt<\/li>\n<\/ul>\n\n\n\nEnroll Certificates<\/h3>\n\n\n\n\n- Boot<\/li>\n<\/ul>\n\n\n\n
${HOME}\/qemu\/build\/qemu-system-x86_64 -L . \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -hda fat:rw:hda-contents \\\n -net none<\/pre>\n\n\n\n\n- Press F2 Key<\/li>\n\n\n\n
- Enter Device Manager > Secure Boot Configuration<\/li>\n\n\n\n
- Modify to “Custom Mode” at Secure Boot Mode<\/li>\n\n\n\n
- Enter Custom Secure Boot Options > PK Options > Enroll PK, KEK, DB<\/li>\n<\/ul>\n\n\n\n
Install OS<\/h2>\n\n\n\n
Windows<\/strong><\/p>\n\n\n\n\n- Download virtio-win.iso\n
\n- https:\/\/fedorapeople.org\/groups\/virt\/virtio-win\/<\/a><\/li>\n\n\n\n
- https:\/\/fedorapeople.org\/groups\/virt\/virtio-win\/direct-downloads\/archive-virtio\/virtio-win-0.1.266-1\/virtio-win.iso<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create qcow2 image and Install Windows 10<\/li>\n<\/ul>\n\n\n\n
cd ${HOME}\nmkdir win10_20h1\ncd win10_20h1;\ncp ${HOME}\/work\/OVMF_* .\n\n# Create qcow2 image \n${HOME}\/qemu\/build\/qemu-img create -f qcow2 win10_20h1.qcow2 128G\n\n# Install\n${HOME}\/qemu\/build\/qemu-system-x86_64 \\\n -cdrom win10_20h1.iso \\\n -enable-kvm \\\n -m 8192 \\\n -cpu host \\\n -smp 16 \\\n -drive file=win10_20h1.qcow2,if=virtio,format=qcow2 \\\n -boot menu=on \\\n -drive file=virtio-win-0.1.266.iso,media=cdrom \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -netdev user,id=n1,hostfwd=tcp::2222-:22 \\\n -device virtio-net,netdev=n1 \\\n -vga std\n \n# Run\n${HOME}\/qemu\/build\/qemu-system-x86_64 \\\n -enable-kvm \\\n -m 8192 \\\n -cpu host \\\n -smp 16 \\\n -drive file=win10_20h1.qcow2,if=virtio,format=qcow2 \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -netdev user,id=n1,hostfwd=tcp::2222-:22 \\\n -device virtio-net,netdev=n1 \\\n -usb -device usb-tablet \\\n -vga std\n<\/pre>\n\n\n\n<\/p>\n\n\n\n
Enjoy SecureBoot!<\/h2>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2025\/02\/Screenshot-from-2025-02-24-00-54-23-1024x703.png\")
<\/figure>\n\n\n\nDownload<\/h2>\n\n\n\n
https:\/\/cloud.h4ck.kr\/index.php\/s\/mUfB4OBxKItW5tO<\/a><\/p>\n\n\n\nReference<\/h2>\n\n\n\n
https:\/\/wiki.ubuntu.com\/UEFI\/EDK2#Building_OvmfPkg_with_Secure_Boot_support<\/a><\/p>\n\n\n\nhttps:\/\/github.com\/tianocore\/tianocore.github.io\/wiki\/How-to-build-OVMF<\/a><\/p>\n\n\n\nhttps:\/\/learn.microsoft.com\/ko-kr\/windows-hardware\/manufacture\/desktop\/windows-secure-boot-key-creation-and-management-guidance?view=windows-11<\/a><\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Environment Ubuntu 24.04.1 LTS x86_64 Build QEMU v9.2.1 OVMF Build with SecureBoot support Built Folder: ${HOME}\/Build\/OvmfX64\/DEBUG_GCC5\/FV Setup SecureBoot Configuration Put KEK, DB to .\/hda-contents\/PK.der Download KEK (Key Exchange Key) allows updates to DB and DBX. Download DB (Allowed Signature database) This CA in the Signature Database (DB) allows Windows to boot. Microsoft signer for third… \ub354 \ubcf4\uae30 »QEMU (v9.2.1) + OVMF (edk2-stable202502) SecureBoot Setup<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-2895","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2895"}],"version-history":[{"count":6,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895\/revisions"}],"predecessor-version":[{"id":2906,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895\/revisions\/2906"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
cd ${HOME}\ngit clone -b v9.2.1 https:\/\/github.com\/qemu\/qemu\ncd qemu\nmkdir build\ncd build\n\nsudo apt-get install -y python3-venv python3-pip python3-setuptools \\\n ninja-build rustc bindgen meson \\\n sparse pkg-config libglib2.0-dev flex bison \\\n libcap-ng-dev libasound2-dev \\\n libbpf-dev libxdp-dev libbrlapi-dev \\\n libbz2-dev libcapstone-dev libpam0g-dev \\\n libcurl4-openssl-dev \\\n libncurses5-dev libncursesw5-dev libgcrypt20-dev \\\n libfuse3-dev libglusterfs-dev libgnutls28-dev \\\n libpixman-1-dev libgtk-3-dev \\\n gettext libjack-jackd2-dev libnfs-dev \\\n libiscsi-dev libudev-dev libssh-dev \\\n libcbor-dev libusb-1.0-0-dev libpmem-dev \\\n libdaxctl-dev libkeyutils-dev libdw-dev \\\n libaio-dev liburing-dev liblzfse-dev \\\n liblzo2-dev multipath-tools libpulse-dev \\\n libpipewire-0.3-dev libnuma-dev libqatzip-dev \\\n qatzip libsdl2-dev \\\n librados-dev librgw-dev libradosstriper-dev \\\n librados-dev librgw-dev librbd-dev \\\n librdmacm-dev libibverbs-dev \\\n libseccomp-dev libsdl2-image-dev libcacard-dev \\\n libspice-protocol-dev libspice-server-dev \\\n libsnappy-dev libvde-dev libvdeplug-dev \\\n libusbredirparser-dev libjson-c-dev \\\n libcmocka-dev libvirglrenderer-dev \\\n libsasl2-dev libxen-dev libvte-2.91-dev \\\n clang\n \n..\/configure \\\n --enable-af-xdp --enable-alsa --enable-attr --enable-auth-pam --enable-avx2 --enable-avx512bw \\\n --enable-bochs --enable-bpf --enable-brlapi --enable-bzip2 \\\n --enable-cap-ng --enable-capstone --enable-cloop --enable-colo-proxy \\\n --enable-crypto-afalg --enable-curl --enable-curses --enable-dbus-display --enable-dmg --enable-docs \\\n --enable-fuse --enable-fuse-lseek --enable-gcrypt --enable-gettext --enable-gio \\\n --enable-glusterfs --enable-gnutls --enable-gtk --enable-gtk-clipboard --enable-guest-agent \\\n --enable-hv-balloon --enable-iconv --enable-jack --enable-keyring \\\n --enable-kvm --enable-l2tpv3 --enable-libcbor --enable-libdaxctl --enable-libdw --enable-libiscsi \\\n --enable-libkeyutils --enable-libnfs --enable-libpmem --enable-libssh --enable-libudev --enable-libusb \\\n --enable-libvduse --enable-linux-aio --enable-linux-io-uring --enable-lzfse --enable-lzo --enable-malloc-trim \\\n --enable-membarrier --enable-modules --enable-multiprocess \\\n --enable-numa --enable-opengl --enable-oss --enable-pa --enable-parallels --enable-pipewire \\\n --enable-pixman --enable-plugins --enable-png --enable-qcow1 --enable-qed \\\n --enable-rbd --enable-rdma --enable-replication --enable-sdl \\\n --enable-sdl-image --enable-seccomp --enable-selinux --enable-slirp --enable-slirp-smbd --enable-smartcard \\\n --enable-snappy --enable-sndio --enable-sparse --enable-spice --enable-spice-protocol --enable-stack-protector \\\n --enable-tcg --enable-tools --enable-tpm --enable-usb-redir --enable-vde --enable-vdi \\\n --enable-vduse-blk-export --enable-vhdx --enable-vhost-crypto --enable-vhost-kernel \\\n --enable-vhost-net --enable-vhost-user --enable-vhost-user-blk-server --enable-vhost-vdpa --enable-virglrenderer \\\n --enable-virtfs --enable-vmdk --enable-vnc --enable-vnc-jpeg --enable-vnc-sasl --enable-vpc \\\n --enable-vte --enable-vvfat --enable-werror --enable-xen --enable-xen-pci-passthrough \\\n --enable-xkbcommon --enable-zstd --enable-system --enable-user --enable-linux-user \\\n --enable-pie\n \nmake -j$(nproc) <\/pre>\n\n\n\nOVMF Build with SecureBoot support<\/h2>\n\n\n\n\n- Install Dependencies<\/li>\n<\/ul>\n\n\n\n
sudo apt install -y nasm iasl<\/pre>\n\n\n\n
\n- Setup build Configuration<\/li>\n<\/ul>\n\n\n\n
cd ${HOME}\ngit clone -b edk2-stable202502 https:\/\/github.com\/tianocore\/edk2\ncd edk2\ngit submodule update --init\nmake -C BaseTools -j$(nproc)\n. edksetup.sh<\/pre>\n\n\n\n\n- Open target.txt to edit<\/li>\n<\/ul>\n\n\n\n
open .\/Conf\/target.txt<\/pre>\n\n\n\n
\n- Edit as below<\/li>\n<\/ul>\n\n\n\n
ACTIVE_PLATFORM = EmulatorPkg\/EmulatorPkg.dsc\n\nTOOL_CHAIN_TAG = GCC5\n\nTARGET_ARCH = X64<\/pre>\n\n\n\n
\n- Build<\/li>\n<\/ul>\n\n\n\n
build -DSECURE_BOOT_ENABLE=TRUE -DDEBUG_ON_SERIAL_PORT=TRUE<\/pre>\n\n\n\nBuilt Folder:<\/p>\n\n\n\n
${HOME}\/Build\/OvmfX64\/DEBUG_GCC5\/FV<\/p>\n\n\n\n
Setup SecureBoot Configuration<\/h2>\n\n\n\ncd ${HOME}\nmkdir work\ncd work\nmkdir hda-contents\n\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/X64\/ShellPkg\/Application\/Shell\/Shell\/DEBUG\/Shell.efi hda-contents\/Shell.efi\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/FV\/OVMF_CODE.fd .\ncp ${HOME}\/edk2\/Build\/OvmfX64\/DEBUG_GCC5\/FV\/OVMF_VARS.fd .\n\n# Generate PK\nopenssl req -newkey rsa:2048 -nodes -keyout PKpriv.key -x509 -days 3650 -out PK.crt\nopenssl x509 -in PK.crt -outform der -out PK.der\n\ncp PK.der .\/hda-contents\/PK.der<\/pre>\n\n\n\nPut KEK, DB to .\/hda-contents\/PK.der<\/h3>\n\n\n\n
Download KEK (Key Exchange Key)<\/strong><\/p>\n\n\n\nallows updates to DB and DBX.<\/p>\n\n\n\n
\n- Microsoft Corporation KEK CA 2011: https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=321185<\/a>
\u2192 MicCorKEKCA2011_2011-06-24.crt<\/li>\n\n\n\n- Microsoft Corporation KEK 2K CA 2023: https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=2239775<\/a>
\u2192 microsoft corporation kek 2k ca 2023.crt<\/li>\n<\/ul>\n\n\n\nDownload DB (Allowed Signature database)<\/strong><\/p>\n\n\n\nThis CA in the Signature Database (DB) allows Windows to boot.<\/p>\n\n\n\n
\n- Microsoft Windows Production CA 2011 https:\/\/go.microsoft.com\/fwlink\/?LinkId=321192<\/a>
\u2192 MicWinProPCA2011_2011-10-19.crt<\/li>\n\n\n\n- Windows UEFI CA 2023 https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=2239776<\/a>
\u2192 windows uefi ca 2023.crt<\/li>\n<\/ul>\n\n\n\nMicrosoft signer for third party UEFI binaries via DevCenter program.<\/p>\n\n\n\n
\n- Microsoft Corporation UEFI CA 2011<\/strong> https:\/\/go.microsoft.com\/fwlink\/p\/?linkid=321194<\/a>
\u2192 MicCorUEFCA2011_2011-06-27.crt<\/li>\n\n\n\n- Microsoft UEFI CA 2023<\/strong> https:\/\/go.microsoft.com\/fwlink\/?linkid=2239872<\/a>
\u2192microsoft uefi ca 2023.crt<\/li>\n\n\n\n- Microsoft Option ROM UEFI CA 2023<\/strong> https:\/\/go.microsoft.com\/fwlink\/?linkid=2284009<\/a>
\u2192 microsoft option rom uefi ca 2023.crt<\/li>\n<\/ul>\n\n\n\nEnroll Certificates<\/h3>\n\n\n\n\n- Boot<\/li>\n<\/ul>\n\n\n\n
${HOME}\/qemu\/build\/qemu-system-x86_64 -L . \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -hda fat:rw:hda-contents \\\n -net none<\/pre>\n\n\n\n\n- Press F2 Key<\/li>\n\n\n\n
- Enter Device Manager > Secure Boot Configuration<\/li>\n\n\n\n
- Modify to “Custom Mode” at Secure Boot Mode<\/li>\n\n\n\n
- Enter Custom Secure Boot Options > PK Options > Enroll PK, KEK, DB<\/li>\n<\/ul>\n\n\n\n
Install OS<\/h2>\n\n\n\n
Windows<\/strong><\/p>\n\n\n\n\n- Download virtio-win.iso\n
\n- https:\/\/fedorapeople.org\/groups\/virt\/virtio-win\/<\/a><\/li>\n\n\n\n
- https:\/\/fedorapeople.org\/groups\/virt\/virtio-win\/direct-downloads\/archive-virtio\/virtio-win-0.1.266-1\/virtio-win.iso<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create qcow2 image and Install Windows 10<\/li>\n<\/ul>\n\n\n\n
cd ${HOME}\nmkdir win10_20h1\ncd win10_20h1;\ncp ${HOME}\/work\/OVMF_* .\n\n# Create qcow2 image \n${HOME}\/qemu\/build\/qemu-img create -f qcow2 win10_20h1.qcow2 128G\n\n# Install\n${HOME}\/qemu\/build\/qemu-system-x86_64 \\\n -cdrom win10_20h1.iso \\\n -enable-kvm \\\n -m 8192 \\\n -cpu host \\\n -smp 16 \\\n -drive file=win10_20h1.qcow2,if=virtio,format=qcow2 \\\n -boot menu=on \\\n -drive file=virtio-win-0.1.266.iso,media=cdrom \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -netdev user,id=n1,hostfwd=tcp::2222-:22 \\\n -device virtio-net,netdev=n1 \\\n -vga std\n \n# Run\n${HOME}\/qemu\/build\/qemu-system-x86_64 \\\n -enable-kvm \\\n -m 8192 \\\n -cpu host \\\n -smp 16 \\\n -drive file=win10_20h1.qcow2,if=virtio,format=qcow2 \\\n -drive if=pflash,format=raw,readonly=on,file=OVMF_CODE.fd \\\n -drive if=pflash,format=raw,file=OVMF_VARS.fd \\\n -netdev user,id=n1,hostfwd=tcp::2222-:22 \\\n -device virtio-net,netdev=n1 \\\n -usb -device usb-tablet \\\n -vga std\n<\/pre>\n\n\n\n<\/p>\n\n\n\n
Enjoy SecureBoot!<\/h2>\n\n\n\n<\/figure>\n\n\n\nDownload<\/h2>\n\n\n\n
https:\/\/cloud.h4ck.kr\/index.php\/s\/mUfB4OBxKItW5tO<\/a><\/p>\n\n\n\nReference<\/h2>\n\n\n\n
https:\/\/wiki.ubuntu.com\/UEFI\/EDK2#Building_OvmfPkg_with_Secure_Boot_support<\/a><\/p>\n\n\n\nhttps:\/\/github.com\/tianocore\/tianocore.github.io\/wiki\/How-to-build-OVMF<\/a><\/p>\n\n\n\nhttps:\/\/learn.microsoft.com\/ko-kr\/windows-hardware\/manufacture\/desktop\/windows-secure-boot-key-creation-and-management-guidance?view=windows-11<\/a><\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Environment Ubuntu 24.04.1 LTS x86_64 Build QEMU v9.2.1 OVMF Build with SecureBoot support Built Folder: ${HOME}\/Build\/OvmfX64\/DEBUG_GCC5\/FV Setup SecureBoot Configuration Put KEK, DB to .\/hda-contents\/PK.der Download KEK (Key Exchange Key) allows updates to DB and DBX. Download DB (Allowed Signature database) This CA in the Signature Database (DB) allows Windows to boot. Microsoft signer for third… \ub354 \ubcf4\uae30 »QEMU (v9.2.1) + OVMF (edk2-stable202502) SecureBoot Setup<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-2895","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2895"}],"version-history":[{"count":6,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895\/revisions"}],"predecessor-version":[{"id":2906,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2895\/revisions\/2906"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}