Package: autopkgtest Version: 5.15 Severity: wishlist Dear Maintainer,
Currently, Linux kernel in the autopkgtest-virt-qemu runs in unsecure (unlocked) mode. If it is booted in UEFI secure boot, the kernel is locked down. It should help exposing unnoticed bugs in the UEFI secure boot. To enable secure boot of a QEMU guest, e.g. for i386, one has to 1. Install grub-efi-ia32 grub-efi-ia32-signed and shim-signed to the testbed. 2. Use OVMF_CODE_4M.ms.fd and OVMF_VARS_4M.ms.fd as UEFI (OVMF) ROM. 3. Start qemu-system-i386 with -machine q35,smm=on -global driver=cfi.pflash01,property=secure,value=on With the above procedure, the kernel in QEMU guest is locked down (I verified it with dmesg). Best regards, Ryutaroh Matsumoto -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.8.0-1-amd64 (SMP w/12 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages autopkgtest depends on: ii apt-utils 2.1.11 ii libdpkg-perl 1.20.5 ii procps 2:3.3.16-5 ii python3 3.8.2-3 ii python3-debian 0.1.38 Versions of packages autopkgtest recommends: ii autodep8 0.24 Versions of packages autopkgtest suggests: pn lxc <none> pn lxd <none> ii ovmf 2020.08-1 ii qemu-efi-aarch64 2020.08-1 ii qemu-efi-arm 2020.08-1 ii qemu-system 1:5.1+dfsg-4+b1 ii qemu-utils 1:5.1+dfsg-4+b1 pn schroot <none> ii vmdb2 0.19-1 -- no debconf information
