Disable "secure-boot" for EFI boxes (!624) · Merge requests · GNOME / GNOME Boxes

Felipe Borges requested to merge wip/disable-secure-boot into main Nov 29, 2023

This allows Boxes to boot EFI systems even when secure-boot is not supported by the environment.

This uses the newly introduced libvirt-glib gvir_config_domain_os_enable_firmware_feature API. https://gitlab.com/libvirt/libvirt-glib/-/commit/a6db3f314510b4

With this, users should be able to run GNOME OS and (soon) other EFI-only systems in the distro-packaged version of Boxes of their choice.

While the Flatpak version of Boxes currently handles well secure-boot, distros have not. Just a few distros support EFI and provide the proper environment for the virt stack that Boxes needs to boot EFI VMs consistently.

The distro-packaged version of Boxes runs without the constrains of the Flatpak sandbox, and can provide additional (useful) features such as USB redirection, Network Bridge, etc...

Edited Nov 29, 2023 by Felipe Borges

Disable "secure-boot" for EFI boxes

Merge request reports