It seems that Win10 guest VMs are now choking after Microsoft did …something to reject the current OVMF firmware.
This entire discussion, pretty much, is way over my head:
https://github.com/tianocore/edk2/discussions/3221
As best as I can make things out:
There is an alternative OVMF firware called "4M" firmware that works.
The edk2-ovmf package contains files named OVMF_CODE.secboot.fd and OVMF_VARS.secboot.fd which are blacklisted by Microsoft.
Debian and other distributions apparently ship "OVMF_CODE_4M" and "OVMF_VARS_4M" firmware which is still good. People have reported success extracting those images and repointing their qemu VM configuration to them.
I don't grasp the underlying issue well enough to be able to file something intelligent in Bugzilla, in order to update Fedora packaging. I'm hoping that someone else here has enough domain knowledge to create a bug that points the ed2k packagers in the right direction. I tried looking at the SRPM, and I did not see anything in there that I could understand.
On Sat, 2022-09-24 at 19:05 -0400, Sam Varshavchik wrote:
It seems that Win10 guest VMs are now choking after Microsoft did …something to reject the current OVMF firmware.
This entire discussion, pretty much, is way over my head:
https://github.com/tianocore/edk2/discussions/3221
As best as I can make things out:
There is an alternative OVMF firware called "4M" firmware that works.
The edk2-ovmf package contains files named OVMF_CODE.secboot.fd and OVMF_VARS.secboot.fd which are blacklisted by Microsoft.
Debian and other distributions apparently ship "OVMF_CODE_4M" and "OVMF_VARS_4M" firmware which is still good. People have reported success extracting those images and repointing their qemu VM configuration to them.
I don't grasp the underlying issue well enough to be able to file something intelligent in Bugzilla, in order to update Fedora packaging. I'm hoping that someone else here has enough domain knowledge to create a bug that points the ed2k packagers in the right direction. I tried looking at the SRPM, and I did not see anything in there that I could understand.
I'm no expert either, but by coincidence I fired up a Win10 VM yesterday for the first time in several months and (after taking ages to update itself) it worked without problems. Is this issue only appearing with new VM installations?
poc
Patrick O'Callaghan writes:
I'm no expert either, but by coincidence I fired up a Win10 VM yesterday for the first time in several months and (after taking ages to update itself) it worked without problems. Is this issue only appearing with new VM installations?
Currently the problem is limited to one particular Windows update failing to install, reporting an obscure hex error code. Who knows what the story would be tomorrow.
Searching for that hex error code finds only the typical B.S. about turning off firewalls, cleaning the cache, etc. Only by searching for both the error code and the specific update will lead you to the link I gave earlier.
-
Patrick O'Callaghan -
Sam Varshavchik