Open michaelCTS opened 7 months ago
Do "shielded VM"s require secure boot? If so, that simply won't work; the image is not signed and even if you could, you'd need access to a key that Google's servers trust.
Shielded VMs require secure boot. There is a guide on how to create custom shielded VM images. I didn't set up certificates as they were marked as "optional".
Note that pk, keks, dbxs and dbs are optional fields.
I have no real understanding of secure boot, but my assumption is that because it's possible to upload your own keys to google, it should be possible to sign the image somehow with those keys. IINM the goal is to ensure that the VM starting is the one created from your image and doesn't have something like a rootkit or was infected during a run and restarted with something like a rootkit.
But no idea...
I have the same VirtualBox problem when trying to boot any UEFI VM on a NixOS host
Describe the bug
After generating an EFI image for Google Compute Engine using https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/google-compute-image.nix and creating an image with UEFI compatibility, the VM won't start.
Steps To Reproduce
Steps to reproduce the behavior:
configuration.nix
.raw.tar.gz
to Google Cloud Storage (GCS)Expected behavior
The VM should boot and it should be possible to SSH into it.
Screenshots
-
Additional context
The serial console just loops with
Also tried using the disk in virtualbox, to no avail.
The create a new machine with virtualbox, enable UEFI and secure boot, then try to boot.
Notify maintainers
@AmineChikhaoui @Atry @Mic92
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.Add a :+1: reaction to issues you find important.