1. Maintenance Guide
  2. VM_MAKER Command Reference
  3. secure-boot Command

7.24 secure-boot Command

Use the --secure-boot command to control the KVM Guest Secure Boot feature.

Syntax

vm_maker --secure-boot {enable|disable|status} { --domain domain-name | --system }

Options

  • enable: Enables all new UEFI boot-enabled KVM guests..

    You can only enable the KVM Guest Secure Boot feature on a UEFI boot-enabled KVM guest. The KVM Guest Secure Boot feature is not available on guests configured with the non-UEFI virtual bios.

    If you enable the KVM Guest Secure Boot feature on the KVM host (using the --system option), then all new UEFI boot-enabled KVM guests are created with KVM Guest Secure Boot enabled. Enabling or disabling KVM Guest Secure Boot at the system level has no effect on existing KVM guests.

    By default, the KVM Guest Secure Boot feature is enabled on new UEFI boot-enabled KVM guests. Consequently, this option is only required to enable KVM Guest Secure Boot on a guest or system where it was previously disabled.

  • disable: Disables the KVM Guest Secure Boot feature.

    You can only disable the KVM Guest Secure Boot feature on a UEFI boot-enabled KVM guest. The KVM Guest Secure Boot feature is not available on guests configured with the non-UEFI virtual bios.

    If you disable the KVM Guest Secure Boot feature on the KVM host (using the --system option), then all new UEFI boot-enabled KVM guests are created with KVM Guest Secure Boot disabled. Enabling or disabling KVM Guest Secure Boot at the system level has no effect on existing KVM guests.

  • status: Outputs the status of the KVM Guest Secure Boot feature for the specified KVM guest or for the KVM host.

  • --domain domain-name: Applies the command to the specified KVM guest.

  • --system: Applies the command to the KVM host.

Usage Notes

KVM Guest Secure Boot leverages the UEFI boot framework in Oracle Linux KVM to restrict which binaries can boot the KVM guest. Exadata support for UEFI in KVM is introduced in Oracle Exadata System Software release 24.1.0. Consequently, KVM Guest Secure Boot is available only on new KVM guests starting with Oracle Exadata System Software release 24.1.0.

Parent topic: VM_MAKER Command Reference