How do I enable UEFI SecureBoot in VirtualBox? This information is not available at all anywhere.
I know how to enable EFI. If enabled, when the VM boots, if no OS is installed, the EFI Shell is invoked.
After that, I went to Device Manager but did not see any SecureBoot options listed!
Well, I have to implement a solution who wants SecureBoot with FreeBSD. I do not have hardware right now, so I have started experimenting with VMs. I got EFI enabled in both VMware as well as in VirtualBox (quite easy).
I would like to:
enable SecureBoot in a VM to create a Secure environment for the Virtual Server;
boot FreeBSD, either 10.1 (with SecureBoot support) or an earlier version;
experiment with the same platform at runtime to check the security available.
Even Matthew Garret responded on Twitter and said that there is no support for SecureBoot in VM land, yet. It would definitely be interesting to use the UEFI feature to set Secure environments for Linux and BSD servers.
It's not a feature I'm familiar with (restrict my PC from running the OS of my choice? Including no recovery boot disks? Not sure why I'd ever want that!).
However, it looks like what it basically is, is certification checks in the BIOS, similar to the hardening checks recently implemented in VirtualBox. So, the OS has to certify its boot code, and the BIOS has to check the certs on boot. So action is needed in both the guest OS and the BIOS.
I'm not sure how a secure boot BIOS is supposed to support something like FreeBSD. Surely it can't rely on net access to check the cert (how can internet access be working before the OS has booted?) [*], so it must either accept any cert (doesn't sound very useful), or only a small number of OS brands - i.e. Windows 8 and Windows 10. Or, if you're Apple, you support OS X.
The feature sounds suspiciously like Microsoft using security paranoia and ignorance to do what it has tried many times before: ensure that users can't choose anything on new hardware except the latest version of Windows.
mpack wrote:The feature sounds suspiciously like Microsoft using security paranoia and ignorance to do what it has tried many times before: ensure that users can't choose anything on new hardware except the latest version of Windows.
That is an often repeated opinion to which I concur.
I had not noted the BIOS involvement in other descriptions.
Just to add, for an OEM who wanted the Genuine Windows 8/8.1 Logo on their PCs, Microsoft made it mandatory they include a switch to disable secure boot in the BIOS. However, it seems Microsoft is going to change their policy with Windows 10 and make the BIOS switch optional. So it has freaked some Linux users out because you couldn't replace Windows 10 with Linux if an OEM leaves the switch out (which I doubt any would).
I don't see however what any of that has to do with FreeBSD or any other OS or VMs for that matter.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
Any updates on this? Is Secure Boot available in a VBox VM already?
For the person who asked why one would want this on a FreeBSD, I'd say that actually it's not MS security paranoia but rather a way to stop bootkit malware to run.
I was able to use Secure Boot using MS's virtualization solution Hyper-V but I really would rather use VBox instead.
If this were posted as an Enhancement in the Bugtracker, the developers would have weighed in in whether they would implement it. (No response isn't a no, though; they'll say no if they don't want to program an Enhancement.) If this were implemented, they would have mentioned it in the changelogs.
Check the Changelogs, where the downloads are posted.
