Hello:
How do I enable UEFI SecureBoot in VirtualBox? This information is not available at all anywhere.
I know how to enable EFI. If enabled, when the VM boots, if no OS is installed, the EFI Shell is invoked.
After that, I went to Device Manager but did not see any SecureBoot options listed!
Any help will be sincerely appreciated.
Thank you in advance.
Have a nice day,
Aaron
question: How to enable UEFI SecureBoot in VBox?
-
- Posts: 2
- Joined: 1. Apr 2015, 13:47
-
- Volunteer
- Posts: 2561
- Joined: 30. May 2007, 18:05
- Primary OS: Fedora other
- VBox Version: PUEL
- Guest OSses: XP, Win7, Win10, Linux, OS/2
Re: question: How to enable UEFI SecureBoot in VBox?
What do you need it for?
I don't think it is available in Virtualbox.
I don't think it is available in Virtualbox.
-
- Posts: 2
- Joined: 1. Apr 2015, 13:47
Re: question: How to enable UEFI SecureBoot in VBox?
Hello Martin:
Well, I have to implement a solution who wants SecureBoot with FreeBSD. I do not have hardware right now, so I have started experimenting with VMs. I got EFI enabled in both VMware as well as in VirtualBox (quite easy).
I would like to:
Thank you.
Have a nice day,
Aaron
Well, I have to implement a solution who wants SecureBoot with FreeBSD. I do not have hardware right now, so I have started experimenting with VMs. I got EFI enabled in both VMware as well as in VirtualBox (quite easy).
I would like to:
- enable SecureBoot in a VM to create a Secure environment for the Virtual Server;
- boot FreeBSD, either 10.1 (with SecureBoot support) or an earlier version;
- experiment with the same platform at runtime to check the security available.
Thank you.
Have a nice day,
Aaron
-
- Volunteer
- Posts: 1095
- Joined: 20. May 2009, 02:17
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Windows, OSX
- Location: U S of A
Re: question: How to enable UEFI SecureBoot in VBox?
I thought SecureBoot is a feature of the Guest OS.
Other than EFI Enabled, how is VBox not permitting the feature?
Other than EFI Enabled, how is VBox not permitting the feature?
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: question: How to enable UEFI SecureBoot in VBox?
It's not a feature I'm familiar with (restrict my PC from running the OS of my choice? Including no recovery boot disks? Not sure why I'd ever want that!).
However, it looks like what it basically is, is certification checks in the BIOS, similar to the hardening checks recently implemented in VirtualBox. So, the OS has to certify its boot code, and the BIOS has to check the certs on boot. So action is needed in both the guest OS and the BIOS.
I'm not sure how a secure boot BIOS is supposed to support something like FreeBSD. Surely it can't rely on net access to check the cert (how can internet access be working before the OS has booted?) [*], so it must either accept any cert (doesn't sound very useful), or only a small number of OS brands - i.e. Windows 8 and Windows 10. Or, if you're Apple, you support OS X.
The feature sounds suspiciously like Microsoft using security paranoia and ignorance to do what it has tried many times before: ensure that users can't choose anything on new hardware except the latest version of Windows.
However, it looks like what it basically is, is certification checks in the BIOS, similar to the hardening checks recently implemented in VirtualBox. So, the OS has to certify its boot code, and the BIOS has to check the certs on boot. So action is needed in both the guest OS and the BIOS.
I'm not sure how a secure boot BIOS is supposed to support something like FreeBSD. Surely it can't rely on net access to check the cert (how can internet access be working before the OS has booted?) [*], so it must either accept any cert (doesn't sound very useful), or only a small number of OS brands - i.e. Windows 8 and Windows 10. Or, if you're Apple, you support OS X.
The feature sounds suspiciously like Microsoft using security paranoia and ignorance to do what it has tried many times before: ensure that users can't choose anything on new hardware except the latest version of Windows.
-
- Volunteer
- Posts: 1095
- Joined: 20. May 2009, 02:17
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Windows, OSX
- Location: U S of A
Re: question: How to enable UEFI SecureBoot in VBox?
That is an often repeated opinion to which I concur.mpack wrote:The feature sounds suspiciously like Microsoft using security paranoia and ignorance to do what it has tried many times before: ensure that users can't choose anything on new hardware except the latest version of Windows.
I had not noted the BIOS involvement in other descriptions.
-
- Volunteer
- Posts: 8851
- Joined: 30. Apr 2009, 09:45
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: just about all that run
Re: question: How to enable UEFI SecureBoot in VBox?
Just to add, for an OEM who wanted the Genuine Windows 8/8.1 Logo on their PCs, Microsoft made it mandatory they include a switch to disable secure boot in the BIOS. However, it seems Microsoft is going to change their policy with Windows 10 and make the BIOS switch optional. So it has freaked some Linux users out because you couldn't replace Windows 10 with Linux if an OEM leaves the switch out (which I doubt any would).
I don't see however what any of that has to do with FreeBSD or any other OS or VMs for that matter.
I don't see however what any of that has to do with FreeBSD or any other OS or VMs for that matter.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
There are three groups of people. Those that can count and those that can't.
-
- Posts: 1
- Joined: 16. Mar 2016, 15:17
Re: question: How to enable UEFI SecureBoot in VBox?
Any updates on this? Is Secure Boot available in a VBox VM already?
For the person who asked why one would want this on a FreeBSD, I'd say that actually it's not MS security paranoia but rather a way to stop bootkit malware to run.
I was able to use Secure Boot using MS's virtualization solution Hyper-V but I really would rather use VBox instead.
For the person who asked why one would want this on a FreeBSD, I'd say that actually it's not MS security paranoia but rather a way to stop bootkit malware to run.
I was able to use Secure Boot using MS's virtualization solution Hyper-V but I really would rather use VBox instead.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: question: How to enable UEFI SecureBoot in VBox?
If this were posted as an Enhancement in the Bugtracker, the developers would have weighed in in whether they would implement it. (No response isn't a no, though; they'll say no if they don't want to program an Enhancement.) If this were implemented, they would have mentioned it in the changelogs.
Check the Changelogs, where the downloads are posted.
Check the Changelogs, where the downloads are posted.