Once upon a time, Udo Seidel <udoseidel@xxxxxx> said: > I was trying to use it on KVM guests on a AArch64 host. So it was > the AAVMF package providing the firmware. Thas the famouse > "Microsoft Corporation Third Party Marketplace Root" key. Do you > need more information? My point is that if there's no hardware shipping with that cert, and especially if that's not what MS considers the intended use of that cert (because at one point their rules were different between x86_64 and AArch64), they may not sign any code for that use. Even if Fedora did have the setup for signing the AArch64 pieces, MS may not sign shim. If you need Secure Boot in your VMs, you'll probably have to add your own cert and do the signing yourself. -- Chris Adams <linux@xxxxxxxxxxx> -- _______________________________________________ arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/arm@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
