LI Nick X.com
Blog |Follow Nick on Mastodon| About
 

The documentation for running HAOS on KVM is pretty good but not enough for me, in fairness it state that Secure Boot is not supported, but the clues given to disable that are a little cryptic, this post are my notes.

Preface: Some personal tweaks.

I used the virt-install command given, but the default tries to connect to the console -- which without secure boot disabled is just a blank screen, so --noautoconsole is needed.

Also, I don't have a default network, all my VM's are on a bridge interface which means I also need --network bridge=br0

So, my final install command looks like:

virt-install --name haos --description "Home Assistant OS" --os-variant=generic --ram=4096 --vcpus=2 --disk /opt/haos/haos_ova-16.2.qcow2,bus=scsi --controller type=scsi,model=virtio-scsi --import --graphics none --boot uefi --network bridge=br1 --noautoconsole

( Change your disk path as necessary )

Now: To disable secure boot.

You VM is probably running, but not working, shut it down with sudo virsh shutdown haos it might be stuck, so you might have to use sudo virsh destroy hasos to forcefully kill it.

Now run sudo virsh edit haos, this should open an XML like this screenshot:

It doesn't matter if it's not exactly the same, your hypervisor might have selected a different EFI firmware. Next steps:

  1. Change enrolled-keys to no
  2. Change secure-boot to no
  3. 👉🏼 Delete the line starting with <loader readonly='yes' ...
  4. 👉🏼 Delete the line starting with <nvram template= ...
  5. Save

The final XML snippet should look something like:

<os firmware='efi'>
    <type arch='x86_64' machine='pc-i440fx-10.0'>hvm</type>
    <firmware>
      <feature enabled='no' name='enrolled-keys'/>
      <feature enabled='no' name='secure-boot'/>
    </firmware>
    <boot dev='hd'/>
</os>

First boot: Reset nvram.

After making the above changes, when you start (power-on) the machine for the first time you need to get KVM to select a new firmware, so run:

virsh start haos --reset-nvram

After that's been done once, then normal start should work, even autostart.

Done!

I use cockpit to manage my KVMs, this is what it looks like! 😊

References:

  • https://libvirt.org/kbase/secureboot.html#changing-an-existing-vm
  • https://www.home-assistant.io/installation/alternative#hypervisor-specific-configuration

 

 
Nick Bettison ©