You need to install edk2-ovmf
, then find the path for the correspond files. For Arch Linux you can use pacman -Ql edk2-ovmf
. Choose the x64 version. Be careful the two files are different, one is OVME_CODE.secboot.fd (the firmware code); another one is OVMF_VARS.fd (variables used by the firmware and Operating Systems), like a configuration database.
-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd \
-drive if=pflash,format=raw,file=/copy/of/OVMF_VARS.fd \
Add these two options you'll get UEFI and the secure boot feature. I tested on latest Arch Linux x86_64 6.4.4-arch1-1 and QEMU emulator version 8.0.2.
I wrote a script to install Windows 11 on QEMU:
#!/bin/bash
# Libtpms-based TPM emulator
tpm_path=/home/user/Documents/qemu-disks/Windows11Support/
swtpm socket --tpm2 --tpmstate dir="${tpm_path}" --ctrl type=unixio,path="${tpm_path}/swtpm-sock" &
iso_path=/home/user/Documents/Win11_22H2_English_x64v2.iso
disk_path=/home/user/Documents/qemu-disks/Windows11
ovmf_code=/usr/share/edk2/x64/OVMF_CODE.secboot.fd
ovmf_vars=/home/user/Documents/qemu-disks/Windows11Support/OVMF_VARS.fd
virtio_path=/home/user/Documents/qemu-disks/Windows11Support/virtio-win-0.1.229.iso
keys_path=/home/user/Downloads/UEFIKeys
# these options for install OSs and systems
#-drive file="${iso_path}",index=2,media=cdrom \
#-drive file="${virtio_path}",index=3,media=cdrom \
qemu-system-x86_64 \
-enable-kvm \
-smp 8 \
-m 16G \
-name Windows11 \
-machine q35 \
-vga none \
-usb -device usb-tablet \
-device virtio-vga \
-nic user,model=virtio-net-pci \
-cpu host,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time \
-drive if=pflash,format=raw,readonly=on,file="${ovmf_code}" \
-drive if=pflash,format=raw,file="${ovmf_vars}" \
-chardev socket,id=chrtpm,path="${tpm_path}/swtpm-sock" \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-drive file="${disk_path}",index=0,media=disk,if=virtio,format=raw \
$@
This for Trusted Platform Module Emulator:
-chardev socket,id=chrtpm,path="${tpm_path}/swtpm-sock" \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
$@
let you add more options when you run the scripts.
All other options you can find meanings by check man qemu-system-x86_64
.
For more information check QEMU - ArchWiKi.