VirtualBox

source: vbox/trunk/doc/manual/en_US/man_VBoxManage-modifynvram.xml

Last change on this file was 103532, checked in by vboxsync, 2 months ago

VBoxManage: Add subcommand for enabling UEFI secure boot (and show the status in the VM infos).
Main/NVRAMStore+UefiVariableStore: Tweaks to allow reading the UEFI secure boot state when the VM isn't mutable.
doc/manual: Update VBoxManage manpage.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 11.9 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!--
3 manpage, user manual, usage: VBoxManage modifynvram
4-->
5<!--
6 Copyright (C) 2021-2023 Oracle and/or its affiliates.
7
8 This file is part of VirtualBox base platform packages, as
9 available from https://www.virtualbox.org.
10
11 This program is free software; you can redistribute it and/or
12 modify it under the terms of the GNU General Public License
13 as published by the Free Software Foundation, in version 3 of the
14 License.
15
16 This program is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, see <https://www.gnu.org/licenses>.
23
24 SPDX-License-Identifier: GPL-3.0-only
25-->
26<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
27 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
28<!ENTITY % all.entities SYSTEM "all-entities.ent">
29%all.entities;
30]>
31<refentry id="vboxmanage-modifynvram" lang="en">
32 <refentryinfo>
33 <pubdate>$Date: 2024-02-22 14:05:31 +0000 (Thu, 22 Feb 2024) $</pubdate>
34 <title>VBoxManage modifynvram</title>
35 </refentryinfo>
36
37 <refmeta>
38 <refentrytitle>VBoxManage-modifynvram</refentrytitle>
39 <manvolnum>1</manvolnum>
40 </refmeta>
41
42 <refnamediv>
43 <refname>VBoxManage-modifynvram</refname>
44 <refpurpose>List and modify the NVRAM content of a virtual machine</refpurpose>
45 <refclass>&product-name;</refclass>
46 </refnamediv>
47
48 <refsynopsisdiv>
49 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-inituefivarstore">
50 <command>VBoxManage modifynvram</command>
51 <group choice="req">
52 <arg choice="plain"><replaceable>uuid</replaceable></arg>
53 <arg choice="plain"><replaceable>vmname</replaceable></arg>
54 </group>
55 <arg choice="plain">inituefivarstore</arg>
56 </cmdsynopsis>
57 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-enrollmssignatures">
58 <command>VBoxManage modifynvram</command>
59 <group choice="req">
60 <arg choice="plain"><replaceable>uuid</replaceable></arg>
61 <arg choice="plain"><replaceable>vmname</replaceable></arg>
62 </group>
63 <arg choice="plain">enrollmssignatures</arg>
64 </cmdsynopsis>
65 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-enrollorclpk">
66 <command>VBoxManage modifynvram</command>
67 <group choice="req">
68 <arg choice="plain"><replaceable>uuid</replaceable></arg>
69 <arg choice="plain"><replaceable>vmname</replaceable></arg>
70 </group>
71 <arg choice="plain">enrollorclpk</arg>
72 </cmdsynopsis>
73 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-enrollpk">
74 <command>VBoxManage modifynvram</command>
75 <group choice="req">
76 <arg choice="plain"><replaceable>uuid</replaceable></arg>
77 <arg choice="plain"><replaceable>vmname</replaceable></arg>
78 </group>
79 <arg choice="plain">enrollpk</arg>
80 <arg>--platform-key=<replaceable>filename</replaceable></arg>
81 <arg>--owner-uuid=<replaceable>uuid</replaceable></arg>
82 </cmdsynopsis>
83 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-enrollmok">
84 <command>VBoxManage modifynvram</command>
85 <group choice="req">
86 <arg choice="plain"><replaceable>uuid</replaceable></arg>
87 <arg choice="plain"><replaceable>vmname</replaceable></arg>
88 </group>
89 <arg choice="plain">enrollmok</arg>
90 <arg>--mok=<replaceable>filename</replaceable></arg>
91 <arg>--owner-uuid=<replaceable>uuid</replaceable></arg>
92 </cmdsynopsis>
93 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-secureboot">
94 <command>VBoxManage modifynvram</command>
95 <group choice="req">
96 <arg choice="plain"><replaceable>uuid</replaceable></arg>
97 <arg choice="plain"><replaceable>vmname</replaceable></arg>
98 </group>
99 <arg choice="plain">secureboot</arg>
100 <group choice="req">
101 <arg choice="plain">--enable</arg>
102 <arg choice="plain">--disable</arg>
103 </group>
104 </cmdsynopsis>
105 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-listvars">
106 <command>VBoxManage modifynvram</command>
107 <group choice="req">
108 <arg choice="plain"><replaceable>uuid</replaceable></arg>
109 <arg choice="plain"><replaceable>vmname</replaceable></arg>
110 </group>
111 <arg choice="plain">listvars</arg>
112 </cmdsynopsis>
113 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-queryvar">
114 <command>VBoxManage modifynvram</command>
115 <group choice="req">
116 <arg choice="plain"><replaceable>uuid</replaceable></arg>
117 <arg choice="plain"><replaceable>vmname</replaceable></arg>
118 </group>
119 <arg choice="plain">queryvar</arg>
120 <arg>--name=<replaceable>name</replaceable></arg>
121 <arg>--filename=<replaceable>filename</replaceable></arg>
122 </cmdsynopsis>
123 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-deletevar">
124 <command>VBoxManage modifynvram</command>
125 <group choice="req">
126 <arg choice="plain"><replaceable>uuid</replaceable></arg>
127 <arg choice="plain"><replaceable>vmname</replaceable></arg>
128 </group>
129 <arg choice="plain">deletevar</arg>
130 <arg>--name=<replaceable>name</replaceable></arg>
131 <arg>--owner-uuid=<replaceable>uuid</replaceable></arg>
132 </cmdsynopsis>
133 <cmdsynopsis id="synopsis-vboxmanage-modifynvram-changevar">
134 <command>VBoxManage modifynvram</command>
135 <group choice="req">
136 <arg choice="plain"><replaceable>uuid</replaceable></arg>
137 <arg choice="plain"><replaceable>vmname</replaceable></arg>
138 </group>
139 <arg choice="plain">changevar</arg>
140 <arg>--name=<replaceable>name</replaceable></arg>
141 <arg>--filename=<replaceable>filename</replaceable></arg>
142 </cmdsynopsis>
143 </refsynopsisdiv>
144
145 <refsect1 id="vboxmanage-modifynvram-description">
146 <title>Description</title>
147
148 <para>The "modifynvram" commands are for experts who want to inspect and modify the
149 UEFI variable store of a virtual machine. Any mistakes done here can bring the virtual
150 machine in a non working state.</para>
151
152 <refsect2 id="vboxmanage-modifynvram-common-options">
153 <title>Common options</title>
154 <remark role="help-scope" condition="GLOBAL"/>
155 <para>The subcommands of <command>modifynvram</command> all operate on a running virtual
156 machine:</para>
157 <variablelist>
158 <varlistentry>
159 <term><option><replaceable>uuid</replaceable> | <replaceable>vmname</replaceable></option></term>
160 <listitem><para>Either the UUID or the name (case sensitive) of a VM.</para></listitem>
161 </varlistentry>
162 </variablelist>
163 </refsect2>
164
165 <refsect2 id="vboxmanage-modifynvram-inituefivarstore">
166 <title>modifynvram inituefivarstore</title>
167 <remark role="help-copy-synopsis"/>
168 <para>
169 Iniitalizes the UEFI variable store to a default state. Any previous existing variable
170 store is deleted. Use with extreme caution!
171 </para>
172 </refsect2>
173
174 <refsect2 id="vboxmanage-modifynvram-enrollmssignatures">
175 <title>modifynvram enrollmssignatures</title>
176 <remark role="help-copy-synopsis"/>
177 <para>
178 Enrolls the default Microsoft KEK and DB signatures required for UEFI secure boot.
179 </para>
180 </refsect2>
181
182 <refsect2 id="vboxmanage-modifynvram-enrollorclpk">
183 <title>modifynvram enrollorclpk</title>
184 <remark role="help-copy-synopsis"/>
185 <para>
186 Enrolls the default platform key provided by Oracle required for UEFI secure boot.
187 </para>
188 </refsect2>
189
190 <refsect2 id="vboxmanage-modifynvram-enrollpk">
191 <title>modifynvram enrollpk</title>
192 <remark role="help-copy-synopsis"/>
193 <para>
194 Enrolls a custom platform key provided by the user required for UEFI secure boot.
195 The following commands use openssl to generate a new platform key:
196 </para>
197<screen>$ openssl req -new -x509 -newkey rsa:2048 -keyout PK.key -out PK.crt</screen>
198<screen>$ openssl x509 -in PK.crt -out PK.cer -outform DER</screen>
199 <variablelist>
200 <varlistentry>
201 <term><option>--platform-key=<replaceable>filename</replaceable></option></term>
202 <listitem><para>The platform key provided as a DER encoded X.509 signature.</para>
203 </listitem>
204 </varlistentry>
205 <varlistentry>
206 <term><option>--owner-uuid=<replaceable>uuid</replaceable></option></term>
207 <listitem><para>The UUID identifying the owner of the platform key.</para>
208 </listitem>
209 </varlistentry>
210 </variablelist>
211 </refsect2>
212
213 <refsect2 id="vboxmanage-modifynvram-secureboot">
214 <title>modifynvram secureboot</title>
215 <remark role="help-copy-synopsis"/>
216 <para>
217 Enables or disables UEFI secure boot.
218 </para>
219 <variablelist>
220 <varlistentry>
221 <term><option>--enable></option></term>
222 <listitem><para>Enables UEFI secure boot if the state of the key
223 enrolment permits.</para>
224 </listitem>
225 </varlistentry>
226 <varlistentry>
227 <term><option>--disable></option></term>
228 <listitem><para>Disables UEFI secure boot.</para>
229 </listitem>
230 </varlistentry>
231 </variablelist>
232 </refsect2>
233
234 <refsect2 id="vboxmanage-modifynvram-listvars">
235 <title>modifynvram listvars</title>
236 <remark role="help-copy-synopsis"/>
237 <para>
238 Lists all UEFI variables in the virtual machines's store along with their owner UUID.
239 </para>
240 </refsect2>
241
242 <refsect2 id="vboxmanage-modifynvram-queryvar">
243 <title>modifynvram queryvar</title>
244 <remark role="help-copy-synopsis"/>
245 <para>
246 Queries the content of a given UEFI variable identified by its name.
247 </para>
248 <variablelist>
249 <varlistentry>
250 <term><option>--name=<replaceable>name</replaceable></option></term>
251 <listitem><para>UEFI variable name to query.</para>
252 </listitem>
253 </varlistentry>
254 <varlistentry>
255 <term><option>--filename=<replaceable>filename</replaceable></option></term>
256 <listitem>
257 <para>
258 Where to store the content of the variable upon success. This is optional,
259 if omitted the content will be dumped to the terminal as a hex dump.
260 </para>
261 </listitem>
262 </varlistentry>
263 </variablelist>
264 </refsect2>
265
266 <refsect2 id="vboxmanage-modifynvram-deletevar">
267 <title>modifynvram deletevar</title>
268 <remark role="help-copy-synopsis"/>
269 <para>
270 Deletes the given variable identified by its name and owner UUID.
271 </para>
272 <variablelist>
273 <varlistentry>
274 <term><option>--name=<replaceable>name</replaceable></option></term>
275 <listitem><para>UEFI variable name to delete.</para>
276 </listitem>
277 </varlistentry>
278 <varlistentry>
279 <term><option>--owner-uuid=<replaceable>uuid</replaceable></option></term>
280 <listitem><para>The UUID identifying the owner of the variable to delete.</para>
281 </listitem>
282 </varlistentry>
283 </variablelist>
284 </refsect2>
285
286 <refsect2 id="vboxmanage-modifynvram-changevar">
287 <title>modifynvram changevar</title>
288 <remark role="help-copy-synopsis"/>
289 <para>
290 Changes the UEFI variable content to the one form the given file.
291 </para>
292 <variablelist>
293 <varlistentry>
294 <term><option>--name=<replaceable>name</replaceable></option></term>
295 <listitem><para>UEFI variable name to change the data for.</para>
296 </listitem>
297 </varlistentry>
298 <varlistentry>
299 <term><option>--filename=<replaceable>filename</replaceable></option></term>
300 <listitem>
301 <para>The file to read the data from.</para>
302 </listitem>
303 </varlistentry>
304 </variablelist>
305 </refsect2>
306
307 </refsect1>
308</refentry>
Note: See TracBrowser for help on using the repository browser.

© 2023 Oracle
ContactPrivacy policyTerms of Use