VirtualBox

Ticket #14279 (new defect)

Opened 4 years ago

Last modified 7 weeks ago

Switch on permanent NVRAM to fix UEFI boot

Reported by: paddor Owned by:
Component: EFI Version: VirtualBox 4.3.30
Keywords: NVRAM, EFI Cc:
Guest type: Linux Host type: Mac OS X

Description

According to changeset https://www.virtualbox.org/changeset/43256/vbox, the switch for permanent NVRAM save is turned off by default. This breaks UEFI boots which store the location of the OS loader in the NVRAM.

IMHO, it should be persisted by default. It's called non-volatile after all.

If turning it on by default is a problem, a switch in the configuration of the VM would do the job, too.

I just installed a Linux (Funtoo) in the VM, using a VFAT partition as /boot. It was only able to boot after rebooting from within the live CD (or system booted using the kernel from the live CD), but was unable to boot after a complete shutdown (since that clears the NVRAM, apparently).

My current workaround is to provide a startup.nsh (created with the edit command within the EFI shell) which points directly to the OS loader within the ESP, which is fs0:\EFI\FuntooLinux\grubx64.efi in my case.

Change History

comment:1 Changed 3 years ago by roemer2201

Could you please provide the vboxmanage command for setting "PermanentSave"?

comment:2 Changed 22 months ago by FateRover

same with this issue ,the new added uefi boot is missing after a completely shut down

comment:3 Changed 22 months ago by Winyl

have the same issue with version 5.1.28 r117968 (Qt5.6.2). Any OS installed in EFI mode forgets where its bootloader is, because VirtualBox does not save contents of NVRAM although "PermanentSave" option is present in NvRam.cpp code. Why it is not used?

comment:4 Changed 17 months ago by WildCard65

I feel that lack of permanent NVRAM is a downside to using VirtualBox.

comment:5 Changed 15 months ago by jmorrison

Can this be fixed? Wasted hours getting an install working because uefi nvram wasn't saved.

comment:6 follow-up: ↓ 7 Changed 14 months ago by antoine2711

This is very important for Apple virtualization. Please fix it.

comment:7 in reply to: ↑ 6 ; follow-up: ↓ 8 Changed 14 months ago by socratis

Replying to antoine2711:

This is very important for Apple virtualization.

In what sense? The only real problem so far is the installation of OSX 10.13 but there are workarounds, for example: " HowTo: Install OSX 10.13 in a VM".

Did you have something else in mind?

comment:8 in reply to: ↑ 7 ; follow-ups: ↓ 9 ↓ 12 Changed 11 months ago by Andrey Zentavr

Replying to socratis:

Replying to antoine2711:

This is very important for Apple virtualization.

In what sense? The only real problem so far is the installation of OSX 10.13 but there are workarounds, for example: " HowTo: Install OSX 10.13 in a VM".

Did you have something else in mind?

MacOS saves some states in NVRAM as well. The very big deal is to save the state for System Integriry Protection. The flag gets lost when you shut down the machine.

comment:9 in reply to: ↑ 8 ; follow-up: ↓ 10 Changed 11 months ago by socratis

Replying to Andrey Zentavr:

MacOS saves some states in NVRAM as well. The very big deal is to save the state for System Integriry Protection. The flag gets lost when you shut down the machine.

Not true. The SIP is not stored in NVRAM. You simply need to boot into Recovery mode and disable SIP with "csrutil disable". For more details on how to do this for an OSX VM see  HowTo: Build VirtualBox ≥ 5.1.2 on OSX ≥ 10.9, section 8. The SIP state is retained until you change it back with the same procedure. Not NVRAM related.

The only thing that you can't do is to boot in Single-user mode.

comment:10 in reply to: ↑ 9 ; follow-up: ↓ 11 Changed 11 months ago by libsystem_ethan

Replying to socratis:

Replying to Andrey Zentavr:

MacOS saves some states in NVRAM as well. The very big deal is to save the state for System Integriry Protection. The flag gets lost when you shut down the machine.

Not true. The SIP is not stored in NVRAM. The only thing that you can't do is to boot in Single-user mode.

Actually, SIP is stored in NVRAM as the csr-active-config variable ( https://gist.github.com/pudquick/8b320be960e1654b908b10346272326b). Without a persistent NVRAM, the changes made to this variable made by running csrutil disable in recovery mode are not saved once you exit the VM. This makes using a macOS guest under VirtualBox for things like kext development (or other activities which require SIP to be off) very frustrating, as every time I start my VM, I have to boot to recovery, disable SIP, and then boot back into macOS.

Last edited 11 months ago by libsystem_ethan (previous) (diff)

comment:11 in reply to: ↑ 10 Changed 11 months ago by socratis

Replying to libsystem_ethan:

Actually, SIP is stored in NVRAM ... the changes made to this variable made by running csrutil disable in recovery mode are not saved once you exit the VM.

I stand corrected. I never tried to completely shutdown the VM after I made the recovery mode changes. I just tried it again, but this time I completely shut down the VM. It failed to disable SIP. My apologies for the misguiding comment...

comment:12 in reply to: ↑ 8 ; follow-up: ↓ 13 Changed 9 months ago by mwaks

Facing the issue of making the SIP status persistent . Have any workarounds ? I am on a High Sierra host running a Sierra VM

Replying to Andrey Zentavr:

Replying to socratis:

Replying to antoine2711:

This is very important for Apple virtualization.

In what sense? The only real problem so far is the installation of OSX 10.13 but there are workarounds, for example: " HowTo: Install OSX 10.13 in a VM".

Did you have something else in mind?

MacOS saves some states in NVRAM as well. The very big deal is to save the state for System Integriry Protection. The flag gets lost when you shut down the machine.

Last edited 9 months ago by mwaks (previous) (diff)

comment:13 in reply to: ↑ 12 Changed 9 months ago by socratis

Replying to mwaks:

Have any workarounds?

Don't shutdown the VM. If there was another way, this ticket would have been [Closed]. ;)

comment:14 Changed 7 weeks ago by Codeguard

This is how you can disable SIP on macOS in VirtualBox permanently:
1) Close all VirtualBox windows, or your edits will be reverted automatically.
2) Find your VM's .vbox file and edit it, adding these lines in <ExtraData>:

<ExtraDataItem name="VBoxInternal/Devices/efi/0/LUN#0/Config/Vars/0000/Name" value="csr-active-config"/>
<ExtraDataItem name="VBoxInternal/Devices/efi/0/LUN#0/Config/Vars/0000/Uuid" value="7c436110-ab2a-4bbb-a880-fe41995c9f82"/>
<ExtraDataItem name="VBoxInternal/Devices/efi/0/LUN#0/Config/Vars/0000/Value" value="bytes:dwAAAA=="/>

3) If there are some variables already, renumber '0000'

Last edited 7 weeks ago by Codeguard (previous) (diff)
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use