Skip to content
Docs
Reference
UEFI variables for VMs

UEFI variables for VMs

UEFI variables store and represent configuration settings of the UEFI firmware. See UEFI (opens in a new tab) for more information.

You can see a list of UEFI variables on your system by running ls -l /sys/firmware/efi/efivars/. Usually, you don't need to touch these variables, but in specific cases they can be useful to debug UEFI, SHIM, or boot loader issues in virtual machines.

To configure UEFI variables for a VM, use the lxc config uefi command or the /1.0/instances/<instance_name>/uefi-vars endpoint.

For example, to set a variable to a value (hexadecimal):

CLI

lxc config uefi set <instance_name> <variable_name>-<GUID>=<value>

API

lxc query --request PUT /1.0/instances/<instance_name>/uefi-vars --data '{
  "variables": {
    "<variable_name>-<GUID>": {
      "attr": 3,
      "data": "<value>"
    },
  }
}'

See PUT /1.0/instances/{name}/uefi-vars for more information.

To display the variables that are set for a specific VM:

CLI

lxc config uefi show <instance_name>

API

lxc query --request GET /1.0/instances/<instance_name>/uefi-vars

See GET /1.0/instances/{name}/uefi-vars for more information.

Example

You can use UEFI variables to disable secure boot, for example.

Important Use this method only for debugging purposes. LXD provides the security.secureboot option to control the secure boot behavior.

The following command checks the secure boot state:

lxc config uefi get v1 SecureBootEnable-f0a30bc7-af08-4556-99c4-001009c93a44

A value of 01 indicates that secure boot is active. You can then turn it off with the following command:

lxc config uefi set v1 SecureBootEnable-f0a30bc7-af08-4556-99c4-001009c93a44=00
Type: usbPermissions