Disable Secure-Boot from Virt-Install Command Line

On a RHEL/CentOS/RockyLinux system you can disable the UEFI secure boot from from the virt-install command. The --boot option here is the winner.

The key here are the files in /usr/share/edk2/ovmf/. We will need to copy OVMF_VARS.fd from that directory to /var/lib/libvirt/qemu/nvram/. I usually use the name of the VM for the filename. In this example it would be no-secure-boot.fd. Once that file exists, we can run the command below:

virt-install \
  --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd,loader.readonly=yes,loader.secure='no',loader.type=pflash,nvram=/var/lib/libvirt/qemu/nvram/no-secure-boot.fd \
  --name no-secure-boot \
  --memory $(( 1024 * 8 )) \
  --vcpus 2 \
  --disk bus=virtio,path=/var/lib/libvirt/images/no-secure-boot\.qcow2,sparse=yes,format=qcow2,size=100 \
  --os-variant rhel8-unknown \
  --graphics type=spice,listen=0.0.0.0 \
  --graphics vnc \
  --network network=system-bridge,model=virtio \
  --pxe