[Bug 1931254] [NEW] Google Confidnetial Compute fails to boot with 1.47
Joshua Powers
1931254 at bugs.launchpad.net
Tue Jun 8 13:22:15 UTC 2021
Public bug reported:
# Overview
Hirsute and Impish daily builds are currently not booting on Google
Confidential Compute. Confidential compute is Google's platform that
enables the use of Secure Encrypted Virtualization extension via AMD
EPYC CPUs. Booting an image with version 1.45 works, but once upgraded
to 1.47, the VM no longer boots, and instead the kernel panics.
Launching the image with secure boot, but without confidential compute
works as expected.
# Expected result
The system is able to reboot after the upgrade.
# Actual result
Kernel panic: https://paste.ubuntu.com/p/mHrvVc6qBc/
# Steps to reproduce
Launch a VM in GCE with confidential compute enabled with a serial
v20210511a or later and look at the serial log for the kernel panic.
Example CLI command to launch a VM:
$ gcloud beta compute instances create $USER-confidential-testing --zone
=us-west1-b --machine-type=n2d-standard-2 --image=daily-ubuntu-2104
-hirsute-v20210511a --image-project=ubuntu-os-cloud-devel
--confidential-compute --maintenance-policy=TERMINATE
The last known good working image is daily-
ubuntu-2104-hirsute-v20210510. The upgrade that fails is when shim
signed is updated from 1.46+15.4-0ubuntu1 to 1.47+15.4-0ubuntu2
# Logs & notes
* 20210510 manifest (good): https://paste.ubuntu.com/p/QjnMPcJj7G/
* 20210511a manifest (bad): https://paste.ubuntu.com/p/PvJQwRXHcG/
* diff between manifests: https://paste.ubuntu.com/p/4nJtGxqGn7/
* serial logs of failed boot: https://paste.ubuntu.com/p/mHrvVc6qBc/
** Affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1931254
Title:
Google Confidnetial Compute fails to boot with 1.47
Status in shim-signed package in Ubuntu:
New
Bug description:
# Overview
Hirsute and Impish daily builds are currently not booting on Google
Confidential Compute. Confidential compute is Google's platform that
enables the use of Secure Encrypted Virtualization extension via AMD
EPYC CPUs. Booting an image with version 1.45 works, but once upgraded
to 1.47, the VM no longer boots, and instead the kernel panics.
Launching the image with secure boot, but without confidential compute
works as expected.
# Expected result
The system is able to reboot after the upgrade.
# Actual result
Kernel panic: https://paste.ubuntu.com/p/mHrvVc6qBc/
# Steps to reproduce
Launch a VM in GCE with confidential compute enabled with a serial
v20210511a or later and look at the serial log for the kernel panic.
Example CLI command to launch a VM:
$ gcloud beta compute instances create $USER-confidential-testing
--zone=us-west1-b --machine-type=n2d-standard-2 --image=daily-
ubuntu-2104-hirsute-v20210511a --image-project=ubuntu-os-cloud-devel
--confidential-compute --maintenance-policy=TERMINATE
The last known good working image is daily-
ubuntu-2104-hirsute-v20210510. The upgrade that fails is when shim
signed is updated from 1.46+15.4-0ubuntu1 to 1.47+15.4-0ubuntu2
# Logs & notes
* 20210510 manifest (good): https://paste.ubuntu.com/p/QjnMPcJj7G/
* 20210511a manifest (bad): https://paste.ubuntu.com/p/PvJQwRXHcG/
* diff between manifests: https://paste.ubuntu.com/p/4nJtGxqGn7/
* serial logs of failed boot: https://paste.ubuntu.com/p/mHrvVc6qBc/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1931254/+subscriptions
More information about the foundations-bugs
mailing list