[Bug 2022312] Re: Adding IA32 to X64 pkg, because secure boot is not working on Focal

dann frazier 2022312 at bugs.launchpad.net
Thu Aug 31 18:54:45 UTC 2023 

Secure Boot does work in focal, but apparently never has through
OpenStack. That's a bug or a new feature request, depending on how you
look at it.

*If* we want to fix that/enable that feature, it sounds like we're back
to Seyeoung's options #1 and #2 from comment #20. Option #2 - switching
the 4M images to 32-bit PEI - is starting to sound like the best option.
Patching Nova to do something atypical for focal feels like it would
carry more risk.

We've had 4M images in focal for about 8 months (2023-01-24). The
regression risk with this change would be that someone has created a VM
in focal during that time that somehow needs 64-bit PEI.  I'm not aware
of any reason a VM would require 64-bit PEI, and I'm also unaware of any
user-perceivable changes the switch would make. I haven't see any user
reports about problems with that since we introduced that change in
Debian/Ubuntu. If users are already booting Secure Boot VMs w/ S3
disabled to use them, they can continue doing that[*]. The fact that the
firmware would now support booting them w/ S3 enabled wouldn't be a
regression. And it would correct an internal inconsistency in OVMF -
where it tells libvirt that the 4M images support s3 when they currently
do not.

If you do move forward with this SRU Seyeoung, I'd suggest using the
same or similar debian/changelog entry from when we introduced the
change in 2020.11-1, as it provides more context.

[*] Of course, we need to verify that - it should be a verification test

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2022312

Title:
  Adding IA32 to X64 pkg, because secure boot is not working on Focal

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive yoga series:
  New
Status in edk2 package in Ubuntu:
  Fix Released
Status in nova package in Ubuntu:
  Invalid
Status in edk2 source package in Focal:
  Won't Fix
Status in nova source package in Focal:
  Invalid
Status in edk2 source package in Jammy:
  Fix Released
Status in nova source package in Jammy:
  Invalid

Bug description:
  [Impact]

  In Focal, secureboot is not working ( black screen right after
  instance is started )

  [Test Case]
  1. In focal, create instance, and enable secureboot
  2. start instance.
  3. you just can see only blackscreen.

  [Where problems could occur]
  Secureboot may have issue.

  [Others]
  For Jammy, it is ok

  instance xml
  - https://pastebin.ubuntu.com/p/MnK6nx3vwy/

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2022312/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list