[Bug 2145095] [NEW] Please reintroduce PcdUninstallMemAttrProtocol=TRUE for arm64 build
Simon Déziel
2145095 at bugs.launchpad.net
Sat Mar 21 17:13:40 UTC 2026
Public bug reported:
When edk2 was updated to 2025.11-3ubuntu6, the debian/rules was changed
such that `NO_STRICTNX_COMMON_FLAGS` was removed from
`AAVMF_SECBOOT_FLAGS`.
When trying to bring this new version
(2025.02-8ubuntu3->2025.11-3ubuntu6) in the LXD snap, I noticed that
arm64 VM no longer boot with SecureBoot enabled:
```
# lxc start v1 --console
BdsDxe: loading Boot0002 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
BdsDxe: starting Boot0002 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
Synchronous Exception at 0x000000007DC04B98
Synchronous Exception at 0x000000007DC04B98
```
I suspect that reintroducing `NO_STRICTNX_COMMON_FLAGS` would fix the
problem:
```
-AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) -DBUILD_SHELL=FALSE -DSECURE_BOOT_ENABLE=TRUE
+AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) $(NO_STRICTNX_COMMON_FLAGS) -DBUILD_SHELL=FALSE -DSECURE_BOOT_ENABLE=TRUE
```
** Affects: edk2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to edk2 in Ubuntu.
https://bugs.launchpad.net/bugs/2145095
Title:
Please reintroduce PcdUninstallMemAttrProtocol=TRUE for arm64 build
Status in edk2 package in Ubuntu:
New
Bug description:
When edk2 was updated to 2025.11-3ubuntu6, the debian/rules was
changed such that `NO_STRICTNX_COMMON_FLAGS` was removed from
`AAVMF_SECBOOT_FLAGS`.
When trying to bring this new version
(2025.02-8ubuntu3->2025.11-3ubuntu6) in the LXD snap, I noticed that
arm64 VM no longer boot with SecureBoot enabled:
```
# lxc start v1 --console
BdsDxe: loading Boot0002 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
BdsDxe: starting Boot0002 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
Synchronous Exception at 0x000000007DC04B98
Synchronous Exception at 0x000000007DC04B98
```
I suspect that reintroducing `NO_STRICTNX_COMMON_FLAGS` would fix the
problem:
```
-AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) -DBUILD_SHELL=FALSE -DSECURE_BOOT_ENABLE=TRUE
+AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) $(NO_STRICTNX_COMMON_FLAGS) -DBUILD_SHELL=FALSE -DSECURE_BOOT_ENABLE=TRUE
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2145095/+subscriptions
More information about the foundations-bugs
mailing list