[Bug 2022312] Re: Adding IA32 to X64 pkg, because secure boot is not working on Focal

dann frazier 2022312 at bugs.launchpad.net
Tue Jun 20 23:01:37 UTC 2023 

I'm curious, does it work if you drop "acpi-s3" from the features in
/usr/share/qemu/firmware/40-edk2-x86_64-secure-enrolled.json ? If I
understand that setting correctly, it should be giving libvirt the hint
it needs to figure out whether or not the firmware supports S3, and in
focal that setting looks wrong since we're using 64-bit PEI which does
not. Hopefully libvirt has the smarts to pass '-global
ICH9-LPC.disable_s3=1' when "acpi-s3" is absent. If so, correcting the
descriptor in an SRU seems like a path forward.

Note: We introduced the 4M images into Ubuntu w/ 64-bit PEI at some
point after focal, but we switched them to 32-bit PEI before 22.04, so I
believe advertising the "acpi-s3" feature is correct in jammy. When we
backported the 4M images to focal earlier this year (bug 1885662), we
backported the intermediate version that still used 64-bit PEI. I regret
that we didn't think to also include the switch to 32-bit PEI at that
time, it would have been the safest time to do it, and consistent with
jammy. But now that we've released them w/ 64-bit PEI into an LTS, I
don't know how we'd go about demonstrating that no one has grown reliant
upon it.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/2022312

Title:
  Adding IA32 to X64 pkg, because secure boot is not working on Focal

Status in edk2 package in Ubuntu:
  Fix Released
Status in nova package in Ubuntu:
  Invalid
Status in edk2 source package in Focal:
  Won't Fix
Status in nova source package in Focal:
  Incomplete
Status in edk2 source package in Jammy:
  Fix Released
Status in nova source package in Jammy:
  Invalid

Bug description:
  [Impact]

  In Focal, secureboot is not working ( black screen right after
  instance is started )

  [Test Case]
  1. In focal, create instance, and enable secureboot
  2. start instance.
  3. you just can see only blackscreen.

  [Where problems could occur]
  Secureboot may have issue.

  [Others]
  For Jammy, it is ok

  instance xml
  - https://pastebin.ubuntu.com/p/MnK6nx3vwy/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2022312/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list