[Bug 2022312] Re: Adding IA32 to X64 pkg, because secure boot is not working on Focal

Mauricio Faria de Oliveira 2022312 at bugs.launchpad.net
Sat Jan 13 20:15:02 UTC 2024 

By the way, regarding Focal Ussuri (ie, Focal as in Ubuntu Archive),
I'm not sure that has to be fixed, since Secure Boot support in Nova
is only introduced in Openstack Wallaby (after Ussuri, before Yoga).
[That is actually related to the reason for upload [4], bug 1960758.]

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=3064#c2
[2] https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1903681/comments/4
[3] https://git.launchpad.net/ubuntu/+source/nova/tree/nova/conf/workarounds.py?h=import/2%2521.2.4-0ubuntu2.6#n22
[4] https://git.launchpad.net/ubuntu/+source/nova/commit/?h=import/2%2521.2.4-0ubuntu2.6

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2022312

Title:
  Adding IA32 to X64 pkg, because secure boot is not working on Focal

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive yoga series:
  New
Status in edk2 package in Ubuntu:
  Fix Released
Status in edk2 source package in Focal:
  In Progress
Status in edk2 source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  In Focal, secureboot is not working ( black screen right after
  instance is started )

  [Test Case]
  0. juju bundle for focal-yoga openstack env
  - https://pastebin.ubuntu.com/p/G38JwXMX5G/
  1. create custom image with cirros
  - openstack image create --container-format bare --disk-format qcow2 --file cirros-0.5.1-x86_64-disk.img cirros
  2. set image properties.
  - $ openstack image set --property hw_machine_type=q35 --property hw_firmware_type=uefi --property os_secure_boot=required cirros
  3. In focal, create instance, and enable secureboot
  4. start instance.
  5. you just can see only blackscreen.

  [Where problems could occur]
  Secureboot may have issue.

  [Others]
  For Jammy, it is ok

  instance xml
  - https://pastebin.ubuntu.com/p/MnK6nx3vwy/

  #ADDED
  Testing
  1. Prepared cirros and cirros2 image
  2. only set secure boot parameters to cirros image
  3. launch instances
  - instance with cirros image
  - instance with cirros2 image
  4. test result
  - booting cirros instance doesn't work(black screen) with original OVMF_CODE_4M.secboot.fd
  - booting cirros instance does work(shows uefi prompt) with patched OVMF_CODE_4M.secboot.fd
  - booting cirros2 instance either cases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2022312/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list