Test #3: * Extra Test: HTTPS boot a uEFI guest with the efi roms from ipxe-qemu with old/new ipxe-qmeu code. This shall ensure that OVMF can really take over as-is or if we need bug 1883114 before we can do so. Details TBD when I'm doing these tests
I created a q35 guest in libvirt without a disk and set it to run in uEFI mode via OVMF. Starting that without further setup runs into an EFI loader that can't find anything to boot. Start PXE over IPv4 ... Not Found Start HTTP Boot over IPv4 ... Not Found -> into interactive boot-failed menu As I mentioned before in comment #26 Focals EDK2 didn't have HTTPS enabled yet, only in Groovy. Therefure using the OVMF of groovy and the ipxe-qemu package from Focal-proposed I set up a test. $ cp ovmf-groovy/usr/share/OVMF/OVMF_VARS.fd test-vars.fd $ qemu-system-x86_64 -enable-kvm -drive if=pflash,format=raw,readonly,file=/home/ubuntu/ovmf-groovy/usr/share/OVMF/OVMF_CODE.fd -drive if=pflash,format=raw,file=test-vars.fd -monitor stdio We can see that in this OVMF build the OVMF device manager has the option to enroll TLScerts. But TBH I haven't ever used this setup to then HTTPS boot through EFI/OVMF. I found [1] but before going through all the lengths to set this up I wonder for further regression testing I wonder if there at all was a way to get HTTPS boot working in EFI mode with: a) https enabled /usr/lib/ipxe/qemu/efi-e1000e.rom b) not https enabled /usr/share/OVMF/OVMF_CODE.fd I'm a bit lost in all the rom/boot/https/loader options. I beg your pardon but @Lazlo do you know if above mentioned way existed and might - now that we take https away from (a) - be regressing? If so which way would this need to be set up to be tested? Is [1][2] a proper way to exercise this in Focal "using the https in e1000e" or would that only work with the HTTPS enabled OVMF of groovy? [1]: https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup [2]: https://edk2-docs.gitbook.io/getting-started-with-uefi-https-boot-on-edk-ii/introduction P.S. cross release migration tests still running -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882671 Title: unbalanced UEFI TPL manipulations in iPXE with DOWNLOAD_PROTO_HTTPS enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ipxe/+bug/1882671/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
