Comment 31 for bug 1882671

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Test #3:

 * Extra Test: HTTPS boot a uEFI guest with the efi roms from ipxe-qemu
   with old/new ipxe-qmeu code. This shall ensure that OVMF can really take
   over as-is or if we need bug 1883114 before we can do so.
   Details TBD when I'm doing these tests

I created a q35 guest in libvirt without a disk and set it to run in uEFI mode via OVMF.
Starting that without further setup runs into an EFI loader that can't find anything to boot.

Start PXE over IPv4
...
Not Found
Start HTTP Boot over IPv4
...
Not Found
-> into interactive boot-failed menu

As I mentioned before in comment #26 Focals EDK2 didn't have HTTPS enabled yet, only in Groovy.

Therefure using the OVMF of groovy and the ipxe-qemu package from Focal-proposed I set up a test.

$ cp ovmf-groovy/usr/share/OVMF/OVMF_VARS.fd test-vars.fd
$ qemu-system-x86_64 -enable-kvm -drive if=pflash,format=raw,readonly,file=/home/ubuntu/ovmf-groovy/usr/share/OVMF/OVMF_CODE.fd -drive if=pflash,format=raw,file=test-vars.fd -monitor stdio

We can see that in this OVMF build the OVMF device manager has the option to enroll TLScerts. But TBH I haven't ever used this setup to then HTTPS boot through EFI/OVMF.

I found [1] but before going through all the lengths to set this up I wonder for further regression testing I wonder if there at all was a way to get HTTPS boot working in EFI mode with:
a) https enabled /usr/lib/ipxe/qemu/efi-e1000e.rom
b) not https enabled /usr/share/OVMF/OVMF_CODE.fd

I'm a bit lost in all the rom/boot/https/loader options.
I beg your pardon but @Lazlo do you know if above mentioned way existed and might - now that we take https away from (a) - be regressing?
If so which way would this need to be set up to be tested?
Is [1][2] a proper way to exercise this in Focal "using the https in e1000e" or would that only work with the HTTPS enabled OVMF of groovy?

[1]: https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup
[2]: https://edk2-docs.gitbook.io/getting-started-with-uefi-https-boot-on-edk-ii/introduction

P.S. cross release migration tests still running