* Extra Test: HTTPS boot a uEFI guest with the efi roms from ipxe-qemu
with old/new ipxe-qmeu code. This shall ensure that OVMF can really take
over as-is or if we need bug 1883114 before we can do so.
Details TBD when I'm doing these tests
I created a q35 guest in libvirt without a disk and set it to run in uEFI mode via OVMF.
Starting that without further setup runs into an EFI loader that can't find anything to boot.
Start PXE over IPv4
...
Not Found
Start HTTP Boot over IPv4
...
Not Found
-> into interactive boot-failed menu
As I mentioned before in comment #26 Focals EDK2 didn't have HTTPS enabled yet, only in Groovy.
Therefure using the OVMF of groovy and the ipxe-qemu package from Focal-proposed I set up a test.
We can see that in this OVMF build the OVMF device manager has the option to enroll TLScerts. But TBH I haven't ever used this setup to then HTTPS boot through EFI/OVMF.
I found [1] but before going through all the lengths to set this up I wonder for further regression testing I wonder if there at all was a way to get HTTPS boot working in EFI mode with:
a) https enabled /usr/lib/ipxe/qemu/efi-e1000e.rom
b) not https enabled /usr/share/OVMF/OVMF_CODE.fd
I'm a bit lost in all the rom/boot/https/loader options.
I beg your pardon but @Lazlo do you know if above mentioned way existed and might - now that we take https away from (a) - be regressing?
If so which way would this need to be set up to be tested?
Is [1][2] a proper way to exercise this in Focal "using the https in e1000e" or would that only work with the HTTPS enabled OVMF of groovy?
Test #3:
* Extra Test: HTTPS boot a uEFI guest with the efi roms from ipxe-qemu
with old/new ipxe-qmeu code. This shall ensure that OVMF can really take
over as-is or if we need bug 1883114 before we can do so.
Details TBD when I'm doing these tests
I created a q35 guest in libvirt without a disk and set it to run in uEFI mode via OVMF.
Starting that without further setup runs into an EFI loader that can't find anything to boot.
Start PXE over IPv4
...
Not Found
Start HTTP Boot over IPv4
...
Not Found
-> into interactive boot-failed menu
As I mentioned before in comment #26 Focals EDK2 didn't have HTTPS enabled yet, only in Groovy.
Therefure using the OVMF of groovy and the ipxe-qemu package from Focal-proposed I set up a test.
$ cp ovmf-groovy/ usr/share/ OVMF/OVMF_ VARS.fd test-vars.fd format= raw,readonly, file=/home/ ubuntu/ ovmf-groovy/ usr/share/ OVMF/OVMF_ CODE.fd -drive if=pflash, format= raw,file= test-vars. fd -monitor stdio
$ qemu-system-x86_64 -enable-kvm -drive if=pflash,
We can see that in this OVMF build the OVMF device manager has the option to enroll TLScerts. But TBH I haven't ever used this setup to then HTTPS boot through EFI/OVMF.
I found [1] but before going through all the lengths to set this up I wonder for further regression testing I wonder if there at all was a way to get HTTPS boot working in EFI mode with: ipxe/qemu/ efi-e1000e. rom OVMF/OVMF_ CODE.fd
a) https enabled /usr/lib/
b) not https enabled /usr/share/
I'm a bit lost in all the rom/boot/ https/loader options.
I beg your pardon but @Lazlo do you know if above mentioned way existed and might - now that we take https away from (a) - be regressing?
If so which way would this need to be set up to be tested?
Is [1][2] a proper way to exercise this in Focal "using the https in e1000e" or would that only work with the HTTPS enabled OVMF of groovy?
[1]: https:/ /en.opensuse. org/UEFI_ HTTPBoot_ Server_ Setup /edk2-docs. gitbook. io/getting- started- with-uefi- https-boot- on-edk- ii/introduction
[2]: https:/
P.S. cross release migration tests still running