[RFE] Baremetal provisioning using UEFI secure boot mode

Bug #1526755 reported by Vladyslav Drok
4
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ironic
In Progress
Wishlist
Tuan

Bug Description

For the some of the enterprise customers, it is important that all the software components they use are digitally signed.
For such customers, even the deploy image used for provisioning baremetal needs to be signed and provisioning should happen in UEFI secure boot mode wherein the deploy ramdisk gets validated for its digital signatures.

To cater to such customers Ironic, should support baremetal provisioning using UEFI secure boot environment.

Tags: needs-spec rfe
Vladyslav Drok (vdrok)
Changed in ironic:
status: New → Confirmed
importance: Undecided → Wishlist
tags: added: rfe
Revision history for this message
Vladyslav Drok (vdrok) wrote :

Copy of whiteboard:

Gerrit topic: https://review.openstack.org/#q,topic:bp/secure-baremetal-deploy-in-uefi,n,z

Addressed by: https://review.openstack.org/231927
    Baremetal provisioning in UEFI secure boot mode for iLO drivers

Changed in ironic:
assignee: nobody → Shivanand Tendulker (stendulker)
Changed in ironic:
status: Confirmed → In Progress
Revision history for this message
Jim Rollenhagen (jim-rollenhagen) wrote :
tags: added: needs-spece
tags: added: needs-spec
removed: needs-spece
Changed in ironic:
assignee: Shivanand Tendulker (stendulker) → Tuan (tuanla)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on ironic-specs (master)

Change abandoned by Shivanand Tendulker (<email address hidden>) on branch: master
Review: https://review.opendev.org/230274

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on ironic (master)

Change abandoned by Shivanand Tendulker (<email address hidden>) on branch: master
Review: https://review.opendev.org/231927

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.