puppet-ironic

Grub EFI binaries need to be copied to enable network boot

Bug #1975543 reported by Steve Baker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-ironic
Fix Released
Medium
Steve Baker

Bug Description

Currently uefi_pxe_bootfile_name defaults to bootx86.efi, but puppet
doesn't copy any file to this location. This leaves UEFI boot with the pxe boot driver non-functional.

If uefi_pxe_bootfile_name pointed to the grub shim EFI binary, and the grub EFI was also copied to the TFTP root directory then UEFI boot with the pxe boot driver could result in a Secure Boot capable grub network boot.

OpenStack Infra (hudson-openstack)
Changed in puppet-ironic:
status: New → In Progress
Takashi Kajinami (kajinamit)
Changed in puppet-ironic:
importance: Undecided → Medium
assignee: nobody → Steve Baker (steve-stevebaker)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-ironic (master)

Reviewed: https://review.opendev.org/c/openstack/puppet-ironic/+/842034
Committed: https://opendev.org/openstack/puppet-ironic/commit/4863a485cd7405f6bca9011a9694dd385d170049
Submitter: "Zuul (22348)"
Branch: master

commit 4863a485cd7405f6bca9011a9694dd385d170049
Author: Steve Baker <email address hidden>
Date: Tue May 17 17:35:27 2022 +1200

    Copy shim and grub efi binaries to tftp root

    Currently uefi_pxe_bootfile_name defaults to bootx86.efi, but puppet
    doesn't copy any file to this location. This change copies the signed
    grub shim efi to tftp root bootx86.efi, and also the signed grub
    binary to grubx64.efi.

    This means UEFI boot with PXE will now work by default by doing a grub
    network boot instead of using iPXE. And since all EFI binaries are
    signed, it should even be possible to enable Secure Boot for the whole
    baremetal provisioning process.

    Change-Id: I59850eca971d57464efe85ffea723f19f9855353
    Closes-Bug: #1975543

Changed in puppet-ironic:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-ironic 21.0.0

This issue was fixed in the openstack/puppet-ironic 21.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-ironic (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/puppet-ironic/+/879087

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-ironic (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/puppet-ironic/+/879233

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-ironic (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/puppet-ironic/+/879234

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-ironic 19.5.0

This issue was fixed in the openstack/puppet-ironic 19.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-ironic 20.4.0

This issue was fixed in the openstack/puppet-ironic 20.4.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.