Switch localboot to chain to the shim
Bug #1787646 reported by
Lee Trager
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Medium
|
Lee Trager | ||
| 2.3 |
Confirmed
|
Medium
|
Unassigned | ||
| 2.4 |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
When MAAS boots a UEFI machine it sends the signed shim which chains to the signed GRUB from MAAS. GRUB from MAAS then chains to the local GRUB. Its possible that the key GRUB from MAAS is signed with a differnt key then the local GRUB is signed with causing a boot failure. This is likely to be the case in the future when multiple distros start rotating their UEFI keys. MAAS should chain to the shim instead of directly to GRUB.
This is currently blocked on LP:1711203
Related branches
~ltrager/maas:chainload_shim
- Andres Rodriguez (community): Approve
- MAAS Lander: Approve
-
Diff: 86 lines (+21/-39)2 files modifiedsrc/provisioningserver/boot/tests/test_uefi_amd64.py (+5/-2)
src/provisioningserver/templates/uefi/config.local.amd64.template (+16/-37)
| Changed in maas: | |
| milestone: | none → 2.5.0 |
Revision history for this message
| Andres Rodriguez (andreserl) wrote | #1 |
| Changed in maas: | |
| status: | Triaged → Incomplete |
| importance: | Critical → High |
| importance: | High → Medium |
| description: | updated |
| Changed in maas: | |
| milestone: | 2.5.0 → 2.5.0rc1 |
| Changed in maas: | |
| status: | Incomplete → Fix Committed |
| assignee: | nobody → Lee Trager (ltrager) |
| Changed in maas: | |
| milestone: | 2.5.0rc1 → 2.5.0beta4 |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
The bug report in the description is incorrect.