Comment 26 for bug 1882671

I have prepared a merge proposals and PPA test builds for Focal/Eoan
E-MP => https://code.launchpad.net/~paelzer/ubuntu/+source/ipxe/+git/ipxe/+merge/386647
E-PPA => https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4126/+packages
F-MP => https://code.launchpad.net/~paelzer/ubuntu/+source/ipxe/+git/ipxe/+merge/386648
F-PPA => https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4127/+packages

For Eoan/Focal we need to be sure that the OVMF builds from edk2 can really take over the HTTPS functionality. Because edk2 itself for Debian/Ubuntu only got enabled later in >=Groovy:

  edk2 (2020.05-2) unstable; urgency=medium
      * Enable https boot support, thanks to Dimitri John Ledkov. LP: #1883114.

This comes down to:
-COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE -DSECURE_BOOT_ENABLE=TRUE
+COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE -DNETWORK_TLS_ENABLE -DSECURE_BOOT_ENABLE=TRUE

Therefore once we drop HTTPS from the ipxe-qemu combined efi roms expecting that OVMF will take over this we need to ensure this can work without above enabling being available in Eoan/Focal as well.

/me looks for a good way to verify that as I'm unsure if the test mentioned in bug 1883114 will really proved what we need in regard to dropping https here. Maybe an actual OVMF boot via HTTPS should be set up. If there are suggestions for a good way to test that this OVMF-HTTPS-takeover works as expected I'm open to them.

If it turns out that we need to enable it in edk2/ovmf before we can go on in ipxe/ipxe-qemu we we can upload ipxe-qemu with a versioned BREAKS to the older ovmf package (to avoid https is dropped in 'ipxe-qemu', but not yet enabled in the 'ovmf'). But if needed backporting bug 1883114 becomes a pre-req to SRU this bug here.