Comment 33 for bug 1882671
Revision history for this message
| Laszlo Ersek (Red Hat) (lersek) wrote | #33 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hello Christian,
For *some* form of UEFI HTTPS boot, you have to enable *at least one* of
the {edk2, iPXE} HTTPS stacks. I'm unfamiliar with the Ubuntu releases,
but my understanding is the following:
Ubuntu release edk2 HTTPS enabled iPXE HTTPS enabled iPXE TPL regression
-------------- ------------------ ------------------ -------------------
Bionic no <don't know> no
Focal no yes yes
Groovy yes (bug 1883114) no (this bug) masked (this bug)
In Groovy, you can work around the iPXE TPL regression by disabling the
iPXE HTTPS stack (i.e., in the efi-e1000e option ROM). Because, you can
effectively "replace" it with the edk2 HTTPS stack in the platform
firmware (in the OVMF binary), per bug 1883114.
In Focal, if you do the same to iPXE, you can't fall back to the edk2
HTTPS stack in OVMF -- because bug 1883114 is out of scope for Focal,
AIUI.
However, disabling the iPXE HTTPS stack in Focal would not cause a
regression, in my opinion. That's because in Focal you can't boot the
"OVMF + efi-e1000e" combination *at all* -- you don't get far enough in
the boot process to even *attempt* HTTPS boot (or a boot from another
kind of media, for that matter).
Thus in Focal, no form of *UEFI boot* (HTTPS or otherwise) has ever
worked, so there's nothing to regress by disabling the iPXE HTTPS stack
in "efi-e1000e.rom".