Hi Corey, While verifying (bionic) ussuri-proposed, I noticed bionic doesn't necessarily need the fix, since its ovmf package does not ship OVMF_CODE.secboot.fd (introduced later, present in focal). Keeping the fix is safe, though, as it is a no-op by default (no functional change), and may be desired to get nova in bionic-ussuri back in sync with focal, after the regression handling for CVE-2023-2088.patch, but I'm not sure of all the details involved. I'll not mark this as verification-done-ussuri yet, in order to wait for your confirmation. Thanks, Mauricio ... Verification on bionic: With ussuri-updates, an uefi server _does_ boot (differently than focal): $ juju ssh nova-compute/0 'dpkg -s nova-compute | grep ^Version:' 2>/dev/null Version: 2:21.2.4-0ubuntu2.2~cloud0 $ openstack image set jammy --property hw_firmware_type=uefi $ openstack server create --image jammy --flavor m1.small --network private test $ juju ssh nova-compute/0 sudo virsh dumpxml instance-00000001 2>&1 | sed -n '//,/<\/os>/p' ... /usr/share/OVMF/OVMF_CODE.fd ... $ openstack console log show test | grep -o 'test login:' test login: This works because the problematic loader (OVMF_CODE.secboot.fd) is not yet available on bionic, only in focal: $ ls -1 /usr/share/OVMF/ OVMF_CODE.fd OVMF_VARS.fd $ dpkg -S /usr/share/OVMF/OVMF_CODE.fd ovmf: /usr/share/OVMF/OVMF_CODE.fd $ dpkg -L ovmf | grep -F .fd /usr/share/OVMF/OVMF_CODE.fd /usr/share/OVMF/OVMF_VARS.fd /usr/share/ovmf/OVMF.fd /usr/share/qemu/OVMF.fd $ lsb_release -cs bionic $ pull-lp-debs ovmf focal $ dpkg-deb -c ovmf_*.deb ... -rw-r--r-- root/root 1966080 2022-11-08 05:40 ./usr/share/OVMF/OVMF_CODE.secboot.fd ... With ussuri-proposed and new option disabled (default), an uefi server still boots (no regression by default): $ juju ssh nova-compute/0 'sudo add-apt-repository --yes "deb http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri main"' $ juju ssh nova-compute/0 'sudo apt install --yes --option=Dpkg::Options::=--force-confnew --option=Dpkg::Options::=--force-confdef nova-compute' $ juju ssh nova-compute/0 'sudo systemctl restart nova-compute.service' 2>/dev/null $ juju ssh nova-compute/0 'dpkg -s nova-compute | grep ^Version:' 2>/dev/null Version: 2:21.2.4-0ubuntu2.6~cloud0 $ openstack server stop test $ openstack server start test $ juju ssh nova-compute/0 sudo virsh dumpxml instance-00000001 2>&1 | sed -n '//,/<\/os>/p' ... /usr/share/OVMF/OVMF_CODE.fd ... $ openstack console log show test | grep -o 'test login:' test login: With ussuri-proposed and the new option enabled (changed), an uefi server still boots (no regression) $ juju config nova-compute config-flags='ubuntu_libvirt_uefi_loader_path=True' $ juju ssh nova-compute/0 sudo grep ubuntu_libvirt_uefi_loader_path /etc/nova/nova.conf 2>/dev/null ubuntu_libvirt_uefi_loader_path = True $ openstack server stop test $ openstack server start test $ juju ssh nova-compute/0 sudo virsh dumpxml instance-00000001 2>&1 | sed -n '//,/<\/os>/p' ... /usr/share/OVMF/OVMF_CODE.fd ... $ openstack console log show test | grep -o 'test login:' test login: