Cannot boot EFI signed by snakeoil keys with OVMF_VARS_4M.snakeoil.fd
Bug #1986692 reported by
Scott Moser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
edk2 (Ubuntu) |
Fix Released
|
Undecided
|
dann frazier | ||
Jammy |
Fix Released
|
Undecided
|
dann frazier |
Bug Description
[Impact]
The "snakeoil" keys are not properly enrolled in the snakeoil images, making them useless for purpose. These are images preconfigured to trust an included (insecure) key/cert, which is useful for testing boot artifacts in a non-prod Secure Boot environment.
[Test Case]
A regression test has been added as an autopkgtest.
[What Could Go Wrong]
Some refactoring was required to generate these images correctly, and that could impact how keys are enrolled in other images. autopkgtests are in place to verify those - but if those tests were to miss something, we could potentially regress an existing VM boot configuration.
description: | updated |
Changed in edk2 (Ubuntu Jammy): | |
status: | Triaged → In Progress |
assignee: | nobody → dann frazier (dannf) |
description: | updated |
description: | updated |
To post a comment you must log in.
I had made this gist https:/ /gist.github. com/smoser/ 86781865f7191bb b790c74453967f2 8c to document what I was doing before I was certain this was a bug.
I am attaching a tarball of the gist here just for posterity.