[REGRESSION] ppc64el grub in bionic may be auto-generating MAC address instead of using the assigned to the VM.

I have reverted the OpenFirmware PPC64EL bootloader in lp:maas-images to Xenial while this is debugged.

I ran qemu (in cosmic) with a cloud image and

 -device virtio-net-pci,netdev=mynet,mac=$mymac -netdev user,id=mynet

and loaded the ofnet module. I then listed the network cards and the mac address was correctly recognized.

I have not figured out how to PXE boot it yet, so net_default_mac was empty.

But this experience leads me to believe that there are multiple interfaces and it might be looking at the wrong one. There does not seem to be any code in grub to generate random mac addresses.

Reproduced:

(1) grub-mknetdir --net-directory=$dir
(2) qemu-system-ppc64le -device virtio-net-pci,netdev=mynet,mac=$mac -netdev user,id=mynet,tftp=$dir,bootfile=boot/grub/powerpc-ieee1275/core.elf

grub loads successfully via tftp.

Observations:

(1) net_ls_cards shows "ofnet_net $mac", so correctly recognizes the mac address.
(2) net_default_interface = ofnet_net
(3) net_default_mac and net_ofnet_net_mac are different

Running net_ls_addr shows two ofnet_net, one with the correct MAC and IP address, and one with the fake MAC and "Unknown address type 31"

This is the culprit:

https://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/net?id=9585647a25b65f98db6bd22c569b34795512f046

Removing the parser for bootpath gets rid of the broken additional interface. I expect that checking the return value of grub_ieee1275_get_property() when querying the mac also fixes it, and will investigate that shortly (as it seems the bootpath contains IP addresses, but not MAC addresses).

It turned out to be uninitialized local variables. Patch sent upstream.

https://lists.gnu.org/archive/html/grub-devel/2018-08/msg00073.html

Merge proposal for packaging branch:

https://code.launchpad.net/~juliank/grub/+git/ubuntu/+merge/353662

This bug was fixed in the package grub2 - 2.02+dfsg1-5ubuntu1

---------------
grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium

  [ Mathieu Trudel-Lapierre]
  * Merge against Debian unstable; remaining changes:
    - debian/control: Update Vcs fields for code location on Ubuntu.
    - debian/control: Breaks shim (<< 13).
    - Secure Boot support: use newer patchset from rhboot repo:
      - many linuxefi_* patches added and modified
      - dropped debian/patches/linuxefi_require_shim.patch
      - renamed: debian/patches/no_insmod_on_sb.patch ->
        debian/patches/linuxefi_no_insmod_on_sb.patch
    - debian/patches/install_signed.patch, grub-install-extra-removable.patch:
      - Make sure if we install shim; it should also be exported as the default
        bootloader to install later to a removable path, if we do.
      - Rework grub-install-extra-removable.patch to reverse its logic: in the
        default case, install the bootloader to /EFI/BOOT, unless we're trying
        to install on a removable device, or explicitly telling grub *not* to
        do it.
      - Move installing fb$arch.efi to --no-extra-removable; as we don't want
        fallback to be installed unless we're also installing to /EFI/BOOT.
        (LP: #1684341)
      - Install a BOOT.CSV for fallback to use.
      - Make sure postinst and templates know about the replacement of
        --force-extra-removable with --no-extra-removable.
    - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
      --auto-nvram option to grub-install for auto-detecting NVRAM availability
      before attempting NVRAM updates.
    - debian/build-efi-images: provide a new grub EFI image which enforces that
      loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
      the same as grub$arch.efi minus the 'linux' module. Without fallback to
      'linux' for unsigned loading, this makes it effectively enforce having a
      signed kernel. (LP: #1401532)
    - Verify that the current and newer kernels are signed when grub is
      updated, to make sure people do not accidentally shutdown without a
      signed kernel.
    - debian/default/grub: replace GRUB_HIDDEN_* variables with the less
      confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597)
    - debian/patches/support_initrd-less_boot.patch: Added knobs to allow
      non-initrd boot config. (LP: #1640878)
    - Disable os-prober for ppc64el on the PowerNV platform, to reduce the
      number of entries/clutter from other OSes in Petitboot (LP: #1447500)
    - debian/patches/shorter_version_info.patch: Only show the upstream version
      in menu and console, and hide the package one in a package_version
      variable. (LP: #1723434)
    - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
      'text' payload if it's not supported but present in gfxpayload, such as
      on EFI systems. (LP: #1711452)
    - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
      fizes as block sizes in bufio: this avoids potentially seeking back in
      the files unnecessarily, which may require re-open files that cannot be
      seeked into, such as via...

Hello Andres, or anyone else affected,

Accepted grub2 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

old package (2.02-2ubuntu8.3) is bad:

grub> net_ls_cards
ofnet_net a1:b2:c3:d4:e5:f6
grub> net_ls_addr
ofnet_net a1:b2:c3:d4:e5:f6 10.0.2.15
ofnet_net 1f:ff:c1:20:1d:c5 Unknown address type 31
grub> echo $net_default_mac
1f:ff:c1:20:1d:c5

new package (2.02-2ubuntu8.3) is good:
grub> net_ls_cards
ofnet_net a1:b2:c3:d4:e5:f6
grub> net_ls_addr
ofnet_net a1:b2:c3:d4:e5:f6 10.0.2.15
grub> echo $net_default_mac
a1:b2:c3:d4:e5:f6

oops, I obviously meant:

new package (2.02-2ubuntu8.4) is good:
                           ^

not 8.3

Installing the grub packages for this bug from the bionic-proposed repository removes grub-efi-amd64-signed and shim-signed. The removal of shim-signed seems to stop DKMS modules from being signed.

Start-Date: 2018-08-29 12:49:47
Commandline: apt dist-upgrade
Requested-By: nh (1000)
Upgrade: grub-common:amd64 (2.02-2ubuntu8.1, 2.02-2ubuntu8.4), grub2-common:amd64 (2.02-2ubuntu8.1, 2.02-2ubuntu8.4), grub-efi-amd64-bin:amd64 (2.02-2ubuntu8.1, 2.02-2ubuntu8.4), grub-efi-amd64:amd64 (2.02-2ubuntu8.1, 2.02-2ubuntu8.4)
Remove: shim-signed:amd64 (1.34.9.2+13-0ubuntu2), grub-efi-amd64-signed:amd64 (1.93.1+2.02-2ubuntu8.1)
End-Date: 2018-08-29 12:50:23

Downgrading to version 8.3 allows shim-signed to be reinstalled, and DKMS modules have signatures again.

> sudo apt install grub-common=2.02-2ubuntu8.3 grub2-common=2.02-2ubuntu8.3 grub-efi-amd64-bin=2.02-2ubuntu8.3 grub-efi-amd64=2.02-2ubuntu8.3 shim-signed=1.34.9.2+13-0ubuntu2 grub-efi-amd64-signed=1.93.4+2.02-2ubuntu8.3

Yes, there needs to be a rebuild of grub-signed too before it can be released.

Hello Andres, or anyone else affected,

Accepted grub2-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.93.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Marking back as verified, as that upload of -signed was just for the signatures, thus does not invalidate the testing done with the unsigned one before.

When this will be released, we need to be careful to release both at the same time :)

The verification of the Stable Release Update for grub2 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package grub2-signed - 1.93.5

---------------
grub2-signed (1.93.5) bionic; urgency=medium

  * Rebuild against grub2 2.02-2ubuntu8.4 (LP: #1785859)

 -- Julian Andres Klode <email address hidden> Thu, 30 Aug 2018 16:22:15 +0200

This bug was fixed in the package grub2 - 2.02-2ubuntu8.4

---------------
grub2 (2.02-2ubuntu8.4) bionic; urgency=medium

  * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
    structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859)

 -- Julian Andres Klode <email address hidden> Thu, 23 Aug 2018 21:29:46 +0200