Ubuntu
nullboot package

Nullboot installation fails if no TPM is present

Bug #1993256 reported by Gauthier Jolly
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nullboot (Ubuntu)
New
Undecided
Unassigned

Bug Description

To migrate from a non-CVM system to a CVM environment, users should be able to install nullboot to only configure the BOOTX64.CSV.
Use case:
 * boot a non-CVM Ubuntu VM on Azure
 * remove kernel and grub
 * install nullboot <- THIS FAILS
 * Create a disk from this VM
 * Register the image/disk to an Image Gallery supporting CVM
 * Provision a new Confidential VM out of the registered disk (sealing and encryption will happen at this point)
 * On first boot he firmware will insert the CSV entry in the BootX variables and reset to boot normally

For this to work, the postinstall script should run "nullbootctl --no-tpm --no-efivars" instead of just "nullbootctl'

Tags: patch
Revision history for this message
Gauthier Jolly (gjolly) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "patch.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Julian Andres Klode (juliank) wrote :

I do not believe that the suggested approach is good enough. If the root disk has been encrypted already and we accidentally deleted the TPM device, installation should fail otherwise the machine becomes unbootable.

The only time a missing TPM is non-fatal is when the root device is not yet encrypted. It would be best if nullboot could check if the device is indeed encrypted, and if not, set a flag to make missing TPM non-fatal.

I think the boot variables should still be update-able, too?

Revision history for this message
Gauthier Jolly (gjolly) wrote : Re: [Bug 1993256] Re: Nullboot installation fails if no TPM is present

> I do not believe that the suggested approach is good enough. If the root
> disk has been encrypted already and we accidentally deleted the TPM
> device, installation should fail otherwise the machine becomes
> unbootable.
>
> The only time a missing TPM is non-fatal is when the root device is not
> yet encrypted. It would be best if nullboot could check if the device is
> indeed encrypted, and if not, set a flag to make missing TPM non-fatal.

@Chris Coulson how would you do that? Maybe checking "cryptsetup
status" on the rootfs device is good enough?

> I think the boot variables should still be update-able, too?

Indeed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.