[Bug 1882671] Re: unbalanced UEFI TPL manipulations in iPXE with DOWNLOAD_PROTO_HTTPS enabled

Wed, 01 Jul 2020 00:01:39 -0700 

I have prepared a merge proposals and PPA test builds for Focal/Eoan
E-MP => 
https://code.launchpad.net/~paelzer/ubuntu/+source/ipxe/+git/ipxe/+merge/386647
E-PPA => 
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4126/+packages
F-MP => 
https://code.launchpad.net/~paelzer/ubuntu/+source/ipxe/+git/ipxe/+merge/386648
F-PPA => 
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4127/+packages

For Eoan/Focal we need to be sure that the OVMF builds from edk2 can
really take over the HTTPS functionality. Because edk2 itself for
Debian/Ubuntu only got enabled later in >=Groovy:

  edk2 (2020.05-2) unstable; urgency=medium
      * Enable https boot support, thanks to Dimitri John Ledkov. LP: #1883114.

This comes down to:
-COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE -DSECURE_BOOT_ENABLE=TRUE
+COMMON_FLAGS = -DNETWORK_HTTP_BOOT_ENABLE=TRUE -DNETWORK_TLS_ENABLE 
-DSECURE_BOOT_ENABLE=TRUE

Therefore once we drop HTTPS from the ipxe-qemu combined efi roms
expecting that OVMF will take over this we need to ensure this can work
without above enabling being available in Eoan/Focal as well.

/me looks for a good way to verify that as I'm unsure if the test
mentioned in bug 1883114 will really proved what we need in regard to
dropping https here. Maybe an actual OVMF boot via HTTPS should be set
up. If there are suggestions for a good way to test that this OVMF-
HTTPS-takeover works as expected I'm open to them.

If it turns out that we need to enable it in edk2/ovmf before we can go
on in ipxe/ipxe-qemu we we can upload ipxe-qemu with a versioned BREAKS
to the older ovmf package (to avoid https is dropped in 'ipxe-qemu', but
not yet enabled in the 'ovmf'). But if needed backporting bug 1883114
becomes a pre-req to SRU this bug here.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882671

Title:
  unbalanced UEFI TPL manipulations in iPXE with DOWNLOAD_PROTO_HTTPS
  enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ipxe/+bug/1882671/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to