Public bug reported: # Overview
Hirsute and Impish daily builds are currently not booting on Google Confidential Compute. Confidential compute is Google's platform that enables the use of Secure Encrypted Virtualization extension via AMD EPYC CPUs. Booting an image with version 1.45 works, but once upgraded to 1.47, the VM no longer boots, and instead the kernel panics. Launching the image with secure boot, but without confidential compute works as expected. # Expected result The system is able to reboot after the upgrade. # Actual result Kernel panic: https://paste.ubuntu.com/p/mHrvVc6qBc/ # Steps to reproduce Launch a VM in GCE with confidential compute enabled with a serial v20210511a or later and look at the serial log for the kernel panic. Example CLI command to launch a VM: $ gcloud beta compute instances create $USER-confidential-testing --zone =us-west1-b --machine-type=n2d-standard-2 --image=daily-ubuntu-2104 -hirsute-v20210511a --image-project=ubuntu-os-cloud-devel --confidential-compute --maintenance-policy=TERMINATE The last known good working image is daily- ubuntu-2104-hirsute-v20210510. The upgrade that fails is when shim signed is updated from 1.46+15.4-0ubuntu1 to 1.47+15.4-0ubuntu2 # Logs & notes * 20210510 manifest (good): https://paste.ubuntu.com/p/QjnMPcJj7G/ * 20210511a manifest (bad): https://paste.ubuntu.com/p/PvJQwRXHcG/ * diff between manifests: https://paste.ubuntu.com/p/4nJtGxqGn7/ * serial logs of failed boot: https://paste.ubuntu.com/p/mHrvVc6qBc/ ** Affects: shim-signed (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1931254 Title: Google Confidnetial Compute fails to boot with 1.47 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1931254/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
