Public bug reported:
When edk2 was updated to 2025.11-3ubuntu6, the debian/rules was changed
such that `NO_STRICTNX_COMMON_FLAGS` was removed from
`AAVMF_SECBOOT_FLAGS`.
When trying to bring this new version
(2025.02-8ubuntu3->2025.11-3ubuntu6) in the LXD snap, I noticed that
arm64 VM no longer boot with SecureBoot enabled:
```
# lxc start v1 --console
BdsDxe: loading Boot0002 "UEFI QEMU QEMU HARDDISK " from
PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
BdsDxe: starting Boot0002 "UEFI QEMU QEMU HARDDISK " from
PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x1)
Synchronous Exception at 0x000000007DC04B98
Synchronous Exception at 0x000000007DC04B98
```
I suspect that reintroducing `NO_STRICTNX_COMMON_FLAGS` would fix the
problem:
```
-AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) -DBUILD_SHELL=FALSE
-DSECURE_BOOT_ENABLE=TRUE
+AAVMF_SECBOOT_FLAGS = $(AAVMF_COMMON_FLAGS) $(NO_STRICTNX_COMMON_FLAGS)
-DBUILD_SHELL=FALSE -DSECURE_BOOT_ENABLE=TRUE
```
** Affects: edk2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2145095
Title:
Please reintroduce PcdUninstallMemAttrProtocol=TRUE for arm64 build
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2145095/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
