Performing verification for edk2 on questing. Mate Kukri has coded all verification steps in autopkgtests, for the edk2/2025.02-8ubuntu3.2 version in -proposed:
amd64: pass. https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/amd64/e/edk2/20260605_130512_dc430@/log.gz arm64: pass. https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/arm64/e/edk2/20260612_051811_8f193@/log.gz If you want to grep, scroll to the bottom and look at: test_aavmf_secvar_update_appends_2023_certs (__main__.SecvarUpdateTest.test_aavmf_secvar_update_appends_2023_certs) and test_ovmf_secvar_update_appends_2023_certs (__main__.SecvarUpdateTest.test_ovmf_secvar_update_appends_2023_certs) and test_ovmf_secvar_update_version_guard (__main__.SecvarUpdateTest.test_ovmf_secvar_update_version_guard) Manual testing: I started a questing VM. Install a full KVM stack: $ sudo apt-get install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils $ sudo reboot The edk2 version in -updates is: $ apt-cache policy ovmf ovmf: Installed: 2025.02-8ubuntu3.1 Candidate: 2025.02-8ubuntu3.1 Version table: *** 2025.02-8ubuntu3.1 500 500 http://archive.ubuntu.com/ubuntu questing-updates/main amd64 Packages In virt-manager on the host, select: File > Add Connection... Configure the settings as follows: Hypervisor: QEMU/KVM Connection: Check the box for "Connect to remote host over SSH" Username: ubuntu Hostname: IP address of the VM Click Connect. Create a VM, make sure to use the remote libvirt connect. Select "Manual install". Select "Ubuntu Questing". Deselect "Enable storage for this VM". Select "Customize configuration before install". Click Finish. Under "Overview" select "Chipset: Q35". "Firmware: UEFI x86_64: /usr/share/OVMF/OVMF_CODE_4M.ms.fd" Click Apply. Click Begin Installation. Boot the VM. Press the 'esc' key once during boot./;''''''/ If your mouse gets stuck, press ctrl-alt-l. In the menu, select: "Device Manager" > "Secure Boot Configuration" > "Secure Boot Mode". Change <Standard Mode> to <Custom Mode>. Select "Custom Secure Boot Options". KEK: Select "KEK Options" > "Delete KEK". Scroll through the options. There will be: - CM = Ubuntu OVMF Secure Boot (PK/KEK key) - CM = Microsoft Corportate KEK CA 2011 DB: Select "DB Options" > "Delete Signature". Scroll through the options. There will be: - CM = Microsoft Windows Production PCA 2011 - CM = Microsoft Corportation UEFI CA 2011 Next, on the host system, enable -proposed and install edk2. $ apt-cache policy ovmf ovmf: Installed: 2025.02-8ubuntu3.2 Candidate: 2025.02-8ubuntu3.2 Version table: *** 2025.02-8ubuntu3.2 100 100 http://archive.ubuntu.com/ubuntu questing-proposed/main amd64 Packages 100 /var/lib/dpkg/status Repeat the steps. In the menu, select: "Device Manager" > "Secure Boot Configuration" > "Secure Boot Mode". Change <Standard Mode> to <Custom Mode>. Select "Custom Secure Boot Options". KEK: Select "KEK Options" > "Delete KEK". Scroll through the options. There will be: - CM = Ubuntu OVMF Secure Boot (PK/KEK key) - CM = Microsoft Corportate KEK CA 2011 - CM = Microsoft Corporation KEK 2K CA 2023 <<<<<<<< NEW DB: Select "DB Options" > "Delete Signature". Scroll through the options. There will be: - CM = Microsoft Windows Production PCA 2011 - CM = Microsoft Corportation UEFI CA 2011 - CM = Windows UEFI CA 2023 <<<<<<<< NEW - CM = Microsoft UEFI CA 2023 <<<<<<<< NEW - CM = Microsoft Option ROM UEFI CA 2023 <<<<<<<< NEW Everything looks good to me. Marking verified for questing. ** Tags removed: verification-needed-questing ** Tags added: verification-done-questing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2146560 Title: [FFe + SRU] edk2: Introduce FirmwareSecvarUpdater for MS 2023 CA rollout To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2146560/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
