Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37736

OKD, vSphere fails after pivot with secure boot enabled

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, due to an EFI Secure Boot failure in the SCOS, when the FCOS pivoted to the SCOS the virtual machine (VM) failed to boot. With this release, the Secure Boot is disabled only when the Secure Boot is enabled in the `coreos.ovf ` configuration file, and the issue is resolved (link:https://issues.redhat.com/browse/OCPBUGS-37736[*OCPBUGS-37736*])
      Show
      * Previously, due to an EFI Secure Boot failure in the SCOS, when the FCOS pivoted to the SCOS the virtual machine (VM) failed to boot. With this release, the Secure Boot is disabled only when the Secure Boot is enabled in the `coreos.ovf ` configuration file, and the issue is resolved (link: https://issues.redhat.com/browse/OCPBUGS-37736 [* OCPBUGS-37736 *])
    • Bug Fix
    • Done

      Modify the import to strip or change the bootOptions.efiSecureBootEnabled

      https://redhat-internal.slack.com/archives/CLKF3H5RS/p1722368792144319

      archive := &importx.ArchiveFlag{Archive: &importx.TapeArchive{Path: cachedImage}}

      ovfDescriptor, err := archive.ReadOvf("*.ovf")
      if err != nil {
      // Open the corrupt OVA file
      f, ferr := os.Open(cachedImage)
      if ferr != nil

      { err = fmt.Errorf("%s, %w", err.Error(), ferr) }

      defer f.Close()

      // Get a sha256 on the corrupt OVA file
      // and the size of the file
      h := sha256.New()
      written, cerr := io.Copy(h, f)
      if cerr != nil

      { err = fmt.Errorf("%s, %w", err.Error(), cerr) }

      return fmt.Errorf("ova %s has a sha256 of %x and a size of %d bytes, failed to read the ovf descriptor %w", cachedImage, h.Sum(nil), written, err)
      }

      ovfEnvelope, err := archive.ReadEnvelope(ovfDescriptor)
      if err != nil

      { return fmt.Errorf("failed to parse ovf: %w", err) }

              jcallen@redhat.com Joseph Callen
              jcallen@redhat.com Joseph Callen
              Wenxin Wei Wenxin Wei
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: