Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4391

secureboot of centos 9 stream not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • shim
    • None
    • None
    • sst_desktop_firmware_bootloaders
    • ssg_desktop
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      I can't boot a libvirt VM of the centos 9 stream ISO https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/BaseOS/x86_64/iso/CentOS-Stream-9-20230605.0-x86_64-boot.iso

      It gives me an Access Denied message (see attached screenshot).

      Version-Release number of selected component (if applicable):

      CentOS-Stream-9-20230605.0-x86_64-boot.iso

      I'm using libvirt on my F37 host to launch the ISO.

      How reproducible:

      Always

      Steps to Reproduce:
      1. Download ISO
      2. Start VM and observie Access Denied

      • virt-install --name scos --ram 4048 --vcpus 2 --disk size=20 --network bridge=virbr0 --cdrom /var/b/images/CentOS-Stream-9-20230605.0-x86_64-boot.iso --boot=uefi

      Actual results:

      Access Denied

      Expected results:

      Successful boot.

      Additional info:

      If I disable secureboot by using `--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no` then the instance boots fine.

      The F37 libvirt versions on my host are:

      ```
      [dustymabe@media ~]$ rpm -qa | grep libvirt
      libvirt-libs-8.6.0-5.fc37.x86_64
      libvirt-daemon-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-core-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-network-8.6.0-5.fc37.x86_64
      libvirt-daemon-config-network-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-qemu-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-secret-8.6.0-5.fc37.x86_64
      libvirt-glib-4.0.0-6.fc37.x86_64
      libvirt-client-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-disk-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-gluster-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-iscsi-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-iscsi-direct-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-logical-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-mpath-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-scsi-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-sheepdog-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-zfs-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-interface-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-nodedev-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-nwfilter-8.6.0-5.fc37.x86_64
      python3-libvirt-8.6.0-1.fc37.x86_64
      libvirt-daemon-driver-storage-rbd-8.6.0-5.fc37.x86_64
      libvirt-daemon-driver-storage-8.6.0-5.fc37.x86_64
      libvirt-daemon-kvm-8.6.0-5.fc37.x86_64
      rubygem-ruby-libvirt-0.7.1-16.fc37.x86_64
      rubygem-fog-libvirt-0.8.0-4.fc37.noarch
      vagrant-libvirt-0.7.0-4.fc37.noarch
      libvirt-nss-8.6.0-5.fc37.x86_64
      [dustymabe@media ~]$ rpm -qa | grep ovmf
      edk2-ovmf-20230301gitf80f052277c8-3.fc37.noarch
      ```

            bstinson@redhat.com Brian Stinson
            jira-bugzilla-migration RH Bugzilla Integration
            Brian Stinson Brian Stinson
            Release Test Team Release Test Team
            Votes:
            0 Vote for this issue
            Watchers:
            17 Start watching this issue

              Created:
              Updated: