Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-58631

[Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.6
    • rhel-8.10.z, rhel-9.2.0.z, rhel-9.4.z, rhel-9.5.z, rhel-9.6, rhel-10.0.beta, rhel-10.0
    • edk2
    • edk2-20240524-10.el9
    • Yes
    • Important
    • 1
    • rhel-sst-virt-firmware
    • rhel-sst-virt-firmware
    • ssg_virtualization
    • 8
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • Virt Firmware Sprint 1 - Dec24
    • Bug Fix
    • Hide
      .Network boot for VMs now works correctly without an RNG device

      Previously, when a virtual machine (VM) did not have an RNG device configured and its CPU model did not support the RDRAND feature, it was not possible to boot the VM from the network. With this update, the problem has been fixed, and VMs that do not support RDRAND can boot from the network even without an RNG device configured.

      Note, however, that to increase security when booting from the network, adding an RNG device is highly encouraged for VMs that use a CPU model that does not support RDRAND.
      Show
      .Network boot for VMs now works correctly without an RNG device Previously, when a virtual machine (VM) did not have an RNG device configured and its CPU model did not support the RDRAND feature, it was not possible to boot the VM from the network. With this update, the problem has been fixed, and VMs that do not support RDRAND can boot from the network even without an RNG device configured. Note, however, that to increase security when booting from the network, adding an RNG device is highly encouraged for VMs that use a CPU model that does not support RDRAND.
    • Done
    • All
    • None

      What were you trying to do that didn't work?

      HTTP boot worked fine in edk2-ovmf-20231122-6.el9.noarch but no longer seems to be working in edk2-ovmf-20231122-6.el9_4.2 and greater. 

      What is the impact of this issue to you?

      High - Can no longer deploy VMs using HTTP Boot - blocking migrations off of RHEL 7

      Please provide the package NVR for which the bug is seen:

      edk2-ovmf-20231122-6.el9_4.2

      How reproducible is this bug?:

      Every time

      Steps to reproduce

      1. Create a VM that uses UEFI boot firmware (not BIOS boot firmware), and make sure the VM definition includes a network interface and has network boot enabled.
      2. Boot the VM and note that UEFI does not attempt PXE or HTTP boot (for edk2-ovmf-20231122-6.el9_4.3.noarch), or attempts PXE but does not attempt HTTP (for edk2-ovmf-20231122-6.el9_4.2.noarch)
      3. Boot the VM and enter either the UEFI shell or the UEFI graphical configuration tool.  Note that you should see options for PXE or HTTP boot, but they are missing for edk2-ovmf-20231122-6.el9_4.2 and greater

      Expected results

       

      Actual results

      1. Boot the VM and note that UEFI does not attempt PXE or HTTP boot (for edk2-ovmf-20231122-6.el9_4.3.noarch), or attempts PXE but does not attempt HTTP (for edk2-ovmf-20231122-6.el9_4.2.noarch)
      2. Boot the VM and enter either the UEFI shell or the UEFI graphical configuration tool.  Note that you should see options for PXE or HTTP boot, but they are missing for edk2-ovmf-20231122-6.el9_4.2 and greater

        1. bcfg_boot_dump_1.png
          bcfg_boot_dump_1.png
          19 kB
        2. boot_manager_memu.png
          boot_manager_memu.png
          9 kB
        3. new-cpu_without-rng.sh
          4 kB
        4. new-cpu_with-rng.sh
          4 kB
        5. old-cpu_with_fallback-rng.sh
          4 kB
        6. old-cpu_with_virtio-rng_one_serial-port.sh
          4 kB
        7. old-cpu_with_virtio-rng.sh
          4 kB
        8. PXE-client-boot_rhel9_rng.sh
          5 kB
        9. PXE-client-boot_rhel9.sh
          4 kB

              osteffen@redhat.com Oliver Steffen
              rhn-support-rknipp Robert Knipp
              virt-maint virt-maint
              Xueqiang Wei Xueqiang Wei
              Jiří Herrmann Jiří Herrmann
              Votes:
              0 Vote for this issue
              Watchers:
              23 Start watching this issue

                Created:
                Updated:
                Resolved: