Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-82837

The newer revocation file and Server 2025 required to update it [rhel-10.1]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • rhel-10.1
    • rhel-10.0
    • edk2
    • edk2-20250221-1.el10
    • No
    • Critical
    • ZStream
    • 2
    • rhel-virt-confidential-firmware
    • ssg_virtualization
    • 3
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • Virt Firmware Sprint 4 Mar25, Virt Firmware Sprint 5 Apr25
    • Approved Blocker
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • Windows
    • None

      What were you trying to do that didn't work?
      The new https://uefi.org/revocationlistfile present and Server 2025 required to update it.
      This will block the SVVP test on AMD host, the job "Secure Boot Logo Test" always fail with the old revocation file.

      Failed errors as attanched picture.

      Please provide the package NVR for which bug is seen:
      kernel-6.12.0-55.el10.x86_64
      qemu-kvm-9.1.0-15.el10.x86_64
      edk2-ovmf-20241117-2.el10.noarch

      How reproducible:
      100%

      Steps to reproduce
      1.Boot a sut VM up on an AMD host.
      /usr/libexec/qemu-kvm -name SUTAMD1001 -cpu EPYC,hv_stimer,hv_synic,hv_time,hv_vpindex,hv_relaxed,hv_spinlocks=0xfff,hv_vapic,hv_frequencies,hv_runtime,hv_tlbflush,hv_reenlightenment,hv_stimer_direct,hv_ipi,hv_avic,hv_tlbflush_ext,hv-xmm-input,hv-vendor-id=KVMtest -enable-kvm -nodefaults -m 1024G -smp 64,cores=64 -k en-us -boot menu=on -uuid a7afca46-7471-48fe-b758-5ad135805364 -device piix3-usb-uhci,id=usb -device usb-tablet,id=tablet0 -chardev socket,id=charmonitor,path=/tmp/SUTAMD1001,server=on,wait=off -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,clock=host,driftfix=slew -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x3 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x3.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x3.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x3.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x3.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x3.0x6 \
      -blockdev driver=file,cache.direct=off,cache.no-flush=on,filename=SUTAMD1001,node-name=system_file -blockdev driver=qcow2,node-name=drive_system_disk,file=system_file -object iothread,id=thread0 -device virtio-blk-pci,iothread=thread0,drive=drive_system_disk,id=virtio-disk0,bootindex=1,bus=pci.4,disable-legacy=on,disable-modern=off,iommu_platform=on,ats=on \
      -device usb-ehci,id=ehci0,bus=pci.5 \
      -vnc :0 -vga std -monitor stdio \
      -netdev tap,script=/etc/qemu-ifup,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:52:57:45:f4:96,mq=on,bus=pci.2 \
      -blockdev node-name=file_ovmf_code,driver=file,filename=SUTAMD1001_ovmf/OVMF_CODE.secboot.fd,auto-read-only=on,discard=unmap -blockdev node-name=drive_ovmf_code,driver=raw,read-only=on,file=file_ovmf_code -blockdev node-name=file_ovmf_vars,driver=file,filename=SUTAMD1001_ovmf/OVMF_VARS.secboot.fd,auto-read-only=on,discard=unmap -blockdev node-name=drive_ovmf_vars,driver=raw,read-only=off,file=file_ovmf_vars -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars \
      2.Submit the job "Secure Boot Logo Test" through the HLK studio.
      3.Check the test result

      Expected results
      Passed

      Actual results
      Failed

              rhn-engineering-ghoffman Gerd Hoffmann
              rhn-support-phou Peixiu Hou
              virt-maint virt-maint
              Peixiu Hou Peixiu Hou
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: