Enabling secure boot support on the generic / generic-cloud images

To: debian-cloud@lists.debian.org
Subject: Enabling secure boot support on the generic / generic-cloud images
From: Thomas Goirand <zigo@debian.org>
Date: Thu, 8 Dec 2022 11:12:28 +0100
Message-id: <[🔎] 175e2001-9418-6d77-7f8e-4b63a667f190@debian.org>

Hi,

As you may know, OpenStack has out-of-the-box UEFI secure boot support(a bit more details: it needs a few tweaks in the image properties, theovmf package must be installed in the compute nodes, plus the computenode must have the correct "trait" in OpenStack placement).

However, our image doesn't have secure boot support by default if I'mnot mistaking.

What would it take to add such support? Would it be "just" installingshim-signed? I know we're using "grub-cloud", instead of the standardgrub, so I don't really understand what this mean: cat we installgrub-efi-amd64-signed on the image then?


Bastian, I'm sure you have the info, especially concerning grub...

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Enabling secure boot support on the generic / generic-cloud images
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Bug#1025618: cloud-init and firewalld systemd unit files have ordering cycles
Next by Date: Processing of cloud-initramfs-tools_0.18.debian9_amd64.changes
Previous by thread: Re: Next team meeting: 2012-12-14 20:00 UTC
Next by thread: Re: Enabling secure boot support on the generic / generic-cloud images
Index(es):
- Date
- Thread