Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-54593

Duplicate "redhat" EFI entry in openshift 4.18

XMLWordPrintable

    • Yes
    • False
    • Hide

      None

      Show
      None
    • Hide
      Using the Disk encryption with PCR 1 and 7 protection will fail to run on certain hardware (HP) that automatically create default EFI entries based on the content of the BOOTX64.CSV. The extra entry created on boot invalidates the server attestation via PCR1 (EFI variables).
      Show
      Using the Disk encryption with PCR 1 and 7 protection will fail to run on certain hardware (HP) that automatically create default EFI entries based on the content of the BOOTX64.CSV. The extra entry created on boot invalidates the server attestation via PCR1 (EFI variables).
    • Known Issue
    • In Progress

      Description of problem:
      Version-Release number of selected component (if applicable):

      How reproducible: Always
      Steps to Reproduce:
      1. Install openshift with ZTP / Assisted installer
      Actual results:
      Two EFI entries are created. The system boots alternatively from each entries, changing TPM PCR1:

      	sudo efibootmgsudo efibootmgr -v
	BootCurrent: 0010
	Timeout: 0 seconds
	BootOrder: 001A,001B,000E,0011,0014,0013,0012,000F,0010,0016,0019,0018,0017,0000,0001,0002,0003,0004,0005,0006,0007,0008,0009,000A,000B,000C,000D
	Boot0000* System Utilities	FvVol(cdbb7b35-6833-4ed6-9ab2-57d2acddf6f0)/FvFile(1fd631e5-44e0-2f91-10ab-f88f3568ef30)
...
	Boot001A* redhat	HD(2,GPT,6521b388-933d-584d-9e5a-7d809b1bb5e0,0x1000,0x3f800)/File(\EFI\redhat\shimx64.efi)
	Boot001B* Red Hat Enterprise Linux	HD(2,GPT,6521b388-933d-584d-9e5a-7d809b1bb5e0,0x1000,0x3f800)/File(\EFI\redhat\shimx64.efi)

      Expected results:
      Only one EFI entry should be created : "Red Hat Enterprise Linux"

              oourfali Oved Ourfali
              deliedit@redhat.com David Elie-Dit-Cosaque
              Akash Gopalakrishnan Akash Gopalakrishnan
              HPE Confidential Group
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: