Bug 1862851

Summary: Unable to boot vm on vsphere with rhcos-46.82.202007212240-0 where secure boot is enabled
Product: OpenShift Container Platform Reporter: jima
Component: RHCOSAssignee: Micah Abbott <miabbott>
Status: CLOSED ERRATA QA Contact: Michael Nguyen <mnguyen>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: bbreard, imcleod, jima, jligon, miabbott, nstielau, smilner, walters
Target Milestone: ---Keywords: Reopened
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:22:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screenshot of error when booting vm
none
new error none

Description jima 2020-08-03 03:24:25 UTC 
Created attachment 1703221 [details]
screenshot of error when booting vm

Description of problem:
Install ocp4.6 with template rhcos-46.82.202007212240-0 on vsphere, where secure boot is enabled.
VM could not be booted, and error from console is shown that vmlinuz-4.18.0-211.el8.x86_64 has invalid signature. 
Please find captured screenshot from console in attachment.

Version-Release number of selected component (if applicable):
rhcos-46.82.202007212240-0

How reproducible:
Always after enabling secure boot on vsphere

Steps to Reproduce:
1. Install ocp4.6 with template rhcos-46.82.202007212240-0
2.
3.

Actual results:
VM could not boot up

Expected results:
VM can be started successfully

Additional info:
Comment 1 Colin Walters 2020-08-03 13:05:56 UTC 

*** This bug has been marked as a duplicate of bug 1857238 ***
Comment 2 Colin Walters 2020-08-03 13:06:46 UTC 
Oops sorry that one was closed, let's keep this one then as a tracker.
Comment 4 Micah Abbott 2020-09-09 20:16:15 UTC 
A new kernel (4.18.0-193.19.1.el8_2) was finally included in RHCOS 46.82.202009091306-0.  This should allow UEFI Secure Boot to succeed.
Comment 7 jima 2020-09-10 09:32:25 UTC 
I verified the bug with rhcos-46.82.202009091306-0 on vsphere, not hit the secure boot issue, but got new issue.
Please see attached screenshot of vm console ouptut.
Comment 8 jima 2020-09-10 09:33:10 UTC 
Created attachment 1714399 [details]
new error
Comment 9 Micah Abbott 2020-09-10 20:31:23 UTC 
@jima Yeah, that's a separate issue for sure.  Could you please mark this issue as VERIFIED and open a separate issue for the new error?
Comment 10 Colin Walters 2020-09-10 20:41:44 UTC 
I filed https://github.com/lucab/vmw_backdoor-rs/issues/6
Comment 11 jima 2020-09-11 02:49:33 UTC 
@Micah & @Colin, I filed Bug 1877995 to track the new issue, and set this to VERIFIED.
Comment 13 errata-xmlrpc 2020-10-27 16:22:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196