Bug 2193004
| Summary: | SecureBoot is always enabled for UEFI VMs | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Guohua Ouyang <gouyang> |
| Component: | Virtualization | Assignee: | Barak <bmordeha> |
| Status: | CLOSED NOTABUG | QA Contact: | Kedar Bidarkar <kbidarka> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.12.5 | CC: | acardace, gouyang, gveitmic, hstastna, jlejosne, sgott |
| Target Milestone: | --- | ||
| Target Release: | 4.14.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 2181920 | Environment: | |
| Last Closed: | 2023-07-17 13:08:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2181920 | ||
| Bug Blocks: | |||
|
Comment 1
Guohua Ouyang
2023-05-03 23:40:24 UTC
This is by design, as we picked the secure-by-default approach. Either way, changing the default value now would silently disable a security feature on existing VMs. > This is by design, as we picked the secure-by-default approach.
> Either way, changing the default value now would silently disable a security feature on existing VMs.
I agree i think that the current behavior is the right one.
In the original bug BZ2181920 (Verified state), it appears the UI was already fixed to properly understand "efi: {}" as secureboot enabled. So discussing the backend change at this point may not be necessary for the user to have a working system. Closing this based on the last few comments. |