We are rebuilding the GRUB2 image which invalidates its signature. We actually only need to tell ironic the correct path to put grub.cfg to.
Please, advise how to verify this
Hi! It is verified as part of the secure boot feature verification. First, you need to turn secure boot on. It can be done on bare metal (hardware specific way, check BIOS/UEFI settings) or virtual machines (similar to https://github.com/metal3-io/metal3-dev-env/commit/1241e2954026068fd2e88232178e64e0b8c0c317). Then you need to do a Redfish virtual media deployment. To ensure that secure boot has been enabled, check the kernel logs (e.g. via `dmesg`).
PXE is not expected to work, sorry for not being explicit about it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633