This bug was initially created as a copy of Bug #2106763 I am copying this bug because: we need a known issue release note for the UEFI Secure Boot feature in the 17.0 release notes. Description of problem: Booting a guest with UEFI Secure boot fails due to SMM boot not enabled: (overcloud) [stack@undercloud-0 ~]$ openstack resource provider list +--------------------------------------+------------------------+------------+ | uuid | name | generation | +--------------------------------------+------------------------+------------+ | 257fd332-0049-46d6-9c88-29692fd3d6f4 | compute-1.redhat.local | 84 | | b8aab45e-4a05-49f8-9811-58fa0c3bc7e5 | compute-0.redhat.local | 64 | +--------------------------------------+------------------------+------------+ (overcloud) [stack@undercloud-0 ~]$ openstack --os-placement-api-version 1.17 resource provider trait list 257fd332-0049-46d6-9c88-29692fd3d6f4 | grep -i secure | COMPUTE_SECURITY_UEFI_SECURE_BOOT | (overcloud) [stack@undercloud-0 ~]$ openstack image create uefi-secure-boot --disk-format qcow2 --container-format bare --file $IMGNAME +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | container_format | bare | | created_at | 2022-07-11T19:08:08Z | | disk_format | qcow2 | | file | /v2/images/bcbb1f68-5353-45aa-8cf7-f051057996e8/file | | id | bcbb1f68-5353-45aa-8cf7-f051057996e8 | | min_disk | 0 | | min_ram | 0 | | name | uefi-secure-boot | | owner | 5573ce87f00f422abf5150b3cee83eda | | properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/uefi-secure-boot', owner_specified.openstack.sha256='' | | protected | False | | schema | /v2/schemas/image | | status | queued | | tags | | | updated_at | 2022-07-11T19:08:08Z | | visibility | shared | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required uefi-secure-boot (overcloud) [stack@undercloud-0 ~]$ openstack server create --flavor m1.micro --image uefi-secure-boot test-vm --wait Error creating server: test-vm Error creating server (overcloud) [stack@undercloud-0 ~]$ openstack server event list test-vm +------------------------------------------+--------------------------------------+--------+----------------------------+ | Request ID | Server ID | Action | Start Time | +------------------------------------------+--------------------------------------+--------+----------------------------+ | req-8f191cb0-6522-42da-8018-5290d0a764f7 | 553d41ec-d373-4f6a-abab-be6667435570 | create | 2022-07-11T19:09:33.000000 | +------------------------------------------+--------------------------------------+--------+----------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack server event show 553d41ec-d373-4f6a-abab-be6667435570 req-8f191cb0-6522-42da-8018-5290d0a764f7 -f json -c events | jq { "events": [ { "event": "compute__do_build_and_run_instance", "start_time": "2022-07-11T19:09:39.000000", "finish_time": null, "result": null, "traceback": null, "host": "compute-0.redhat.local", "hostId": "5c4bafef71b408571cf73c280d380c9cc42887bcee68a0ba7892c2c8", "details": null }, { "event": "compute__do_build_and_run_instance", "start_time": "2022-07-11T19:09:34.000000", "finish_time": "2022-07-11T19:09:43.000000", "result": "Success", "traceback": null, "host": "compute-1.redhat.local", "hostId": "79425b40b02272f7feb2d0e37d6f9b7180bb7b9d9c3eae3ea7d47673", "details": null } ] } # From compute log 2022-07-11 19:09:42.753 2 ERROR nova.virt.libvirt.guest [req-8f191cb0-6522-42da-8018-5290d0a764f7 c81a390aed56446287c74aa24f64dd8e 5573ce87f00f422abf5150b3cee83eda - default default] Error defining a guest with XML: <domain type="kvm"> <uuid>553d41ec-d373-4f6a-abab-be6667435570</uuid> <name>instance-0000002d</name> <memory>196608</memory> <vcpu cpuset="0-1">1</vcpu> <metadata> <nova:instance xmlns:nova="http://openstack.org/xmlns/libvirt/nova/1.1"> <nova:package version="23.2.1-0.20220622150406.7d5b289.el9ost"/> <nova:name>test-vm</nova:name> <nova:creationTime>2022-07-11 19:09:42</nova:creationTime> <nova:flavor name="m1.micro"> <nova:memory>192</nova:memory> <nova:disk>1</nova:disk> <nova:swap>0</nova:swap> <nova:ephemeral>0</nova:ephemeral> <nova:vcpus>1</nova:vcpus> </nova:flavor> <nova:owner> <nova:user uuid="c81a390aed56446287c74aa24f64dd8e">admin</nova:user> <nova:project uuid="5573ce87f00f422abf5150b3cee83eda">admin</nova:project> </nova:owner> <nova:root type="image" uuid="bcbb1f68-5353-45aa-8cf7-f051057996e8"/> <nova:ports> <nova:port uuid="ae8d4518-fef1-43a4-a9e5-28343e568d84"> <nova:ip type="fixed" address="2620:52:0:13b8::1000:8c" ipVersion="6"/> <nova:ip type="fixed" address="10.0.0.167" ipVersion="4"/> </nova:port> </nova:ports> </nova:instance> </metadata> <sysinfo type="smbios"> <system> <entry name="manufacturer">Red Hat</entry> <entry name="product">OpenStack Compute</entry> <entry name="version">23.2.1-0.20220622150406.7d5b289.el9ost</entry> <entry name="serial">553d41ec-d373-4f6a-abab-be6667435570</entry> <entry name="uuid">553d41ec-d373-4f6a-abab-be6667435570</entry> <entry name="family">Virtual Machine</entry> </system> </sysinfo> <os> <type machine="q35">hvm</type> <loader type="pflash" readonly="yes" secure="yes">/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader> <nvram template="/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd"/> <boot dev="hd"/> <smbios mode="sysinfo"/> </os> <features> <acpi/> <apic/> </features> <clock offset="utc"> <timer name="pit" tickpolicy="delay"/> <timer name="rtc" tickpolicy="catchup"/> <timer name="hpet" present="no"/> </clock> <cpu mode="custom" match="exact"> <model>Haswell-noTSX</model> <topology sockets="1" cores="1" threads="1"/> <feature name="mmx" policy="disable"/> <feature name="ssse3" policy="require"/> <feature name="vme" policy="require"/> </cpu> <devices> <disk type="file" device="disk"> <driver name="qemu" type="qcow2" cache="none"/> <source file="/var/lib/nova/instances/553d41ec-d373-4f6a-abab-be6667435570/disk"/> <target dev="vda" bus="virtio"/> </disk> <interface type="bridge"> <mac address="fa:16:3e:af:2b:c5"/> <model type="virtio"/> <driver name="vhost" rx_queue_size="1024"/> <source bridge="br-int"/> <mtu size="1500"/> <target dev="tapae8d4518-fe"/> <virtualport type="openvswitch"> <parameters interfaceid="ae8d4518-fef1-43a4-a9e5-28343e568d84"/> </virtualport> </interface> <serial type="pty"> <log file="/var/lib/nova/instances/553d41ec-d373-4f6a-abab-be6667435570/console.log" append="off"/> </serial> <graphics type="vnc" autoport="yes" listen="172.17.1.28"/> <video> <model type="virtio"/> </video> <input type="tablet" bus="usb"/> <rng model="virtio"> <backend model="random">/dev/urandom</backend> </rng> <controller type="pci" model="pcie-root"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="pci" model="pcie-root-port"/> <controller type="usb" index="0"/> <memballoon model="virtio"> <stats period="10"/> </memballoon> </devices> </domain> : libvirt.libvirtError: unsupported configuration: Secure boot requires SMM feature enabled 2022-07-11 19:09:42.753 2 ERROR nova.virt.libvirt.driver [req-8f191cb0-6522-42da-8018-5290d0a764f7 c81a390aed56446287c74aa24f64dd8e 5573ce87f00f422abf5150b3cee83eda - default default] [instance: 553d41ec-d373-4f6a-abab-be6667435570] Failed to start libvirt guest: libvirt.libvirtError: unsupported configuration: Secure boot requires SMM feature enabled Version-Release number of selected component (if applicable): 17 How reproducible: 100% Steps to Reproduce: 1. Configure an image with --property hw_firmware_type=uefi --property os_secure_boot=required on a 17 environment 2. Launch a guest with the image 3. Actual results: Guest fails to schedule Expected results: Guest schedules and comes up without any issues Additional info:
*** This bug has been marked as a duplicate of bug 2120377 ***