[Kernel-packages] [Bug 1931254] Re: Google Confidential Compute fails to boot with 1.47

Tue, 29 Jun 2021 20:55:49 -0700 

@Peter Gonda -- You seem to be 100% correct.

Thank you for the helpful pointer!

I have confirmed the fix and shim-side of the changes that exposed the
issue.

I will SRU the fix asap.

** No longer affects: shim-signed (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/1931254

Title:
  Google Confidential Compute fails to boot with 1.47

Status in linux-gcp package in Ubuntu:
  New

Bug description:
  # Overview

  Hirsute and Impish daily builds are currently not booting on Google
  Confidential Compute.  Confidential compute is Google's platform that
  enables the use of Secure Encrypted Virtualization extension via AMD
  EPYC CPUs. Booting an image with version 1.45 works, but once upgraded
  to 1.47, the VM no longer boots, and instead the kernel panics.

  Launching the image with secure boot, but without confidential compute
  works as expected.

  # Expected result

  The system is able to reboot after the upgrade.

  # Actual result

  Kernel panic: https://paste.ubuntu.com/p/mHrvVc6qBc/

  # Steps to reproduce

  Launch a VM in GCE with confidential compute enabled with a serial
  v20210511a or later and look at the serial log for the kernel panic.
  Example CLI command to launch a VM:

  $ gcloud beta compute instances create $USER-confidential-testing
  --zone=us-west1-b --machine-type=n2d-standard-2 --image=daily-
  ubuntu-2104-hirsute-v20210511a --image-project=ubuntu-os-cloud-devel
  --confidential-compute --maintenance-policy=TERMINATE

  The last known good working image is daily-
  ubuntu-2104-hirsute-v20210510. The upgrade that fails is when shim
  signed is updated from 1.46+15.4-0ubuntu1 to 1.47+15.4-0ubuntu2

  # Logs & notes

  * 20210510 manifest (good): https://paste.ubuntu.com/p/QjnMPcJj7G/
  * 20210511a manifest (bad): https://paste.ubuntu.com/p/PvJQwRXHcG/
  * diff between manifests: https://paste.ubuntu.com/p/4nJtGxqGn7/
  * serial logs of failed boot: https://paste.ubuntu.com/p/mHrvVc6qBc/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/1931254/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to