Hello Christian,
For *some* form of UEFI HTTPS boot, you have to enable *at least one* of
the {edk2, iPXE} HTTPS stacks. I'm unfamiliar with the Ubuntu releases,
but my understanding is the following:
Ubuntu release edk2 HTTPS enabled iPXE HTTPS enabled iPXE TPL regression
-------------- ------------------ ------------------ -------------------
Bionic no <don't know> no
Focal no yes yes
Groovy yes (bug 1883114) no (this bug) masked (this bug)
In Groovy, you can work around the iPXE TPL regression by disabling the
iPXE HTTPS stack (i.e., in the efi-e1000e option ROM). Because, you can
effectively "replace" it with the edk2 HTTPS stack in the platform
firmware (in the OVMF binary), per bug 1883114.
In Focal, if you do the same to iPXE, you can't fall back to the edk2
HTTPS stack in OVMF -- because bug 1883114 is out of scope for Focal,
AIUI.
However, disabling the iPXE HTTPS stack in Focal would not cause a
regression, in my opinion. That's because in Focal you can't boot the
"OVMF + efi-e1000e" combination *at all* -- you don't get far enough in
the boot process to even *attempt* HTTPS boot (or a boot from another
kind of media, for that matter).
Thus in Focal, no form of *UEFI boot* (HTTPS or otherwise) has ever
worked, so there's nothing to regress by disabling the iPXE HTTPS stack
in "efi-e1000e.rom".
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882671
Title:
unbalanced UEFI TPL manipulations in iPXE with DOWNLOAD_PROTO_HTTPS
enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ipxe/+bug/1882671/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
