chore: Update BIOS settings to disable SecureBoot#2037
Draft
stevekeay wants to merge 1 commit into
Draft
Conversation
stevekeay
changed the title
stevekeay
force-pushed
the
disable-secureboot
branch
from
afb7c67 to
a09a25e
Compare
We were previously deferring BIOS settings until after agent inspection. Most of the settings are to support PXE boot, and were not required for our virtual-media-based agent inspection. Setting of SecureBoot is actually important for virtual-media boot, so we now set BIOS settings ahead of every boot: 1) basic settings to support virtual-media boot, (disable SecureBoot) 2) once pxe_interface is known, we update BIOS settings a second time to configure that.
stevekeay
force-pushed
the
disable-secureboot
branch
from
a09a25e to
bb97016
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I think this is the default anyway but sometimes we get servers with this enabled, which breaks IPA.
Actually on second thoughts this is not sufficient. We are booting IPA from the virtual media and unfortunately this happens before we set the bios settings. There is going to have to be TWO phases of setting the BIOS settings. One to disable secureboot and then a later one to set the boot device, once we know what that is.