implemented
This design proposes exposing an ability to turn UEFI secure boot on and off during provisioning and deprovisioning.
Security-conscious deployments would like to make sure secure boot is enabled for their instances, so that the hardware refuses to boot kernel-level code that has not been signed with a known key.
- API addition to enable secure boot before booting the instance (and disable it on deprovisioning)
- Support for custom secure boot keys.
- Secure boot during deployment/cleaning/inspection.
Add a new value for BootMode enumeration: UEFISecureBoot. If set on a host,
the following change are done to the corresponding Ironic node object:
boot_mode:uefi,secure_boot:trueis added toproperties.capabilities.secure_bootwith a value oftrueis added toinstance_info.capabilities.
Add a SupportsSecureBoot call to AccessDetails, returning true for
redfish://, redfish-virtualmedia://, idrac-virtualmedia, ilo4://,
ilo5:// and irmc://.
- Strictly speaking, it's enough to add the
secure_bootcapability only toinstance_info,propertiesis only updated for consistency. - Secure boot can be used with live ISO but only when virtual media is used to deliver it (secure boot is incompatible with network booting in practice).
None, secure boot is off by default.
- Update
AccessDetailswith a new call. - Define a new value for
BootMode.
- Ironic support for Redfish secure boot management is on review upstream.
Unfortunately, at this point it's only possible to test this feature on real hardware.
None
None
None
Require users to configure secure boot manually. This approach has two large disadvantages:
- It's not always trivial to do.
- It breaks network booting.