Support for UEFI secure boot in agent_ilo and iscsi_ilo drivers

Registered by Shivanand Tendulker on 2014-10-20

Some of the Ironic drivers supports UEFI deploy. It would be useful to the security sensitive customers to deploy baremetal using 'Secure Boot' supported by the UEFI.

Blueprint information

Status:
Complete
Approver:
devananda
Priority:
Low
Drafter:
Shivanand Tendulker
Direction:
Approved
Assignee:
Shivanand Tendulker
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Shivanand Tendulker on 2015-02-26
Completed by
devananda on 2015-04-06

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/uefi-secure-boot,n,z

Addressed by: https://review.openstack.org/153974
    Common changes for secure boot support

Addressed by: https://review.openstack.org/154814
    Secure boot support for iscsi_ilo driver

Addressed by: https://review.openstack.org/154816
    Secure boot support for agent_ilo driver

Addressed by: https://review.openstack.org/154403
    Update Ilo drivers to use REST API interface to iLO

Addressed by: https://review.openstack.org/165907
    Changes for secure boot support for iLO drivers

===================
The above code landed in Kilo, and completes this work for agent_ilo and iscsi_ilo drivers. uefi-secure-boot is NOT functional for the pxe_ilo driver yet. The below patches add it, but were proposed too late in the cycle.

After discussing with Wan-Yen, I've agreed to mark this work as closed. Secure boot support was implemented for some drivers, as described in the spec. Adding support for additional drivers (as in the below code) should go through a spec, particularly given the late proposal involves switching to grub2.

Keeping these links here for reference.

Addressed by: https://review.openstack.org/154808
    Secure boot support for pxe_ilo driver

Addressed by: https://review.openstack.org/166192
    grub2 bootloader support for uefi boot mode

-Devananda, 6-April-2015
====================

Copy of discussion in IRC:

11:25 AM <wanyen> The users who use pxe-less drivers (agent-ilo and iscsi-ilo) they can use secure boot. We will submit a ndew bp for secure boot for pxe-ilo driver for liberty
11:26 AM <wanyen> s/sdew/new
11:28 AM <devananda> wanyen: ty
11:28 AM <wanyen> devananda, thanks!

~BadCub - 06 April 2015

Addressed by: https://review.openstack.org/168844
    iLO driver documentation for UEFI secure boot

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.