coreos
Default to UEFI (non-SB) on x86_64
There's some momentum around e.g. UKI https://github.com/uapi-group/specifications/blob/main/specs/unified_kernel_image.md
I think it's about time to flip our default to be UEFI instead of BIOS.
(But, we obviously still do need to care about bios...and we should e.g. be running at least a subset of our tests acrosss that too)
Also while we're here, make the implementation here have the default for firmware be the empty string "" instead of bios, which doesn't really apply on e.g. ppc64le/s390x.
This would need related changes in https://github.com/coreos/coreos-ci-lib to keep the status quo with what we have today. We'd also probably need to make that code stop relying on the cosa default at all because for some time we'll be using older cosa while using latest coreos-ci-lib.
This would need related changes in https://github.com/coreos/coreos-ci-lib to keep the status quo with what we have today.
Well maybe not. Does this affect the defaults for kola testiso too?
Well maybe not. Does this affect the defaults for kola testiso too?
Yes, looks like most of the testiso scenarios will flip over to being UEFI by default on x86_64. I'll test that.
@cgwalters: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/rhcos | ef61465f6735b1be1bef6c85c4c0cef7f8f29860 | link | true | /test rhcos |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
This still seems much more complex than it needs to be. I agree that qemu.go is lower-level than kola, and I'm okay moving the defaulting logic there. But we don't need RequireUEFI at all; the original if kola.QEMUOptions.Native4k && kola.QEMUOptions.Firmware == "bios" check in syncOptions is fit for purpose. If we need something like RequireUEFI in the future, we can always add it.
For the qemu.go code, nested switch statements make things too hard to follow. Let's have two blocks: 1) convert a "" value into whatever makes sense on the current architecture, and 2) a switch block over every possible selected firmware, which checks invariants (like compatibility with the current architecture) and then implements whatever needs to be done for that firmware.
But we don't need RequireUEFI at all; the original if kola.QEMUOptions.Native4k && kola.QEMUOptions.Firmware == "bios" check in syncOptions is fit for purpose. If we need something like RequireUEFI in the future, we can always add it.
My motivation here is that - perhaps we actually want to change the default in qemu to uefi-secure (I think that's still open for debate and I'm increasingly thinking we should, but it has more fallout) - then the assignment in syncOptions to force uefi would be (IMO incorrectly) overriding it.
OK, though we can fix this another way - by exporting the default value and using it here. Done.
For the qemu.go code, nested switch statements make things too hard to follow.
Yeah, totally agreed. I started to do as you suggested but digging further we can actually do things a lot better by having it be right in the structure initialization.
To be clear, I should have originally marked this as draft because it was a quick drive-by thing I was investigating while looking at UEFI things. I should have made more clear it was more of a RFC. We don't need to merge this right away.
But that said I think the PR is a lot nicer now, the main blocker left seems to be
FAIL: coreos.boot-mirror.luks (147.40s)
and what seems messy here is that ISTM we effectively need to "invert" the control here - instead of doing ExcludeFirmwares: []string{"uefi"}, we should probably Firmware: "bios" but then we also need to propagate that requirement into the "cluster" in a way similar to the handling of AdditionalDisks?
My motivation here is that - perhaps we actually want to change the default in qemu to
uefi-secure(I think that's still open for debate and I'm increasingly thinking we should, but it has more fallout) - then the assignment insyncOptionsto forceuefiwould be (IMO incorrectly) overriding it.
I was initially proposing keeping the assignments in syncOptions, but I'm no longer proposing that. I'm saying that, since bios will no longer be the default, syncOptions can safely fail if BIOS is specified alongside 4Kn, as the original code was already doing. We shouldn't transparently convert to UEFI in that case; that'll make it unclear what's actually being run. As a result, AFAICT we shouldn't need any added plumbing outside of Exec(); we can just let a default "" value propagate there, then convert that to an arch-specific default (which would never be ""), then have a switch statement that acts on the selected firmware.
One major downside of this right now is that every boot starts off with "Boot option restoration" and a 5 second timer...
Right, that'll be fixed by the fix for https://github.com/coreos/fedora-coreos-tracker/issues/946. I'm hoping to have some time to work on that early next year.
Split out the cleanups here into https://github.com/coreos/coreos-assembler/pull/3200
@cgwalters: PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
This is still nice to have, but not a priority right now. We may (re)consider it during work on UKIs
