Open issues

upgrade: Failed to boot HVM w/ stubdom w/ encrypted VHD after upgrade.
OXT-1688
upgrade-db: V4V to argo rules are not run.
OXT-1684
Backport OpenSSH application-specific defense against Rambleed, Rowhammer, Spectre, Meltdown
OXT-1658
Change NDVM from PV to HVM
OXT-1634
stable-9 with Xen 4.12 on Dell 7040 causes VT-d errors
OXT-1614
9.0.0 Release Epic
OXT-1568
s8/tboot: Support TCG EFI Protocol specification compatible event log.
OXT-1566
L1TF Mitigations for Intel processors
OXT-1418
Backport CVEs from upstream OE to OE 2.0 (Jethro)
OXT-1231
Evaluate and port XSAs 237 to 244
OXT-1226
Passthrough of USB controller. Guest fails to start
OXT-1223
Rebooting ndvm requires VM reboot to see networking again (wireless)
OXT-1186
Windowsx64 guest doesn't shutdown correctly
OXT-1143
Error while first sealing after install.
OXT-1122
Guest hangs after few hours without being used
OXT-1097
XL I/O error when starting several guests at the same time from UIVM
OXT-1096
SUT randomly doesn't start
OXT-1036
Measured launch boot is reflecting failed on successful boot
OXT-1029
Xenmou never re-enables within Windows guests coming out of S3
OXT-255
failure in BATS access_control test suite
OXT-1698
BATS access control test for XSM enforcing fails due to use of missing xenops tool
OXT-1693
Documentation for Argo
OXT-1677
surfman: Support for upstream xenfb.
OXT-1644
Update the list macros in Xen with latest versions from Linux
OXT-1626
vhd created with qemu-img convert reports "primary footer invalid: geometry too large"
OXT-1606
ml/uefi: Failure to unseal upon reboot on HP 800 G3
OXT-1575
seal-system: ACM module order matters.
OXT-1534
Keep up-to-date with linux-firmware.git
OXT-1525
Stable-9 Release Notes Tracking
OXT-1522
stable-8: review fixes for Xen, Linux, Qemu and OE
OXT-1518
Encrypt dom0 swap
OXT-1489
Migration from v4v to Argo
OXT-1464
uefi/srtm: Initial measurement fail on HP 800 G3
OXT-1435
installer: Remove Xen from the bootstrap.
OXT-1392
sshd: "none" authentication module quirk.
OXT-1389
linux 4.14: maintain the OpenXT patch-queue against the latest micro release.
OXT-1340
xen 4.9: micro-upgrade and backport XSA patches to the layer.
OXT-1333
tpm2-tools: Upgrade the recipe to use current versions
OXT-1316
Spectre (Variant 2, Branch Target Injection [BTI]) mitigations
OXT-1268
Spectre (Variant 1, Bounds-check bypass [MISPREDICT]) mitigations
OXT-1267
Meltdown (Variant 3, Rogue Data Load [PRIV-LOAD]) mitigations
OXT-1266
Randomly, guest gets jammed at restart
OXT-1242
Document reseal procedure after TPM firmware upgrade
OXT-1237
Migrate to upstream Xen version of Linux stub domains, derived from QubesOS and OpenXT
OXT-1234
xenmgr doesn't wait for guests to shutdown
OXT-1232
Add SELinux admin role policy for new CLI commands
OXT-1175
Add TPM diagnostics to host installer and dom0 status report tools
OXT-1171
The input_server handling requests serially limits manual startup rate of VMs
OXT-1168
Guests fail to shutdown
OXT-1165
Dell 7050 gets stuck on accessing TPM in TBOOT
OXT-1141
issue 1 of 557

upgrade: Failed to boot HVM w/ stubdom w/ encrypted VHD after upgrade.

Description

After upgrade from OpenXT 8 to OpenXT 9, existing HVMs with stubdomain and encrypted VHD will fail to boot with the following message:

1 2 3 4 Booting from Hard Disk... Boot failed: not a bootable disk ... No bootable device. Halt in 60 seconds.

The crypto keys are present and labelled correctly.

Using `tap-ctl` to try and mount the disk succeeds:

1 2 # export TAPDISK3_CRYPTO_KEYDIR=/config/platform-crypto-keys # tap-ctl create -a vhd:/storage/disks/<vhd-uuid>.vhd

... but the content of the tapdev looks encrypted still.

Environment

OpenXT 9.

Validation Steps

  1. Install OpenXT 8 (e.g, build 1909).

  2. Install Windows 1903 HVM guest with disk encryption enabled.

  3. Verify that the guest boot correctly, optionally install OpenXT PV tools.

  4. OTA upgrade to OpenXT 9 (e.g, build 6751).

  5. Start the guest installed in OpenXT 8 from the UI.

The guest should start normally.

Status

Assignee

Chris Rogers

Reporter

Eric Chanudet

Labels

QA Assignee

None

QA Image URL

None

Components

Fix versions

Affects versions

9.0.1

Priority

Blocker
Configure