IBM Support

RHEL 8.6 and RHEL 9.0 installer is not integrated with static key secure boot on Power

Flashes (Alerts)


Abstract

The RHEL 8.6 or RHEL 9.0 installer is not yet integrated with static key secure boot on Power.

Content

Linux Releases Affected
RHEL 8.6 and RHEL 9.0.
IBM Systems Affected
IBM Power10.
Symptoms
If the LPAR is enabled with secure boot option, the user cannot install the Linux Operating System.

Following are the details of the issue.

  • Enable Secure Boot on an LPAR (use HMC Advance option) - Secure Boot (Enabled and Enforced).

    For example, All Systems -> Managed system -> Partitions -> LPAR name -> General Properties: Advanced Settings -> Secure Boot (Enabled and Enforced)

  • Activate an LPAR.

  • Stop at SMS and kickstart the NIM installation (RHEL-8.6). The following error is displayed.

Unable to proceed with RHEL-8.6 Installation.

TFTP BOOT ---------------------------------------------------
Server IP.....................XX.XX.XX.XX 
Client IP.....................XX.XX.XX.XX
Gateway IP....................XX.XX.XX.XX
Subnet Mask...................XX.XX.XX.XX
(1) Filename................./boot/grub/powerpc-ieee1275/core.elf
TFTP Retries..................5 
Block Size....................512 

FINAL PACKET COUNT = 703 

FINAL FILE SIZE = 359712 BYTES

                      .--------------------------------.
                      | No Operating Systems Installed |
                      `--------------------------------'
Workaround

The workaround for this issue is that the RHEL 8.6 or RHEL 9.0 has to be installed with secure boot disabled. Once OS gets booted, the dd command can be used to copy the signed kernel into the PReP partition. Then, restart the system and enable secure boot. The firmware verifies the bootloader, which in turn verifies the kernel and system boots up.

Fix Outlook

RH Mirrored Reference - RH2025814

I/O device impacted

None.

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGMV157","label":"IBM Support for Red Hat Enterprise Linux Server"},"ARM Category":[{"code":"a8m0z000000Gnl7AAC","label":"Red Hat Enterprise Linux"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
23 December 2021

UID

ibm16528884