On GCP when i launch a compute engine through an instance-group/template programatically via a cicd automation script, the vm starts throwing error during boot as appearing on serial port 1 (console) output: Verification failed: (0x1A) Security Violation.

error trace on serial port 1 console :

UEFI: Attempting to start image. Description: UEFI Google PersistentDisk FilePath: PciRoot(0x0)/Pci(0x3,0x0)/Scsi(0x1,0x0) OptionNumber: 1.

Verification failed: (0x1A) Security Violation.


I am using a custom image to boot the VM. and Shielded VM is enabled along with secure boot

Also if i disable secure boot, the VM boots just fine. Also if i launch a custom VM directly from the GCP UI/console, with shielded and secure boot enabled and with the same custom image , it works just fine.

Things i have tried: 1. checked logs in serial port 1 (console ) on VM : got error:

error trace on serial port 1 console : UEFI: Attempting to start image. Description: UEFI Google PersistentDisk FilePath: PciRoot(0x0)/Pci(0x3,0x0)/Scsi(0x1,0x0) OptionNumber: 1.

Verification failed: (0x1A) Security Violation.

  1. Disabled Secure boot flag and restarted the above VM: gcloud compute instances update <my_instance> --shielded-secure-boot --zone <instance_zone>

The VM boot worked fine post disabling the secure boot (but i need solution with secure boot on)

  1. Manually created a VM with secure boot enabled and same custom image as used through instancegroup(cicd automation), instances boot worked fine.

Will be glad to have some leads on it. thanks.

0

There are 0 answers