Bug 1217757

Summary: [Build 41.1] openQA test fails in verify_secure_boot_bios - 'bootctl' cmd not found
Product: [openSUSE] PUBLIC SUSE Linux Enterprise Server 15 SP6 Reporter: Lemon Li <leli>
Component: InstallationAssignee: Steffen Winterfeldt <snwint>
Status: RESOLVED INVALID QA Contact:
Severity: Normal    
Priority: P2 - High CC: leli, rtsvetkov, snwint
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: SLES 15   
URL: https://openqa.suse.de/tests/12958353/modules/verify_secure_boot_bios/steps/5
Whiteboard:
Found By: openQA Services Priority:
Business Priority: Blocker: Yes
Marketing QA Status: --- IT Deployment: ---
Attachments: y2 log

Description Lemon Li 2023-12-04 05:26:06 UTC 
Created attachment 871119 [details]
y2 log

## Observation

Before installation the test will check Secure Boot status via 'bootctl' cmd, the failure is 'bootctl not found'.

openQA test in scenario sle-15-SP6-Online-x86_64-autoyast_non_secure_boot@uefi fails in
[verify_secure_boot_bios](https://openqa.suse.de/tests/12958353/modules/verify_secure_boot_bios/steps/5)

## Test suite description
Autoyast installation on UEFI mode with non_secure_boot.


## Reproducible

Fails since (at least) Build [41.1](https://openqa.suse.de/tests/12948446)


## Expected result

Last good: [40.1](https://openqa.suse.de/tests/12932954) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Online&machine=uefi&test=autoyast_non_secure_boot&version=15-SP6)
Comment 1 Stefan Hundhammer 2023-12-04 08:41:23 UTC 
"Before installation" means that the problem clearly cannot be the installer.


> ## Test suite description
> Autoyast installation on UEFI mode with non_secure_boot.

So that test is designed to attempt an UEFI installation in non-UEFI (legacy boot) mode? Or what does that test description mean?

I don't think that can work. You have to select the correct boot mode from the installation medium; the one that matches the boot mode you configured in the hardware's BIOS.

Also, PLEASE select the correct architecture for such bug reports, especially when it's about booting.
Comment 2 Stefan Hundhammer 2023-12-04 11:01:39 UTC 
So AFAICS the inst-sys does not contain the "bootctl" command which is part of package "udev".

From the attached y2logs tarball:

> % grep udev _packages.root 
> btrfsprogs-udev-rules [6.5.1-150600.1.3.noarch] < btrfsprogs
> libgudev-1_0-0 [237-150400.1.6.x86_64] < libwacom9 < libinput10 < xf86-input-> libinput
> libudev1 [254.5-150600.1.2.x86_64]


On my Leap 15.5:

> % rpm -qf `which bootctl`
> udev-249.16-150400.8.35.5.x86_64


I am not sure if the installer infrastructure actually needs that "bootctl" command; probably not. It is possible that it was removed from the inst-sys to save some disk space on the installation media. But it's only 67k (plus the shared libs that it requires).

Reassigning to the inst-sys maintainer.
Comment 3 Radoslav Tzvetkov 2023-12-06 14:10:10 UTC 
Any update?
Comment 4 Stefan Hundhammer 2023-12-06 15:42:57 UTC 
If the goal is just to check if the current system uses secure boot (UEFI) or legacy boot:

I seem to recall that an alternative is checking if the /sys/firmware/efi directory exists: On legacy boot, it doesn't, on secure boot (UEFI), it does.

But please verify this to make sure.
Comment 5 Steffen Winterfeldt 2023-12-11 11:43:04 UTC 
bootctl is (at least in recent systemd releases) part of systemd-boot.

systemd-boot is not used in our installation media; adding it specifically
for a qa test does not make sense.

Please just check the EFI vars as Stefan suggested.