https://bugs.launchpad.net/nova/+bug/1960758/comments/30
Yes, uefi isn't supported properly in Ussuri. 
Here is a workaround.  Thanks
Problem solved.

On Tue, May 14, 2024 at 2:48 PM luckydog xf <luckydogxf@gmail.com> wrote:
https://bugs.launchpad.net/nova/+bug/1960758
not sure I hit a bug or not.
My OpenStack is 

Ussuri

  and ubuntu 20.04

On Tue, May 14, 2024 at 9:37 AM luckydog xf <luckydogxf@gmail.com> wrote:
when I perform the following,
1.  openstack image set     --property hw_firmware_type=uefi     --property  hw_machine_type=q35 --property os_secure_boot=required ubuntu-2004
2. Boot an instance from image ubuntu-2004
3. dark and blank console, too.

### XML of this instance  ###
  <os>
    <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021c_VARS.fd</nvram>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
#############

As we can see machine becomes  machine='pc-q35-4.2'.

But on KVM, VM XML is 
####
 <os>
    <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram>
  </os>
###

The only difference between them is flash file,  

/usr/share/OVMF/OVMF_CODE_4M.secboot.fd     VS  /usr/share/OVMF/OVMF_CODE.secboot.fd

I confirm both files exist on my openstack nodes.




On Tue, May 14, 2024 at 9:28 AM luckydog xf <luckydogxf@gmail.com> wrote:
---
1.  openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required ubuntu-2004
2. Boot an instance from image ubuntu-2004
3. Console is dark and blank.

### XML of this instance ###
  <os>
    <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021b_VARS.fd</nvram>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>

---
This image originates from KVM VM, and it's bootable with uefi secure boot.


that looks like you might have a space before hw_machine_type?
---> I beg your pardon, a space before hw_machine_type, what's this ?



On Mon, May 13, 2024 at 9:51 PM <smooney@redhat.com> wrote:
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
> set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it
> makes no difference.
ya so looking at the xml its using i440fx not q35

you do not need to specify the explict version

q35 is an alias to the newest pc-q35-* machine type

looking at how you typed it

"openstack image set \
    --property hw_firmware_type=uefi \
    --property os_secure_boot=required \
    --property  hw_machine_type=q35 \
"


that looks like you might have a space before hw_machine_type
can you confirm that is not the case?

hw_machine_type is the correct extra spec to set

https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt-image.json#L60-L63
and you are configureing it as we would expect
https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-machine-type.rst#configure

so it would be also good to confirm that the image porperties on the volume that was created form this
glance image have the same values set

if you create the volume before you updated the properties in glance it wont have the updated image properties.


>
>
> On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com> wrote:
>
> > I installed a VM on KVM manually. This VM is okay to boot from UEFI.
> >
> > Here is part of XML.
> > ---
> > ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04
> > <domain type='kvm'>
> >   <name>ubuntu20.04</name>
> >   <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid>
> >   <metadata>
> >     <libosinfo:libosinfo xmlns:libosinfo="
> > http://libosinfo.org/xmlns/libvirt/domain/1.0">
> >       <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/>
> >     </libosinfo:libosinfo>
> >   </metadata>
> >   <memory unit='KiB'>4194304</memory>
> >   <currentMemory unit='KiB'>4194304</currentMemory>
> >   <vcpu placement='static'>2</vcpu>
> >   <os>
> >     <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
> >     <loader readonly='yes' secure='yes'
> > type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader>
> >     <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram>
> >   </os>
> > ---
> > VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and
> > set properties like
> > ---
> > openstack image set \
> >     --property hw_firmware_type=uefi \
> >     --property os_secure_boot=required \
> >     --property  hw_machine_type=q35 \
> > xxx
> > ---
> > Then I  launched an instance with this image.  It cannot  be started up.
> >
> > XML of this instance is ...
> >
> >   <os>
> >     <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
> >     <loader readonly='yes'
> > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
> >     <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
> >     <boot dev='hd'/>
> >     <smbios mode='sysinfo'/>
> >
> > The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS
> > /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have different md5
> > checksums.
> >
> > By the way, ovmf package is the same version.
> >
> >
> >
> > On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
> >
> > > I uploaded volumes to images,and setup uefi properties accordingly like
> > > below.
> > > openstack image set \
> > >     --property hw_firmware_type=uefi \
> > >     --property os_secure_boot=required \
> > >     --property  hw_machine_type=q35 \
> > >  xxx-image
> > >
> > > Boot an instance from that image, however,  it doesn't work. Below is
> > > part of XML definition of an instance.
> > > ---
> > >   <os>
> > >     <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type>
> > >     <loader readonly='yes'
> > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
> > >     <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
> > >     <boot dev='hd'/>
> > >     <smbios mode='sysinfo'/>
> > >   </os>
> > > ---
> > >
> > > My compute nodes are ubuntu 20.04 and ovmf was installed.
> > > ---
> > >
> > >
> > >
> > > On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
> > >
> > > > you need to modify the image properties on the boot volume to set
> > > > hw_firmware_type=uefi
> > > >
> > > > preferably with hw_machine_type=q35
> > > >
> > > > you can do this with "openstack volume set --image-property <key=value>
> > > > ..."
> > > >
> > > > also in relation to your other therad you can also set the disk bus on
> > > > the volume this way too
> > > > by setting hw_disk_bus=sata instead of using ide
> > > >
> > > > ide would also work but its much much much slower.
> > > >
> > > > On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
> > > > >   <os>
> > > > >     <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
> > > > >     <loader readonly='yes'
> > > > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
> > > > >     <nvram
> > > > >
> > > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
> > > > >     <boot dev='hd'/>
> > > > >     <smbios mode='sysinfo'/>
> > > > >   </os>
> > > > > Here is the output from `virsh dumpxml XX`. As we can see uefi is
> > > > properly
> > > > > setup.  But it seems a device is required.
> > > > >
> > > > > On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com>
> > > > wrote:
> > > > >
> > > > > > I also set   hw_machine_type=q35 and   hw_machine_type=pc. Neither
> > > > works.
> > > > > >
> > > > > > Converting a volume to an image takes too much space and time
> > > > because it's
> > > > > > so large.
> > > > > >
> > > > > > Any alternative?
> > > > > >
> > > > > > On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com>
> > > > wrote:
> > > > > >
> > > > > > > Hi, list,
> > > > > > >
> > > > > > > I migrated a volume from VMware ESXI VMDK, and originally on VMware
> > > > > > > platform it's EFI boot mode and secure boot enabled.
> > > > > > >
> > > > > > >  I cloned the entire VMDK by clonzilla and restored on OpenStack
> > > > as a
> > > > > > > volume.
> > > > > > >
> > > > > > > I referred to this link
> > > > > > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and
> > > > > > > uploaded that volume as an image. Then set properties.
> > > > > > >
> > > > > > > Finally, I launched an instance with a target image, however, it
> > > > cannot
> > > > > > > boot up with a blank and dark screen.
> > > > > > >
> > > > > > > What's the right way to implement this?
> > > > > > >
> > > > > > >  Thanks.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > >
> > > >