On GCP when i launch a compute engine through an instance-group/template programatically via a cicd automation script, the vm starts throwing error during boot as appearing on serial port 1 (console) output: Verification failed: (0x1A) Security Violation.
error trace on serial port 1 console :
UEFI: Attempting to start image.
Description: UEFI Google PersistentDisk
FilePath: PciRoot(0x0)/Pci(0x3,0x0)/Scsi(0x1,0x0)
OptionNumber: 1.
Verification failed: (0x1A) Security Violation.
I am using a custom image to boot the VM. and Shielded VM is enabled along with secure boot
Also if i disable secure boot, the VM boots just fine.
Also if i launch a custom VM directly from the GCP UI/console, with shielded and secure boot enabled and with the same custom image , it works just fine.
Things i have tried:
1.
checked logs in serial port 1 (console ) on VM :
got error:
error trace on serial port 1 console :
UEFI: Attempting to start image.
Description: UEFI Google PersistentDisk
FilePath: PciRoot(0x0)/Pci(0x3,0x0)/Scsi(0x1,0x0)
OptionNumber: 1.
Verification failed: (0x1A) Security Violation.
- Disabled Secure boot flag and restarted the above VM: gcloud compute instances update <my_instance> –shielded-secure-boot –zone <instance_zone>
The VM boot worked fine post disabling the secure boot (but i need solution with secure boot on)
- Manually created a VM with secure boot enabled and same custom image as used through instancegroup(cicd automation), instances boot worked fine.
Will be glad to have some leads on it.
thanks.