Overview of the Issue
In order to set image_signatures_db, the UEFI_COMPATIBLE flag must be passed as a guest OS feature:
source "googlecompute" "gcp_re_debian12_x86_64" {
arch = "x86_64"
image_guest_os_features = ["UEFI_COMPATIBLE"]
image_signatures_db = local.image_signatures_db
}
However, when using VMs that inherit from others, specify the image_guest_os_features would overwrite the ones that get used. The gcloud SDK actually doesn't check this guest OS features (https://github.com/google-cloud-sdk-unofficial/google-cloud-sdk/blob/master/lib/surface/compute/images/create.py#L306-L319) and allows the image signatures to be passed in regardless (note how the initial shielded VM state is set outside of what guest os features are provided).
Reproduction Steps
Don't set image_guest_os_features = ["UEFI_COMPATIBLE"] when setting image_signatures_db
Plugin and Packer version
Packer 1.2.5 verison
Operating system and Environment details
Linux x86 and arm64
Overview of the Issue
In order to set
image_signatures_db, theUEFI_COMPATIBLEflag must be passed as a guest OS feature:However, when using VMs that inherit from others, specify the
image_guest_os_featureswould overwrite the ones that get used. ThegcloudSDK actually doesn't check this guest OS features (https://github.com/google-cloud-sdk-unofficial/google-cloud-sdk/blob/master/lib/surface/compute/images/create.py#L306-L319) and allows the image signatures to be passed in regardless (note how the initial shielded VM state is set outside of what guest os features are provided).Reproduction Steps
Don't set
image_guest_os_features = ["UEFI_COMPATIBLE"]when settingimage_signatures_dbPlugin and Packer version
Packer 1.2.5 verison
Operating system and Environment details
Linux x86 and arm64