Register AWS AMIs as preferring UEFI over legacy BIOS

[chewi]

Register AWS AMIs as preferring UEFI over legacy BIOS

I'm not aware of any instance types that don't support UEFI, so we could possibly set this to UEFI only, but best play it safe.

Also use actual values in the image format error message. The message said raw or vmdk, but these actually need to be uppercased.

On a sidenote, I wondered what would happen to existing instances if we eventually drop BIOS support. You can convert them to UEFI, but it involves taking an AMI snapshot, registering it as a new image, and launching a new instance, which is a little tedious.

How to use

Use ore aws upload, spawn an instance, and run sudo efibootmgr to verify that it booted using UEFI.

Testing done

I've done the above.

[jepio]

I'm not aware of any instance types that don't support UEFI, so we could possibly set this to UEFI only, but best play it safe.

What instance types did you test on? We run kola tests on m4.2xlarge and t3.small - and both happen to be BIOS only :)

I'm also going to capture here because I tested it:
the TpmSupport flag to RegisterImage requires BootMode=uefi and doesn't work with BootMode=uefi-preferred.

[jepio]

lgtm

[chewi]

What instance types did you test on? We run kola tests on m4.2xlarge and t3.small - and both happen to be BIOS only :)

I used t3.small. What makes you think that's BIOS-only?

I'm also going to capture here because I tested it: the TpmSupport flag to RegisterImage requires BootMode=uefi and doesn't work with BootMode=uefi-preferred.

That could be a reason to go with uefi then?

[jepio]

I'm not aware of any instance types that don't support UEFI, so we could possibly set this to UEFI only, but best play it safe.

What instance types did you test on? We run kola tests on m4.2xlarge and t3.small - and both happen to be BIOS only :)

Strike half of that, t3.small does support UEFI. m4 instances are BIOS only.

[jepio]

What instance types did you test on? We run kola tests on m4.2xlarge and t3.small - and both happen to be BIOS only :)

I used t3.small. What makes you think that's BIOS-only?

I'm also going to capture here because I tested it: the TpmSupport flag to RegisterImage requires BootMode=uefi and doesn't work with BootMode=uefi-preferred.

That could be a reason to go with uefi then?

That would mean dropping support for m4/c4 instance types. What would be the impact of that?

[chewi]

Right, so anything Xen-based. Sucks that we can't have both unless we register separate AMIs. Having said that, looking at the ore code, I think you can register more than one AMI from a single snapshot?

[chewi]

Right, so anything Xen-based. Sucks that we can't have both unless we register separate AMIs. Having said that, looking at the ore code, I think you can register more than one AMI from a single snapshot?

I spoke to @t-lo and he agreed. However, having looked at the code again, it gets quite messy. Some code assumes there is only one AMI being created or only one per region. That could be fixed, but we also publish lists of the AMIs. Again, these assume one AMI per region. We have "all" vs "hvm" listings, which are actually the same, but I guess these were different at some point. We could create another variant, but we may be crossing the point where it's no longer worth the effort.

@t-lo says that AWS discourages users from deploying these older instance types. We would only be breaking new deployments here, not upgrades. @jepio, what do you think?

[t-lo]

Gen5 and higher (i.e. kvm-based instances) are cheaper to operate, and there has been a general push away from Xen based instances. Gen5 has been available from 2015 onwards (iirc).

Let's bring this up in the dev sync next Wednesday and check what others think?