Boot loop after disabling Secure-boot and resetting the machine

[bernardgut]

Bug Report

If you setup your /dev/X with a secureboot version Talos ISO then destroy it, then set it up again with a non-secureboot ISO version, your machine will go in a boot loop forever when provisionning clusters.

Description

Apparently the EFI partition is always preserved, even when provisionning with machine.installer.wipe=true. This means you can never turn off secureboot after you turned it on. The only way I found to escape this was to boot Ubuntu Live and wipefs the device.

Logs

Environment

• Talos version: [1.7.6]
• Kubernetes version: [1.30.3]
• Platform: bare-metal

[smira]

This is not related to wiping, it looks like your system is still detected as SecureBoot by Talos installer.

[bernardgut]

yes basically but I saw quickly in the logs something along the lines of "EFI partition preserved" when it should be wiped too if you are going from SecureBoot-> non SecureBoot

[smira]

The installer in 1.8 behaves in a bit different way, so hard to say whether this issue is still in 1.8 or not.

I would try to wipe the disk and wipe EFI state to clear any traces of SecureBoot system.