Project

General

Profile

Actions
Copy link

action #109163

closed

[sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA

Added by bchou about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
rfan1
Category:
New test
Target version:
-
Start date:
2022-03-29
Due date:
% Done:

100%

Estimated time:
40.00 h
Difficulty:

Description

Test Case 1769936: FIPS: Full disk encryption with LUKS (including /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769936

Test Case 1769937: FIPS: Full disk encryption with LUKS (separate unencrypted /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769937

Hello Shawn,
I think you could take this ticket as you have some LUKS test experience. And these 2 cases can be test cases an be implemented in the same time as they are the similar testing area.

You could still need to investigate it and try this on TW first as you are unable to access OSD currently. And also I think the configure/UI style would be some different between SLE and TW.

Thank you.

Related issues 1 (0 open1 closed)

Copied to openQA Tests - action #113162: [security][FIPS][15-SP4][15-SP5] Implement & Integrate LUKS test case into openQA Resolvedemiler2022-03-29

Actions
Actions
Copy link
 #1

Updated by llzhao almost 2 years ago

  • Subject changed from [sle][security][sle15sp4][FIPS] Implement & Integrate LUKS test case into openQA to [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA
Actions
Copy link
 #2

Updated by llzhao almost 2 years ago

  • Subject changed from [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA to [sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA
Actions
Copy link
 #3

Updated by shawnhao almost 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90

Need to move to official group from dev on osd

Actions
Copy link
 #4

Updated by shawnhao almost 2 years ago

  • Assignee changed from shawnhao to rfan1
Actions
Copy link
 #5

Updated by rfan1 almost 2 years ago

  • % Done changed from 90 to 30

https://bugzilla.suse.com/show_bug.cgi?id=1198190

Based on this bug, we should add some workaround to boot up the system with separate /boot partition.

Actions
Copy link
 #6

Updated by rfan1 almost 2 years ago

Sample cases can be used to add FIPS installation mode:

https://openqa.suse.de/tests/8751720
https://openqa.suse.de/tests/8751715

Actions
Copy link
 #7

Updated by rfan1 almost 2 years ago

Added some workaround to define boot dev in grub:

+    if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) {
+        my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml";
+        my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'");
+        assert_script_run("mount $boot_hd /mnt");
+        assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg");
+        assert_script_run('umount /mnt');
+    }
Actions
Copy link
 #8

Updated by rfan1 almost 2 years ago

rfan1 wrote:

Added some workaround to define boot dev in grub:

+    if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) {
+        my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml";
+        my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'");
+        assert_script_run("mount $boot_hd /mnt");
+        assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg");
+        assert_script_run('umount /mnt');
+    }

https://openqa.suse.de/tests/8906171

Actions
Copy link
 #9

Updated by rfan1 almost 2 years ago

http://openqa.suse.de/tests/8906497# [full disk encryption]

Actions
Copy link
 #11

Updated by rfan1 almost 2 years ago

https://openqa.suse.de/tests/8921605# [x86_uefi_full]

#openqa-clone-job  --from http://openqa.suse.de --host http://openqa.suse.de 8751720 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1  _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/full_lvm_enc_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
Actions
Copy link
 #12

Updated by rfan1 almost 2 years ago

https://openqa.suse.de/tests/8921612#[x86_uefi with separate boot]

#openqa-clone-job  --from http://openqa.suse.de --host http://openqa.suse.de 8751715 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1  _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/lvm_encrypt_separate_boot_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
Created job #8921612: sle-15-SP4-Online-x86_64-Build151.1-lvm-encrypt-separate-boot@64bit -> http://openqa.suse.de/t8921612
Actions
Copy link
 #13

Updated by rfan1 almost 2 years ago

  • % Done changed from 50 to 80
Actions
Copy link
 #14

Updated by rfan1 almost 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 80 to 90
Actions
Copy link
 #15

Updated by rfan1 almost 2 years ago

  • Copied to action #113162: [security][FIPS][15-SP4][15-SP5] Implement & Integrate LUKS test case into openQA added
Actions
Copy link
 #16

Updated by rfan1 almost 2 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100
Actions
Copy link

Also available in: Atom PDF