action #109163
closed[sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA
100%
Description
Test Case 1769936: FIPS: Full disk encryption with LUKS (including /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769936
Test Case 1769937: FIPS: Full disk encryption with LUKS (separate unencrypted /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769937
Hello Shawn,
I think you could take this ticket as you have some LUKS test experience. And these 2 cases can be test cases an be implemented in the same time as they are the similar testing area.
You could still need to investigate it and try this on TW first as you are unable to access OSD currently. And also I think the configure/UI style would be some different between SLE and TW.
Thank you.
Updated by llzhao over 2 years ago
- Subject changed from [sle][security][sle15sp4][FIPS] Implement & Integrate LUKS test case into openQA to [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA
Updated by llzhao over 2 years ago
- Subject changed from [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA to [sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA
Updated by shawnhao over 2 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 90
Need to move to official group from dev on osd
Updated by rfan1 over 2 years ago
- % Done changed from 90 to 30
https://bugzilla.suse.com/show_bug.cgi?id=1198190
Based on this bug, we should add some workaround to boot up the system with separate /boot partition.
Updated by rfan1 over 2 years ago
Sample cases can be used to add FIPS installation mode:
https://openqa.suse.de/tests/8751720
https://openqa.suse.de/tests/8751715
Updated by rfan1 over 2 years ago
Added some workaround to define boot dev in grub:
+ if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) {
+ my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml";
+ my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'");
+ assert_script_run("mount $boot_hd /mnt");
+ assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg");
+ assert_script_run('umount /mnt');
+ }
Updated by rfan1 over 2 years ago
rfan1 wrote:
Added some workaround to define boot dev in grub:
+ if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) { + my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml"; + my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'"); + assert_script_run("mount $boot_hd /mnt"); + assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg"); + assert_script_run('umount /mnt'); + }
https://openqa.suse.de/tests/8906171
Updated by rfan1 over 2 years ago
http://openqa.suse.de/tests/8906497# [full disk encryption]
Updated by rfan1 over 2 years ago
- % Done changed from 30 to 50
Updated by rfan1 over 2 years ago
https://openqa.suse.de/tests/8921605# [x86_uefi_full]
#openqa-clone-job --from http://openqa.suse.de --host http://openqa.suse.de 8751720 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1 _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/full_lvm_enc_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
Updated by rfan1 over 2 years ago
https://openqa.suse.de/tests/8921612#[x86_uefi with separate boot]
#openqa-clone-job --from http://openqa.suse.de --host http://openqa.suse.de 8751715 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1 _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/lvm_encrypt_separate_boot_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
Created job #8921612: sle-15-SP4-Online-x86_64-Build151.1-lvm-encrypt-separate-boot@64bit -> http://openqa.suse.de/t8921612
Updated by rfan1 over 2 years ago
- Status changed from In Progress to Feedback
- % Done changed from 80 to 90
Updated by rfan1 over 2 years ago
- Copied to action #113162: [security][FIPS][15-SP4][15-SP5] Implement & Integrate LUKS test case into openQA added
Updated by rfan1 over 2 years ago
- Status changed from Feedback to Resolved
- % Done changed from 90 to 100