action #109163
closed
[sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA
Added by bchou about 2 years ago.
Updated almost 2 years ago.
Description
Test Case 1769936: FIPS: Full disk encryption with LUKS (including /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769936
Test Case 1769937: FIPS: Full disk encryption with LUKS (separate unencrypted /boot)
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769937
Hello Shawn,
I think you could take this ticket as you have some LUKS test experience. And these 2 cases can be test cases an be implemented in the same time as they are the similar testing area.
You could still need to investigate it and try this on TW first as you are unable to access OSD currently. And also I think the configure/UI style would be some different between SLE and TW.
Thank you.
- Subject changed from [sle][security][sle15sp4][FIPS] Implement & Integrate LUKS test case into openQA to [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA
- Subject changed from [sle][security][FIPS][backlog] Implement & Integrate LUKS test case into openQA to [sle][security][backlog][FIPS]Implement & Integrate LUKS test case into openQA
- Status changed from New to In Progress
- % Done changed from 0 to 90
Need to move to official group from dev on osd
- Assignee changed from shawnhao to rfan1
- % Done changed from 90 to 30
Added some workaround to define boot dev in grub:
+ if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) {
+ my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml";
+ my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'");
+ assert_script_run("mount $boot_hd /mnt");
+ assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg");
+ assert_script_run('umount /mnt');
+ }
rfan1 wrote:
Added some workaround to define boot dev in grub:
+ if (get_var('FIPS_INSTALLATION') && get_var('ENCRYPT') && get_var('UNENCRYPTED_BOOT')) {
+ my $stor_inst = "/var/log/YaST2/storage-inst/*committed.yml";
+ my $boot_hd = script_output("cat $stor_inst | grep -B4 'mount_point: \"/boot\"' | grep name | awk -F \\\" '{print \$2}'");
+ assert_script_run("mount $boot_hd /mnt");
+ assert_script_run("sed -i -e \"s#fips=1#boot=$boot_hd fips=1#g\" /mnt/grub2/grub.cfg");
+ assert_script_run('umount /mnt');
+ }
https://openqa.suse.de/tests/8906171
- % Done changed from 30 to 50
https://openqa.suse.de/tests/8921605# [x86_uefi_full]
#openqa-clone-job --from http://openqa.suse.de --host http://openqa.suse.de 8751720 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1 _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/full_lvm_enc_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
https://openqa.suse.de/tests/8921612#[x86_uefi with separate boot]
#openqa-clone-job --from http://openqa.suse.de --host http://openqa.suse.de 8751715 --skip-download --skip-chained-deps CASEDIR=https://github.com/rfan1/os-autoinst-distri-opensuse.git#fips_encrypt FIPS_INSTALLATION=1 _GROUP=0 MACHINE=uefi UEFI=1 YAML_TEST_DATA=test_data/yast/encryption/lvm_encrypt_separate_boot_uefi.yaml UEFI_PFLASH_CODE=/usr/share/qemu/ovmf-x86_64-ms-code.bin UEFI_PFLASH_VARS=/usr/share/qemu/ovmf-x86_64-ms-vars.bin
Created job #8921612: sle-15-SP4-Online-x86_64-Build151.1-lvm-encrypt-separate-boot@64bit -> http://openqa.suse.de/t8921612
- % Done changed from 50 to 80
- Status changed from In Progress to Feedback
- % Done changed from 80 to 90
- Copied to action #113162: [security][FIPS][15-SP4][15-SP5] Implement & Integrate LUKS test case into openQA added
- Status changed from Feedback to Resolved
- % Done changed from 90 to 100
Also available in: Atom
PDF