action #133265
closed[security][ALP] Manual Testing for ALP Dolomite Build 2.1
100%
Description
We should do manual testing of the latest ALP Dolomite (Micro) build 2.1.
- Download: https://download.suse.de/ibs/SUSE:/ALP:/Products:/Dolomite:/1.0:/ToTest/images/ALP-Dolomite.x86_64-1.0-Default-encrypted-Build2.1.raw
- Documentation: https://documentation.suse.com/alp/micro/html/alp-micro/concept-alp-deployment.html
Steps:
Raw image setup with TPMFallback to password disk decryption when TPM is removedCheckaudit.logfor AVC deny
Feel free to add more bullet-points. Completed tasks are crossed-out.
Files
| 2023-07-25_10_08_33.png (108 KB) 2023-07-25_10_08_33.png | Password Unlock Fallback | ||
| 2023-07-25_10_10_52.png (92.8 KB) 2023-07-25_10_10_52.png | Missing TPM Boot | ||
| audit.log (109 KB) audit.log |
Updated by emiler 10 months ago
- File 2023-07-25_10_08_33.png 2023-07-25_10_08_33.png added
- File 2023-07-25_10_10_52.png 2023-07-25_10_10_52.png added
- Description updated (diff)
The raw image is booting without issues. I followed the setup steps in the documentation, mainly changing BIOS to UEFI and adding an emulated TPM.
When TPM is later removed, it does fall back to password authentication and is able to unlock the disk and boot successfully. When re-added again, the system boots without any password prompt.
Updated by emiler 10 months ago
Here is a copy of audit.log after playing with the TPM fallback. I have also enabled root login via ssh to pull the log from the system, which works fine and without the need to modify anything in SELinux.
echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/root.conf
systemctl restart sshd
Updated by tjyrinki_suse 10 months ago
- Tags set to alp
- Status changed from Feedback to Resolved
- Assignee deleted (
emiler) - % Done changed from 0 to 100
- Estimated time set to 4.00 h
Excellent work, thank you for testing milestone 2 candidate!