action #137849
open[security] Migrate FIPS encryption tests to AutoYaST
0%
Description
We could migrate existing encryption tests to use AutoYaST, which would make the test noticeably faster.
Updated by emiler 7 months ago
I have been experimenting with this and It doesn't pass FIPS integrity test during boot, for example here: https://openqa.suse.de/tests/12464819
At first it seemed like AutoYaST is not able to work with FIPS during installation, but there are other FIPS jobs which works, eg. https://openqa.suse.de/tests/12474399. I'll do further poking.
Work is being tracked at https://github.com/realcharmer/os-autoinst-distri-opensuse/tree/autoyast.
Updated by emiler 7 months ago
I have been trying to get rid of YAML_TEST_DATA
from the old tests, which are used during runtime checks, such as validate_encrypt
, but it would require to "hardcode" some variables. Simply removing the data file would result in a failure during validation tests. I'll do more experimenting.
Updated by emiler 7 months ago
There are also issues with 15-SP6 (https://openqa.suse.de/tests/12570812#step/installation/6) which need investigation.
Updated by emiler 6 months ago
The SP6 issue is that grub2-arm64-efi
is missing: https://openqa.suse.de/tests/12616336#step/installation/9
Although it should be available according to http://xcdchk.suse.de/results/SLE-15-SP6-Full-Test/26.1
I'll put this on hold until a new working SP6 build comes out.
Updated by emiler about 1 month ago
- Status changed from In Progress to Workable
Not working on this at the moment.