QA » openQA Project » openQA Tests

I have been experimenting with this and It doesn't pass FIPS integrity test during boot, for example here: https://openqa.suse.de/tests/12464819

At first it seemed like AutoYaST is not able to work with FIPS during installation, but there are other FIPS jobs which works, eg. https://openqa.suse.de/tests/12474399. I'll do further poking.

Work is being tracked at https://github.com/realcharmer/os-autoinst-distri-opensuse/tree/autoyast.

Several modifications had to been made to the AutoYaST xml file, mainly setting correct <append> values to boot from /dev/vda2. It now runs on x86_64 and aarch64. I have also added a fips_install_separate_boot_verify module to the schedule to actually verify FIPS after installation.

I have been trying to get rid of YAML_TEST_DATA from the old tests, which are used during runtime checks, such as validate_encrypt, but it would require to "hardcode" some variables. Simply removing the data file would result in a failure during validation tests. I'll do more experimenting.

There are also issues with 15-SP6 (https://openqa.suse.de/tests/12570812#step/installation/6) which need investigation.

The SP6 issue is that grub2-arm64-efi is missing: https://openqa.suse.de/tests/12616336#step/installation/9
Although it should be available according to http://xcdchk.suse.de/results/SLE-15-SP6-Full-Test/26.1
I'll put this on hold until a new working SP6 build comes out.