action #152395
closedcoordination #151816: [epic] Handle openQA fixes and job group setup
Check the EFI vars to verify secure boot
0%
Description
Observation¶
openQA test in scenario sle-15-SP6-Online-x86_64-autoyast_non_secure_boot@uefi fails in
verify_secure_boot_bios
Follow advice in bsc#1217757#c5 due to the package we were using till now is not present in the medium anymore.
Acceptance criteria¶
AC1: Check the EFI vars to verify secure boot
Updated by rainerkoenig 5 months ago
- Status changed from Workable to In Progress
- Assignee set to rainerkoenig
Updated by rainerkoenig 5 months ago
The comment from Bugzilla is misleading, the pure existence of /sys/firmware/efi/ is not enough to determine if Secure Boot is enabled or not.
But we have verify_secure_boot.pm which
reads /sys/firmware/efi/efivars/SecureBoot-* and determines if it is enabled or not.
In the context of his ticket that code can be a foundation, but the main difference is that the code assumes that it is run on an EFI system, so on a legacy system that does not provide '/sys/firmware/efi/` that code would simply fail. So the approach needs to be checking the Secure Boot status on all possible systems (legacy & EFI) and then comparing it to what is defined in the test data.
Updated by rainerkoenig 5 months ago
Made a quick check and found out, that the affected test is only running on UEFI boot,
so we can reuse the existing verify_secure_boot module (which is also called later in the test).
Updated by rainerkoenig 5 months ago
Trial & error. The problem is that verify_secure_boot does not exit at the end. So we don't see the autoyast installation performing which cuaes the test suite to time out. Changed the code there and added an exit, since it is only used in that one testsuite.
Updated by rainerkoenig 5 months ago
Had to duplicate parts of the code from verify_secure_boot because if I run this test at the beginning, then the console test after installation will fail because it doesn't check all needles because root console was activated previously.
Pull request: https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/18300
Updated by openqa_review 5 months ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: autoyast_non_secure_boot@uefi
https://openqa.suse.de/tests/13069462#step/verify_secure_boot_bios/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by JERiveraMoya 5 months ago
- Tags changed from qe-yam-dec-sprint, qe-yam-jan-sprint to qe-yam-jan-sprint
Updated by rainerkoenig 4 months ago
- Status changed from In Progress to Resolved
Verified in SLE 15 SP6 Build 50.1.