action #152395
closed
coordination #151816: [epic] Handle openQA fixes and job group setup
Check the EFI vars to verify secure boot
Added by JERiveraMoya 7 months ago.
Updated 6 months ago.
Description
Observation¶
openQA test in scenario sle-15-SP6-Online-x86_64-autoyast_non_secure_boot@uefi fails in
verify_secure_boot_bios
Follow advice in bsc#1217757#c5 due to the package we were using till now is not present in the medium anymore.
Acceptance criteria¶
AC1: Check the EFI vars to verify secure boot
- Status changed from Workable to In Progress
- Assignee set to rainerkoenig
The comment from Bugzilla is misleading, the pure existence of /sys/firmware/efi/ is not enough to determine if Secure Boot is enabled or not.
But we have verify_secure_boot.pm which
reads /sys/firmware/efi/efivars/SecureBoot-* and determines if it is enabled or not.
In the context of his ticket that code can be a foundation, but the main difference is that the code assumes that it is run on an EFI system, so on a legacy system that does not provide '/sys/firmware/efi/` that code would simply fail. So the approach needs to be checking the Secure Boot status on all possible systems (legacy & EFI) and then comparing it to what is defined in the test data.
Made a quick check and found out, that the affected test is only running on UEFI boot,
so we can reuse the existing verify_secure_boot module (which is also called later in the test).
Trial & error. The problem is that verify_secure_boot does not exit at the end. So we don't see the autoyast installation performing which cuaes the test suite to time out. Changed the code there and added an exit, since it is only used in that one testsuite.
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: autoyast_non_secure_boot@uefi
https://openqa.suse.de/tests/13069462#step/verify_secure_boot_bios/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
- Tags changed from qe-yam-dec-sprint, qe-yam-jan-sprint to qe-yam-jan-sprint
- Status changed from In Progress to Resolved
Verified in SLE 15 SP6 Build 50.1.
Also available in: Atom
PDF