action #152455
closed[security][15-SP6] GRUB now passes through unlocking, test needs to be changed
100%
Description
This is not a test failure ticket, but a behavior change since we earlier learned 15-SP6 GRUB will obtain a feature to pass-through decryption the Linux kernel for the / partition. This request contained it: https://smelt.suse.de/request/313295/
So the test likely needs to behave differently on >= 15-SP6 where this new feature is implemented.
openQA test in scenario sle-15-SP6-Online-x86_64-create_hdd_gnome_encrypt_separate_boot@64bit fails in
boot_encrypt
Last good: 40.1 (or more recent)
Acceptance Criteria¶
- Change the test to now expect this new behavior on 15-SP6, and fail if the pass-through does not work
- Older SLE versions should behave as before
Further Information¶
This information I got from the developers:
Yes it should work for SP6 if the new grub version is accepted. By the way grub will only handle the key for the root partition being unlocked by bootloader (grub). It will not handle the key for swap and other partitions systemd may ask to unlock from the initrd or bootsplash. If those (separate) encrypted partition shares the same key with root partition, the /etc/crypttab has to be modifed with the same key location as root so that systemd can know where to look up the key file.