Project

General

Profile

Actions
Copy link

action #178669

open

Improve the Full Disk Encryption tests in Tumbleweed and MicroOS

Added by aplanas about 1 month ago. Updated 13 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
szarate
Category:
New test
Target version:
QA (public) - future
Start date:
2025-03-11
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
factory

Description

Tumbleweed and MicroOS has already a FDE based on systemd, using TPM2 and FIDO2 keys for the unlock the encrypted devices. With the default of grub2-bls, this system can now be used with systemd-boot and grub2-bls.

Ideally, we should have a matrix of tests with this axes:

  • OS: Tumbleweed, MicroOS
  • Boot loader: grub2-bls, systemd-boot
  • Policy: NVIndex policy (systemd-pcrlock), signed policy (pcr-oracle)
  • Tests
    • Installation of FDE via YaST (WIP)
    • Install LUKS2 devices (cr_root and cr_swap for Tumbleweed, cr_root for MicroOS) in YaST and do the enrollment manually
    • Basic (smoke) test of all sdbootutil commands
    • Update the system and reboot
    • Change default snapshot and reboot
    • Rollback and reboot
    • Generate multiple (>10) snapshots and reboot
    • Migrate bootloader
    • Migrate kind of policy

Related issues 1 (0 open1 closed)

Related to Containers and images - action #176280: [MinimalVM] Add test runs for Tumbleweed BLSResolvedmloviska2025-01-28

Actions
Actions
Copy link
 #1

Updated by okurz about 1 month ago

  • Target version set to future

Hi aplanas, is this targeting openQA tests or where should it belong?

Actions
Copy link
 #2

Updated by szarate about 1 month ago

  • Project changed from QA (public) to openQA Tests (public)
Actions
Copy link
 #3

Updated by szarate about 1 month ago

  • Tags set to factory
Actions
Copy link
 #4

Updated by szarate about 1 month ago

  • Related to action #176280: [MinimalVM] Add test runs for Tumbleweed BLS added
Actions
Copy link
 #6

Updated by szarate 16 days ago

Branch https://github.com/foursixnine/os-autoinst-distri-opensuse.git#sdboot_tumbleweed has changes to enable sdboot on default gnome scenario

Actions
Copy link
 #7

Updated by szarate 15 days ago

  • Category set to New test
  • Status changed from New to In Progress
  • Assignee set to szarate

Changes made to the already created branch are proving to be good: https://openqa.opensuse.org/tests/4962758#step/reboot_gnome/8

System is installed with FDE and later enrolled in the sdbootutil_enroll module, some more code is needed to test the proper enrollment on the spot (i.e reboot the system, unenroll, reboot system again, enroll again)

Actions
Copy link

Also available in: Atom PDF