Project

General

Profile

Actions
Copy link

action #178669

open

Improve the Full Disk Encryption tests in Tumbleweed and MicroOS

Added by aplanas 2 months ago. Updated about 1 month ago.

Status:
In Progress
Priority:
Normal
Assignee:
szarate
Category:
New test
Target version:
QA (public) - future
Start date:
2025-03-11
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
factory

Description

Tumbleweed and MicroOS has already a FDE based on systemd, using TPM2 and FIDO2 keys for the unlock the encrypted devices. With the default of grub2-bls, this system can now be used with systemd-boot and grub2-bls.

Ideally, we should have a matrix of tests with this axes:

  • OS: Tumbleweed, MicroOS
  • Boot loader: grub2-bls, systemd-boot
  • Policy: NVIndex policy (systemd-pcrlock), signed policy (pcr-oracle)
  • Tests
    • Installation of FDE via YaST (WIP)
    • Install LUKS2 devices (cr_root and cr_swap for Tumbleweed, cr_root for MicroOS) in YaST and do the enrollment manually
    • Basic (smoke) test of all sdbootutil commands
    • Update the system and reboot
    • Change default snapshot and reboot
    • Rollback and reboot
    • Generate multiple (>10) snapshots and reboot
    • Migrate bootloader
    • Migrate kind of policy

Related issues 1 (0 open1 closed)

Related to Containers and images - action #176280: [MinimalVM] Add test runs for Tumbleweed BLSResolvedmloviska2025-01-28

Actions
Actions
Copy link

Also available in: Atom PDF