action #30186
closed
[sle][functional][qam][research][medium] crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back
Added by okurz over 6 years ago.
Updated about 6 years ago.
Category:
Bugs in existing tests
Description
Motivation¶
Heiko Rommel (QAM) asked about "secure boot testing" in openQA and we have that support in os-autoinst-distri-opensuse but maybe not currently running for our SLE tests and/or openSUSE and should crosscheck that.
Further details¶
In https://openqa.suse.de/admin/test_suites I can find the test suite "minimal_x+uefi" specifying "EXTRABOOTPARAMS=secureboot_enable=1" which I am not sure what benefit it will provide. os-autoinst-distri-opensuse mentions get_var("SECUREBOOT")
which is not mentioned in any test suite on neither osd nor o3. Checking with https://github.com/okurz/scripts/blob/master/openqa-db_query_last_use_of_module I could not find the test module "installation/secure_boot" being called anywhere on neither osd nor o3 so we certainly miss something here.
Tasks¶
- Research what is the current state of test scenarios, if secure boot is used anywhere
- Research what has to be done to enable such a scenario and either add it if trivial, or create another ticket with proper description and findings
- Subject changed from [sle][functional]crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back to [sle][functional][qam]crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back
I have no idea what those parameters are about. Whether or not secure boot is enabled depends only on the uefi firmware used. See rpm -ql qemu-ovmf-
x86_64
*-{ms,opensuse,suse} are firmwares that have secure boot on and require signed bootloaders.
The plain ovmf-x86_64.bin is the only one without secure boot. In openQA there are various machines that have UEFI enabled. By default the ms firmware is used. So you can schedule any test also a UEFI machine.
SLE also has uefi and uefi-staging machines
- Subject changed from [sle][functional][qam]crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back to [sle][functional][qam][research] crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back
- Description updated (diff)
- Status changed from New to Workable
- Subject changed from [sle][functional][qam][research] crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back to [sle][functional][qam][research][medium] crosscheck "secure boot" test scenarios for SLE and openSUSE and bring them back
- Status changed from Workable to In Progress
- Status changed from In Progress to Resolved
I am afraid that original question was not answered (its kind of yes/no) question - its nice that cryptlvm was enabled for SLE-15 of course ...
In other words, for uefi* tests is secure boot enabled or not?
Also available in: Atom
PDF