action #52817

[sle][security][sle12sp5] FIPS: Do the FIPS enabled installation test instead of creating image

Added by whdu 9 months ago. Updated 8 months ago.

Status:ResolvedStart date:10/06/2019
Priority:NormalDue date:
Assignee:whdu% Done:

0%

Category:Enhancement to existing tests
Target version:-
Difficulty:
Duration:

Description

We have been creating our own FIPS image and not use existing image generated by create_hdd_gnome in functional job group before, because we would like to test "kernel fips mode" during installation and use the image for other FIPS regression testing.

Currently, there is fips_env_tests_setup which create a default+WE image. But WE is not necessary for other tests except seahorse and hexchat.

This proposal is to only perform installation testing with fips=1 enabled. And do not generate any images for simplicity.

For other fips test suite, we use the normal image created by create_hdd_gnome in functional job group, and add a step fips_setup (tests/fips/fips_setup.pm) at the beginning. We believe by this approach the cases running speed could be improved, and it could help us to avoid the testing delay caused by image uploading failed issue (usually happened for s390x).**fips_setup** could also be used in the installation for only to verify FIPS kernel mode environment has been successfully configured.

The variable FIPS in lib/bootloader_setup.pm will also be renamed to FIPS_INSTALLATION.

In case "FIPS kernel mode" may not work caused by fips=1 bugs, other test suites could also be switched to "fips single mode" with variable "FIPS_ENV_MODE=1". Which has already been implemented.

Consider to make this change with PR#52808 and PR#52805 together.


Related issues

Related to openQA Tests - action #52808: [sle][security][sle12sp5] FIPS: Re-arrange existing test ... Resolved 10/06/2019
Related to openQA Tests - action #52805: [sle][security][sle12sp5] FIPS: Unified test suite settin... Resolved 10/06/2019

History

#1 Updated by whdu 9 months ago

  • Related to action #52808: [sle][security][sle12sp5] FIPS: Re-arrange existing test cases into different test suites added

#2 Updated by whdu 9 months ago

  • Related to action #52805: [sle][security][sle12sp5] FIPS: Unified test suite settings for both s390x and x86_64 added

#3 Updated by whdu 9 months ago

  • Description updated (diff)

#4 Updated by whdu 9 months ago

  • Description updated (diff)

#5 Updated by bchou 9 months ago

Just would like to amend this "fips signal mode" to "fips Single mode". Others are good to me. Thanks.

#6 Updated by whdu 9 months ago

  • Description updated (diff)

#7 Updated by whdu 9 months ago

  • Subject changed from [sle][security][sle12sp5] FIPS: Prepare minimal textmode image for FIPS testing to [sle][security][sle12sp5] FIPS: Do the FIPS enabled installation test instead of creating image
  • Description updated (diff)
  • Status changed from New to In Progress

#8 Updated by whdu 8 months ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF