[sle][security][sle12sp5] FIPS: Do the FIPS enabled installation test instead of creating image
We have been creating our own FIPS image and not use existing image generated by
create_hdd_gnome in functional job group before, because we would like to test "kernel fips mode" during installation and use the image for other FIPS regression testing.
Currently, there is
fips_env_tests_setup which create a default+WE image. But WE is not necessary for other tests except seahorse and hexchat.
This proposal is to only perform installation testing with fips=1 enabled. And do not generate any images for simplicity.
For other fips test suite, we use the normal image created by create_hdd_gnome in functional job group, and add a step fips_setup (
tests/fips/fips_setup.pm) at the beginning. We believe by this approach the cases running speed could be improved, and it could help us to avoid the testing delay caused by image uploading failed issue (usually happened for s390x).fips_setup could also be used in the installation for only to verify FIPS kernel mode environment has been successfully configured.
The variable FIPS in
lib/bootloader_setup.pm will also be renamed to FIPS_INSTALLATION.
In case "FIPS kernel mode" may not work caused by fips=1 bugs, other test suites could also be switched to "fips single mode" with variable "FIPS_ENV_MODE=1". Which has already been implemented.
Consider to make this change with PR#52808 and PR#52805 together.
#7 Updated by whdu about 2 years ago
- Subject changed from [sle][security][sle12sp5] FIPS: Prepare minimal textmode image for FIPS testing to [sle][security][sle12sp5] FIPS: Do the FIPS enabled installation test instead of creating image
- Description updated (diff)
- Status changed from New to In Progress