Project

General

Profile

action #72037

[yast][security][qem][shim] Enable shim testing on baremetal

Added by geor about 2 years ago. Updated 10 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
New test
Target version:
-
Start date:
2020-09-28
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Although we do have openQA runs with secure boot, there is need for shim testing on baremetal machine with secure boot.

probably the following would need to be scheduled:

  • security/mokutil_sign.pm
  • console/verify_efi_mok.pm

History

#1 Updated by tjyrinki_suse about 2 years ago

  • Status changed from New to Workable

#2 Updated by tjyrinki_suse about 2 years ago

  • Subject changed from [qam][shim] Enable shim testing on baremetal to [qe-core][qam][shim] Enable shim testing on baremetal

#3 Updated by tjyrinki_suse about 2 years ago

  • Subject changed from [qe-core][qam][shim] Enable shim testing on baremetal to [qe-core][qem][shim] Enable shim testing on baremetal

#4 Updated by tjyrinki_suse about 2 years ago

  • Category set to New test

#5 Updated by mgrifalconi almost 2 years ago

  • Status changed from Workable to In Progress
  • Assignee set to mgrifalconi

#6 Updated by mgrifalconi almost 2 years ago

  • Status changed from In Progress to Workable

#7 Updated by mgrifalconi over 1 year ago

  • Assignee deleted (mgrifalconi)

#8 Updated by apappas 10 months ago

  • Status changed from Workable to Feedback
  • Assignee set to tjyrinki_suse

This ticket was discussed in the qe-core refinement session.

To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?

As you were away for this session and could not answer, Timo I am assigning you to this ticket to give us some feedback.

#9 Updated by geor 10 months ago

apappas wrote:

This ticket was discussed in the qe-core refinement session.

To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?

Hi, this was requested by Heiko in 2020, a requirement back from when we were part of the Maintenance-Security department.
Given that it has not been re-raised as an issue despite the fact that we haven't implemented an automated testing scenario for shim in nearly 1.5 years I think it is safe to delete this.

#10 Updated by tjyrinki_suse 10 months ago

  • Subject changed from [qe-core][qem][shim] Enable shim testing on baremetal to [yast][security][qem][shim] Enable shim testing on baremetal
  • Assignee changed from tjyrinki_suse to hrommel1

I think QE Security has done a lot of secure boot related tests (for example for aarch64), although not all might be enabled for maintenance releases.

OTOH tests/console/verify_secure_boot.pm are maintained by QE Yast, maybe because the success of the installation depends on correct functionality of secure boot.

I'll assign this to Heiko once more, maybe to raise as a topic in Wednesday's meeting or if an answer is already known about the baremetal testing status.

Also available in: Atom PDF