action #72037
open[yast][security][qem][shim] Enable shim testing on baremetal
0%
Description
Although we do have openQA runs with secure boot, there is need for shim testing on baremetal machine with secure boot.
probably the following would need to be scheduled:
- security/mokutil_sign.pm
- console/verify_efi_mok.pm
Updated by tjyrinki_suse over 4 years ago
- Subject changed from [qam][shim] Enable shim testing on baremetal to [qe-core][qam][shim] Enable shim testing on baremetal
Updated by tjyrinki_suse over 4 years ago
- Subject changed from [qe-core][qam][shim] Enable shim testing on baremetal to [qe-core][qem][shim] Enable shim testing on baremetal
Updated by mgrifalconi about 4 years ago
- Status changed from Workable to In Progress
- Assignee set to mgrifalconi
Updated by mgrifalconi about 4 years ago
- Status changed from In Progress to Workable
Updated by apappas over 3 years ago
- Status changed from Workable to Feedback
- Assignee set to tjyrinki_suse
This ticket was discussed in the qe-core refinement session.
To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?
As you were away for this session and could not answer, Timo I am assigning you to this ticket to give us some feedback.
Updated by geor over 3 years ago
apappas wrote:
This ticket was discussed in the qe-core refinement session.
To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?
Hi, this was requested by Heiko in 2020, a requirement back from when we were part of the Maintenance-Security department.
Given that it has not been re-raised as an issue despite the fact that we haven't implemented an automated testing scenario for shim in nearly 1.5 years I think it is safe to delete this.
Updated by tjyrinki_suse over 3 years ago
- Subject changed from [qe-core][qem][shim] Enable shim testing on baremetal to [yast][security][qem][shim] Enable shim testing on baremetal
- Assignee changed from tjyrinki_suse to hrommel1
I think QE Security has done a lot of secure boot related tests (for example for aarch64), although not all might be enabled for maintenance releases.
OTOH tests/console/verify_secure_boot.pm are maintained by QE Yast, maybe because the success of the installation depends on correct functionality of secure boot.
I'll assign this to Heiko once more, maybe to raise as a topic in Wednesday's meeting or if an answer is already known about the baremetal testing status.
Updated by slo-gin over 2 years ago
This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.
Updated by tjyrinki_suse about 2 years ago
- Priority changed from Normal to Low
There hasn't been requests for this ticket lately even though we might want to add more bare metal testing if baremetal machines are reliably available in openQA.
Updated by tjyrinki_suse over 1 year ago
- Status changed from Feedback to Workable
- Assignee deleted (
hrommel1) - Start date deleted (
2020-09-28) - Estimated time set to 16.00 h
- Parent task set to #136034
We have mokutil_sign executed as part of create_hdd_textmode_ext4_mok_enroll on maintenance, QU and prod_devel on x86_64.
We have verify_efi_mok executed as part of aarch64_secureboot likewise in all job groups.
Next step would be we should make sure those two will be similarly executed as part of our on-demand baremetal testing plans.
Updated by tjyrinki_suse over 1 year ago
- Tags changed from feature to feature, baremetal