action #72037
open
[yast][security][qem][shim] Enable shim testing on baremetal
0%
Description
Although we do have openQA runs with secure boot, there is need for shim testing on baremetal machine with secure boot.
probably the following would need to be scheduled:
- security/mokutil_sign.pm
- console/verify_efi_mok.pm
Updated by tjyrinki_suse almost 3 years ago
- Subject changed from [qam][shim] Enable shim testing on baremetal to [qe-core][qam][shim] Enable shim testing on baremetal
Updated by tjyrinki_suse almost 3 years ago
- Subject changed from [qe-core][qam][shim] Enable shim testing on baremetal to [qe-core][qem][shim] Enable shim testing on baremetal
Updated by mgrifalconi over 2 years ago
- Status changed from Workable to In Progress
- Assignee set to mgrifalconi
Updated by mgrifalconi over 2 years ago
- Status changed from In Progress to Workable
Updated by apappas over 1 year ago
- Status changed from Workable to Feedback
- Assignee set to tjyrinki_suse
This ticket was discussed in the qe-core refinement session.
To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?
As you were away for this session and could not answer, Timo I am assigning you to this ticket to give us some feedback.
Updated by geor over 1 year ago
apappas wrote:
This ticket was discussed in the qe-core refinement session.
To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?
Hi, this was requested by Heiko in 2020, a requirement back from when we were part of the Maintenance-Security department.
Given that it has not been re-raised as an issue despite the fact that we haven't implemented an automated testing scenario for shim in nearly 1.5 years I think it is safe to delete this.
Updated by tjyrinki_suse over 1 year ago
- Subject changed from [qe-core][qem][shim] Enable shim testing on baremetal to [yast][security][qem][shim] Enable shim testing on baremetal
- Assignee changed from tjyrinki_suse to hrommel1
I think QE Security has done a lot of secure boot related tests (for example for aarch64), although not all might be enabled for maintenance releases.
OTOH tests/console/verify_secure_boot.pm are maintained by QE Yast, maybe because the success of the installation depends on correct functionality of secure boot.
I'll assign this to Heiko once more, maybe to raise as a topic in Wednesday's meeting or if an answer is already known about the baremetal testing status.
Updated by slo-gin 8 months ago
This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.
Updated by tjyrinki_suse 7 months ago
- Priority changed from Normal to Low
There hasn't been requests for this ticket lately even though we might want to add more bare metal testing if baremetal machines are reliably available in openQA.