Project

General

Profile

Actions

action #72037

open

[yast][security][qem][shim] Enable shim testing on baremetal

Added by geor about 3 years ago. Updated 7 months ago.

Status:
Feedback
Priority:
Low
Assignee:
Category:
New test
Target version:
-
Start date:
2020-09-28
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:

Description

Although we do have openQA runs with secure boot, there is need for shim testing on baremetal machine with secure boot.

probably the following would need to be scheduled:

  • security/mokutil_sign.pm
  • console/verify_efi_mok.pm
Actions #1

Updated by tjyrinki_suse about 3 years ago

  • Status changed from New to Workable
Actions #2

Updated by tjyrinki_suse almost 3 years ago

  • Subject changed from [qam][shim] Enable shim testing on baremetal to [qe-core][qam][shim] Enable shim testing on baremetal
Actions #3

Updated by tjyrinki_suse almost 3 years ago

  • Subject changed from [qe-core][qam][shim] Enable shim testing on baremetal to [qe-core][qem][shim] Enable shim testing on baremetal
Actions #4

Updated by tjyrinki_suse almost 3 years ago

  • Category set to New test
Actions #5

Updated by mgrifalconi over 2 years ago

  • Status changed from Workable to In Progress
  • Assignee set to mgrifalconi
Actions #6

Updated by mgrifalconi over 2 years ago

  • Status changed from In Progress to Workable
Actions #7

Updated by mgrifalconi over 2 years ago

  • Assignee deleted (mgrifalconi)
Actions #8

Updated by apappas over 1 year ago

  • Status changed from Workable to Feedback
  • Assignee set to tjyrinki_suse

This ticket was discussed in the qe-core refinement session.

To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?

As you were away for this session and could not answer, Timo I am assigning you to this ticket to give us some feedback.

Actions #9

Updated by geor over 1 year ago

apappas wrote:

This ticket was discussed in the qe-core refinement session.

To work on this, we need a UEFI enabled bare metal host connected to openqa. Are there any? Why did George make the ticket?

Hi, this was requested by Heiko in 2020, a requirement back from when we were part of the Maintenance-Security department.
Given that it has not been re-raised as an issue despite the fact that we haven't implemented an automated testing scenario for shim in nearly 1.5 years I think it is safe to delete this.

Actions #10

Updated by tjyrinki_suse over 1 year ago

  • Subject changed from [qe-core][qem][shim] Enable shim testing on baremetal to [yast][security][qem][shim] Enable shim testing on baremetal
  • Assignee changed from tjyrinki_suse to hrommel1

I think QE Security has done a lot of secure boot related tests (for example for aarch64), although not all might be enabled for maintenance releases.

OTOH tests/console/verify_secure_boot.pm are maintained by QE Yast, maybe because the success of the installation depends on correct functionality of secure boot.

I'll assign this to Heiko once more, maybe to raise as a topic in Wednesday's meeting or if an answer is already known about the baremetal testing status.

Actions #11

Updated by slo-gin 8 months ago

This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.

Actions #12

Updated by tjyrinki_suse 7 months ago

  • Priority changed from Normal to Low

There hasn't been requests for this ticket lately even though we might want to add more bare metal testing if baremetal machines are reliably available in openQA.

Actions

Also available in: Atom PDF