action #28507
Updated by riafarov over 6 years ago
## User story As a customer, when I select in the Yast installer to use *encrypted LVM-based* partitions, I expect _/boot_ to also be encrypted, so initrd and kernel are better protected against malicious actions. - Take in mind that _/boot_ can be a directory under the root partition or be in a separated partition, but in any case, it is expected to be encrypted. - Be aware that on SLE 12-SP3 _/boot_ was in a separated partition by default. On SLE 15, _/boot_ is no more in a separated partition by default. ## Acceptance criteria **AC1:** <s>**AC1:** [bsc#1070139](https://bugzilla.suse.com/show_bug.cgi?id=1070139) is resolved.</s> **AC2:** The test suite **lvm-full-encrypt** is adapted to have an encrypted _/boot_ for **aarch64**, **ppc64** and **x86_64** **AC2:** **AC3:** The test suite **lvm-full-encrypt** still gives for SLE 12-SP3 the same results as in https://openqa.suse.de/tests/overview?distri=sle&version=12-SP3&build=0473&groupid=55. **AC3:** **AC4:** On ppc there is a workaround for [bsc#1070139](https://bugzilla.suse.com/show_bug.cgi?id=1070139) **AC4:** Create additional test suite where we add unencrypted /boot partition outside of lvm to get same coverage for SLE 12 on SLE 15 ## Tasks <s>1. Wait for [bsc#1070139](https://bugzilla.suse.com/show_bug.cgi?id=1070139) to be resolved.</s> 2. Adapt test suite **lvm-full-encrypt** to work for SLE 12-SP3 and SLE 15.