2022-02-17 19:39:08 +00:00
|
|
|
summary: run keylime e2e tests
|
|
|
|
|
|
2022-06-07 10:58:05 +00:00
|
|
|
# define context to filter out all test requiring TPM device
|
|
|
|
|
context:
|
|
|
|
|
swtpm: yes
|
2023-04-07 12:22:36 +00:00
|
|
|
agent: rust
|
|
|
|
|
faked_measured_boot_log: no
|
2022-06-07 10:58:05 +00:00
|
|
|
|
|
|
|
|
prepare:
|
|
|
|
|
- how: shell
|
|
|
|
|
script:
|
|
|
|
|
- dnf config-manager --set-enabled updates-testing updates-testing-modular
|
|
|
|
|
|
2022-02-17 19:39:08 +00:00
|
|
|
discover:
|
|
|
|
|
how: fmf
|
|
|
|
|
url: https://github.com/RedHat-SP-Security/keylime-tests
|
2022-12-01 12:14:23 +00:00
|
|
|
ref: "@.tmt/dynamic_ref.fmf"
|
2022-02-17 21:45:08 +00:00
|
|
|
test:
|
2022-02-17 19:39:08 +00:00
|
|
|
- /setup/configure_tpm_emulator
|
2022-07-08 18:38:24 +00:00
|
|
|
# change IMA policy to simple and run one attestation scenario
|
|
|
|
|
# this is to utilize also a different parser
|
|
|
|
|
- /setup/configure_kernel_ima_module/ima_policy_simple
|
2022-09-12 14:06:25 +00:00
|
|
|
- /setup/inject_SELinux_AVC_check
|
2022-07-08 18:38:24 +00:00
|
|
|
- /functional/basic-attestation-on-localhost
|
|
|
|
|
# now change IMA policy to signing and run all tests
|
|
|
|
|
- /setup/configure_kernel_ima_module/ima_policy_signing
|
2023-06-06 16:50:41 +00:00
|
|
|
- "^/functional/.*"
|
2022-02-17 19:39:08 +00:00
|
|
|
|
|
|
|
|
execute:
|
|
|
|
|
how: tmt
|
2022-12-12 09:26:01 +00:00
|
|
|
|
|
|
|
|
adjust:
|
|
|
|
|
- when: distro == fedora-rawhide
|
|
|
|
|
environment:
|
|
|
|
|
AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
|
|
|
|
|
because: "On Rawhide we ignore SELinux AVCs not related to keylime"
|
