1
0
mirror of https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git synced 2024-11-25 23:33:07 +00:00

WIP: add Clevis test

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-06-19 14:14:57 -07:00
parent 9768ac5178
commit 9ab8693839
2 changed files with 45 additions and 0 deletions

View File

@ -1553,6 +1553,19 @@
"ROOT_PASSWORD": "weakpassword" "ROOT_PASSWORD": "weakpassword"
} }
}, },
"iot_clevis": {
"profiles": {
"fedora-IoT-dvd_ostree-iso-aarch64-*-aarch64": 20,
"fedora-IoT-dvd_ostree-iso-x86_64-*-64bit": 20
},
"settings": {
"ENCRYPT_PASSWORD": "weakpassword",
"POSTINSTALL": "iot_clevis",
"QEMUTPM": "instance",
"ROOT_PASSWORD": "weakpassword",
"WORKER_CLASS": "tpm"
}
},
"iot_greenboot": { "iot_greenboot": {
"profiles": { "profiles": {
"fedora-IoT-dvd_ostree-iso-aarch64-*-aarch64": 20, "fedora-IoT-dvd_ostree-iso-aarch64-*-aarch64": 20,

32
tests/iot_clevis.pm Normal file
View File

@ -0,0 +1,32 @@
use base "installedtest";
use strict;
use testapi;
use utils;
sub run {
my $self = shift;
# switch to TTY3 for both, graphical and console tests
$self->root_console(tty=>3);
# Verify decryption is working via TPM2
assert_script_run "echo foo | clevis encrypt tpm2 '{}' | clevis decrypt";
# Get the UUID of the encrypted device
assert_script_run 'UUID=$(lsblk | grep luks | sed "s/^.*luks-//" | cut -d" " -f1)';
assert_script_run 'DEV=$(blkid --uuid $UUID)';
# Check encryption details of the device
assert_script_run 'cryptsetup luksDump $DEV > /tmp/cryptsetup.log';
upload_logs '/tmp/cryptsetup.log';
# Setup Clevis to decrypt via TPM2 on boot
assert_script_run 'clevis luks bind -f -k- -d $DEV tpm2 "{}" <<< ' . get_var("ENCRYPT_PASSWORD");
# Reboot the system and see if it is booted without user intervention
script_run "reboot", 0;
boot_to_login_screen;
}
sub test_flags {
return { fatal => 1 };
}
1;
# vim: set sw=4 et: