Add Secure Boot testing
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
a0eb2827b8
commit
c879906d16
|
@ -63,11 +63,14 @@
|
|||
"QEMU_VIDEO_DEVICE": "virtio-vga",
|
||||
"XRES": "1024",
|
||||
"YRES": "768",
|
||||
"QEMUMACHINE": "q35,smm=on",
|
||||
"QEMU_APPEND": "global driver=cfi.pflash01,property=secure,value=on",
|
||||
"QEMU_MAX_MIGRATION_TIME": "480",
|
||||
"QEMU_VIRTIO_RNG": "1",
|
||||
"UEFI": "1",
|
||||
"UEFI_PFLASH_CODE": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
|
||||
"UEFI_PFLASH_VARS": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
|
||||
"UEFI_PFLASH_CODE": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
|
||||
"UEFI_PFLASH_VARS": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
|
||||
"UEFI_SECURE": "1",
|
||||
"WORKER_CLASS": "qemu_x86_64"
|
||||
}
|
||||
}
|
||||
|
@ -1626,6 +1629,7 @@
|
|||
"fedora-Server-dvd-iso-aarch64-*-aarch64": 10,
|
||||
"fedora-Server-dvd-iso-ppc64le-*-ppc64le": 10,
|
||||
"fedora-Server-dvd-iso-x86_64-*-64bit": 10,
|
||||
"fedora-Server-dvd-iso-x86_64-*-uefi": 10,
|
||||
"fedora-Silverblue-dvd_ostree-iso-ppc64le-*-ppc64le": 50,
|
||||
"fedora-Silverblue-dvd_ostree-iso-x86_64-*-64bit": 50,
|
||||
"fedora-Workstation-live-iso-ppc64le-*-ppc64le": 10,
|
||||
|
@ -2516,6 +2520,22 @@
|
|||
"USER_LOGIN": "false"
|
||||
}
|
||||
},
|
||||
"secure_boot_fallback": {
|
||||
"profiles": {
|
||||
"fedora-BaseOS-dvd-iso-x86_64-*-uefi": 50,
|
||||
"fedora-IoT-dvd_ostree-iso-x86_64-*-uefi": 30,
|
||||
"fedora-Server-dvd-iso-x86_64-*-uefi": 30,
|
||||
"fedora-Workstation-live_osbuild-iso-x86_64-*-uefi": 60
|
||||
},
|
||||
"settings": {
|
||||
"BOOTFROM": "c",
|
||||
"HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
|
||||
"POSTINSTALL": "_secure_boot_fallback",
|
||||
"ROOT_PASSWORD": "weakpassword",
|
||||
"+START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%",
|
||||
"USER_LOGIN": "false"
|
||||
}
|
||||
},
|
||||
"server_cockpit_basic": {
|
||||
"profiles": {
|
||||
"fedora-Server-dvd-iso-aarch64-*-aarch64": 30,
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
use base "installedtest";
|
||||
use strict;
|
||||
use testapi;
|
||||
use utils;
|
||||
|
||||
sub run {
|
||||
my $self = shift;
|
||||
# now try deleting the "Fedora" boot entry and rebooting, to check the fallback path
|
||||
assert_script_run('efibootmgr -b $(efibootmgr | grep Fedora | head -1 | cut -f1 | sed -e "s,[^0-9],,g") -B');
|
||||
# check that worked
|
||||
validate_script_output('efibootmgr', sub { $_ !~ m/.*Fedora.*/s });
|
||||
type_string("reboot\n");
|
||||
boot_to_login_screen;
|
||||
$self->root_console(tty => 3);
|
||||
# Fedora entry should have been recreated
|
||||
validate_script_output('efibootmgr', sub { m/Fedora/ });
|
||||
# SB should still be enabled
|
||||
validate_script_output('mokutil --sb-state', sub { m/SecureBoot enabled/ });
|
||||
}
|
||||
|
||||
sub test_flags {
|
||||
return {fatal => 1};
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
# vim: set sw=4 et:
|
|
@ -13,6 +13,10 @@ sub run {
|
|||
console_loadkeys_us;
|
||||
# this test shows if the system is booted with efi
|
||||
assert_script_run '[ -d /sys/firmware/efi/ ]';
|
||||
# if Secure Boot should be enabled, check it is; if it isn't,
|
||||
# that *probably* indicates a test system issue not a distro bug,
|
||||
# but we want to know either way
|
||||
validate_script_output('mokutil --sb-state', sub { m/SecureBoot enabled/ }) if (get_var("UEFI_SECURE"));
|
||||
}
|
||||
|
||||
sub test_flags {
|
||||
|
|
Loading…
Reference in New Issue