mirror of
				https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git
				synced 2025-10-22 11:18:50 +00:00 
			
		
		
		
	This adds a test that automates https://fedoraproject.org/wiki/QA:Testcase_Clevis. It requires os-autoinst-4.6-18.20200623git5038d8c or newer, and a worker host in the 'tpm' class which is set up to have an instance of swtpm running at /tmp/mytpmX , where X is the worker instance number, for each worker. The Fedora infrastructure ansible plays have been updated to handle this via an instantiated systemd service, which other instances can also adopt. Signed-off-by: Adam Williamson <awilliam@redhat.com>
		
			
				
	
	
		
			32 lines
		
	
	
		
			972 B
		
	
	
	
		
			Perl
		
	
	
	
	
	
			
		
		
	
	
			32 lines
		
	
	
		
			972 B
		
	
	
	
		
			Perl
		
	
	
	
	
	
| use base "installedtest";
 | |
| use strict;
 | |
| use testapi;
 | |
| use utils;
 | |
| 
 | |
| sub run {
 | |
|     my $self = shift;
 | |
|     # we can safely assume we're at a root console at this point
 | |
|     # Verify decryption is working via TPM2
 | |
|     assert_script_run "echo foo | clevis encrypt tpm2 '{}' | clevis decrypt";
 | |
|     # Get the UUID of the encrypted device
 | |
|     assert_script_run 'UUID=$(lsblk | grep luks | sed "s/^.*luks-//" | cut -d" " -f1)';
 | |
|     assert_script_run 'DEV=$(blkid --uuid $UUID)';
 | |
|     # Check encryption details of the device
 | |
|     assert_script_run 'cryptsetup luksDump $DEV > /tmp/cryptsetup.log';
 | |
|     upload_logs '/tmp/cryptsetup.log';
 | |
|     # Setup Clevis to decrypt via TPM2 on boot
 | |
|     assert_script_run 'clevis luks bind -f -k- -d $DEV tpm2 "{}" <<< ' . get_var("ENCRYPT_PASSWORD");
 | |
|     # Reboot the system and see if it is booted without user intervention
 | |
|     script_run "reboot", 0;
 | |
|     boot_to_login_screen;
 | |
| }
 | |
| 
 | |
| 
 | |
| sub test_flags {
 | |
|     return { fatal => 1 };
 | |
| }
 | |
| 
 | |
| 1;
 | |
| 
 | |
| # vim: set sw=4 et:
 |