From 883159a7cceab1168641475c4e37271cfbe1e379 Mon Sep 17 00:00:00 2001 From: AlanMarshall Date: Fri, 5 Jul 2024 16:23:51 +0100 Subject: [PATCH] Add secure_boot_fallback test --- templates.fif.json | 14 ++++++++++++++ tests/_secure_boot_fallback.pm | 29 +++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 tests/_secure_boot_fallback.pm diff --git a/templates.fif.json b/templates.fif.json index 14199717..3a99d177 100644 --- a/templates.fif.json +++ b/templates.fif.json @@ -842,6 +842,7 @@ "rocky-dvd-iso-s390x-*-s390x": 10, "rocky-dvd-iso-ppc64le-*-ppc64le": 10, "rocky-dvd-iso-aarch64-*-aarch64": 10, + "rocky-dvd-iso-x86_64-*-uefi": 10, "rocky-dvd-iso-x86_64-*-bios": 10 }, "settings": { @@ -1474,6 +1475,19 @@ "USER_LOGIN": "false" } }, + "secure_boot_fallback": { + "profiles": { + "rocky-dvd-iso-x86_64-*-uefi": 11 + }, + "settings": { + "BOOTFROM": "c", + "HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2", + "POSTINSTALL": "_secure_boot_fallback", + "ROOT_PASSWORD": "weakpassword", + "+START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%", + "USER_LOGIN": "false" + } + }, "server_cockpit_basic": { "profiles": { "rocky-dvd-iso-aarch64-*-aarch64": 30, diff --git a/tests/_secure_boot_fallback.pm b/tests/_secure_boot_fallback.pm new file mode 100644 index 00000000..cd42189f --- /dev/null +++ b/tests/_secure_boot_fallback.pm @@ -0,0 +1,29 @@ +use base "installedtest"; +use strict; +use testapi; +use utils; + +sub run { + my $self = shift; + if (not(check_screen "root_console", 0)) { + $self->root_console(tty => 4); + } + script_run 'efibootmgr'; + # now try deleting the "rocky" boot entry and rebooting, to check the fallback path + assert_script_run('efibootmgr -b $(efibootmgr | grep rocky | cut -f1 | sed -e "s,[^0-9],,g") -B'); + # check that worked + validate_script_output('efibootmgr', sub { $_ !~ m/.*rocky.*/s }); + type_string("reboot\n"); + boot_to_login_screen; + $self->root_console(tty => 3); + # rocky entry should have been recreated + validate_script_output('efibootmgr', sub { m/rocky/ }); + # SB should still be enabled + validate_script_output('mokutil --sb-state', sub { m/SecureBoot enabled/ }); +} + +sub test_flags { + return {fatal => 1}; +} + +1;