-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/tests/systemd-credentials-tpm2: Add tests for systemd credentials #217254
nixos/tests/systemd-credentials-tpm2: Add tests for systemd credentials #217254
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! That's what I had in mind :-)
Can you undraft this, so it can be merged?
@flokli Sure, just let me remove some debugging leftovers and add a |
2c23772
to
f6bede1
Compare
@flokli Should be good to go now. I've cleaned the commit up and also added an additional check whether the software TPM process started up correctly, making the test more robust. |
Just to make sure, let's see if it works for ofborg as well: |
It fails on aarch64 because the TPM device is called |
Add a test that checks whether systemd can access the TPM in order access credentials requested via Load/SetCredentialEncrypted.
f6bede1
to
e83babd
Compare
@ofborg test systemd-credentials-tpm2 |
The test now also runs on aarch64-linux. A similar fix should apply to |
Thanks! |
|
||
let | ||
tpmSocketPath = "/tmp/swtpm-sock"; | ||
tpmDeviceModels = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JJJollyjim would you be interested in backporting the aarch64 fixes into the other tpm-related tests? Maybe we can also move the Tpm class to a more central place, so less needs to be copypasted.
…tials-master nixos/tests/systemd-credentials-tpm2: Add tests for systemd credentials
Description of changes
Add a test that checks whether systemd can access the TPM in order access credentials requested via Load/SetCredentialEncrypted.
See discussion in #214383 (comment)
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)