New logic to type LUKS passphrase in grub phase

https://progress.opensuse.org/issues/151393
os-autoinst · Dec 8, 2023 · 4e1771e · 4e1771e
1 parent c13dde0
commit 4e1771e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/lib/opensusebasetest.pm b/lib/opensusebasetest.pm
@@ -906,7 +906,9 @@ sub wait_boot {
     reconnect_xen if check_var('VIRSH_VMM_FAMILY', 'xen');
 
     # on s390x svirt encryption is unlocked with workaround_type_encrypted_passphrase before here
-    unlock_if_encrypted unless get_var('S390_ZKVM');
+    if (!is_boot_encrypted && need_passphrase_in_grub) {
+        unlock_if_encrypted unless get_var('S390_ZKVM');
+    }
 
     $self->wait_boot_past_bootloader(%args);
     $self->{in_wait_boot} = 0;

diff --git a/lib/utils.pm b/lib/utils.pm
@@ -11,7 +11,7 @@ use warnings;
 use testapi qw(is_serial_terminal :DEFAULT);
 use lockapi 'mutex_wait';
 use mm_network;
-use version_utils qw(is_sle_micro is_microos is_leap is_public_cloud is_sle is_sle12_hdd_in_upgrade is_storage_ng is_jeos package_version_cmp is_transactional);
+use version_utils qw(is_alp is_sle_micro is_microos is_leap is_leap_micro is_public_cloud is_sle is_sle12_hdd_in_upgrade is_storage_ng is_jeos package_version_cmp is_transactional);
 use Utils::Architectures;
 use Utils::Systemd qw(systemctl disable_and_stop_service);
 use Utils::Backends;
@@ -52,6 +52,7 @@ our @EXPORT = qw(
   set_zypper_lock_timeout
   workaround_type_encrypted_passphrase
   is_boot_encrypted
+  need_passphrase_in_grub
   is_bridged_networking
   set_bridged_networking
   assert_screen_with_soft_timeout
@@ -1057,6 +1058,23 @@ sub is_boot_encrypted {
     return 1;
 }
 
+=head2 need_passphrase_in_grub
+
+ need_passphrase_in_grub();
+
+With newer grub2 (in TW and SLE15-SP6 currently), entering the passphrase in GRUB2
+is enough. The key is passed on during boot, so it's not asked for
+a second time.
+We need to enter the passphrase again if there are separate partitions encrypted
+without LVM configuration (cr_swap,cr_home etc).
+
+=cut
+
+sub need_passphrase_in_grub {
+    return 1 if (is_leap || is_sle('<15-sp6') || is_leap_micro || is_sle_micro || is_alp || !get_var('LVM', '0'));
+    return 0;
+}
+
 =head2 is_bridged_networking
 
  is_bridged_networking();

diff --git a/tests/installation/boot_encrypt.pm b/tests/installation/boot_encrypt.pm
@@ -12,14 +12,9 @@ use strict;
 use warnings;
 use base "installbasetest";
 use utils;
-use testapi qw(check_var get_var record_info);
-use version_utils qw(is_leap is_sle is_leap_micro is_sle_micro is_alp);
 
 sub run {
-    # With newer grub2 (in TW only currently), entering the passphrase in GRUB2
-    # is enough. The key is passed on during boot, so it's not asked for
-    # a second time.
-    return if is_boot_encrypted && !is_leap && !is_sle && !is_leap_micro && !is_sle_micro && !is_alp;
+    return if is_boot_encrypted && !need_passphrase_in_grub;
 
     unlock_if_encrypted(check_typed_password => 1);
 }