Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle secureboot on&off for ima_evm tests #13673

Merged
merged 1 commit into from Nov 16, 2021
Merged

Handle secureboot on&off for ima_evm tests #13673

merged 1 commit into from Nov 16, 2021

Conversation

rfan1
Copy link
Contributor

@rfan1 rfan1 commented Nov 12, 2021
edited

Based on bsc#1189988, we need disable secureboot
if we set kernel parameter "ima_appraise=fix", but
we should make sure other tests can still run in
enabled state, so enhance the test logic.

@rfan1 rfan1 changed the title WIP: Handle secureboot on&off for ima_evm tests Handle secureboot on&off for ima_evm tests Nov 15, 2021
Amrysliu
Amrysliu reviewed Nov 15, 2021
View reviewed changes
tests/security/ima/evm_protection_hmacs.pm Outdated Show resolved Hide resolved
tests/security/ima/evm_setup.pm Outdated Show resolved Hide resolved
tests/security/ima/ima_appraisal_digital_signatures.pm Outdated Show resolved Hide resolved
tests/security/ima/ima_appraisal_hashes.pm Outdated Show resolved Hide resolved
jouyingbin
jouyingbin reviewed Nov 15, 2021
View reviewed changes
tests/security/ima/evm_setup.pm Outdated Show resolved Hide resolved
tests/security/ima/ima_appraisal_hashes.pm Outdated Show resolved Hide resolved
@rfan1 rfan1 force-pushed the ima_evm_secureboot_enable branch 2 times, most recently from faa7096 to 8863259 Compare November 15, 2021 08:33
lilyeyes
lilyeyes approved these changes Nov 15, 2021
View reviewed changes
Copy link
Contributor

@lilyeyes lilyeyes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only minor coding style comments.
Others are LGTM.

tests/security/ima/evm_setup.pm Outdated Show resolved Hide resolved
tests/security/ima/ima_appraisal_hashes.pm Outdated Show resolved Hide resolved
@jouyingbin
Copy link
Contributor

Looks like there is CI check fail?

@rfan1
Copy link
Contributor Author

rfan1 commented Nov 15, 2021

Looks like there is CI check fail?

Fixed

Amrysliu
Amrysliu approved these changes Nov 16, 2021
View reviewed changes
Copy link
Contributor

@Amrysliu Amrysliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rfan1
Handle secureboot on&off for ima_evm tests
c3e0fc6 
Based on bsc#1189988, we need disable secureboot
if we set kernel parameter "ima_appraise=fix", but
we should make sure other tests can still run in
enabled state, so enhance the test logic.
jouyingbin
jouyingbin approved these changes Nov 16, 2021
View reviewed changes
Copy link
Contributor

@jouyingbin jouyingbin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the update.

@Amrysliu Amrysliu merged commit 8414db0 into os-autoinst:master Nov 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jouyingbin jouyingbin jouyingbin approved these changes

@Amrysliu Amrysliu Amrysliu approved these changes

@lilyeyes lilyeyes lilyeyes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@rfan1 @jouyingbin @Amrysliu @lilyeyes