vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #999 from sarthurdev/T7628

Browse Source 
tpm: T7628: Extend test for non-TPM backed encryption
This commit is contained in:
Daniil Baturin 2025-07-29 15:54:15 +01:00 committed by GitHub
commit 3e02e42e76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 82 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
scripts/check-qemu-install
View File

@ -754,6 +754,88 @@ try:
verify_config() verify_config()
# Shutdown VM
shutdownVM(c, log, 'Shutdown VM for non-TPM backed test')
# Clear swtpm
from glob import glob
for f in glob(f'{tpm_folder}/*'):
os.remove(f)
# Shutdown kills swtpm
tpm_process.join()
tpm_process.close()
tpm_process = None
# Booting back into VM
log.info('Booting system without TPM')
cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=False, vnc_enabled=args.vnc)
log.debug(f'Executing command: {cmd}')
c = pexpect.spawn(cmd, logfile=stl)
try:
c.expect('The highlighted entry will be executed automatically in', timeout=10)
c.sendline('')
except pexpect.TIMEOUT:
log.warning('Did not find GRUB countdown window, ignoring')
loginVM(c, log)
# New recovery key
test_recovery_key = ''.join(choices(string.ascii_uppercase + string.digits, k=32))
log.info('Encrypting config')
c.sendline('encryption enable')
c.expect('Are you sure you want to proceed\?.*')
c.sendline('y')
c.expect('Enter key: ')
c.sendline(test_recovery_key)
c.expect('Enter size of encrypted config partition.*', timeout=30)
c.sendline('32')
c.expect('Encrypted config volume has been enabled', timeout=tpm_timeout)
c.expect('Backup the key in a safe place!')
c.expect(f'Key: {test_recovery_key}')
c.expect(op_mode_prompt)
verify_mount()
shutdownVM(c, log, 'Shutdown VM for non-TPM config load')
# Booting back into VM
log.info('Booting system without TPM')
cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=False, vnc_enabled=args.vnc)
log.debug(f'Executing command: {cmd}')
c = pexpect.spawn(cmd, logfile=stl)
try:
c.expect('The highlighted entry will be executed automatically in', timeout=10)
c.sendline('')
except pexpect.TIMEOUT:
log.warning('Did not find GRUB countdown window, ignoring')
c.expect('.*Encrypted config volume has not been mounted', timeout=120)
loginVM(c, log)
# Test loading config with recovery key
c.sendline('encryption load')
c.expect('Enter key: ')
c.sendline(test_recovery_key)
c.expect('Encrypted config volume has been mounted', timeout=120)
c.expect(op_mode_prompt)
verify_mount()
log.info('Loading encrypted config.boot')
c.sendline('configure')
c.expect(cfg_mode_prompt)
c.sendline('load /config/config.boot')
c.expect(cfg_mode_prompt)
c.sendline('commit')
c.expect(cfg_mode_prompt)
c.sendline('exit')
c.expect(op_mode_prompt)
elif args.raid: elif args.raid:
# Verify RAID subsystem - by deleting a disk and re-create the array # Verify RAID subsystem - by deleting a disk and re-create the array
# from scratch # from scratch