diff --git a/.github/workflows/build_and_test_x86.yaml b/.github/workflows/build_and_test_x86.yaml index 48c22b81acd..2d1fac57b39 100644 --- a/.github/workflows/build_and_test_x86.yaml +++ b/.github/workflows/build_and_test_x86.yaml @@ -213,7 +213,7 @@ jobs: sudo udevadm trigger --name-match=kvm - name: Run ${{ matrix.test }} run: | - make DISK=/tmp/elemental-${{ env.FLAVOR }}.${{ env.ARCH}}.qcow2 ELMNTL_TARGETARCH=${{ env.ARCH }} ELMNTL_FIRMWARE=/usr/share/OVMF/OVMF_CODE.fd ${{ matrix.test }} + make DISK=/tmp/elemental-${{ env.FLAVOR }}.${{ env.ARCH}}.qcow2 ELMNTL_TARGETARCH=${{ env.ARCH }} ELMNTL_FIRMWARE=/usr/share/OVMF/OVMF_CODE.fd ELMNTL_FIRMWARE_ORIG_VARS=/usr/share/OVMF/OVMF_VARS_4M.ms.fd ${{ matrix.test }} - name: Upload serial console for ${{ matrix.test }} uses: actions/upload-artifact@v4 if: always() @@ -276,7 +276,7 @@ jobs: sudo udevadm trigger --name-match=kvm - name: Run installer test run: | - make ISO=/tmp/elemental-${{ env.FLAVOR }}.${{ env.ARCH}}.iso ELMNTL_TARGETARCH=${{ env.ARCH }} ELMNTL_FIRMWARE=/usr/share/OVMF/OVMF_CODE.fd test-installer + make ISO=/tmp/elemental-${{ env.FLAVOR }}.${{ env.ARCH}}.iso ELMNTL_TARGETARCH=${{ env.ARCH }} ELMNTL_FIRMWARE=/usr/share/OVMF/OVMF_CODE_4M.ms.fd ELMNTL_FIRMWARE_ORIG_VARS=/usr/share/OVMF/OVMF_VARS_4M.ms.fd test-installer - name: Upload serial console for installer tests uses: actions/upload-artifact@v4 if: always() diff --git a/.gitignore b/.gitignore index 22f4772d4fe..17cb889ea36 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ isowork/ *.img *.log *.pid +*.bin iso-meta.json iso-meta.yaml .idea/ diff --git a/scripts/run_vm.sh b/scripts/run_vm.sh index 8ee4077a414..5e9fc61af5b 100755 --- a/scripts/run_vm.sh +++ b/scripts/run_vm.sh @@ -7,7 +7,9 @@ SCRIPTS_PATH=$(dirname "${SCRIPT}") TESTS_PATH=$(realpath -s "${SCRIPTS_PATH}/../tests") : "${ELMNTL_PREFIX:=}" -: "${ELMNTL_FIRMWARE:=/usr/share/qemu/ovmf-x86_64.bin}" +: "${ELMNTL_FIRMWARE:=/usr/share/qemu/ovmf-x86_64-smm-ms-code.bin}" +: "${ELMNTL_FIRMWARE_ORIG_VARS:=/usr/share/qemu/ovmf-x86_64-smm-ms-vars.bin}" +: "${ELMNTL_FIRMWARE_VARS:=${TESTS_PATH}/${ELMNTL_PREFIX}/ovmf-x86_64-vars.bin}" : "${ELMNTL_FWDIP:=127.0.0.1}" : "${ELMNTL_FWDPORT:=2222}" : "${ELMNTL_MEMORY:=4096}" @@ -32,12 +34,14 @@ function start { local usrnet_arg="-netdev user,id=user0,hostfwd=tcp:${ELMNTL_FWDIP}:${ELMNTL_FWDPORT}-:22 -device virtio-net-pci,romfile=,netdev=user0" local accel_arg local memory_arg="-m ${ELMNTL_MEMORY}" - local firmware_arg="-drive if=pflash,format=raw,readonly=on,file=${ELMNTL_FIRMWARE}" + local global_arg="-global driver=cfi.pflash01,property=secure,value=on" + local firmware_arg="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ELMNTL_FIRMWARE}" + local firwmare_vars_arg="-drive if=pflash,format=raw,unit=1,file="${ELMNTL_FIRMWARE_VARS}"" local disk_arg="-drive file=${ELMNTL_TESTDISK},if=none,id=disk,format=qcow2,media=disk -device virtio-blk-pci,drive=disk,bootindex=1" local serial_arg="-serial file:${ELMNTL_LOGFILE}" local pidfile_arg="-pidfile ${ELMNTL_PIDFILE}" local display_arg="-display ${ELMNTL_DISPLAY}" - local machine_arg="-machine type=${ELMNTL_MACHINETYPE}" + local machine_arg="-machine type=${ELMNTL_MACHINETYPE},smm=on" local cdrom_arg local cpu_arg local vmpid @@ -54,6 +58,11 @@ function start { fi fi + if [ ! -e "${ELMNTL_FIRMWARE_ARGS}" ]; then + echo Copy "${ELMNTL_FIRMWARE_ORIG_VARS}" to "${ELMNTL_FIRMWARE_VARS}" + cp "${ELMNTL_FIRMWARE_ORIG_VARS}" "${ELMNTL_FIRMWARE_VARS}" + fi + [ -f "${base_disk}" ] || _abort "Disk not found: ${base_disk}" case "${base_disk}" in @@ -73,12 +82,12 @@ function start { [ "kvm" == "${ELMNTL_ACCEL}" ] && cpu_arg="-cpu host" && kvm_arg="-enable-kvm" if [ "${ELMNTL_DEBUG}" == "yes" ]; then - qemu-system-${ELMNTL_TARGETARCH} ${kvm_arg} ${disk_arg} ${cdrom_arg} ${firmware_arg} ${usrnet_arg} \ - ${kvm_arg} ${memory_arg} ${graphics_arg} -serial stdio ${pidfile_arg} \ + qemu-system-${ELMNTL_TARGETARCH} ${kvm_arg} ${disk_arg} ${cdrom_arg} ${global_arg} ${firmware_arg} ${firwmare_vars_arg} \ + ${usrnet_arg} ${kvm_arg} ${memory_arg} ${graphics_arg} -serial stdio ${pidfile_arg} \ ${display_arg} ${machine_arg} ${accel_arg} ${cpu_arg} else - qemu-system-${ELMNTL_TARGETARCH} ${kvm_arg} ${disk_arg} ${cdrom_arg} ${firmware_arg} ${usrnet_arg} \ - ${kvm_arg} ${memory_arg} ${graphics_arg} ${serial_arg} ${pidfile_arg} \ + qemu-system-${ELMNTL_TARGETARCH} ${kvm_arg} ${disk_arg} ${cdrom_arg} ${global_arg} ${firmware_arg} ${firwmare_vars_arg} \ + ${usrnet_arg} ${kvm_arg} ${memory_arg} ${graphics_arg} ${serial_arg} ${pidfile_arg} \ ${display_arg} ${machine_arg} ${accel_arg} ${cpu_arg} > ${ELMNTL_VMSTDOUT} 2>&1 & fi } diff --git a/tests/smoke/smoke_test.go b/tests/smoke/smoke_test.go index 0018e273675..708b1c36cda 100644 --- a/tests/smoke/smoke_test.go +++ b/tests/smoke/smoke_test.go @@ -41,13 +41,19 @@ var _ = Describe("Elemental Smoke tests", func() { }) Context("After install", func() { + It("has booted with secure boot enabled", func() { + out, err := s.Command("mokutil --sb-state") + Expect(err).ToNot(HaveOccurred()) + Expect(out).To(Equal("SecureBoot enabled")) + }) + It("has default services on", func() { for _, svc := range []string{"systemd-timesyncd"} { sut.SystemdUnitIsActive(svc, s) } }) - It("it can reboot into recovery and back to active having active persistent data still available", func() { + It("can reboot into recovery and back to active having active persistent data still available", func() { By("Adding some persistent data in root folder") persistentFileName := fmt.Sprintf("file-%v.txt", rand.Int()) persistentData := rand.Uint32()