Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support testing secureboot in Qemu #556

Merged
merged 7 commits into from
Sep 11, 2024
Merged

support testing secureboot in Qemu #556

merged 7 commits into from
Sep 11, 2024

Commits on Sep 10, 2024

  1. kola: Add secureboot CI test 

    Signed-off-by: Sayan Chowdhury <[email protected]>
    @sayanchowdhury @jepio
    sayanchowdhury authored and jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    6b5de9a View commit details
    Browse the repository at this point in the history

  2. kola: Tweak ovmfvar/sboot handling 

    Continue supporting BIOS by passing `-bios` and only enable `smm=on` when
secure boot is requested, as it requires build of OVMF code. This special build
is required for secure boot support, but non-sboot OVMFs won't support it.
    @jepio
    jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    606b63a View commit details
    Browse the repository at this point in the history

  3. qemu: Create OVMF vars copy in instance dir 

    and cleanup on shutdown.

Signed-off-by: Jeremi Piotrowski <[email protected]>
    @jepio
    jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    0a723ec View commit details
    Browse the repository at this point in the history

  4. kola: Add qemu-bios fallback 

    To make this change easier to apply to all channels.

Signed-off-by: Jeremi Piotrowski <[email protected]>
    @jepio
    jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    101bc3a View commit details
    Browse the repository at this point in the history

  5. tests: Skip kmod tests when secure boot is enabled 

    Kernel lockdown blocks loading unsigned kernel modules, so these tests need to
be disabled. Eventually the zfs sysext should ship a signed kernel modules, but
falco is built on the running system and won't work the same way. Falco
suggests running in eBPF mode instead.
    @jepio
    jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    408e861 View commit details
    Browse the repository at this point in the history

  6. platform/qemu: Add comment about s3 disabling 

    Signed-off-by: Jeremi Piotrowski <[email protected]>
    @jepio
    jepio committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    6dc4d85 View commit details
    Browse the repository at this point in the history

Commits on Sep 11, 2024

  1. README: Update example of running kola 

    The previous instructions still work, but update to show the newly added cli
options.

Signed-off-by: Jeremi Piotrowski <[email protected]>
    @jepio
    jepio committed Sep 11, 2024
    Configuration menu
    Copy the full SHA
    b496a0b View commit details
    Browse the repository at this point in the history