mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-26 17:25:34 +03:00
ci: Test with secure boot enabled under mkosi
This gives us some nice test coverage for secure boot enrolling and the stub secure boot workound. The authenticated EFI variables are already created by mkosi, all we need to do is request secure boot to be used.
This commit is contained in:
parent
c2aed1d16c
commit
2de6cc18f9
5
.github/workflows/mkosi.yml
vendored
5
.github/workflows/mkosi.yml
vendored
@ -95,8 +95,11 @@ jobs:
|
||||
KernelCommandLine=${{ env.KERNEL_CMDLINE }}
|
||||
EOF
|
||||
|
||||
- name: Generate secure boot key
|
||||
run: sudo mkosi genkey
|
||||
|
||||
- name: Build ${{ matrix.distro }}
|
||||
run: sudo mkosi --idmap no
|
||||
run: sudo mkosi --idmap no --secure-boot
|
||||
|
||||
- name: Show ${{ matrix.distro }} image summary
|
||||
run: sudo mkosi summary
|
||||
|
@ -3,6 +3,12 @@
|
||||
|
||||
systemctl --failed --no-legend | tee /failed-services
|
||||
|
||||
# Check that secure boot keys were properly enrolled.
|
||||
if [[ -d /sys/firmware/efi/efivars/ ]]; then
|
||||
cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
|
||||
cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
|
||||
fi
|
||||
|
||||
# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
|
||||
[[ ! -s /failed-services ]]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user