Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specialize secure boot tests for RPI #3436

Merged
merged 5 commits into from
Jul 13, 2024
Merged

Specialize secure boot tests for RPI #3436

merged 5 commits into from
Jul 13, 2024

Conversation

alexgg
Copy link
Contributor

@alexgg alexgg commented Jun 3, 2024
edited
Loading

USB programming flow.

@alexgg alexgg marked this pull request as draft June 3, 2024 07:57
@alexgg
Copy link
Contributor Author

alexgg commented Jun 3, 2024

The current master has a failing test that also fails in this branch:

jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:53.496Z][worker-os] GET https://worker/dut/serial
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]             not ok 8 - Bootloader will not load configuration that fails signature verification # TODO This needs reworked for GRUB 2.12
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]               ---
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]               at:
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]                 line: 107
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]                 column: 24
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.514Z][worker-os]                 file: /data/suite/tests/secureboot/index.js
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.515Z][worker-os]               found:
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.515Z][worker-os]                 !error
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.515Z][worker-os]                 name: Error
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.515Z][worker-os]                 message: |-
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.516Z][worker-os]                   Condition async () => this.worker.fetchSerial().then(
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.517Z][worker-os]                   						serialLogs => serialLogs.split('\n')
jenkins-leviathan-v2-template-51770-client-1  |                   																		.slice(slice)
jenkins-leviathan-v2-template-51770-client-1  |                   																		.join('\n')
jenkins-leviathan-v2-template-51770-client-1  |                   																		.match(pattern)
jenkins-leviathan-v2-template-51770-client-1  |                   					) timed out
jenkins-leviathan-v2-template-51770-client-1  |                 stack: |-
jenkins-leviathan-v2-template-51770-client-1  |                   Error: Condition async () => this.worker.fetchSerial().then(
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.517Z][worker-os]                   						serialLogs => serialLogs.split('\n')
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.517Z][worker-os]                   																		.slice(slice)
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.517Z][worker-os]                   																		.join('\n')
jenkins-leviathan-v2-template-51770-client-1  | [2024-06-02T18:31:54.521Z][worker-os]                   																		.match(pattern)
jenkins-leviathan-v2-template-51770-client-1  |                   					) timed out
jenkins-leviathan-v2-template-51770-client-1  |                       at _waitUntil (/usr/app/lib/common/utils.js:103:11)

@alexgg alexgg mentioned this pull request Jun 3, 2024
Merged
6 tasks
@alexgg alexgg force-pushed the alexgg/rpisb branch 3 times, most recently from 36367e2 to eac1232 Compare June 5, 2024 13:43
@alexgg alexgg force-pushed the alexgg/rpisb branch 2 times, most recently from de1ef54 to 9c46ef1 Compare June 13, 2024 12:18
@alexgg alexgg force-pushed the alexgg/rpisb branch 6 times, most recently from 9a20527 to 8ab8593 Compare June 20, 2024 13:38
@alexgg alexgg force-pushed the alexgg/rpisb branch 2 times, most recently from c4df1cf to 127974c Compare June 24, 2024 15:41
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 14:45 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 14:45 — with GitHub Actions Inactive
@alexgg
tests: secureboot: add RPI specialization
e645c19 
Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
@alexgg
resin-init-flasher: use configuration file to specify post-install ac…
9f9f552 
…tion

Traditionally after programming the flasher image would shutdown the
device to allow for the removal of the external device and booting from
the internal storage.

As more use case appeared, like programming from the initramfs when the
flasher image runs on the same target device it will program, the post
install action needs to support rebooting instead as physical access to
the device to power on cannot be expected. This is the case for remote
migration, AMI VM installs and also secure boot installs.

The current code just checks for the existence of the `shutdown` command
which is not present on the initramfs to decide whether to shutdown or
reboot.

This commit improves that logic by defaulting to shutdown but allowing the
configuration file to specify a reboot instead.

Also, it improves the robustness of the reboot/shutdown by falling down
to sys-rq, and provides a way to override the reboot/shutdown by device
layers that require it.

Change-type: minor
Signed-off-by: Alex Gonzalez <[email protected]>
@alexgg
initrscripts: migrate: use configuration file to specify post-install…
4efe68a 
… action

Use the flasher configuration file to specify the post-install action.

This is to shutdown (the default) when the flasher runs from an external
media, or to reboot when running from the same media as is the case for
the migrator tool.

Also, assert that a locked device can only install from memory.

Change-type: minor
Signed-off-by: Alex Gonzalez <[email protected]>
@alexgg
classes: balena-bootloader: add USB configuration dependencies
cdd3618 
The intention was to allow the balena bootloader to use USB disks but
the current configuration does not work as it misses needed dependencies.

Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
@alexgg
classes: kernel-balena: remove configuration warnings for 6.1
f5b822d 
* MEMCG_SWAP has been removed in v6.1 in 023223dfbfb34fcc
* NFSD_V3 is enabled by default since v5.18 in 5f9a62ff7d2808c
* 88EU_AP_MODE has been removed since v5.16 in 102243f893ecdef
* NFT_COUNTER has been removed since v5.17 in e6007b85dfa284c

Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
@alexgg alexgg temporarily deployed to balena-staging.com July 11, 2024 16:22 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com July 11, 2024 16:22 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com July 11, 2024 16:22 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com July 11, 2024 16:22 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:41 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:41 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:41 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:42 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:42 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:58 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 16:58 — with GitHub Actions Inactive
@alexgg
Copy link
Contributor Author

alexgg commented Jul 11, 2024

@resin-jenkins retest this please

@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 17:27 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 17:27 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to bm.balena-dev.com July 11, 2024 17:27 — with GitHub Actions Inactive
@alexgg
Copy link
Contributor Author

alexgg commented Jul 11, 2024

@resin-jenkins retest this please

@alexgg
Copy link
Contributor Author

alexgg commented Jul 12, 2024

lgtm

@alexgg
Copy link
Contributor Author

alexgg commented Jul 12, 2024

Now qemu-genericx86-64-ext passed, so it has seen all tests passed in different runs.

@flowzone-app flowzone-app bot merged commit b31f46e into master Jul 13, 2024
75 of 79 checks passed
@flowzone-app flowzone-app bot deleted the alexgg/rpisb branch July 13, 2024 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcooke-warwick rcooke-warwick rcooke-warwick left review comments

@vipulgupta2048 vipulgupta2048 Awaiting requested review from vipulgupta2048

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexgg @rcooke-warwick @vipulgupta2048