Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVM: Add boot/reboot tests #3624

Merged
merged 4 commits into from
Feb 20, 2025
Merged

CVM: Add boot/reboot tests #3624

merged 4 commits into from
Feb 20, 2025
+351 −70

Conversation

trungams
Copy link
Member

@trungams trungams commented Feb 3, 2025
edited
Loading

  • Tools:
    • Add tpm2 tool to support reading PCR values from the TPM
    • Add bootctl tool
  • Tests: add boot tests for Azure Linux CVM:
    • verify_encrypted_root_partition: sanity check that the root partition on an Azure Linux CVM is encrypted when deployed with DiskWithVMGuestState encryption setting.
    • verify_boot_success_after_component_upgrade: check that a CVM can reboot after a boot component is upgraded.
  • Core: include raw version string in Posix.get_package_information return value in case the package does not follow semantic versioning (fixes Posix.get_package_information fails to parse package version if it does not follow semver #3625)

@trungams trungams marked this pull request as draft February 3, 2025 03:43
@trungams trungams force-pushed the tvuong/azl-cvm-boot-test branch from 39b6e6c to b900463 Compare February 4, 2025 07:46
@trungams trungams marked this pull request as ready for review February 4, 2025 07:58
@trungams
Copy link
Member Author

trungams commented Feb 4, 2025

@LiliDeng @squirrelsc - This PR is ready to review. Could you help me review it when you have time? Thank you.

The query_package addition - if you are not certain about it, I can split it into another PR.

@LiliDeng
Copy link
Collaborator

LiliDeng commented Feb 4, 2025

could you provide the full cvm mariner image name? like this format: microsoftcblmariner azure-linux-3 azure-linux-3-gen2 latest

squirrelsc
squirrelsc reviewed Feb 4, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 4, 2025
View reviewed changes
@trungams
Copy link
Member Author

trungams commented Feb 4, 2025

@LiliDeng The image I used to test this change is MicrosoftCBLMariner azure-linux-3 azure-linux-3-cvm latest

squirrelsc
squirrelsc reviewed Feb 6, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 6, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 6, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 6, 2025
View reviewed changes
@trungams trungams force-pushed the tvuong/azl-cvm-boot-test branch from 5a3678c to 83004c9 Compare February 7, 2025 02:12
squirrelsc
squirrelsc reviewed Feb 10, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 10, 2025
View reviewed changes
squirrelsc
squirrelsc reviewed Feb 10, 2025
View reviewed changes
@trungams trungams force-pushed the tvuong/azl-cvm-boot-test branch 3 times, most recently from e19f327 to 10f426e Compare February 19, 2025 01:59
@trungams
Add Tpm2 tool

Verified

This commit was signed with the committer’s verified signature.
trungams Thien Trung Vuong
GPG key ID: E1E184C3DF432532
Verified
Learn about vigilant mode
a2dca52 
tpm2-tools package provides the toolset to interact with TPM devices

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
@trungams
Add Bootctl tool

Verified

This commit was signed with the committer’s verified signature.
trungams Thien Trung Vuong
GPG key ID: E1E184C3DF432532
Verified
Learn about vigilant mode
fcd4f23 
bootctl controls EFI firmware boot settings and manage boot loader

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
@trungams
Include raw version string in Posix.get_package_information return value

Verified

This commit was signed with the committer’s verified signature.
trungams Thien Trung Vuong
GPG key ID: E1E184C3DF432532
Verified
Learn about vigilant mode
e6785f6 
- Introduce LisaVersionInfo to wrap semver.VersionInfo
- Update os._get_package_information to use distro's package manager to
query a package version string directly, rather than using regex to extract
version string from query output
- Include the raw version string by default when getting a package version,
resolves parsing error when the package does not follow semantic versioning,
e.g systemd, dracut

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
@trungams
Add CVM boot test suite for Azure Linux CVM

Verified

This commit was signed with the committer’s verified signature.
trungams Thien Trung Vuong
GPG key ID: E1E184C3DF432532
Verified
Learn about vigilant mode
Loading
Loading status checks…
8548163 
Implement 2 new test cases for Azure Linux CVM:
- verify_encrypted_root_partition: check that the root partition on an Azure Linux
CVM is encrypted when deployed with "DiskWithVMGuestState" encryption setting
- verify_boot_success_after_component_upgrade: check that a CVM can reboot after a
boot component is upgraded, and PCR values are updated correctly

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
@trungams trungams force-pushed the tvuong/azl-cvm-boot-test branch from 10f426e to 8548163 Compare February 19, 2025 08:21
@squirrelsc
Copy link
Member

@LiliDeng LGTM

@LiliDeng LiliDeng merged commit 294ddb4 into microsoft:main Feb 20, 2025
23 checks passed
@trungams trungams mentioned this pull request Feb 20, 2025
Closed
@trungams trungams deleted the tvuong/azl-cvm-boot-test branch February 20, 2025 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squirrelsc squirrelsc

@LiliDeng LiliDeng

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@trungams @LiliDeng @squirrelsc