tests/nested/core/core-fde-state: check for initial FDE state

ZeyadYasser · Oct 22, 2024 · b94aea3 · b94aea3
1 parent 931c40c
commit b94aea3
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/tests/nested/core/core-fde-state/task.yaml b/tests/nested/core/core-fde-state/task.yaml
@@ -0,0 +1,31 @@
+summary: Check the FDE state is correctly initialized on first boot
+
+details: |
+    This test checks checks that the FDE state is correctly
+    initialized on first boot.
+
+systems: [ubuntu-20.04-64, ubuntu-22.04-64, ubuntu-24.04-64]
+
+execute: |
+    echo "Wait for the system to be seeded first"
+    remote.exec "sudo snap wait system seed.loaded"
+
+    remote.exec "sudo cat /var/lib/snapd/state.json" >state.json
+
+    # We should probably check the digest matches the primary key, but
+    # for now we just make sure it is there.
+    primary_alg="$(jq '.data.fde."primary-keys"."0".digest.alg' state.json)"
+    primary_digest="$(jq '.data.fde."primary-keys"."0".digest.digest' state.json)"
+    primary_salt="$(jq '.data.fde."primary-keys"."0".digest.salt' state.json)"
+    test "${primary_alg}" = '"sha256"'
+    test -n "${primary_digest}"
+    test -n "${primary_salt}"
+
+    # There should be 3 keyslot roles
+    recover_pkey="$(jq '.data.fde."keyslot-roles".recover."primary-key-id"' state.json)"
+    run_pkey="$(jq '.data.fde."keyslot-roles".run."primary-key-id"' state.json)"
+    runrecover_pkey="$(jq '.data.fde."keyslot-roles"."run+recover"."primary-key-id"' state.json)"
+
+    test "${recover_pkey}" = "0"
+    test "${run_pkey}" = "0"
+    test "${runrecover_pkey}" = "0"