nixos/amd.sev: add test · pyrox.dev/nixpkgs@f13bf0c

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/amd.sev: add test

Vincent Haupert 2 years ago f13bf0c0 e22dff17

+57

2 changed files

expand all

nixos

tests

all-tests.nix

amd-sev.nix

nixos/tests/all-tests.nix

··· 109 109 allTerminfo = handleTest ./all-terminfo.nix {}; 110 110 alps = handleTest ./alps.nix {}; 111 111 amazon-init-shell = handleTest ./amazon-init-shell.nix {}; 112 + amd-sev = runTest ./amd-sev.nix; 112 113 anbox = runTest ./anbox.nix; 113 114 anuko-time-tracker = handleTest ./anuko-time-tracker.nix {}; 114 115 apcupsd = handleTest ./apcupsd.nix {};

+56

nixos/tests/amd-sev.nix

··· 1 + { lib, ... }: { 2 + name = "amd-sev"; 3 + meta = { 4 + maintainers = with lib.maintainers; [ trundle veehaitch ]; 5 + }; 6 + 7 + nodes.machine = { lib, ... }: { 8 + hardware.cpu.amd.sev.enable = true; 9 + hardware.cpu.amd.sevGuest.enable = true; 10 + 11 + specialisation.sevCustomUserGroup.configuration = { 12 + users.groups.sevtest = { }; 13 + 14 + hardware.cpu.amd.sev = { 15 + enable = true; 16 + group = "root"; 17 + mode = "0600"; 18 + }; 19 + hardware.cpu.amd.sevGuest = { 20 + enable = true; 21 + group = "sevtest"; 22 + }; 23 + }; 24 + }; 25 + 26 + testScript = { nodes, ... }: 27 + let 28 + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 29 + in 30 + '' 31 + machine.wait_for_unit("multi-user.target") 32 + 33 + with subtest("Check default settings"): 34 + out = machine.succeed("cat /etc/udev/rules.d/99-local.rules") 35 + assert 'KERNEL=="sev", OWNER="root", GROUP="sev", MODE="0660"' in out 36 + assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sev-guest", MODE="0660"' in out 37 + 38 + out = machine.succeed("cat /etc/group") 39 + assert "sev:" in out 40 + assert "sev-guest:" in out 41 + assert "sevtest:" not in out 42 + 43 + with subtest("Activate configuration with custom user/group"): 44 + machine.succeed('${specialisations}/sevCustomUserGroup/bin/switch-to-configuration test') 45 + 46 + with subtest("Check custom user and group"): 47 + out = machine.succeed("cat /etc/udev/rules.d/99-local.rules") 48 + assert 'KERNEL=="sev", OWNER="root", GROUP="root", MODE="0600"' in out 49 + assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sevtest", MODE="0660"' in out 50 + 51 + out = machine.succeed("cat /etc/group") 52 + assert "sev:" not in out 53 + assert "sev-guest:" not in out 54 + assert "sevtest:" in out 55 + ''; 56 + }