leviathan update to expose the FLASHER_SECUREBOOT env var for non-qemu test runs: https://github.com/balena-os/leviathan/pull/1183 (merged, can use latest leviathan with make test FLASHER_SECUREBOOT=1 to use this workflow)
It also requires copying the secure-boot-msd folder into the suites directory before running the tests - either in the jenkins config scripts or manually if running locally
Also required, as shown in the changes to the leviathan config.js in this PR , you must add artifacts: <name of the artifact folder in your config.js. So for example, if you have copied secure-boot-msd into your suites folder, then you must add artifacts: 'secure-boot-msd' . This will send the entire contents of that folder to the worker, placing them in the worker /data volume for use by the autokit (or whatever else is desired)
notes on flashing:
currently un-tested with locking the CM
don't be alarmed if the suite gets stuck either trying to find the worker or trying to execute a command over SSH after flashing is "done" - after flashing and powering on the cm4 runs the flasher image first to flash itself, then reboots into the normal image and then operates normally.
'Approve' if this change would be acceptable in the codebase (even if there are minor or cosmetic tweaks that could be improved).
'Request Changes' if this change would not be acceptable in our codebase (e.g. bugs, changes that will make development harder in future, security/performance issues, etc).
'Comment' if you don't feel you have enough information to decide either way (e.g. if you have major questions, or you don't understand the context of the change sufficiently to fully review yourself, but want to make a comment)
Enables the secure boot provisioning of cm4
It was difficult to come up with something more generalised due to not having many examples to work with. Requires the following PRs to work:
FLASHER_SECUREBOOT
env var for non-qemu test runs: https://github.com/balena-os/leviathan/pull/1183 (merged, can use latest leviathan withmake test FLASHER_SECUREBOOT=1
to use this workflow)It also requires copying the
secure-boot-msd
folder into the suites directory before running the tests - either in the jenkins config scripts or manually if running locallyAlso required, as shown in the changes to the leviathan
config.js
in this PR , you must addartifacts: <name of the artifact folder
in yourconfig.js
. So for example, if you have copiedsecure-boot-msd
into yoursuites
folder, then you must addartifacts: 'secure-boot-msd'
. This will send the entire contents of that folder to the worker, placing them in the worker/data
volume for use by the autokit (or whatever else is desired)notes on flashing:
don't be alarmed if the suite gets stuck either trying to find the worker or trying to execute a command over SSH after flashing is "done" - after flashing and powering on the cm4 runs the flasher image first to flash itself, then reboots into the normal image and then operates normally.
Contributor checklist
Change-type
present on at least one commitSigned-off-by
is presentReviewer Guidelines