Consider running spectre/meltdown tests in testinfra - Githubissues

freedomofpress / securedrop

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!

https://securedrop.org/

Other

3.62k stars 687 forks source link

Consider running spectre/meltdown tests in testinfra #5739

Open emkll opened 3 years ago

emkll commented 3 years ago

Description

In https://github.com/freedomofpress/securedrop/pull/5318 , we introduced the ability to run testinfra over tor on production-like setups. During release testing on hardware, we manually run the spectre/meltdown tests (https://github.com/speed47/spectre-meltdown-checker/) to ensure the running kernel contains mitigations against these vulnerabilities.

In order to reduce QA burden, we should automatically run these tests as part of the testinfra suite. Furthermore, it will allow us to code around false positives due to grsecurity hardening described in https://github.com/freedomofpress/securedrop/issues/5040#issuecomment-559597643 the

User Stories

As a QA / release engineer, I would like to minimize the time required to test, and automate as many testing steps as possible.

zenmonkeykstop commented 3 years ago

(Not a CI issue as these tests are hw-specific)