Open haraldh opened 6 months ago
There is no trick as of today. Those VMs also run in a nix-build, which would require adding secrets. Maybe there could be a way to allow stub secrets for testing.
Thanks for the quick answer! Yeah, stub secrets would be great!
@Lassulus could we recursively override all existing cryptsetup keys with fake keys? Same for zfs.
Not sure how could provide these keys at boot time...
maybe https://systemd.io/CREDENTIALS/
VMs can be passed credentials via SMBIOS OEM strings (example qemu command line switch
-smbios type=11,value=io.systemd.credential:foo=bar
Is there any trick how I can test a luks setup with
--vm-test
. Doing so always fails to unlock the luks device in thebooted_machine
stage of course, because the key files are missing.