diff --git a/lib/microos.pm b/lib/microos.pm index 5a86632450a8..f69dfa8f8280 100644 --- a/lib/microos.pm +++ b/lib/microos.pm @@ -11,6 +11,7 @@ use Exporter; use strict; use warnings; use testapi; +use utils qw(need_unlock_after_bootloader unlock_if_encrypted); use version_utils qw(is_microos is_selfinstall is_bootloader_grub2 is_bootloader_sdboot); use power_action_utils 'power_action'; use Utils::Architectures qw(is_aarch64); @@ -48,6 +49,7 @@ sub microos_reboot { assert_screen 'grub2', 300 if is_bootloader_grub2; assert_screen 'systemd-boot', 300 if is_bootloader_sdboot; send_key('ret') unless get_var('KEEP_GRUB_TIMEOUT'); + unlock_if_encrypted if need_unlock_after_bootloader; microos_login; } diff --git a/lib/opensusebasetest.pm b/lib/opensusebasetest.pm index a32ca84b14bd..3e64ce884605 100644 --- a/lib/opensusebasetest.pm +++ b/lib/opensusebasetest.pm @@ -906,7 +906,7 @@ sub wait_boot { reconnect_xen if check_var('VIRSH_VMM_FAMILY', 'xen'); # on s390x svirt encryption is unlocked with unlock_bootloader before here - if (need_passphrase_again) { + if (need_unlock_after_bootloader) { unlock_if_encrypted unless get_var('S390_ZKVM'); } diff --git a/lib/utils.pm b/lib/utils.pm index 4bb998c1abad..bd8f4ec71cc7 100644 --- a/lib/utils.pm +++ b/lib/utils.pm @@ -11,7 +11,7 @@ use warnings; use testapi qw(is_serial_terminal :DEFAULT); use lockapi 'mutex_wait'; use mm_network; -use version_utils qw(is_alp is_sle_micro is_microos is_leap is_leap_micro is_public_cloud is_sle is_sle12_hdd_in_upgrade is_storage_ng is_jeos package_version_cmp is_transactional); +use version_utils qw(is_alp is_sle_micro is_microos is_leap is_leap_micro is_public_cloud is_sle is_sle12_hdd_in_upgrade is_storage_ng is_jeos package_version_cmp is_transactional is_bootloader_sdboot); use Utils::Architectures; use Utils::Systemd qw(systemctl disable_and_stop_service); use Utils::Backends; @@ -52,7 +52,7 @@ our @EXPORT = qw( set_zypper_lock_timeout unlock_bootloader is_boot_encrypted - need_passphrase_again + need_unlock_after_bootloader is_bridged_networking set_bridged_networking assert_screen_with_soft_timeout @@ -1047,9 +1047,12 @@ sub is_boot_encrypted { return 1; } -=head2 need_passphrase_again +=head2 need_unlock_after_bootloader - need_passphrase_again(); + need_unlock_after_bootloader(); + +Whether the disk encryption password(s) need to be entered during system boot +(e.g. plymouth or systemd-cryptsetup text prompt). With newer grub2 (in TW and SLE15-SP6 currently), if root disk is encrypted and contains `/boot`, entering the passphrase in GRUB2 is enough. The key is passed @@ -1059,9 +1062,11 @@ without LVM configuration (cr_swap,cr_home etc). =cut -sub need_passphrase_again { - my $need_passphrase_again = is_leap('<15.6') || is_sle('<15-sp6') || is_leap_micro || is_sle_micro || is_alp || (!get_var('LVM', '0') && !get_var('FULL_LVM_ENCRYPT', '0')); - return 0 if is_boot_encrypted && !$need_passphrase_again; +sub need_unlock_after_bootloader { + my $need_unlock_after_bootloader = is_leap('<15.6') || is_sle('<15-sp6') || is_leap_micro || is_sle_micro || is_alp || (!get_var('LVM', '0') && !get_var('FULL_LVM_ENCRYPT', '0')); + return 0 if is_boot_encrypted && !$need_unlock_after_bootloader; + # MicroOS with sdboot supports automatic TPM based unlocking. + return 0 if is_microos && is_bootloader_sdboot && get_var('QEMUTPM'); return 1; } diff --git a/tests/installation/boot_encrypt.pm b/tests/installation/boot_encrypt.pm index ff8e11b54231..b3635cfa4a2a 100644 --- a/tests/installation/boot_encrypt.pm +++ b/tests/installation/boot_encrypt.pm @@ -14,7 +14,7 @@ use base "installbasetest"; use utils; sub run { - unlock_if_encrypted(check_typed_password => 1) if need_passphrase_again; + unlock_if_encrypted(check_typed_password => 1) if need_unlock_after_bootloader; } 1;