Added secure boot compatibility

Signed-off-by: Vitalii Chulak <[email protected]>

lib/engines/hcktest/hcktest.json

@@ -1,4 +1,18 @@
 {
     "playlists_path": "./playlists",
-    "filters_path": "./filters/UpdateFilters.sql"
+    "filters_path": "./filters/UpdateFilters.sql",
+    "tests_config": [
+      {
+        "tests": [
+          "Secure Boot Test - Customized Deployment Basic Test",
+          "Secure Boot Manual Logo Test",
+          "Secure Boot Logo Test"
+        ],
+        "secure":true
+      },
+      {
+        "tests": ["none", "none", "none"],  
+        "s3_state": true
+      }
+    ]
 }

lib/engines/hcktest/hcktest.jtd.json

@@ -1,6 +1,11 @@
 {
   "properties": {
     "playlists_path": { "type": "string" },
-    "filters_path": { "type": "string" }
+    "filters_path": { "type": "string" },
+    "tests_config": {
+      "properties": {
+        "requires_enabled_secure_boot": { "elements": { "type": "string" } }
+      }
+    }
   }
 }

lib/engines/hcktest/hcktest.rb

@@ -231,7 +231,7 @@ def auto_run
       ResourceScope.open do |scope|
         run_and_configure_setup scope
         client = @client1
-        client.run_tests
+        client.run_tests(@config['tests_config'])
         client.create_package
       end
     end

lib/engines/hcktest/tests.rb

@@ -24,6 +24,11 @@ class Tests
     RESULTS_FILE = 'results.html'
     RESULTS_YAML = 'results.yaml'
     RESULTS_REPORT_SECTIONS = %w[chart guest_info rejected_test url].freeze
+    CONFIG_KEY_TO_MAP = {
+      'secure' => :requires_secure_boot,
+      's3_state' => :requires_s3_state,
+      'uefi' => :requires_uefi_state
+    }.freeze
 
     def initialize(client, support, project, target, tools)
       @client = client
@@ -37,6 +42,7 @@ def initialize(client, support, project, target, tools)
       @tests_extra = {}
 
       @results_template = ERB.new(File.read('lib/templates/report.html.erb'))
+      @default_run_opts = client.run_opts
     end
 
     def list_tests(log: false)
@@ -416,17 +422,86 @@ def load_clients_system_info
       build_system_info(support_sysinfo)
     end
 
-    def run
+    def add_normal_class_tests(test_list, classified_tests)
+      test_list.each do |test|
+        classified_tests[:normal] << test['name'] unless classified_tests.values.flatten.include?(test['name'])
+      end
+      classified_tests
+    end
+
+    def classified_tests(all_tests)
+      classified_tests = {
+        requires_secure_boot: [],
+        requires_s3_state: [],
+        normal: []
+      }
+
+      @tests_config.each do |config|
+        config.each do |key, value|
+          if key == 'tests'
+            selected_tests = all_tests.select { |test| value.include?(test['name']) }
+            classified_tests[CONFIG_KEY_TO_MAP[config.keys.last]].concat(selected_tests.map { |test| test['name'] })
+          end
+        end
+      end
+
+      add_normal_class_tests(all_tests, classified_tests)
+    end
+
+    def test_class(test_name)
+      @classified_tests.each do |type, tests|
+        return type if tests&.include?(test_name)
+      end
+    end
+
+    def secure_boot_handler
+      return if @client.run_opts[:secure]
+
+      @logger.info('Test environment reboot required for secure state. Rebooting...')
+      @client.setup_manager.stop_client(@client.name)
+      new_run_opts = @client.run_opts.merge!(secure: true)
+      @client.setup_manager.run_client(@client.global_scope, @client.name, new_run_opts)
+    end
+
+    def normal_state
+      true if @client.run_opts == @default_run_opts
+      true if @client.run_opts == @default_run_opts.merge(secure: false)
+    end
+
+    def normal_state_handler
+      return if normal_state
+
+      @logger.info('Test environment reboot required for normal state. Rebooting...')
+      @client.setup_manager.stop_client(@client.name)
+      new_run_opts = @client.run_opts.merge!(secure: false)
+      @client.setup_manager.run_client(@client.global_scope, @client.name, new_run_opts)
+    end
+
+    def prepare_test_environment(test_name)
+      @logger.info("Test environment preparing for #{test_name}, state: #{test_class(test_name)}")
+      secure_boot_handler if test_class(test_name) == :requires_secure_boot
+      # check_and_handle_s3_state
+      normal_state if test_class(test_name) == :normal
+    end
+
+    def sort_by_class(tests)
+      @classified_tests = classified_tests(tests)
+      tests.sort_by { |test| test_class(test['name']) }
+    end
+
+    def run(config = nil)
+      @tests_config = config
       @total = @tests.count
 
       load_clients_system_info
       update_summary_results_log
 
       @last_done = []
 
-      tests = @tests
+      tests = sort_by_class(@tests)
       tests.each do |test|
         @logger.info("Adding to queue: #{test['name']} (#{test['id']}) [#{test['estimatedruntime']}]")
+        prepare_test_environment(test['name'])
         queue_test(test, wait: true)
         list_tests
         handle_test_running

lib/setupmanagers/hckclient.rb

@@ -14,10 +14,11 @@ class HCKClient
     # Client cooldown sleep after thread is joined in seconds
     CLIENT_COOLDOWN_SLEEP = 60
 
-    attr_reader :name, :kit
+    attr_reader :name, :kit, :global_scope, :setup_manager, :run_opts
     attr_writer :support
 
     def initialize(setup_manager, scope, studio, name, run_opts)
+      @setup_manager = setup_manager
       @project = setup_manager.project
       @logger = @project.logger
       @studio = studio
@@ -27,6 +28,8 @@ def initialize(setup_manager, scope, studio, name, run_opts)
       @logger.info("Starting client #{name}")
       @runner = setup_manager.run_client(scope, @name, run_opts)
       scope << self
+      @global_scope = scope
+      @run_opts = run_opts
     end
 
     def keep_snapshot
@@ -37,10 +40,10 @@ def add_target_to_project
       @target = Targets.new(self, @project, @tools, @pool).add_target_to_project
     end
 
-    def run_tests
+    def run_tests(config)
       @tests = Tests.new(self, @support, @project, @target, @tools)
       @tests.list_tests(log: true)
-      @tests.run
+      @tests.run(config)
     end
 
     def create_package

lib/setupmanagers/qemuhck/qemu_machine.rb

@@ -655,6 +655,10 @@ def dump_commands
       create_run_script(file_name, content.join)
     end
 
+    def stop
+      @runner.vm_abort
+    end
+
     def run(scope, run_opts = nil)
       @run_opts = validate_run_opts(run_opts.to_h)
       @keep_alive = run_opts[:keep_alive]
@@ -676,7 +680,7 @@ def run(scope, run_opts = nil)
         scope.transaction do |tmp_scope|
           hostfwd = Hostfwd.new(@options['slirp'], [@monitor_port, @vnc_port])
           tmp_scope << hostfwd
-          Runner.new(tmp_scope, @logger, self, @run_name, @run_opts)
+          @runner = Runner.new(tmp_scope, @logger, self, @run_name, @run_opts)
         end
       end
     end

lib/setupmanagers/qemuhck/qemuhck.rb

@@ -136,6 +136,10 @@ def run_client(scope, name, run_opts = nil)
       @clients_vm[name].run(scope, run_opts)
     end
 
+    def stop_client(name)
+      @clients_vm[name].stop
+    end
+
     def run_hck_studio(scope, run_opts)
       HCKStudio.new(self, scope, run_opts) { @studio_vm.find_world_ip }
     end

svvp.json

@@ -3,8 +3,7 @@
   "drivers": [
     "NetKVM",
     "vioscsi",
-    "fwcfg64",
-    "tpm"
+    "fwcfg64"
   ],
   "reject_test_names": [
     "__Windows_11_22H2_reject_test_names",
@@ -21,7 +20,6 @@
     "TPM 2.0 UEFI Preboot Interface Test",
     "TPM 2.0 EK Certificate Tests",
     "Hardware Security Testability Interface Test",
-    "Secure Boot Logo Test",
     "TPM 2.0 Platform Crypto Provider Key Storage Provider Test",
     "ACPI Logo Test",
     "Profile Interrupt Test",
@@ -31,7 +29,6 @@
     "USB Generic HID Test",
     "USB Type-C ACPI Validation",
     "Boot from USB (ServerOperating System)",
-    "Secure Boot Manual Logo Test",
     "Debug Capability Test (Logo)",
     "LoadGen Server Stress - Run First - Set Machine Policies",
     "LoadGen Server Stress - Run Last - Reset Machine Policies",