tests: secureboot: remove preload test for secureboot enabled DUTs

Since 1ae37ac using the flasher image with secureboot and preloading doesn't work. Skipping preloading tests will unblock users not using this combination with the signed images. Change-type: patch Signed-off-by: Ryan Cooke <[email protected]>
balena-os · Feb 4, 2025 · e6c5f14 · e6c5f14
1 parent df69a1d
commit e6c5f14
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 39 deletions.
diff --git a/tests/suites/cloud/suite.js b/tests/suites/cloud/suite.js
@@ -392,6 +392,11 @@ module.exports = {
       migrate: { force: this.suite.options.balenaOS.config.installerForceMigration }
     };
 
+    // Add config to suite context so accessible within tests. Main use case is to check secureboot status
+    this.suite.context.set({
+      config: config
+    })
+
     if( this.workerContract.workerType === `qemu` && config.installer.migrate.force ) {
         console.log("Forcing installer migration")
     } else {
@@ -423,11 +428,18 @@ module.exports = {
     // preload image with the single container application
     this.log(`Device uuid should be ${this.balena.uuid}`)
     await this.os.configure();
-    await this.cli.preload(this.os.image.path, {
-      app: this.balena.application,
-      commit: initialCommit,
-      pin: true,
-    });
+
+    // Until secureboot flasher + preloading is implemented, skip preloading, and preloading test
+    if ( config.installer.secureboot ) {
+      console.log("Opting-in secure boot and full disk encryption - skip preloading")
+    } else {
+      console.log(`No secure boot requested, preloading image...`)
+      await this.cli.preload(this.os.image.path, {
+        app: this.balena.application,
+        commit: initialCommit,
+        pin: true,
+      });
+    }
 
     this.log("Setting up worker");
     await this.worker.network(this.suite.options.balenaOS.network);

diff --git a/tests/suites/cloud/tests/preload/index.js b/tests/suites/cloud/tests/preload/index.js
@@ -5,42 +5,46 @@ const request = require('request-promise');
 module.exports = {
   title: "Image preload test",
   run: async function (test) {
-
-    // if test is being done on physical DUT via the testbot, check that the preloaded application is working
-    if(this.workerContract.workerType !== `qemu`){
-      // we should be able to see the app starting.
-
-      await this.utils.waitUntil(
-        async () => {
-          console.log(`Checking preloaded app has started`)
-          let result = await this.worker.executeCommandInHostOS(
-            'journalctl -a | grep ": HELLO_WORLD"',
-            this.link);
-          console.log(`Result: ${result}`);
-          return result !== '';
-        }, false, 10, 5*1000);
-
-      test.ok(true, `preloaded app should be running without api access`)
-      // When we confirm the app has started, then re-enable internet access to DUT
-      await this.worker.executeCommandInWorker('sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"');
+    // While secureboot flasher + preloading not implemented, skip the preload test.
+    if(this.config.installer.secureboot){
+      console.log('Secure boot enabled, skipping preload test...')
+    } else {
+      // if test is being done on physical DUT via the testbot, check that the preloaded application is working
+      if(this.workerContract.workerType !== `qemu`){
+        // we should be able to see the app starting.
+
+        await this.utils.waitUntil(
+          async () => {
+            console.log(`Checking preloaded app has started`)
+            let result = await this.worker.executeCommandInHostOS(
+              'journalctl -a | grep ": HELLO_WORLD"',
+              this.link);
+            console.log(`Result: ${result}`);
+            return result !== '';
+          }, false, 10, 5*1000);
+
+        test.ok(true, `preloaded app should be running without api access`)
+        // When we confirm the app has started, then re-enable internet access to DUT
+        await this.worker.executeCommandInWorker('sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"');
+      }
+
+      // make sure DUT is online
+      console.log(`Waiting for DUT to be online in dashboard`)
+      await this.utils.waitUntil(() => {
+        return this.cloud.balena.models.device.isOnline(this.balena.uuid);
+      }, false, 60, 5 * 1000);
+
+      // wait until the service is running
+      await this.cloud.waitUntilServicesRunning(
+        this.balena.uuid, 
+        [this.appServiceName], 
+        this.balena.initialCommit
+      )
+
+      test.ok(true, `Preload commit hash should be ${this.balena.initialCommit}`);
     }
 
-    // make sure DUT is online
-    console.log(`Waiting for DUT to be online in dashboard`)
-    await this.utils.waitUntil(() => {
-      return this.cloud.balena.models.device.isOnline(this.balena.uuid);
-    }, false, 60, 5 * 1000);
-
-    // wait until the service is running
-    await this.cloud.waitUntilServicesRunning(
-      this.balena.uuid, 
-      [this.appServiceName], 
-      this.balena.initialCommit
-    )
-
-    test.ok(true, `Preload commit hash should be ${this.balena.initialCommit}`);
-
-
+    // Cleanup at the end of the preload test regardless - ensuring that there is a known state before the next test, regardless of whether this test ran or not
     this.log("Unpinning device from release");
     await this.cloud.balena.models.device.trackApplicationRelease(
       this.balena.uuid