diff --git a/tests/p_kernel/01_kernel_centos_keyring.sh b/tests/p_kernel/01_kernel_centos_keyring.sh new file mode 100755 index 0000000..533c238 --- /dev/null +++ b/tests/p_kernel/01_kernel_centos_keyring.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Author: Athmane Madjoudj +# Note: This was a known issue with CentOS 6.0 GA kernel + +t_Log "Running $0 - check CentOS' Kernel Module GPG key." + +if [ "$centos_ver" = "7" ] ; then + for id in kpatch "Driver update" kernel + do + t_Log "Verifying x.509 CentOS ${id}" + keyctl list %:.system_keyring | grep -i "CentOS Linux ${id} signing key" > /dev/null 2>&1 + t_CheckExitStatus $? + done +else + grep 'User ID: CentOS (Kernel Module GPG key)' /var/log/dmesg > /dev/null 2>&1 + t_CheckExitStatus $? +fi + diff --git a/tests/p_kernel/02_kernel_secureboot_signed.sh b/tests/p_kernel/02_kernel_secureboot_signed.sh new file mode 100755 index 0000000..ec236aa --- /dev/null +++ b/tests/p_kernel/02_kernel_secureboot_signed.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# This test will verify that grub2-efi is correctly signed with correct cert in the CA chain + +t_Log "Running $0 - Verifying that kernel is correctly signed with correct cert" + +if [ "$centos_ver" = "7" ] ; then + t_InstallPackage pesign + for kernel in $(rpm -q kernel --queryformat '%{version}-%{release}.%{arch}\n') + do + t_log "Validating kernel $kernel ..." + pesign --show-signature --in /boot/vmlinuz-${kernel}|grep -q 'Red Hat Inc.' + t_CheckExitStatus $? + done +else + t_log "previous versions than CentOS 7 aren't using secureboot ... skipping" + exit 0 +fi + diff --git a/tests/p_kernel/kernel_centos_keyring.sh b/tests/p_kernel/kernel_centos_keyring.sh deleted file mode 100755 index 533c238..0000000 --- a/tests/p_kernel/kernel_centos_keyring.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# Author: Athmane Madjoudj -# Note: This was a known issue with CentOS 6.0 GA kernel - -t_Log "Running $0 - check CentOS' Kernel Module GPG key." - -if [ "$centos_ver" = "7" ] ; then - for id in kpatch "Driver update" kernel - do - t_Log "Verifying x.509 CentOS ${id}" - keyctl list %:.system_keyring | grep -i "CentOS Linux ${id} signing key" > /dev/null 2>&1 - t_CheckExitStatus $? - done -else - grep 'User ID: CentOS (Kernel Module GPG key)' /var/log/dmesg > /dev/null 2>&1 - t_CheckExitStatus $? -fi -