Regenrate EFI secret key before power management

According to information about changes made by Jira feature PED-87 Do NOT auto-generate EFI secret-key for hibernation verification, it is necessary to regenerate key by: echo 1 > /sys/firmware/efi/secret-key/regen before power management.
os-autoinst · Jan 3, 2025 · 15cc20a · 15cc20a
1 parent f8cbef8
commit 15cc20a
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/lib/virt_autotest/utils.pm b/lib/virt_autotest/utils.pm
@@ -80,7 +80,8 @@ our @EXPORT = qw(
   remove_additional_nic
   start_guests
   is_guest_online
-  ensure_online wait_guest_online
+  ensure_online
+  wait_guest_online
   restore_downloaded_guests
   save_original_guest_xmls
   restore_original_guests
@@ -92,6 +93,7 @@ our @EXPORT = qw(
   recreate_guests
   download_vm_import_disks
   get_guest_regcode
+  run_command_over_ssh
 );
 
 my %log_cursors;
@@ -1373,4 +1375,25 @@ sub wait_for_host_reboot {
     select_console('root-ssh');
 }
 
+=head2 run_command_over_ssh
+
+  run_command_over_ssh(address => $address, timeout => $timeout)
+
+Run command over passwordless ssh session. Arguments include address, which can take
+the form of FQDN or IP, and timeout, which sets amount of time to wait before return.
+
+=cut
+
+sub run_command_over_ssh {
+    my %args = @_;
+    $args{username} //= 'root';
+    $args{address} //= '';
+    $args{command} //= '';
+    $args{timeout} //= 90;
+    croak('Argument address must be given to run command over ssh') if (!$args{address} or !$args{command});
+
+    my $command = "ssh $args{username}\@$args{address} $args{command}";
+    script_retry($command, timeout => $args{timeout}, delay => 15, retry => 3, die => 1);
+}
+
 1;
diff --git a/tests/virt_autotest/uefi_guest_verification.pm b/tests/virt_autotest/uefi_guest_verification.pm
@@ -47,6 +47,7 @@ sub run_test {
 
     # TODO: enable pm check for alp once default uefi firmware supports it well
     if (is_sle('>=15')) {
+	$self->regen_efi_secret_key;
         $self->check_guest_pmsuspend_enabled;
     }
     elsif (is_alp) {
@@ -98,6 +99,16 @@ sub check_guest_secure_boot {
     return $self;
 }
 
+sub regen_efi_secret_key {
+    my $self = shift;
+
+    foreach (keys %virt_autotest::common::guests) {
+        run_command_over_ssh(address => $guest, command => 'echo 1 > /sys/firmware/efi/secret-key/regen');
+        run_command_over_ssh(address => $guest, command => 'reboot');
+        wait_guest_online($guest);
+    }
+}	
+
 sub check_guest_pmsuspend_enabled {
     my $self = shift;