canonical-ubuntu-qa team mailing list archive
-
canonical-ubuntu-qa team
-
Mailing list archive
-
Message #06291
[Bug 2100635] Re: ubuntu_qrt_kernel_security KernelSecurityTest.test_400_kernel_security_lockdown fails on jammy:linux-gcp
To provide more context on this, this test was added to the QA
regression test repository mid-cycle, and because we get the tip of the
repository for tests, some kernels in this cycle ran this test and some
did not. The test fails because we don't configure any of our regression
testing instances with secure boot enabled, and this test specifically
checks if secure boot is enabled, failing otherwise. This leads to two
action items for the future to consider this bug resolved:
1. Don't fetch the tip of the QA regression test repository to avoid
tests changing mid-cycle, instead use snapshots or a rolling git tag or
hash, etc, which is bumped on a regular basis.
2. Don't run this test when secure boot is not enabled, and vice versa.
The general plan right now is to enable more of our regression test
instances to run with secure boot enabled, but not all instances will
have this capability. Rather than permanently hinting these instance
types to ignore this test, we could provide some logic in the test
harness to skip this test if secure boot is intentionally not enabled.
Until either secure boot is enabled or the test is skipped for a given
instance type, this test needs to be hinted.
--
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2100635
Title:
ubuntu_qrt_kernel_security
KernelSecurityTest.test_400_kernel_security_lockdown fails on
jammy:linux-gcp
Status in ubuntu-kernel-tests:
New
Bug description:
This failure was observed across all instance types during the 2025.02.10 cycle.
Kernel 5.15.0-1079.88
This test case is very new. It should be further vetted before
declaring a regression.
Running test: './test-kernel-security.py' distro: 'Ubuntu 22.04' kernel: '5.15.0-1079.88 (Ubuntu 5.15.0-1079.88-gcp 5.15.178)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
8709 03:05:46 DEBUG| stderr:
8710 03:05:46 DEBUG| test_400_kernel_security_lockdown (__main__.KernelSecurityTest)
8711 03:05:46 DEBUG| Kernel lockdown enabled in /sys/kernel/security/lockdown ... FAIL
8712 03:05:46 DEBUG|
8713 03:05:46 DEBUG| ======================================================================
8714 03:05:46 DEBUG| FAIL: test_400_kernel_security_lockdown (__main__.KernelSecurityTest)
8715 03:05:46 DEBUG| Kernel lockdown enabled in /sys/kernel/security/lockdown
8716 03:05:46 DEBUG| ----------------------------------------------------------------------
8717 03:05:46 DEBUG| Traceback (most recent call last):
8718 03:05:46 DEBUG| File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/./test-kernel-security.py", line 2210, in test_400_kernel_security_lockdown
8719 03:05:46 DEBUG| self.assertEqual(fh.read().strip(), expected)
8720 03:05:46 DEBUG| AssertionError: '[none] integrity confidentiality' != 'none [integrity] confidentiality'
8721 03:05:46 DEBUG| - [none] integrity confidentiality
8722 03:05:46 DEBUG| ? - ^^
8723 03:05:46 DEBUG| + none [integrity] confidentiality
8724 03:05:46 DEBUG| ? ^^ +
8725 03:05:46 DEBUG|
8726 03:05:46 DEBUG|
8727 03:05:46 DEBUG| ----------------------------------------------------------------------
8728 03:05:46 DEBUG| Ran 1 test in 0.001s
8729 03:05:46 DEBUG|
8730 03:05:46 DEBUG| FAILED (failures=1)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2100635/+subscriptions
References
