diff --git a/example/zfs.nix b/example/zfs.nix index 59c3f24..0db9ee7 100644 --- a/example/zfs.nix +++ b/example/zfs.nix @@ -88,6 +88,21 @@ mountpoint = "/ext4onzfs"; }; }; + encrypted = { + zfs_type = "filesystem"; + size = "20M"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/secret.key"; + }; + }; + "encrypted/test" = { + zfs_type = "filesystem"; + size = "2M"; + mountpoint = "/zfs_crypted"; + }; }; }; }; diff --git a/tests/cli.nix b/tests/cli.nix index 24eb24c..0c2bf29 100644 --- a/tests/cli.nix +++ b/tests/cli.nix @@ -20,7 +20,7 @@ makeDiskoTest { enableOCR = true; bootCommands = '' machine.wait_for_text("Passphrase for") - machine.send_chars("secret\n") + machine.send_chars("secretsecret\n") ''; extraConfig = { boot.kernelModules = [ "dm-raid" "dm-mirror" ]; diff --git a/tests/complex.nix b/tests/complex.nix index 5fe5efa..6209338 100644 --- a/tests/complex.nix +++ b/tests/complex.nix @@ -19,7 +19,7 @@ makeDiskoTest { enableOCR = true; bootCommands = '' machine.wait_for_text("Passphrase for") - machine.send_chars("secret\n") + machine.send_chars("secretsecret\n") ''; extraConfig = { boot.kernelModules = [ "dm-raid" "dm-mirror" ]; diff --git a/tests/lib.nix b/tests/lib.nix index 80ad0e3..1ab8934 100644 --- a/tests/lib.nix +++ b/tests/lib.nix @@ -12,6 +12,7 @@ , grub-devices ? [ "nodev" ] , efi ? true , enableOCR ? false + , postDisko ? "" , testMode ? "direct" # can be one of direct module cli , testBoot ? true # if we actually want to test booting or just create/mount }: @@ -123,7 +124,7 @@ return machine machine.start() - machine.succeed("echo -n 'secret' > /tmp/secret.key") + machine.succeed("echo -n 'secretsecret' > /tmp/secret.key") ${lib.optionalString (testMode == "direct") '' machine.succeed("${tsp-create}") machine.succeed("${tsp-mount}") @@ -148,6 +149,8 @@ machine.succeed("${tsp-disko}") # verify that we can destroy and recreate ''} + ${postDisko} + ${lib.optionalString testBoot '' # mount nix-store in /mnt machine.succeed("mkdir -p /mnt/nix/store") diff --git a/tests/luks-lvm.nix b/tests/luks-lvm.nix index 05d3362..4f35e5d 100644 --- a/tests/luks-lvm.nix +++ b/tests/luks-lvm.nix @@ -10,6 +10,6 @@ makeDiskoTest { enableOCR = true; bootCommands = '' machine.wait_for_text("Passphrase for") - machine.send_chars("secret\n") + machine.send_chars("secretsecret\n") ''; } diff --git a/tests/module.nix b/tests/module.nix index ef3b88e..2a6342f 100644 --- a/tests/module.nix +++ b/tests/module.nix @@ -20,7 +20,7 @@ makeDiskoTest { enableOCR = true; bootCommands = '' machine.wait_for_text("Passphrase for") - machine.send_chars("secret\n") + machine.send_chars("secretsecret\n") ''; extraConfig = { boot.kernelModules = [ "dm-raid" "dm-mirror" ]; diff --git a/tests/zfs.nix b/tests/zfs.nix index d88070e..ce60789 100644 --- a/tests/zfs.nix +++ b/tests/zfs.nix @@ -5,7 +5,16 @@ makeDiskoTest { disko-config = ../example/zfs.nix; extraConfig = { fileSystems."/zfs_legacy_fs".options = [ "nofail" ]; # TODO find out why we need this! + boot.zfs.requestEncryptionCredentials = true; }; + postDisko = '' + machine.succeed("zfs set keylocation=prompt zroot/encrypted") + ''; + enableOCR = true; + bootCommands = '' + machine.wait_for_text("passphrase for") + machine.send_chars("secretsecret\n") + ''; extraTestScript = '' machine.succeed("test -b /dev/zvol/zroot/zfs_testvolume"); @@ -25,5 +34,8 @@ makeDiskoTest { machine.succeed("mountpoint /zfs_fs"); machine.succeed("mountpoint /zfs_legacy_fs"); machine.succeed("mountpoint /ext4onzfs"); + machine.succeed("mountpoint /zfs_crypted"); + machine.succeed("zfs get keystatus zroot/encrypted"); + machine.succeed("zfs get keystatus zroot/encrypted/test"); ''; }