QA/tests/p_kernel/02_kernel_secureboot_signed.sh

#!/bin/bash
# This test will verify that grub2-efi is correctly signed with correct cert in the CA chain

t_Log "Running $0 -  Verifying that kernel is correctly signed with correct cert"

if [[ "$centos_ver" -ge 7 && "$arch" = "x86_64" ]] ; then
  t_InstallPackage pesign 
  for kernel in $(rpm -q kernel --queryformat '%{version}-%{release}.%{arch}\n') 
    do
    t_Log "Validating kernel $kernel ..."
    if [[ "$centos_ver" -eq 8 ]] ; then
      key_ver="201"
    elif [[ "$centos_ver" -eq 9 ]] ; then
      key_ver="201"
    fi 
    if [[ "$centos_ver" -ge 8 && "$kernel" > "4.18.0-480.el8" ]] ; then
      pesign --show-signature --in /boot/vmlinuz-${kernel}|egrep -q "Red Hat Inc.|CentOS Secure Boot Signing $key_ver"
    else 
       pesign --show-signature --in /boot/vmlinuz-${kernel}|egrep -q 'Red Hat Inc.|CentOS Secure Boot \(key 1\)'
    fi
    t_CheckExitStatus $?
  done
else
  t_Log "previous versions than CentOS 7 - or not x86_64 -aren't using secureboot ... skipping"
  exit 0
fi
INF-894: Адаптировать тесты CentOS для МСВСфера ОС (#2) https://dev-ci.inferitos.ru/job/Experiments/job/pnegrobov/job/Docker_tests_new/50/ Co-authored-by: Pavel Negrobov <Pavel.Negrobov@softline.com> Reviewed-on: https://git.inferitos.ru/msvsphere/QA/pulls/2 10 months ago			`#!/bin/bash`
			`# This test will verify that grub2-efi is correctly signed with correct cert in the CA chain`

			`t_Log "Running $0 - Verifying that kernel is correctly signed with correct cert"`

			`if [[ "$centos_ver" -ge 7 && "$arch" = "x86_64" ]] ; then`
			`t_InstallPackage pesign`
			`for kernel in $(rpm -q kernel --queryformat '%{version}-%{release}.%{arch}\n')`
			`do`
			`t_Log "Validating kernel $kernel ..."`
			`if [[ "$centos_ver" -eq 8 ]] ; then`
			`key_ver="201"`
			`elif [[ "$centos_ver" -eq 9 ]] ; then`
			`key_ver="201"`
			`fi`
			`if [[ "$centos_ver" -ge 8 && "$kernel" > "4.18.0-480.el8" ]] ; then`
			`pesign --show-signature --in /boot/vmlinuz-${kernel}\|egrep -q "Red Hat Inc.\|CentOS Secure Boot Signing $key_ver"`
			`else`
			`pesign --show-signature --in /boot/vmlinuz-${kernel}\|egrep -q 'Red Hat Inc.\|CentOS Secure Boot \(key 1\)'`
			`fi`
			`t_CheckExitStatus $?`
			`done`
			`else`
			`t_Log "previous versions than CentOS 7 - or not x86_64 -aren't using secureboot ... skipping"`
			`exit 0`
			`fi`