Skip to content

tests: add fips.hmac to verify VM will fail to reboot with FIPS and wrong hmac#4437

Merged
jbtrystram merged 1 commit intocoreos:mainfrom
HuijingHei:fips-hmac
Mar 5, 2026
Merged

tests: add fips.hmac to verify VM will fail to reboot with FIPS and wrong hmac#4437
jbtrystram merged 1 commit intocoreos:mainfrom
HuijingHei:fips-hmac

Conversation

@HuijingHei
Copy link
Member

@HuijingHei HuijingHei commented Feb 13, 2026
edited
Loading

@HuijingHei HuijingHei changed the title tests: add fips.hmac to verify VM will fail to reboot with FIPS tests: add fips.hmac to verify VM will fail to reboot with FIPS and wrong hmac Feb 13, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new test, fips.hmac, to ensure that a VM with FIPS enabled fails to reboot when its kernel HMAC is corrupted. The related changes to add a NoDracutFatalCheck flag are appropriate for this test case. The new test implementation is sound, but I've provided a couple of suggestions to improve its robustness and simplify the code.

@HuijingHei HuijingHei force-pushed the fips-hmac branch 2 times, most recently from 600352e to ff3c797 Compare February 13, 2026 13:05
jbtrystram
jbtrystram previously approved these changes Mar 4, 2026
View reviewed changes
Copy link
Member

@jbtrystram jbtrystram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one small nit

@HuijingHei HuijingHei requested a review from jbtrystram March 5, 2026 03:38
jbtrystram
jbtrystram approved these changes Mar 5, 2026
View reviewed changes
Copy link
Member

@jbtrystram jbtrystram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@jbtrystram jbtrystram merged commit c6612bc into coreos:main Mar 5, 2026
6 checks passed
@HuijingHei
Copy link
Member Author

HuijingHei commented Mar 6, 2026

/cherrypick rhcos-4.19
/cherrypick rhcos-4.18
/cherrypick rhcos-4.17
/cherrypick rhcos-4.16

@HuijingHei HuijingHei deleted the fips-hmac branch March 6, 2026 01:50
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: new pull request created: #4471

Details

In response to this:

/cherrypick rhcos-4.19
/cherrypick rhcos-4.18
/cherrypick rhcos-4.17
/cherrypick rhcos-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2026
Open
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: new pull request created: #4472

Details

In response to this:

/cherrypick rhcos-4.19
/cherrypick rhcos-4.18
/cherrypick rhcos-4.17
/cherrypick rhcos-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2026
Open
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: new pull request created: #4473

Details

In response to this:

/cherrypick rhcos-4.19
/cherrypick rhcos-4.18
/cherrypick rhcos-4.17
/cherrypick rhcos-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2026
Open
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: cannot checkout rhcos-4.19: error checking out "rhcos-4.19": exit status 1 error: pathspec 'rhcos-4.19' did not match any file(s) known to git

Details

In response to this:

/cherrypick rhcos-4.19
/cherrypick rhcos-4.18
/cherrypick rhcos-4.17
/cherrypick rhcos-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@HuijingHei
Copy link
Member Author

HuijingHei commented Mar 6, 2026

/cherrypick rhcos-4.15
/cherrypick rhcos-4.14
/cherrypick rhcos-4.13

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: #4437 failed to apply on top of branch "rhcos-4.13":

Applying: tests: add `fips.hmac` to verify VM will fail to reboot with FIPS and wrong hmac
Using index info to reconstruct a base tree...
M	mantle/kola/harness.go
M	mantle/kola/register/register.go
Falling back to patching base and 3-way merge...
Auto-merging mantle/kola/register/register.go
CONFLICT (content): Merge conflict in mantle/kola/register/register.go
Auto-merging mantle/kola/harness.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 tests: add `fips.hmac` to verify VM will fail to reboot with FIPS and wrong hmac
Details

In response to this:

/cherrypick rhcos-4.15
/cherrypick rhcos-4.14
/cherrypick rhcos-4.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: new pull request created: #4474

Details

In response to this:

/cherrypick rhcos-4.15
/cherrypick rhcos-4.14
/cherrypick rhcos-4.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2026
Open
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Mar 6, 2026

@HuijingHei: new pull request created: #4475

Details

In response to this:

/cherrypick rhcos-4.15
/cherrypick rhcos-4.14
/cherrypick rhcos-4.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbtrystram jbtrystram jbtrystram approved these changes

@prestist prestist Awaiting requested review from prestist

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@HuijingHei @openshift-cherrypick-robot @jbtrystram