pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / amd-sev.nix
at master 1.8 kB view raw
1{ lib, ... }: 2{ 3 name = "amd-sev"; 4 meta = { 5 maintainers = with lib.maintainers; [ 6 trundle 7 veehaitch 8 ]; 9 }; 10 11 nodes.machine = 12 { lib, ... }: 13 { 14 hardware.cpu.amd.sev.enable = true; 15 hardware.cpu.amd.sevGuest.enable = true; 16 17 specialisation.sevCustomUserGroup.configuration = { 18 users.groups.sevtest = { }; 19 20 hardware.cpu.amd.sev = { 21 enable = true; 22 group = "root"; 23 mode = "0600"; 24 }; 25 hardware.cpu.amd.sevGuest = { 26 enable = true; 27 group = "sevtest"; 28 }; 29 }; 30 }; 31 32 testScript = 33 { nodes, ... }: 34 let 35 specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 36 in 37 '' 38 machine.wait_for_unit("multi-user.target") 39 40 with subtest("Check default settings"): 41 out = machine.succeed("cat /etc/udev/rules.d/99-local.rules") 42 assert 'KERNEL=="sev", OWNER="root", GROUP="sev", MODE="0660"' in out 43 assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sev-guest", MODE="0660"' in out 44 45 out = machine.succeed("cat /etc/group") 46 assert "sev:" in out 47 assert "sev-guest:" in out 48 assert "sevtest:" not in out 49 50 with subtest("Activate configuration with custom user/group"): 51 machine.succeed('${specialisations}/sevCustomUserGroup/bin/switch-to-configuration test') 52 53 with subtest("Check custom user and group"): 54 out = machine.succeed("cat /etc/udev/rules.d/99-local.rules") 55 assert 'KERNEL=="sev", OWNER="root", GROUP="root", MODE="0600"' in out 56 assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sevtest", MODE="0660"' in out 57 58 out = machine.succeed("cat /etc/group") 59 assert "sev:" not in out 60 assert "sev-guest:" not in out 61 assert "sevtest:" in out 62 ''; 63}