| blob | bf9a50c10d0d2e9f456fffe4c4343f5d0994f5dd |
1 { lib, ... }: {
2 name = "amd-sev";
3 meta = {
4 maintainers = with lib.maintainers; [ trundle veehaitch ];
5 };
7 nodes.machine = { lib, ... }: {
8 hardware.cpu.amd.sev.enable = true;
9 hardware.cpu.amd.sevGuest.enable = true;
11 specialisation.sevCustomUserGroup.configuration = {
12 users.groups.sevtest = { };
14 hardware.cpu.amd.sev = {
15 enable = true;
16 group = "root";
17 mode = "0600";
18 };
19 hardware.cpu.amd.sevGuest = {
20 enable = true;
21 group = "sevtest";
22 };
23 };
24 };
26 testScript = { nodes, ... }:
27 let
28 specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
29 in
30 ''
31 machine.wait_for_unit("multi-user.target")
33 with subtest("Check default settings"):
34 out = machine.succeed("cat /etc/udev/rules.d/99-local.rules")
35 assert 'KERNEL=="sev", OWNER="root", GROUP="sev", MODE="0660"' in out
36 assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sev-guest", MODE="0660"' in out
38 out = machine.succeed("cat /etc/group")
39 assert "sev:" in out
40 assert "sev-guest:" in out
41 assert "sevtest:" not in out
43 with subtest("Activate configuration with custom user/group"):
44 machine.succeed('${specialisations}/sevCustomUserGroup/bin/switch-to-configuration test')
46 with subtest("Check custom user and group"):
47 out = machine.succeed("cat /etc/udev/rules.d/99-local.rules")
48 assert 'KERNEL=="sev", OWNER="root", GROUP="root", MODE="0600"' in out
49 assert 'KERNEL=="sev-guest", OWNER="root", GROUP="sevtest", MODE="0660"' in out
51 out = machine.succeed("cat /etc/group")
52 assert "sev:" not in out
53 assert "sev-guest:" not in out
54 assert "sevtest:" in out
55 '';
56 }