nixos/tests/systemd-initrd-credentials: init

(cherry picked from commit dd15d6c248)
2026-01-11 18:32:23 +08:00 · 2025-05-10 10:26:31 -04:00
parent 96f0f8b632
commit 8253d26e46
2 changed files with 36 additions and 0 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1304,6 +1304,7 @@ in
  systemd-escaping = handleTest ./systemd-escaping.nix { };
  systemd-initrd-bridge = handleTest ./systemd-initrd-bridge.nix { };
  systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix { };
+  systemd-initrd-credentials = handleTest ./systemd-initrd-credentials.nix { };
  systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix { };
  systemd-initrd-luks-keyfile = handleTest ./systemd-initrd-luks-keyfile.nix { };
  systemd-initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix {
--- a/nixos/tests/systemd-initrd-credentials.nix
+++ b/nixos/tests/systemd-initrd-credentials.nix
@@ -0,0 +1,35 @@
+import ./make-test-python.nix (
+
+  { lib, pkgs, ... }:
+  {
+    name = "systemd-initrd-credentials";
+
+    nodes.machine =
+      { pkgs, ... }:
+      {
+        virtualisation = {
+          qemu.options = [
+            "-smbios type=11,value=io.systemd.credential:cred-smbios=secret-smbios"
+          ];
+        };
+
+        boot.initrd.availableKernelModules = [ "dmi_sysfs" ];
+
+        boot.kernelParams = [ "systemd.set_credential=cred-cmdline:secret-cmdline" ];
+
+        boot.initrd.systemd = {
+          enable = true;
+        };
+      };
+
+    testScript = ''
+      machine.wait_for_unit("multi-user.target")
+
+      # Check credential passed via kernel command line
+      assert "secret-cmdline" in machine.succeed("systemd-creds --system cat cred-cmdline")
+
+      # Check credential passed via SMBIOS
+      assert "secret-smbios" in machine.succeed("systemd-creds --system cat cred-smbios")
+    '';
+  }
+)