diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index dd1a099ac1f2..363177cd301b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1295,6 +1295,7 @@ in systemd-escaping = runTest ./systemd-escaping.nix; systemd-initrd-bridge = runTest ./systemd-initrd-bridge.nix; systemd-initrd-btrfs-raid = runTest ./systemd-initrd-btrfs-raid.nix; + systemd-initrd-credentials = runTest ./systemd-initrd-credentials.nix; systemd-initrd-luks-fido2 = runTest ./systemd-initrd-luks-fido2.nix; systemd-initrd-luks-keyfile = runTest ./systemd-initrd-luks-keyfile.nix; systemd-initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix { diff --git a/nixos/tests/systemd-initrd-credentials.nix b/nixos/tests/systemd-initrd-credentials.nix new file mode 100644 index 000000000000..50893d2cec78 --- /dev/null +++ b/nixos/tests/systemd-initrd-credentials.nix @@ -0,0 +1,32 @@ +{ lib, pkgs, ... }: +{ + name = "systemd-initrd-credentials"; + + nodes.machine = + { pkgs, ... }: + { + virtualisation = { + qemu.options = [ + "-smbios type=11,value=io.systemd.credential:cred-smbios=secret-smbios" + ]; + }; + + boot.initrd.availableKernelModules = [ "dmi_sysfs" ]; + + boot.kernelParams = [ "systemd.set_credential=cred-cmdline:secret-cmdline" ]; + + boot.initrd.systemd = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + + # Check credential passed via kernel command line + assert "secret-cmdline" in machine.succeed("systemd-creds --system cat cred-cmdline") + + # Check credential passed via SMBIOS + assert "secret-smbios" in machine.succeed("systemd-creds --system cat cred-smbios") + ''; +}