nixos/tests/systemd-initrd-credentials: init

nixos/tests/all-tests.nix

@@ -1295,6 +1295,7 @@ in
   systemd-escaping = runTest ./systemd-escaping.nix;
   systemd-initrd-bridge = runTest ./systemd-initrd-bridge.nix;
   systemd-initrd-btrfs-raid = runTest ./systemd-initrd-btrfs-raid.nix;
+  systemd-initrd-credentials = runTest ./systemd-initrd-credentials.nix;
   systemd-initrd-luks-fido2 = runTest ./systemd-initrd-luks-fido2.nix;
   systemd-initrd-luks-keyfile = runTest ./systemd-initrd-luks-keyfile.nix;
   systemd-initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix {

nixos/tests/systemd-initrd-credentials.nix

@@ -0,0 +1,32 @@
+{ lib, pkgs, ... }:
+{
+  name = "systemd-initrd-credentials";
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      virtualisation = {
+        qemu.options = [
+          "-smbios type=11,value=io.systemd.credential:cred-smbios=secret-smbios"
+        ];
+      };
+
+      boot.initrd.availableKernelModules = [ "dmi_sysfs" ];
+
+      boot.kernelParams = [ "systemd.set_credential=cred-cmdline:secret-cmdline" ];
+
+      boot.initrd.systemd = {
+        enable = true;
+      };
+    };
+
+  testScript = ''
+    machine.wait_for_unit("multi-user.target")
+
+    # Check credential passed via kernel command line
+    assert "secret-cmdline" in machine.succeed("systemd-creds --system cat cred-cmdline")
+
+    # Check credential passed via SMBIOS
+    assert "secret-smbios" in machine.succeed("systemd-creds --system cat cred-smbios")
+  '';
+}