From 488773a681a930948b906c934dad136940989af2 Mon Sep 17 00:00:00 2001 From: Ancor Gonzalez Sosa Date: Thu, 29 Jan 2026 09:49:47 +0100 Subject: [PATCH 1/3] Fix unit tests --- test/support/devices_planner_context.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/support/devices_planner_context.rb b/test/support/devices_planner_context.rb index 0948406d5c..38cc5b3eb1 100755 --- a/test/support/devices_planner_context.rb +++ b/test/support/devices_planner_context.rb @@ -44,6 +44,10 @@ Yast::ProductFeatures.Import("partitioning" => control_file_content) + # Needed because of the more than questionable implementation of preferred_bootloader + allow(Y2Storage::BootRequirementsStrategies::Analyzer) + .to receive(:bls_bootloader_proposed?).and_return false + allow(Y2Storage::BootRequirementsChecker).to receive(:new).and_return boot_checker allow(boot_checker).to receive(:needed_partitions).and_return( [ From 079b0a2334faec145b5d8225f211af0c0a592bd7 Mon Sep 17 00:00:00 2001 From: Ancor Gonzalez Sosa Date: Thu, 29 Jan 2026 09:59:22 +0100 Subject: [PATCH 2/3] Simplify check for TpmFde encryption method --- .../y2storage/encryption_method/tpm_fde.rb | 29 ++-------- .../encryption_method/tpm_fde_test.rb | 54 +++---------------- 2 files changed, 9 insertions(+), 74 deletions(-) diff --git a/src/lib/y2storage/encryption_method/tpm_fde.rb b/src/lib/y2storage/encryption_method/tpm_fde.rb index 43ba28b1a8..56f91207d7 100644 --- a/src/lib/y2storage/encryption_method/tpm_fde.rb +++ b/src/lib/y2storage/encryption_method/tpm_fde.rb @@ -80,8 +80,8 @@ def available? false end - # Whether both the target system and the product being installed meet the requisites - # to setup devices using this encryption method. + # Whether the target system meets the requisites to setup devices using this + # encryption method. # # The encryption method must be used at least for the root filesystem (eg. is not possible to # use it for /var but not for /), but that can't hardly be controlled here. A separate @@ -89,7 +89,7 @@ def available? # # @return [Boolean] def possible? - tpm_system? && tpm_product? + Y2Storage::Arch.new.efiboot? && tpm_present? end # Creates an encryption device for the given block device @@ -109,15 +109,6 @@ def encryption_process EncryptionProcesses::TpmFdeTools.new(self) end - # Whether the system is capable of using the encryption method - # - # @see #possible? - # - # @return [Boolean] - def tpm_system? - Y2Storage::Arch.new.efiboot? && tpm_present? - end - # Whether a TPM2 chip is present and working # # @see #possible? @@ -128,20 +119,6 @@ def tpm_present? @tpm_present = EncryptionProcesses::FdeTools.new.tpm_present? end - - # Whether the product being installed has the ability to configure the encryption method - # - # @see #possible? - # - # @return [Boolean] - def tpm_product? - # TODO: We should likely do some memoization of the result. But it is not clear when - # such memoization would be invalidated (eg. new packages available due to some change - # in selected product or to new repositories). - - # Beware: apart from true and false, AvailableAll can return nil if things go wrong - !!Yast::Package.AvailableAll(YastFeature::ENCRYPTION_TPM_FDE.pkg_list) - end end end end diff --git a/test/y2storage/encryption_method/tpm_fde_test.rb b/test/y2storage/encryption_method/tpm_fde_test.rb index 345554601d..0337b1d734 100644 --- a/test/y2storage/encryption_method/tpm_fde_test.rb +++ b/test/y2storage/encryption_method/tpm_fde_test.rb @@ -70,8 +70,6 @@ end allow(Y2Storage::Arch).to receive(:new).and_return(arch) - - allow(Yast::Package).to receive(:AvailableAll).and_return pkgs_available end let(:arch) { instance_double("Y2Storage::Arch", efiboot?: efi) } @@ -89,36 +87,16 @@ context "and there is a working TPM2 chip" do let(:tpm_present) { true } - context "and the needed packages can be installed in the target system" do - let(:pkgs_available) { true } - - it "#possible? returns true and #available? returns false" do - expect(subject.available?).to eq false - expect(subject.possible?).to eq true - end - end - - context "and the needed packages can not be installed in the target system" do - let(:pkgs_available) { false } - - include_examples "TPM_FDE impossible and not available" + it "#possible? returns true and #available? returns false" do + expect(subject.available?).to eq false + expect(subject.possible?).to eq true end end context "and there is no TPM2 chip" do let(:tpm_present) { false } - context "and the needed packages can be installed in the target system" do - let(:pkgs_available) { true } - - include_examples "TPM_FDE impossible and not available" - end - - context "and the needed packages can not be installed in the target system" do - let(:pkgs_available) { false } - - include_examples "TPM_FDE impossible and not available" - end + include_examples "TPM_FDE impossible and not available" end end @@ -128,33 +106,13 @@ context "and there is a working TPM2 chip" do let(:tpm_present) { true } - context "and the needed packages can be installed in the target system" do - let(:pkgs_available) { true } - - include_examples "TPM_FDE impossible and not available" - end - - context "and the needed packages can not be installed in the target system" do - let(:pkgs_available) { false } - - include_examples "TPM_FDE impossible and not available" - end + include_examples "TPM_FDE impossible and not available" end context "and there is no TPM2 chip" do let(:tpm_present) { false } - context "and the needed packages can be installed in the target system" do - let(:pkgs_available) { true } - - include_examples "TPM_FDE impossible and not available" - end - - context "and the needed packages can not be installed in the target system" do - let(:pkgs_available) { false } - - include_examples "TPM_FDE impossible and not available" - end + include_examples "TPM_FDE impossible and not available" end end end From 384b547786dbd2d858ffe3683fd622d165792e00 Mon Sep 17 00:00:00 2001 From: Ancor Gonzalez Sosa Date: Thu, 29 Jan 2026 10:03:59 +0100 Subject: [PATCH 3/3] Version and changelog --- package/yast2-storage-ng.changes | 7 +++++++ package/yast2-storage-ng.spec | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/package/yast2-storage-ng.changes b/package/yast2-storage-ng.changes index 0bb7d27048..82e62c2048 100644 --- a/package/yast2-storage-ng.changes +++ b/package/yast2-storage-ng.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jan 29 09:00:40 UTC 2026 - Ancor Gonzalez Sosa + +- Adjusted the criteria to check whether TPM-based full-disk + encryption is available at Agama (bsc#1257315). +- 5.0.40 + ------------------------------------------------------------------- Thu Jan 15 08:26:47 UTC 2026 - Ladislav Slezák diff --git a/package/yast2-storage-ng.spec b/package/yast2-storage-ng.spec index 68f95d8ed2..0cd1caa4b5 100644 --- a/package/yast2-storage-ng.spec +++ b/package/yast2-storage-ng.spec @@ -16,7 +16,7 @@ # Name: yast2-storage-ng -Version: 5.0.39 +Version: 5.0.40 Release: 0 Summary: YaST2 - Storage Configuration License: GPL-2.0-only OR GPL-3.0-only