diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix index 931959f05464..8628fc2b8a01 100644 --- a/nixos/tests/systemd-initrd-luks-tpm2.nix +++ b/nixos/tests/systemd-initrd-luks-tpm2.nix @@ -35,21 +35,27 @@ }; }; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + # Boot and decrypt the disk + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; }