fixup! overlord/fdestate,secboot: store TPM/hook keydatas in LUKS2 to…

…kens
canonical · Nov 20, 2024 · b26c8b3 · b26c8b3
1 parent fe61cd7
commit b26c8b3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/boot/makebootable_test.go b/boot/makebootable_test.go
@@ -700,7 +700,7 @@ version: 5.0
 
 		// For now tokens are used only on classic when
 		// cryptsetup has the features we need.
-		// Later this check we change to also include UC24+
+		// Later this check will change to also include UC24+
 		c.Check(params.UseTokens, Equals, classic && !oldCryptsetup)
 
 		return nil

diff --git a/tests/nested/core/core20-degraded/task.yaml b/tests/nested/core/core20-degraded/task.yaml
@@ -45,10 +45,9 @@ execute: |
   if os.query is-ubuntu-ge 24.04; then
     remote.exec "sudo cryptsetup luksDump --dump-json-metadata /dev/disk/by-label/ubuntu-data-enc" >data.json
     default_token="$(jq -r '.tokens|map_values(select(.ubuntu_fde_name=="default"))|keys.[]' data.json)"
-    remote.exec "sudo cryptsetup token --token-id ${default_token} export /dev/disk/by-label/ubuntu-data-enc" >token.backupluksRemoveKey
     remote.exec "sudo cryptsetup token --token-id ${default_token} remove /dev/disk/by-label/ubuntu-data-enc"
   else
-    remote.exec "sudo mv /run/mnt/ubuntu-boot/device/fde/ubuntu-data.sealed-key /run/mnt/ubuntu-boot/device/fde/ubuntu-data.sealed-key.bk"
+    remote.exec "sudo rm /run/mnt/ubuntu-boot/device/fde/ubuntu-data.sealed-key"
   fi
   tests.nested transition "$recoverySystem" recover