Indication about requirements that could be added to Release Test list for 7.0.0

Functional Tests

Platform Installation

Installation with an optical disk drive
Installation with a USB optical disk drive
Installation with a USB flash drive

Platform Upgrade

OTA upgrade

Guest installation

Installation with an existing vhd
Installation from a virtual iso
Installation from an optical disk drive
PXE installation

Guest OS with Tools

Windows 7 sp1 64-bit install and basic use
Windows 10 (1511) 64-bit install and basic use
Windows 10 (1607) 64-bit install and basic use
Windows 10 (1703) 64-bit install and basic use
Windows 7 to Windows 10 (1607) upgrade
Windows 7 to Windows 10 (1703) upgrade
Windows 10 (1511) to Windows 10 (1607) upgrade
Windows 10 (1607) to Windows 10 (1703) upgrade
RedHat Enterprise Linux 7 64-bit install and basic use

Windows basic use

Burn a CD

Guest OS without Tools

Windows 7 64-bit install and basic use
Windows 10 64-bit install and basic use

PCI Passthrough

Passthrough of PCIe NIC to NDVM
Passthough of PCIe NIC to generic guest
Passthrough of USB controller to generic guest
Passthrough of PCIe audio controller to generic guest
Passthrough of supported NVidia graphics card to generic guest
Passthrough of supported AMD graphics card to generic guest

Virtual USB

Assignment of policy-allowed USB device to guest (e.g. smart card reader)
Intentional failure to assign policy-disallowed USB device to guest
Ejection of assigned USB device from guest (no longer present, accessible, addressable)
Re-assignment of ejected USB device to a guest
Add USB policy to disallow previously-assignable device, then attempt to assign
Add USB policy to automatically assign a specific USB device by {vendorID, productID, serial}
Assign friendly name to USB device, verify consistency across reboot and device hotplug
Devices:
1. Smart card reader
2. Mass storage device
3. Webcam
4. Audio headset
5. Touchscreen
6. Optical drive

Devices and Hardware

USB optical drive as assignable optical drive
SATA optical drive assignment
Unplug and re-plug monitor
Audio playback using speakers/headphones
SATA hard disk for base system
PCIe/NVMe hard disk for base system

Guest

Verify virtual USB quality (e.g. writing large data blocks to mass storage)
Verify audio playback quality
Verify audio recording quality
Run CPU stress tests
Run disk I/O stress tests
Run GPU stress test (3D VM only)
Validate virtual network throughput and packet loss

UIVM

Create VM
Start VM
Shutdown VM
Reboot VM
Destroy VM instance
Delete VM
Switch running VM focus
Shut down system
View NDVM network connection status {link state, Address information}
Connect NDVM to wireless network
Change input device sensitivity
Change wallpaper
{ Change VM settings }

ServiceVM

Notice

With nilfvm template removed, there is not currently an example/reference ServiceVM outside of the always present NDVM and UIVM. Testing of this may not be able to occur until a new example/reference ServiceVM can be made available.

Create a Service VM
Configure guest to utilize a ServiceVM

Security Tests

Hypervisor and Tools

Scrub guest RAM prior to launch
EPT mapping isolation
VT-d/AMD-Vi isolation
Separate stubdom instance per guest
Verify adding/removing V4V firewall rules (and ability to bind/use V4V sockets)
Verify VMs will not start if insufficient memory for the instance

Virtual Storage

Virtual disk encryption is truly AES-128/AES-256
Data changes in encrypted differential disk not reflected in unencrypted base disk
Cannot write to read-only virtual disk

Measured Launch

Seal the platform
1. TPM 1.2
2. TPM 2.0 using SHA-256
PCR Usage
1. Firmware
  1. Verify sane PCRs (e.g. different values in [0], [1], [2])
  2. Verify PCRs appropriately change per what they should measure (e.g. PCI devices, BIOS executable code)
2. TXT
  1. PCRs 17, 18, and 19 populated
PCR value change triggers admin unlock/reseal
1. hardware/BIOS change
2. bootloader/kernel change
3. Xen hypervisor change
4. Dom0 initramfs change
5. Dom0 measured rootfs change
Media-based upgrade (cd/usb/pxe) requires admin reseal
OTA-based upgrade should forward seal

Hypervisor Access Control (XSM)

Default operational status is for XSM to be enforced
Dom0, UIVM, NDVM, stubdom, SyncVM instances each have appropriate XSM label
{ Need OpenXT-specific policy tests, success and intentional failure }

Dom0

SELinux in enforcing mode by default
{ Need OpenXT-specific Dom0 policy tests, success and intentional failure }
{For privileged commands, must be run as sysadm_r}
/config partition is encrypted with AES-256-XTS, using keys sealed to TPM
Rootfs (/) mounted read-only by default
Change Dom0 root password
Verify rpc-proxy rules for dbus-over-V4V (and ability to make calls/receive signals)

UIVM

Policy to enable/disable UIVM->Dom0 sshv4v
Policy to enable/disable end-user VM creation
Policy to enable/disable end-user VM deletion
Policy to show/hide Settings tab
Policy to show/hide Services tab
Policy to enable/disable changing VM settings

Devices and Hardware

Relay of keyboard input only to in-focus guest
Relay of mouse input only to in-focus guest
Keyboard and mouse focus not split among different guests

Guest

Verify cannot write to read-only dom-store
Verify cannot read no-access dom-store
Verify can only record optical media if policy allows
Verify can only see allowed and assigned USB devices
VM sleep (S3) and resume
VM hibernate (S4) and resume
Verify can only record audio if policy allows
Verify can only playback audio if policy allows
Verify control-platform-power-state (e.g. VM shutdown shuts system down)
Verify start-on-boot

Copyright 2017 by Apertus Solutions, LLC. Created by Daniel P. Smith. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

Browser not supported