test: make sure pcrlock tests run headless

We want the tests to fail rather than hang if unlock via tpm doesn't
work.

diff --git a/test/units/testsuite-70.pcrlock.sh b/test/units/testsuite-70.pcrlock.sh
index 46060c1dc3eaf6c1d0d4fc700b6e2a7c4689e170..3da992613b2c8163f05c6ab0c3cb276a6f96b814 100755 (executable)
--- a/test/units/testsuite-70.pcrlock.sh
+++ b/test/units/testsuite-70.pcrlock.sh
@@ -86,7 +86,7 @@ chmod 0600 /tmp/pcrlockpwd
 cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom "$img" /tmp/pcrlockpwd
 
 systemd-cryptenroll --unlock-key-file=/tmp/pcrlockpwd --tpm2-device=auto --tpm2-pcrlock=/var/lib/systemd/pcrlock.json --tpm2-public-key= --wipe-slot=tpm2 "$img"
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 # Measure something into PCR 16 (the "debug" PCR), which should make the activation fail
@@ -104,7 +104,7 @@ echo -n test70 | "$SD_PCRLOCK" lock-raw --pcrlock=/var/lib/pcrlock.d/910-test70.
 (! "$SD_PCRLOCK" make-policy --pcr="$PCRS")
 PIN=huhu "$SD_PCRLOCK" make-policy --pcr="$PCRS" --recovery-pin=yes
 
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 # And now let's do it the clean way, and generate the right policy ahead of time.
@@ -115,7 +115,7 @@ echo -n test70-take-two | "$SD_PCRLOCK" lock-raw --pcrlock=/var/lib/pcrlock.d/92
 
 "$SD_PCRLOCK" cel --json=pretty
 
-systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json
+systemd-cryptsetup attach pcrlock "$img" - tpm2-device=auto,tpm2-pcrlock=/var/lib/systemd/pcrlock.json,headless
 systemd-cryptsetup detach pcrlock
 
 "$SD_PCRLOCK" remove-policy