[Windows] Skip VBS test for guest OS with lower hardware version (#562)

Signed-off-by: Yanan Shen <[email protected]>
vmware · Mar 28, 2024 · c77cfea · c77cfea
1 parent 4b1223a
commit c77cfea
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 13 deletions.
diff --git a/common/esxi_get_model.yml b/common/esxi_get_model.yml
@@ -21,10 +21,10 @@
   ansible.builtin.set_fact:
     esxi_model_info: "{{ esxi_host_property_results.ansible_facts.summary.hardware.vendor }} {{ esxi_host_property_results.ansible_facts.summary.hardware.model }}"
     esxi_cpu_model_info: "{{ esxi_host_property_results.ansible_facts.summary.hardware.cpuModel }}"
-    esxi_cpu_vendor: "{{ esxi_host_property_results.ansible_facts.hardware.cpuPkg[0].vendor | default('Unknown') }}"
+    esxi_cpu_vendor: "{{ esxi_host_property_results.ansible_facts.hardware.cpuPkg[0].vendor | default('Unknown') | lower }}"
 
 - name: "Get ESXi server CPU code name"
-  when: esxi_cpu_vendor | lower == 'intel'
+  when: esxi_cpu_vendor == 'intel'
   block:
     - name: "Get ESXi server CPU code name"
       ansible.builtin.script: "../tools/query_cpu.py -n '{{ cpu_name }}'"

diff --git a/windows/vbs_enable_disable/vbs_enable_disable.yml b/windows/vbs_enable_disable/vbs_enable_disable.yml
@@ -29,13 +29,17 @@
             skip_reason: "Not Applicable"
           when: vm_firmware | lower != 'efi'
 
-        - name: "Set ESXi CPU model"
-          ansible.builtin.set_fact:
-            esxi_cpu_model: |-
-              {%- if 'AMD' in esxi_cpu_model_info -%}AMD
-              {%- elif 'Intel' in esxi_cpu_model_info -%}Intel
-              {%- else -%}Others
-              {%- endif -%}
+        - name: "Skip test case"
+          include_tasks: ../../common/skip_test_case.yml
+          vars:
+            skip_msg: >-
+              Skip test case due to using Intel CPUs for VBS requires hardware version 14 or higher and using AMD CPUs for VBS requires 
+              hardware version 19 or higher. Current CPU is {{ esxi_cpu_vendor }} and hardware version is {{ vm_hardware_version_num }}.
+              Please refer to https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-CE292D3F-D4AC-4607-B262-DE19CE6E9F6B.html
+            skip_reason: "Not Supported"
+          when: >-
+            (vm_hardware_version_num | int < 14 and esxi_cpu_vendor == "intel") or
+            (vm_hardware_version_num | int < 19 and esxi_cpu_vendor == "amd")
 
         - name: "Skip test case"
           include_tasks: ../../common/skip_test_case.yml
@@ -45,7 +49,7 @@
               build is {{ guest_os_build_num }}. Please refer to https://kb.vmware.com/s/article/2009916.
             skip_reason: "Not Applicable"
           when:
-            - esxi_cpu_model == "AMD"
+            - esxi_cpu_vendor == "amd"
             - guest_os_build_num | int < 17763
 
         - name: "VBS enable test"

diff --git a/windows/vbs_enable_disable/vbs_enable_test.yml b/windows/vbs_enable_disable/vbs_enable_test.yml
@@ -61,10 +61,10 @@
 - name: "Set expected security properties"
   ansible.builtin.set_fact:
     expected_security_properties: >-
-      {%- if esxi_cpu_model == "Intel" and guest_os_build_num | int == 10240 -%}
+      {%- if esxi_cpu_vendor == "intel" and guest_os_build_num | int == 10240 -%}
         {{ range(1, 4) | list }}
-      {%- elif (esxi_cpu_model == "AMD" and guest_os_build_num | int == 17763) or 
-        (esxi_cpu_model == "Intel" and guest_os_build_num | int == 14393) -%}
+      {%- elif (esxi_cpu_vendor == "amd" and guest_os_build_num | int == 17763) or 
+        (esxi_cpu_vendor == "intel" and guest_os_build_num | int == 14393) -%}
         {{ range(1, 7) | list }}
       {%- else -%}
         {{ range(1, 8) | list }}