From 955ee79eb7cb0f1fb733f664649920ec275fb381 Mon Sep 17 00:00:00 2001
From: GraceWang <grace.wang@suse.com>
Date: Tue, 26 Nov 2024 14:21:06 +0800
Subject: [PATCH 1/6] Fix chromium failure since Chromium 131

See poo#169810
---
 tests/x11/chromium.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/x11/chromium.pm b/tests/x11/chromium.pm
index f01103052934..575ed795ceeb 100644
--- a/tests/x11/chromium.pm
+++ b/tests/x11/chromium.pm
@@ -27,7 +27,13 @@ sub run {
 
     # avoid async keyring popups
     # allow key input before rendering is done, see poo#109737 for details
-    x11_start_program('chromium --password-store=basic --allow-pre-commit-input', target_match => 'chromium-main-window', match_timeout => 50);
+    x11_start_program('chromium --password-store=basic --allow-pre-commit-input', target_match => [qw(chromium-main-window authentication-required)], match_timeout => 50);
+    if (match_has_tag 'authentication-required') {
+        type_password;
+        assert_and_click "unlock";
+        assert_screen "chromium-main-window";
+    }
+
     wait_screen_change { send_key 'esc' };    # get rid of popup (or abort loading)
 
     type_address('chrome://version');

From cec68374e85bcb41fa7e516d3e4460df3f2b9fc1 Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Thu, 3 Oct 2024 08:56:54 +0200
Subject: [PATCH 2/6] Refactor FIPS tests

* fips_ker_mode_textmode_core
* fips_ker_mode_textmode_extra
* fips_env_mode_textmode_core
* fips_env_mode_textmode_extra
* fips_env_mode_gnome
* fips_ker_mode_gnome
---
 .../security/extratests_fips_kernelmode.yaml  | 47 ------------
 .../separate_boot_textmode.yaml               |  0
 .../fips_check_packages_version.yaml          |  0
 .../fips_env_mode_gnome.yaml}                 | 16 ++++-
 .../fips_env_mode_textmode_core.yaml}         | 20 ++----
 .../fips_env_mode_textmode_extra.yaml}        | 52 ++++++++++----
 .../fips_ker_mode_gnome.yaml}                 | 14 ++--
 .../fips_ker_mode_textmode_core.yaml}         | 41 ++++-------
 .../fips_ker_mode_textmode_extra.yaml}        | 71 ++++++++++++-------
 .../fips_krb5client.yaml}                     |  1 -
 .../fips_krb5kdc.yaml}                        |  1 -
 .../fips_krb5server.yaml}                     |  1 -
 .../fips_strongswan.yaml}                     | 22 +++---
 .../fips_stunnel.yaml}                        | 10 +--
 schedule/security/{ => fips}/fips_xrdp.yaml   |  1 -
 .../ipmi}/fips_crypt_core.yaml                |  0
 .../ipmi}/fips_crypt_kernel.yaml              |  0
 .../ipmi}/fips_crypt_tool.yaml                |  0
 .../ipmi}/fips_crypt_web.yaml                 |  0
 .../fips/ipmi/fips_ker_mode_textmode.yaml     |  7 ++
 .../ipmi}/prepare_baremetal_fips.yaml         |  0
 schedule/security/fips_crypt_libica.yaml      | 19 -----
 schedule/security/fips_crypt_web.yaml         | 24 -------
 schedule/security/fips_strongswan.yaml        | 28 --------
 schedule/security/stunnel_fips.yaml           | 10 ---
 schedule/security/stunnel_fips_maint.yaml     |  9 ---
 tests/security/verify_fips_enabled.pm         | 21 ------
 tests/x11/seahorse_sshkey.pm                  |  2 +-
 28 files changed, 151 insertions(+), 266 deletions(-)
 delete mode 100644 schedule/security/extratests_fips_kernelmode.yaml
 rename schedule/security/{fips_install_autoyast => fips/autoyast_installation}/separate_boot_textmode.yaml (100%)
 rename schedule/security/{ => fips}/fips_check_packages_version.yaml (100%)
 rename schedule/security/{fips_crypt_openjdk.yaml => fips/fips_env_mode_gnome.yaml} (58%)
 rename schedule/security/{fips_crypt_core.yaml => fips/fips_env_mode_textmode_core.yaml} (65%)
 rename schedule/security/{fips_crypt_tool.yaml => fips/fips_env_mode_textmode_extra.yaml} (50%)
 rename schedule/security/{fips_crypt_x11.yaml => fips/fips_ker_mode_gnome.yaml} (78%)
 rename schedule/security/{fips_env_mode_powervm.yaml => fips/fips_ker_mode_textmode_core.yaml} (52%)
 rename schedule/security/{fips_ker_mode_powervm.yaml => fips/fips_ker_mode_textmode_extra.yaml} (50%)
 rename schedule/security/{crypt_krb5client.yaml => fips/fips_krb5client.yaml} (90%)
 rename schedule/security/{crypt_krb5kdc.yaml => fips/fips_krb5kdc.yaml} (86%)
 rename schedule/security/{crypt_krb5server.yaml => fips/fips_krb5server.yaml} (90%)
 rename schedule/security/{fips_strongswan_maint.yaml => fips/fips_strongswan.yaml} (54%)
 rename schedule/security/{fips_crypt_kernel.yaml => fips/fips_stunnel.yaml} (71%)
 rename schedule/security/{ => fips}/fips_xrdp.yaml (91%)
 rename schedule/security/{fips_ipmi => fips/ipmi}/fips_crypt_core.yaml (100%)
 rename schedule/security/{fips_ipmi => fips/ipmi}/fips_crypt_kernel.yaml (100%)
 rename schedule/security/{fips_ipmi => fips/ipmi}/fips_crypt_tool.yaml (100%)
 rename schedule/security/{fips_ipmi => fips/ipmi}/fips_crypt_web.yaml (100%)
 create mode 100644 schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml
 rename schedule/security/{fips_ipmi => fips/ipmi}/prepare_baremetal_fips.yaml (100%)
 delete mode 100644 schedule/security/fips_crypt_libica.yaml
 delete mode 100644 schedule/security/fips_crypt_web.yaml
 delete mode 100644 schedule/security/fips_strongswan.yaml
 delete mode 100644 schedule/security/stunnel_fips.yaml
 delete mode 100644 schedule/security/stunnel_fips_maint.yaml
 delete mode 100644 tests/security/verify_fips_enabled.pm

diff --git a/schedule/security/extratests_fips_kernelmode.yaml b/schedule/security/extratests_fips_kernelmode.yaml
deleted file mode 100644
index d23913cf21da..000000000000
--- a/schedule/security/extratests_fips_kernelmode.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-name: extratests_fips_kernelmode
-description: Qe Security test cases with fips enabled for Vendor Affirmation
-schedule:
-  - installation/bootloader_start
-  - boot/boot_to_desktop
-  - fips/fips_setup
-  - console/prepare_test_data
-  - console/consoletest_setup
-  - console/curl_ipv6
-  - console/wget_ipv6
-  - console/ca_certificates_mozilla
-  - console/unzip
-  - console/rsync
-  - console/shells
-  - console/sudo
-  - console/dstat
-  - console/supportutils
-  - console/mdadm
-  - console/quota
-  - console/vhostmd
-  - console/rpcbind
-  - console/timezone
-  - console/procps
-  - console/iotop
-  - console/systemd_rpm_macros
-  - console/kmod
-  - console/suse_module_tools
-  - console/aaa_base
-  - console/gd
-  - console/vsftpd
-  - console/coredump_collect
-  - console/osinfo_db
-  - console/ovn
-  - console/firewalld
-  - console/libgcrypt
-  - console/zziplib
-  - console/nginx
-  - console/gdb
-  - console/sysctl
-  - '{{arch_specific}}'
-conditional_schedule:
-  arch_specific:
-    ARCH:
-      x86_64:
-        - console/ansible
-...
diff --git a/schedule/security/fips_install_autoyast/separate_boot_textmode.yaml b/schedule/security/fips/autoyast_installation/separate_boot_textmode.yaml
similarity index 100%
rename from schedule/security/fips_install_autoyast/separate_boot_textmode.yaml
rename to schedule/security/fips/autoyast_installation/separate_boot_textmode.yaml
diff --git a/schedule/security/fips_check_packages_version.yaml b/schedule/security/fips/fips_check_packages_version.yaml
similarity index 100%
rename from schedule/security/fips_check_packages_version.yaml
rename to schedule/security/fips/fips_check_packages_version.yaml
diff --git a/schedule/security/fips_crypt_openjdk.yaml b/schedule/security/fips/fips_env_mode_gnome.yaml
similarity index 58%
rename from schedule/security/fips_crypt_openjdk.yaml
rename to schedule/security/fips/fips_env_mode_gnome.yaml
index bb844a92e4bf..88e150dd0c24 100644
--- a/schedule/security/fips_crypt_openjdk.yaml
+++ b/schedule/security/fips/fips_env_mode_gnome.yaml
@@ -1,12 +1,15 @@
-name: fips_crypt_openjdk
+name: fips_ker_mode_textmode
 description:    >
-    This is for the crypt_openjdk fips tests.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
+    - '{{we_tests}}'
+    - x11/x3270_ssl
+    - '{{xca}}'
     - fips/openjdk/prepare_env
     - fips/openjdk/openjdk_fips
 conditional_schedule:
@@ -17,3 +20,12 @@ conditional_schedule:
         FLAVOR:
             Online-QR:
                 - security/test_repo_setup
+    xca:
+        ARCH:
+            x86_64:
+                - fips/xca
+    we_tests:
+        RUN_WE_MODULE_TESTS:
+            1:
+                - x11/seahorse_sshkey
+                - x11/hexchat_ssl
diff --git a/schedule/security/fips_crypt_core.yaml b/schedule/security/fips/fips_env_mode_textmode_core.yaml
similarity index 65%
rename from schedule/security/fips_crypt_core.yaml
rename to schedule/security/fips/fips_env_mode_textmode_core.yaml
index 9cde7d21d45e..ce312ac5e7af 100644
--- a/schedule/security/fips_crypt_core.yaml
+++ b/schedule/security/fips/fips_env_mode_textmode_core.yaml
@@ -1,12 +1,14 @@
-name: fips_crypt_core
+name: fips_env_mode_textmode_core
 description:    >
-    This is for the crypt_core fips tests.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
+    - console/cryptsetup
+    - security/libserf/libserf
     - fips/openssl/openssl_fips_alglist
     - fips/openssl/openssl_fips_hash
     - fips/openssl/openssl_fips_cipher
@@ -20,11 +22,8 @@ schedule:
     - fips/openssl/openssl_tlsv1_3
     - fips/openssl/openssl_pubkey_rsa
     - fips/openssl/openssl_pubkey_dsa
-    # dhparam only in ker mode
-    - '{{dhparam}}'
     - fips/openssh/openssh_fips
-    # ssh disabled in env mode, see poo#125648
-    - '{{ssh}}'
+    - console/libgcrypt
 conditional_schedule:
     repo_setup:
         BETA:
@@ -33,12 +32,3 @@ conditional_schedule:
         FLAVOR:
             Online-QR:
                 - security/test_repo_setup
-    dhparam:
-        TEST:
-            fips_ker_mode_tests_crypt_core:
-                - fips/openssl/openssl_fips_dhparam
-    ssh:
-        TEST_SUITE_NAME:
-            fips_ker_mode_tests_crypt_core:
-                - console/sshd
-                - console/ssh_cleanup
diff --git a/schedule/security/fips_crypt_tool.yaml b/schedule/security/fips/fips_env_mode_textmode_extra.yaml
similarity index 50%
rename from schedule/security/fips_crypt_tool.yaml
rename to schedule/security/fips/fips_env_mode_textmode_extra.yaml
index 3f84c8f63a99..e28ece88cdf5 100644
--- a/schedule/security/fips_crypt_tool.yaml
+++ b/schedule/security/fips/fips_env_mode_textmode_extra.yaml
@@ -1,6 +1,6 @@
-name: fips_crypt_tool
+name: fips_env_mode_textmode_extra
 description:    >
-    This is for the crypt_tool fips tests.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
@@ -17,19 +17,53 @@ schedule:
     - security/ntpd
     - console/ntp_client
     - console/cups
-    - console/cryptsetup
     - console/syslog
     - x11/evolution/evolution_prepare_servers
     - console/mutt
+    - console/curl_https
+    - console/wget_https
+    - console/w3m_https
+    - console/links_https
+    - console/lynx_https
+    - console/curl_ipv6
+    - console/wget_ipv6
     - fips/squid/squid_init
     - fips/squid/squid_web_proxy
     - fips/squid/squid_reverse_proxy
+    - console/apache_ssl
+    - fips/mozilla_nss/apache_nssfips
     - security/ecryptfs/ecryptfs
-    - security/libserf/libserf
     - security/vsftpd/vsftpd_setup
     - security/vsftpd/vsftpd
     - security/vsftpd/lftp
-    - '{{kern_only_tests}}'
+    - console/ca_certificates_mozilla
+    - console/unzip
+    - console/rsync
+    - console/shells
+    - console/sudo
+    - console/dstat
+    - console/supportutils
+    - console/mdadm
+    - console/quota
+    - console/vhostmd
+    - console/rpcbind
+    - console/timezone
+    - console/procps
+    - console/iotop
+    - console/systemd_rpm_macros
+    - console/kmod
+    - console/suse_module_tools
+    - console/aaa_base
+    - console/gd
+    - console/coredump_collect
+    - console/osinfo_db
+    - console/ovn
+    - console/firewalld
+    - console/zziplib
+    - console/nginx
+    - console/gdb
+    - console/sysctl
+    - '{{suseconnect}}'
 conditional_schedule:
     repo_setup:
         BETA:
@@ -38,13 +72,7 @@ conditional_schedule:
         FLAVOR:
             Online-QR:
                 - security/test_repo_setup
-    kern_only_tests:
-        TEST:
-            fips_ker_mode_tests_crypt_tool:
-                - '{{live_patch_available}}'
-    live_patch_available:
+    suseconnect:
         ARCH:
-            s390x:
-                - console/suseconnect.pm
             x86_64:
                 - console/suseconnect.pm
diff --git a/schedule/security/fips_crypt_x11.yaml b/schedule/security/fips/fips_ker_mode_gnome.yaml
similarity index 78%
rename from schedule/security/fips_crypt_x11.yaml
rename to schedule/security/fips/fips_ker_mode_gnome.yaml
index c064c329956c..d8ad26a9367f 100644
--- a/schedule/security/fips_crypt_x11.yaml
+++ b/schedule/security/fips/fips_ker_mode_gnome.yaml
@@ -1,16 +1,18 @@
-name: fips_crypt_x11
+name: fips_ker_mode_textmode
 description:    >
-    This is for the crypt_x11 fips tests.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
-    - '{{tests_for_64bit}}'
+    - '{{we_tests}}'
     - x11/x3270_ssl
     - '{{xca}}'
     - fips/mozilla_nss/firefox_nss
+    - fips/openjdk/prepare_env
+    - fips/openjdk/openjdk_fips
 conditional_schedule:
     repo_setup:
         BETA:
@@ -27,8 +29,8 @@ conditional_schedule:
         ARCH:
             x86_64:
                 - fips/xca
-    we_supported_versions:
-        VERSION:
-            15-SP5:
+    we_tests:
+        WE_REQUIRED:
+            1:
                 - x11/seahorse_sshkey
                 - x11/hexchat_ssl
diff --git a/schedule/security/fips_env_mode_powervm.yaml b/schedule/security/fips/fips_ker_mode_textmode_core.yaml
similarity index 52%
rename from schedule/security/fips_env_mode_powervm.yaml
rename to schedule/security/fips/fips_ker_mode_textmode_core.yaml
index 5276e1f331b6..e8dd5cc1f528 100644
--- a/schedule/security/fips_env_mode_powervm.yaml
+++ b/schedule/security/fips/fips_ker_mode_textmode_core.yaml
@@ -1,48 +1,32 @@
-name: fips_env_mode_powervm
+name: fips_ker_mode_textmode_core
 description:    >
-    This is for the FIPS tests in ENV mode on the pvm_hmc backend.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
-    - console/yast2_vnc
+    - security/dm_crypt
+    - console/cryptsetup
+    - security/libserf/libserf
     - fips/openssl/openssl_fips_alglist
     - fips/openssl/openssl_fips_hash
     - fips/openssl/openssl_fips_cipher
     - fips/openssl/dirmngr_setup
     - fips/openssl/dirmngr_daemon
+    - console/openssl_alpn
+    - fips/mozilla_nss/nss_smoke
     - fips/gnutls/gnutls_base_check
     - fips/gnutls/gnutls_server
     - fips/gnutls/gnutls_client
     - fips/openssl/openssl_tlsv1_3
     - fips/openssl/openssl_pubkey_rsa
     - fips/openssl/openssl_pubkey_dsa
+    - fips/openssl/openssl_fips_dhparam
     - fips/openssh/openssh_fips
-    - fips/curl_fips_rc4_seed
-    - fips/squid/squid_init
-    - fips/squid/squid_web_proxy
-    - fips/squid/squid_reverse_proxy
-    - console/aide_check
-    - console/gpg
-    - console/journald_fss
-    - console/git
-    - console/clamav
-    - console/openvswitch_ssl
-    - console/ntp_client
-    - console/cups
-    - console/syslog
-    - console/curl_https
-    - console/wget_https
-    - console/w3m_https
-    - console/links_https
-    - console/lynx_https
-    - console/apache_ssl
-    - fips/mozilla_nss/apache_nssfips
-    - x11/x3270_ssl
-    - x11/evolution/evolution_prepare_servers
-    - console/mutt
+    - console/libgcrypt
+    - '{{libica}}'
 conditional_schedule:
     repo_setup:
         BETA:
@@ -51,3 +35,8 @@ conditional_schedule:
         FLAVOR:
             Online-QR:
                 - security/test_repo_setup
+    libica:
+        ARCH:
+            s390x:
+                - fips/libica
+                - fips/libica_upstream_testsuite
diff --git a/schedule/security/fips_ker_mode_powervm.yaml b/schedule/security/fips/fips_ker_mode_textmode_extra.yaml
similarity index 50%
rename from schedule/security/fips_ker_mode_powervm.yaml
rename to schedule/security/fips/fips_ker_mode_textmode_extra.yaml
index 18e025c33d12..dc63fa3f9f95 100644
--- a/schedule/security/fips_ker_mode_powervm.yaml
+++ b/schedule/security/fips/fips_ker_mode_textmode_extra.yaml
@@ -1,54 +1,71 @@
-name: fips_env_mode_powervm
+name: fips_ker_mode_textmode_extra
 description:    >
-    This is for the FIPS tests in ENV mode on the pvm_hmc backend.
+    This is for ...
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
-    - console/yast2_vnc
-    - fips/openssl/openssl_fips_alglist
-    - fips/openssl/openssl_fips_hash
-    - fips/openssl/openssl_fips_cipher
-    - fips/openssl/dirmngr_setup
-    - fips/openssl/dirmngr_daemon
-    - fips/gnutls/gnutls_base_check
-    - fips/gnutls/gnutls_server
-    - fips/gnutls/gnutls_client
-    - fips/openssl/openssl_tlsv1_3
-    - fips/openssl/openssl_pubkey_rsa
-    - fips/openssl/openssl_pubkey_dsa
-    - fips/openssh/openssh_fips
     - fips/curl_fips_rc4_seed
-    - fips/squid/squid_init
-    - fips/squid/squid_web_proxy
-    - fips/squid/squid_reverse_proxy
     - console/aide_check
     - console/gpg
     - console/journald_fss
     - console/git
     - console/clamav
     - console/openvswitch_ssl
+    - security/ntpd
     - console/ntp_client
     - console/cups
     - console/syslog
+    - x11/evolution/evolution_prepare_servers
+    - console/mutt
     - console/curl_https
     - console/wget_https
     - console/w3m_https
     - console/links_https
     - console/lynx_https
+    - console/curl_ipv6
+    - console/wget_ipv6
+    - fips/squid/squid_init
+    - fips/squid/squid_web_proxy
+    - fips/squid/squid_reverse_proxy
     - console/apache_ssl
-    - fips/mozilla_nss/nss_smoke
     - fips/mozilla_nss/apache_nssfips
-    - fips/mozilla_nss/firefox_nss
-    - x11/x3270_ssl
-    - x11/evolution/evolution_prepare_servers
-    - console/mutt
-    - console/cryptsetup
-    - security/dm_crypt
+    - security/ecryptfs/ecryptfs
+    - security/vsftpd/vsftpd_setup
+    - security/vsftpd/vsftpd
+    - security/vsftpd/lftp
+    - console/ca_certificates_mozilla
+    - console/unzip
+    - console/rsync
+    - console/shells
+    - console/sudo
+    - console/dstat
+    - console/supportutils
+    - console/mdadm
+    - console/quota
+    - console/vhostmd
+    - console/rpcbind
+    - console/timezone
+    - console/procps
+    - console/iotop
+    - console/systemd_rpm_macros
+    - console/kmod
+    - console/suse_module_tools
+    - console/aaa_base
+    - console/gd
+    - console/coredump_collect
+    - console/osinfo_db
+    - console/ovn
+    - console/firewalld
+    - console/zziplib
+    - console/nginx
+    - console/gdb
+    - console/sysctl
     - console/sshd
     - console/ssh_cleanup
+    - '{{tests_for_x64}}'
 conditional_schedule:
     repo_setup:
         BETA:
@@ -57,3 +74,7 @@ conditional_schedule:
         FLAVOR:
             Online-QR:
                 - security/test_repo_setup
+    tests_for_x64:
+        ARCH:
+            x86_64:
+                - console/ansible
diff --git a/schedule/security/crypt_krb5client.yaml b/schedule/security/fips/fips_krb5client.yaml
similarity index 90%
rename from schedule/security/crypt_krb5client.yaml
rename to schedule/security/fips/fips_krb5client.yaml
index d724f42ce332..03ca3de387dc 100644
--- a/schedule/security/crypt_krb5client.yaml
+++ b/schedule/security/fips/fips_krb5client.yaml
@@ -4,7 +4,6 @@ description:    >
 schedule:
     - boot/boot_to_desktop
     - console/consoletest_setup
-    - security/verify_fips_enabled
     - security/krb5/krb5_crypt_prepare
     - security/krb5/krb5_crypt_setup_client
     - security/krb5/krb5_crypt_ssh_client
diff --git a/schedule/security/crypt_krb5kdc.yaml b/schedule/security/fips/fips_krb5kdc.yaml
similarity index 86%
rename from schedule/security/crypt_krb5kdc.yaml
rename to schedule/security/fips/fips_krb5kdc.yaml
index 434210171426..05bc480cba29 100644
--- a/schedule/security/crypt_krb5kdc.yaml
+++ b/schedule/security/fips/fips_krb5kdc.yaml
@@ -4,6 +4,5 @@ description:    >
 schedule:
     - boot/boot_to_desktop
     - console/consoletest_setup
-    - security/verify_fips_enabled
     - security/krb5/krb5_crypt_prepare
     - security/krb5/krb5_crypt_setup_kdc
diff --git a/schedule/security/crypt_krb5server.yaml b/schedule/security/fips/fips_krb5server.yaml
similarity index 90%
rename from schedule/security/crypt_krb5server.yaml
rename to schedule/security/fips/fips_krb5server.yaml
index 251f2e2ce6a7..5b578c56feaa 100644
--- a/schedule/security/crypt_krb5server.yaml
+++ b/schedule/security/fips/fips_krb5server.yaml
@@ -4,7 +4,6 @@ description:    >
 schedule:
     - boot/boot_to_desktop
     - console/consoletest_setup
-    - security/verify_fips_enabled
     - security/krb5/krb5_crypt_prepare
     - security/krb5/krb5_crypt_setup_server
     - security/krb5/krb5_crypt_ssh_server
diff --git a/schedule/security/fips_strongswan_maint.yaml b/schedule/security/fips/fips_strongswan.yaml
similarity index 54%
rename from schedule/security/fips_strongswan_maint.yaml
rename to schedule/security/fips/fips_strongswan.yaml
index 0da64f0447db..0470d473067b 100644
--- a/schedule/security/fips_strongswan_maint.yaml
+++ b/schedule/security/fips/fips_strongswan.yaml
@@ -2,23 +2,21 @@ name: fips_strongswan
 description:    >
     This is for testing strongswan in fips mode
 schedule:
-    - '{{bootloader_zkvm}}'
+    - installation/bootloader_start
     - boot/boot_to_desktop
-    - '{{setup_multimachine}}'
+    - network/setup_multimachine
     - console/consoletest_setup
+    - '{{repo_setup}}'
     - fips/fips_setup
     - '{{strongswan}}'
 conditional_schedule:
-    bootloader_zkvm:
-        ARCH:
-            s390x:
-                - installation/bootloader_zkvm
-    setup_multimachine:
-        ARCH:
-            aarch64:
-                - network/setup_multimachine
-            x86_64:
-                - network/setup_multimachine
+    repo_setup:
+        BETA:
+            1:
+                - security/test_repo_setup
+        FLAVOR:
+            Online-QR:
+                - security/test_repo_setup
     strongswan:
         HOSTNAME:
             server:
diff --git a/schedule/security/fips_crypt_kernel.yaml b/schedule/security/fips/fips_stunnel.yaml
similarity index 71%
rename from schedule/security/fips_crypt_kernel.yaml
rename to schedule/security/fips/fips_stunnel.yaml
index a36d09222120..0f6de4fdb335 100644
--- a/schedule/security/fips_crypt_kernel.yaml
+++ b/schedule/security/fips/fips_stunnel.yaml
@@ -1,14 +1,14 @@
-name: fips_crypt_kernel
-description:    >
-    This is for the crypt_kernel fips tests.
+name: stunntl fips test
+description: >
+    Update stunnel to 5.59
 schedule:
     - installation/bootloader_start
     - boot/boot_to_desktop
+    - network/setup_multimachine
     - console/consoletest_setup
     - '{{repo_setup}}'
     - fips/fips_setup
-    - console/cryptsetup
-    - security/dm_crypt
+    - fips/stunnel
 conditional_schedule:
     repo_setup:
         BETA:
diff --git a/schedule/security/fips_xrdp.yaml b/schedule/security/fips/fips_xrdp.yaml
similarity index 91%
rename from schedule/security/fips_xrdp.yaml
rename to schedule/security/fips/fips_xrdp.yaml
index bd982cffe52c..307422d1c502 100644
--- a/schedule/security/fips_xrdp.yaml
+++ b/schedule/security/fips/fips_xrdp.yaml
@@ -8,7 +8,6 @@ conditional_schedule:
         REMOTE_DESKTOP_TYPE:
             'xrdp_server':
                 - boot/boot_to_desktop
-                - security/verify_fips_enabled
                 - x11/window_system
                 - security/fips_xrdp_server
             'win_client':
diff --git a/schedule/security/fips_ipmi/fips_crypt_core.yaml b/schedule/security/fips/ipmi/fips_crypt_core.yaml
similarity index 100%
rename from schedule/security/fips_ipmi/fips_crypt_core.yaml
rename to schedule/security/fips/ipmi/fips_crypt_core.yaml
diff --git a/schedule/security/fips_ipmi/fips_crypt_kernel.yaml b/schedule/security/fips/ipmi/fips_crypt_kernel.yaml
similarity index 100%
rename from schedule/security/fips_ipmi/fips_crypt_kernel.yaml
rename to schedule/security/fips/ipmi/fips_crypt_kernel.yaml
diff --git a/schedule/security/fips_ipmi/fips_crypt_tool.yaml b/schedule/security/fips/ipmi/fips_crypt_tool.yaml
similarity index 100%
rename from schedule/security/fips_ipmi/fips_crypt_tool.yaml
rename to schedule/security/fips/ipmi/fips_crypt_tool.yaml
diff --git a/schedule/security/fips_ipmi/fips_crypt_web.yaml b/schedule/security/fips/ipmi/fips_crypt_web.yaml
similarity index 100%
rename from schedule/security/fips_ipmi/fips_crypt_web.yaml
rename to schedule/security/fips/ipmi/fips_crypt_web.yaml
diff --git a/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml b/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml
new file mode 100644
index 000000000000..946c352dfa1c
--- /dev/null
+++ b/schedule/security/fips/ipmi/fips_ker_mode_textmode.yaml
@@ -0,0 +1,7 @@
+name: fips_crypt_kernel
+description:    >
+    This is for the crypt_kernel fips tests.
+schedule:
+    - boot/boot_to_desktop
+    - console/cryptsetup
+    - security/dm_crypt
diff --git a/schedule/security/fips_ipmi/prepare_baremetal_fips.yaml b/schedule/security/fips/ipmi/prepare_baremetal_fips.yaml
similarity index 100%
rename from schedule/security/fips_ipmi/prepare_baremetal_fips.yaml
rename to schedule/security/fips/ipmi/prepare_baremetal_fips.yaml
diff --git a/schedule/security/fips_crypt_libica.yaml b/schedule/security/fips_crypt_libica.yaml
deleted file mode 100644
index ccae95a42919..000000000000
--- a/schedule/security/fips_crypt_libica.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: fips_crypt_libica
-description:    >
-    This is for the crypt_libica fips tests.
-schedule:
-    - installation/bootloader_start
-    - boot/boot_to_desktop
-    - console/consoletest_setup
-    - '{{repo_setup}}'
-    - fips/fips_setup
-    - fips/libica
-    - fips/libica_upstream_testsuite
-conditional_schedule:
-    repo_setup:
-        BETA:
-            1:
-                - security/test_repo_setup
-        FLAVOR:
-            Online-QR:
-                - security/test_repo_setup
diff --git a/schedule/security/fips_crypt_web.yaml b/schedule/security/fips_crypt_web.yaml
deleted file mode 100644
index 65f53f201f27..000000000000
--- a/schedule/security/fips_crypt_web.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-name: fips_crypt_web
-description:    >
-    This is for the crypt_web fips tests.
-schedule:
-    - installation/bootloader_start
-    - boot/boot_to_desktop
-    - console/consoletest_setup
-    - '{{repo_setup}}'
-    - fips/fips_setup
-    - console/curl_https
-    - console/wget_https
-    - console/w3m_https
-    - console/links_https
-    - console/lynx_https
-    - console/apache_ssl
-    - fips/mozilla_nss/apache_nssfips
-conditional_schedule:
-    repo_setup:
-        BETA:
-            1:
-                - security/test_repo_setup
-        FLAVOR:
-            Online-QR:
-                - security/test_repo_setup
diff --git a/schedule/security/fips_strongswan.yaml b/schedule/security/fips_strongswan.yaml
deleted file mode 100644
index ac4c39212ee4..000000000000
--- a/schedule/security/fips_strongswan.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: fips_strongswan
-description:    >
-    This is for testing strongswan in fips mode
-schedule:
-    - '{{bootloader_zkvm}}'
-    - boot/boot_to_desktop
-    - '{{setup_multimachine}}'
-    - console/consoletest_setup
-    - security/test_repo_setup
-    - fips/fips_setup
-    - '{{strongswan}}'
-conditional_schedule:
-    bootloader_zkvm:
-        ARCH:
-            s390x:
-                - installation/bootloader_zkvm
-    setup_multimachine:
-        ARCH:
-            aarch64:
-                - network/setup_multimachine
-            x86_64:
-                - network/setup_multimachine
-    strongswan:
-        HOSTNAME:
-            server:
-                - fips/strongswan/strongswan_server
-            client:
-                - fips/strongswan/strongswan_client
diff --git a/schedule/security/stunnel_fips.yaml b/schedule/security/stunnel_fips.yaml
deleted file mode 100644
index d220e1bb5a50..000000000000
--- a/schedule/security/stunnel_fips.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-name: stunntl fips test
-description: >
-    Update stunnel to 5.59
-schedule:
-    - boot/boot_to_desktop
-    - console/consoletest_setup
-    - network/setup_multimachine
-    - security/test_repo_setup
-    - fips/fips_setup
-    - fips/stunnel
diff --git a/schedule/security/stunnel_fips_maint.yaml b/schedule/security/stunnel_fips_maint.yaml
deleted file mode 100644
index 4551130b131a..000000000000
--- a/schedule/security/stunnel_fips_maint.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: stunntl fips test
-description: >
-    Update stunnel to 5.59
-schedule:
-    - boot/boot_to_desktop
-    - console/consoletest_setup
-    - network/setup_multimachine
-    - fips/fips_setup
-    - fips/stunnel
diff --git a/tests/security/verify_fips_enabled.pm b/tests/security/verify_fips_enabled.pm
deleted file mode 100644
index 5cba35fc9a2b..000000000000
--- a/tests/security/verify_fips_enabled.pm
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2024 SUSE LLC
-# SPDX-License-Identifier: GPL-2.0-or-later
-#
-# Summary: make sure that FIPS is enabled
-# Maintainer: QE Security <none@suse.de>
-
-use base "opensusebasetest";
-use strict;
-use warnings;
-use testapi;
-use serial_terminal 'select_serial_terminal';
-
-sub run {
-    my ($self) = @_;
-
-    select_serial_terminal;
-
-    assert_script_run q(grep '^1$' /proc/sys/crypto/fips_enabled);
-}
-
-1;
diff --git a/tests/x11/seahorse_sshkey.pm b/tests/x11/seahorse_sshkey.pm
index 9d34f4f37a9d..cb1e880d4fe3 100644
--- a/tests/x11/seahorse_sshkey.pm
+++ b/tests/x11/seahorse_sshkey.pm
@@ -43,7 +43,7 @@ sub run {
     assert_screen 'seahorse-new-sshkey';    # Dialog : "Add password; New ssh key"
     send_key 'alt-d';
     type_string "Keyring test";    # Name of new ssh key
-    send_key 'alt-j';    # Just Create ssh key without setup
+    send_key is_sle('<15-SP6') ? 'alt-j' : 'alt-g';    # Just Create ssh key without setup
     if (check_screen("seahorse-sshkey-inhibit", timeout => 8)) {
         assert_and_click "seahorse-sshkey-inhibit";
     }

From 41f5b3f561e98318d7e1a7c1eab5610d16fd3511 Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Tue, 3 Dec 2024 15:59:09 +0100
Subject: [PATCH 3/6] Test AY changes

---
 .../autoyast/create_hdd_gnome_x86_64.xml      | 92 -------------------
 .../autoyast/create_hdd_textmode_x86_64.xml   | 84 -----------------
 2 files changed, 176 deletions(-)

diff --git a/data/security/autoyast/create_hdd_gnome_x86_64.xml b/data/security/autoyast/create_hdd_gnome_x86_64.xml
index 0dfdfe178822..93f4855d522e 100644
--- a/data/security/autoyast/create_hdd_gnome_x86_64.xml
+++ b/data/security/autoyast/create_hdd_gnome_x86_64.xml
@@ -3,18 +3,8 @@
 <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
   <bootloader t="map">
     <global t="map">
-      <cpu_mitigations>auto</cpu_mitigations>
-      <gfxmode>auto</gfxmode>
-      <hiddenmenu>false</hiddenmenu>
-      <os_prober>false</os_prober>
-      <secure_boot>true</secure_boot>
-      <terminal>gfxterm</terminal>
       <timeout t="integer">-1</timeout>
-      <trusted_grub>false</trusted_grub>
-      <update_nvram>true</update_nvram>
-      <xen_kernel_append>vga=gfx-1024x768x16</xen_kernel_append>
     </global>
-    <loader_type>grub2</loader_type>
   </bootloader>
   <firewall t="map">
     <default_zone>public</default_zone>
@@ -143,88 +133,6 @@
     <start_autofs t="boolean">false</start_autofs>
     <start_nis t="boolean">false</start_nis>
   </nis>
-  <partitioning t="list">
-    <drive t="map">
-      <device>/dev/vda</device>
-      <disklabel>gpt</disklabel>
-      <enable_snapshots t="boolean">true</enable_snapshots>
-      <partitions t="list">
-        <partition t="map">
-          <create t="boolean">true</create>
-          <format t="boolean">false</format>
-          <partition_id t="integer">263</partition_id>
-          <partition_nr t="integer">1</partition_nr>
-          <resize t="boolean">false</resize>
-          <size>8388608</size>
-        </partition>
-        <partition t="map">
-          <create t="boolean">true</create>
-          <create_subvolumes t="boolean">true</create_subvolumes>
-          <filesystem t="symbol">btrfs</filesystem>
-          <format t="boolean">true</format>
-          <mount>/</mount>
-          <mountby t="symbol">uuid</mountby>
-          <partition_id t="integer">131</partition_id>
-          <partition_nr t="integer">2</partition_nr>
-          <quotas t="boolean">true</quotas>
-          <resize t="boolean">false</resize>
-          <size>30054285312</size>
-          <subvolumes t="list">
-            <subvolume t="map">
-              <copy_on_write t="boolean">false</copy_on_write>
-              <path>var</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>usr/local</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>tmp</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>srv</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>root</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>opt</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>home</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>boot/grub2/x86_64-efi</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>boot/grub2/i386-pc</path>
-            </subvolume>
-          </subvolumes>
-          <subvolumes_prefix>@</subvolumes_prefix>
-        </partition>
-        <partition t="map">
-          <create t="boolean">true</create>
-          <filesystem t="symbol">swap</filesystem>
-          <format t="boolean">true</format>
-          <mount>swap</mount>
-          <mountby t="symbol">uuid</mountby>
-          <partition_id t="integer">130</partition_id>
-          <partition_nr t="integer">3</partition_nr>
-          <resize t="boolean">false</resize>
-          <size>2148515328</size>
-        </partition>
-      </partitions>
-      <type t="symbol">CT_DISK</type>
-      <use>all</use>
-    </drive>
-  </partitioning>
   <proxy t="map">
     <enabled t="boolean">false</enabled>
   </proxy>
diff --git a/data/security/autoyast/create_hdd_textmode_x86_64.xml b/data/security/autoyast/create_hdd_textmode_x86_64.xml
index 469ba583bc78..08b8bbc64c07 100644
--- a/data/security/autoyast/create_hdd_textmode_x86_64.xml
+++ b/data/security/autoyast/create_hdd_textmode_x86_64.xml
@@ -3,18 +3,8 @@
 <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
   <bootloader t="map">
     <global t="map">
-      <cpu_mitigations>auto</cpu_mitigations>
-      <gfxmode>auto</gfxmode>
-      <hiddenmenu>false</hiddenmenu>
-      <os_prober>false</os_prober>
-      <secure_boot>true</secure_boot>
-      <terminal>gfxterm</terminal>
       <timeout t="integer">-1</timeout>
-      <trusted_grub>false</trusted_grub>
-      <update_nvram>true</update_nvram>
-      <xen_kernel_append>vga=gfx-1024x768x16</xen_kernel_append>
     </global>
-    <loader_type>grub2</loader_type>
   </bootloader>
   <firewall t="map">
     <default_zone>public</default_zone>
@@ -143,80 +133,6 @@
     <start_autofs t="boolean">false</start_autofs>
     <start_nis t="boolean">false</start_nis>
   </nis>
-  <partitioning t="list">
-    <drive t="map">
-      <device>/dev/vda</device>
-      <disklabel>gpt</disklabel>
-      <enable_snapshots t="boolean">true</enable_snapshots>
-      <partitions t="list">
-        <partition t="map">
-          <create t="boolean">true</create>
-          <create_subvolumes t="boolean">true</create_subvolumes>
-          <filesystem t="symbol">btrfs</filesystem>
-          <format t="boolean">true</format>
-          <mount>/</mount>
-          <mountby t="symbol">uuid</mountby>
-          <partition_id t="integer">131</partition_id>
-          <partition_nr t="integer">2</partition_nr>
-          <quotas t="boolean">true</quotas>
-          <resize t="boolean">false</resize>
-          <size>29525803008</size>
-          <subvolumes t="list">
-            <subvolume t="map">
-              <copy_on_write t="boolean">false</copy_on_write>
-              <path>var</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>usr/local</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>tmp</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>srv</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>root</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>opt</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>home</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>boot/grub2/x86_64-efi</path>
-            </subvolume>
-            <subvolume t="map">
-              <copy_on_write t="boolean">true</copy_on_write>
-              <path>boot/grub2/i386-pc</path>
-            </subvolume>
-          </subvolumes>
-          <subvolumes_prefix>@</subvolumes_prefix>
-        </partition>
-        <partition t="map">
-          <create t="boolean">true</create>
-          <filesystem t="symbol">swap</filesystem>
-          <format t="boolean">true</format>
-          <mount>swap</mount>
-          <mountby t="symbol">uuid</mountby>
-          <partition_id t="integer">130</partition_id>
-          <partition_nr t="integer">3</partition_nr>
-          <resize t="boolean">false</resize>
-          <size>2148515328</size>
-        </partition>
-      </partitions>
-      <type t="symbol">CT_DISK</type>
-      <use>all</use>
-    </drive>
-  </partitioning>
   <proxy t="map">
     <enabled t="boolean">false</enabled>
   </proxy>

From 8d8f421ff22df6d82b2fcd073d003f5603eb05d7 Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Wed, 4 Dec 2024 09:49:47 +0100
Subject: [PATCH 4/6] new ay file

---
 data/security/autoyast/gnome.xml              | 177 ++++++++++++++++++
 .../autoyast_create_hdd_gnome_qesec_new.yaml  |  22 +++
 2 files changed, 199 insertions(+)
 create mode 100644 data/security/autoyast/gnome.xml
 create mode 100644 schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml

diff --git a/data/security/autoyast/gnome.xml b/data/security/autoyast/gnome.xml
new file mode 100644
index 000000000000..cecd18f00cb4
--- /dev/null
+++ b/data/security/autoyast/gnome.xml
@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE profile>
+<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
+  <suse_register>
+    <do_registration config:type="boolean">true</do_registration>
+    <email/>
+    <reg_code>{{SCC_REGCODE}}</reg_code>
+    <install_updates config:type="boolean">true</install_updates>
+    <reg_server>{{SCC_URL}}</reg_server>
+    <addons config:type="list">
+      <addon>
+        <name>sle-module-server-applications</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+      <addon>
+        <name>sle-module-desktop-applications</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+      <addon t="map">
+        <arch>{{ARCH}}</arch>
+        <name>sle-module-python3</name>
+        <reg_code/>
+        <release_type>nil</release_type>
+        <version>{{VERSION}}</version>
+      </addon>
+    </addons>
+  </suse_register>
+  <bootloader>
+      <global>
+          <timeout config:type="integer">-1</timeout>
+      </global>
+  </bootloader>
+  <general>
+    <mode>
+      <confirm config:type="boolean">false</confirm>
+    </mode>
+  </general>
+  <report>
+    <errors>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </errors>
+    <messages>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </messages>
+    <warnings>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </warnings>
+    <yesno_messages>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </yesno_messages>
+  </report>
+  <keyboard>
+    <keyboard_values>
+      <delay/>
+      <discaps config:type="boolean">false</discaps>
+      <numlock>bios</numlock>
+      <rate/>
+    </keyboard_values>
+    <keymap>english-us</keymap>
+  </keyboard>
+  <language>
+    <language>en_US</language>
+    <languages/>
+  </language>
+  <ntp-client>
+    <ntp_policy>auto</ntp_policy>
+  </ntp-client>
+  <software>
+    <packages config:type="list">
+      <package>grub2</package>
+      <package>sles-release</package>
+    </packages>
+    <patterns config:type="list">
+      <pattern>apparmor</pattern>
+      <pattern>base</pattern>
+      <pattern>basesystem</pattern>
+      <pattern>documentation</pattern>
+      <pattern>enhanced_base</pattern>
+      <pattern>gnome_basic</pattern>
+      <pattern>gnome_basis</pattern>
+      <pattern>minimal_base</pattern>
+      <pattern>x11</pattern>
+      <pattern>x11_enhanced</pattern>
+    </patterns>
+    <products config:type="list">
+      <product>SLES</product>
+    </products>
+  </software>
+  <networking>
+    <interfaces config:type="list">
+      <interface>
+        <bootproto>dhcp</bootproto>
+        <device>eth0</device>
+        <dhclient_set_default_route>yes</dhclient_set_default_route>
+        <startmode>auto</startmode>
+      </interface>
+    </interfaces>
+  </networking>
+  <firewall t="map">
+    <default_zone>public</default_zone>
+    <enable_firewall t="boolean">true</enable_firewall>
+    <log_denied_packets>off</log_denied_packets>
+    <start_firewall t="boolean">true</start_firewall>
+    <zones t="list">
+      <zone t="map">
+        <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+        <interfaces t="list">
+          <interface>eth0</interface>
+        </interfaces>
+        <masquerade t="boolean">false</masquerade>
+        <name>public</name>
+        <ports t="list"/>
+        <protocols t="list"/>
+        <services t="list">
+          <service>dhcpv6-client</service>
+          <service>ssh</service>
+          <service>tigervnc</service>
+          <service>tigervnc-https</service>
+        </services>
+        <short>Public</short>
+        <target>default</target>
+      </zone>
+    </zones>
+  </firewall>
+  <timezone>
+    <hwclock>UTC</hwclock>
+    <timezone>Europe/Berlin</timezone>
+  </timezone>
+  <users config:type="list">
+    <user>
+      <encrypted config:type="boolean">false</encrypted>
+      <fullname>Bernhard M. Wiedemann</fullname>
+      <gid>100</gid>
+      <home>/home/bernhard</home>
+      <password_settings>
+        <expire/>
+        <flag/>
+        <inact>-1</inact>
+        <max>99999</max>
+        <min>0</min>
+        <warn>7</warn>
+      </password_settings>
+      <shell>/bin/bash</shell>
+      <uid>1000</uid>
+      <user_password>{{PASSWORD}}</user_password>
+      <username>bernhard</username>
+    </user>
+    <user>
+      <encrypted config:type="boolean">false</encrypted>
+      <fullname>root</fullname>
+      <gid>0</gid>
+      <home>/root</home>
+      <password_settings>
+        <expire/>
+        <flag/>
+        <inact/>
+        <max/>
+        <min/>
+        <warn/>
+      </password_settings>
+      <shell>/bin/bash</shell>
+      <uid>0</uid>
+      <user_password>{{PASSWORD}}</user_password>
+      <username>root</username>
+    </user>
+  </users>
+</profile>
diff --git a/schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml b/schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml
new file mode 100644
index 000000000000..456b371b46b5
--- /dev/null
+++ b/schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml
@@ -0,0 +1,22 @@
+---
+name: autoyast_gnome
+description: >
+  AutoYaST installation with gnome using default partitioning. Installation is
+  validated by execution set of smoke userspace tests.
+schedule:
+  - autoyast/prepare_profile
+  - installation/bootloader_start
+  - autoyast/installation
+  - installation/first_boot
+  - console/system_prepare
+  - console/hostname
+  - console/force_scheduled_tasks
+  - shutdown/grub_set_bootargs
+  - shutdown/cleanup_before_shutdown
+  - shutdown/shutdown
+  - '{{svirt_upload}}'
+conditional_schedule:
+  svirt_upload:
+    ARCH:
+      s390x:
+        - shutdown/svirt_upload_assets

From 74fbf593a14cd063e70b9407b24e9676de3d4ead Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Wed, 4 Dec 2024 14:46:51 +0100
Subject: [PATCH 5/6] add stuff

---
 data/security/autoyast/gnome.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/data/security/autoyast/gnome.xml b/data/security/autoyast/gnome.xml
index cecd18f00cb4..c603602fb568 100644
--- a/data/security/autoyast/gnome.xml
+++ b/data/security/autoyast/gnome.xml
@@ -76,6 +76,7 @@
     <ntp_policy>auto</ntp_policy>
   </ntp-client>
   <software>
+    <install_recommended t="boolean">true</install_recommended>
     <packages config:type="list">
       <package>grub2</package>
       <package>sles-release</package>
@@ -136,6 +137,14 @@
     <hwclock>UTC</hwclock>
     <timezone>Europe/Berlin</timezone>
   </timezone>
+  <services-manager t="map">
+    <default_target>graphical</default_target>
+    <services t="map">
+      <enable t="list">
+        <service>sshd</service>
+      </enable>
+    </services>
+  </services-manager>
   <users config:type="list">
     <user>
       <encrypted config:type="boolean">false</encrypted>

From 21fbc2b7d07b658c73e79a2938881e1789d0b913 Mon Sep 17 00:00:00 2001
From: Paolo Stivanin <info@paolostivanin.com>
Date: Wed, 4 Dec 2024 15:48:06 +0100
Subject: [PATCH 6/6] add new file

---
 data/security/autoyast/gnome.xml              |   9 +-
 data/security/autoyast/textmode.xml           | 187 ++++++++++++++++++
 ...ome_qesec_new.yaml => autoyast_qesec.yaml} |   5 +-
 3 files changed, 195 insertions(+), 6 deletions(-)
 create mode 100644 data/security/autoyast/textmode.xml
 rename schedule/security/create_hdd_autoyast/{autoyast_create_hdd_gnome_qesec_new.yaml => autoyast_qesec.yaml} (73%)

diff --git a/data/security/autoyast/gnome.xml b/data/security/autoyast/gnome.xml
index c603602fb568..aa4b745b1627 100644
--- a/data/security/autoyast/gnome.xml
+++ b/data/security/autoyast/gnome.xml
@@ -18,12 +18,15 @@
         <version>{{VERSION}}</version>
         <arch>{{ARCH}}</arch>
       </addon>
-      <addon t="map">
+      <addon>
+        <name>sle-module-development-tools</name>
+        <version>{{VERSION}}</version>
         <arch>{{ARCH}}</arch>
+      </addon>
+      <addon t="map">
         <name>sle-module-python3</name>
-        <reg_code/>
-        <release_type>nil</release_type>
         <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
       </addon>
     </addons>
   </suse_register>
diff --git a/data/security/autoyast/textmode.xml b/data/security/autoyast/textmode.xml
new file mode 100644
index 000000000000..cc902c905043
--- /dev/null
+++ b/data/security/autoyast/textmode.xml
@@ -0,0 +1,187 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE profile>
+<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
+  <suse_register>
+    <do_registration config:type="boolean">true</do_registration>
+    <email/>
+    <reg_code>{{SCC_REGCODE}}</reg_code>
+    <install_updates config:type="boolean">true</install_updates>
+    <reg_server>{{SCC_URL}}</reg_server>
+    <addons config:type="list">
+      <addon>
+        <name>sle-module-server-applications</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+      <addon>
+        <name>sle-module-desktop-applications</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+      <addon>
+        <name>sle-module-development-tools</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+      <addon t="map">
+        <name>sle-module-python3</name>
+        <version>{{VERSION}}</version>
+        <arch>{{ARCH}}</arch>
+      </addon>
+    </addons>
+  </suse_register>
+  <bootloader>
+      <global>
+          <timeout config:type="integer">-1</timeout>
+      </global>
+  </bootloader>
+  <general>
+    <mode>
+      <confirm config:type="boolean">false</confirm>
+    </mode>
+  </general>
+  <report>
+    <errors>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </errors>
+    <messages>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </messages>
+    <warnings>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </warnings>
+    <yesno_messages>
+      <log config:type="boolean">true</log>
+      <show config:type="boolean">true</show>
+      <timeout config:type="integer">0</timeout>
+    </yesno_messages>
+  </report>
+  <keyboard>
+    <keyboard_values>
+      <delay/>
+      <discaps config:type="boolean">false</discaps>
+      <numlock>bios</numlock>
+      <rate/>
+    </keyboard_values>
+    <keymap>english-us</keymap>
+  </keyboard>
+  <language>
+    <language>en_US</language>
+    <languages/>
+  </language>
+  <ntp-client>
+    <ntp_policy>auto</ntp_policy>
+  </ntp-client>
+  <software>
+    <install_recommended t="boolean">true</install_recommended>
+    <packages config:type="list">
+      <package>grub2</package>
+      <package>sles-release</package>
+    </packages>
+    <patterns t="list">
+      <pattern>apparmor</pattern>
+      <pattern>base</pattern>
+      <pattern>basic_desktop</pattern>
+      <pattern>enhanced_base</pattern>
+      <pattern>minimal_base</pattern>
+      <pattern>x11</pattern>
+      <pattern>x11_yast</pattern>
+      <pattern>yast2_basis</pattern>
+    </patterns>
+    <products config:type="list">
+      <product>SLES</product>
+    </products>
+  </software>
+  <networking>
+    <interfaces config:type="list">
+      <interface>
+        <bootproto>dhcp</bootproto>
+        <device>eth0</device>
+        <dhclient_set_default_route>yes</dhclient_set_default_route>
+        <startmode>auto</startmode>
+      </interface>
+    </interfaces>
+  </networking>
+  <firewall t="map">
+    <default_zone>public</default_zone>
+    <enable_firewall t="boolean">true</enable_firewall>
+    <log_denied_packets>off</log_denied_packets>
+    <start_firewall t="boolean">true</start_firewall>
+    <zones t="list">
+      <zone t="map">
+        <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+        <interfaces t="list">
+          <interface>eth0</interface>
+        </interfaces>
+        <masquerade t="boolean">false</masquerade>
+        <name>public</name>
+        <ports t="list"/>
+        <protocols t="list"/>
+        <services t="list">
+          <service>dhcpv6-client</service>
+          <service>ssh</service>
+          <service>tigervnc</service>
+          <service>tigervnc-https</service>
+        </services>
+        <short>Public</short>
+        <target>default</target>
+      </zone>
+    </zones>
+  </firewall>
+  <timezone>
+    <hwclock>UTC</hwclock>
+    <timezone>Europe/Berlin</timezone>
+  </timezone>
+  <services-manager t="map">
+    <default_target>multi-user</default_target>
+    <services t="map">
+      <enable t="list">
+        <service>sshd</service>
+      </enable>
+    </services>
+  </services-manager>
+  <users config:type="list">
+    <user>
+      <encrypted config:type="boolean">false</encrypted>
+      <fullname>Bernhard M. Wiedemann</fullname>
+      <gid>100</gid>
+      <home>/home/bernhard</home>
+      <password_settings>
+        <expire/>
+        <flag/>
+        <inact>-1</inact>
+        <max>99999</max>
+        <min>0</min>
+        <warn>7</warn>
+      </password_settings>
+      <shell>/bin/bash</shell>
+      <uid>1000</uid>
+      <user_password>{{PASSWORD}}</user_password>
+      <username>bernhard</username>
+    </user>
+    <user>
+      <encrypted config:type="boolean">false</encrypted>
+      <fullname>root</fullname>
+      <gid>0</gid>
+      <home>/root</home>
+      <password_settings>
+        <expire/>
+        <flag/>
+        <inact/>
+        <max/>
+        <min/>
+        <warn/>
+      </password_settings>
+      <shell>/bin/bash</shell>
+      <uid>0</uid>
+      <user_password>{{PASSWORD}}</user_password>
+      <username>root</username>
+    </user>
+  </users>
+</profile>
diff --git a/schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml b/schedule/security/create_hdd_autoyast/autoyast_qesec.yaml
similarity index 73%
rename from schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml
rename to schedule/security/create_hdd_autoyast/autoyast_qesec.yaml
index 456b371b46b5..c878688e2b15 100644
--- a/schedule/security/create_hdd_autoyast/autoyast_create_hdd_gnome_qesec_new.yaml
+++ b/schedule/security/create_hdd_autoyast/autoyast_qesec.yaml
@@ -1,8 +1,7 @@
 ---
-name: autoyast_gnome
+name: autoyast_qesec
 description: >
-  AutoYaST installation with gnome using default partitioning. Installation is
-  validated by execution set of smoke userspace tests.
+  Autoyast installation of a gnome/textmode SLES system. 
 schedule:
   - autoyast/prepare_profile
   - installation/bootloader_start