tests: correctly test appending secret to initrd

The way the test was implemented previously did not make it fail if no
secret was appended to the initrd. Now it is implemented similary to the
initrd-secrets test in Nixpkgs and works correctly.

nix/tests/lanzaboote.nix

@@ -124,26 +124,31 @@ in
     '';
   };
 
-  # Test that a secret is appended to the initrd during installation.
+  # Test that a secret is appended to the initrd during installation. Smilar to
-  # 
+  # the initrd-secrets test in Nixpkgs:
-  # During the execution of `preDeviceCommands`, no filesystem should be
+  # https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/initrd-secrets.nix
-  # mounted. The only place to find `/etc/iamasecret` then, is in the initrd.
+  initrd-secrets =
-  initrd-secrets = mkSecureBootTest {
+    let
-    name = "lanzaboote-initrd-secrets";
+      secret = (pkgs.writeText "oh-so-secure" "uhh-ooh-uhh-security");
-    machine = { ... }: {
+    in
-      boot.initrd.secrets = {
+    mkSecureBootTest {
-        "/etc/iamasecret" = (pkgs.writeText "iamsecret" "this is a very secure secret");
+      name = "lanzaboote-initrd-secrets";
+      machine = { ... }: {
+        boot.initrd.secrets = {
+          "/test" = secret;
+        };
+        boot.initrd.postMountCommands = ''
+          cp /test /mnt-root/secret-from-initramfs
+        '';
       };
+      testScript = ''
+        machine.start()
+        machine.wait_for_unit("multi-user.target")
 
-      boot.initrd.preDeviceCommands = ''
+        machine.succeed("cmp ${secret} /secret-from-initramfs")
-        grep "this is a very secure secret" /etc/iamasecret
+        assert "Secure Boot: enabled (user)" in machine.succeed("bootctl status")
       '';
     };
-    testScript = ''
-      machine.start()
-      assert "Secure Boot: enabled (user)" in machine.succeed("bootctl status")
-    '';
-  };
 
   # Test that the secrets configured to be appended to the initrd get updated
   # when installing a new generation even if the initrd itself (i.e. its store