Commit 65e38e32 authored by Nageswara R Sastry's avatar Nageswara R Sastry Committed by Mimi Zohar
Browse files

selftests/kexec: Enable secureboot tests for PowerPC 



Existing test cases determine secureboot state using efi variable, which
is available only on x86 architecture.  Add support for determining
secureboot state using device tree property on PowerNV architecture.

Signed-off-by: default avatarNageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: default avatarNayna Jain <nayna@linux.ibm.com>
Tested-by: default avatarNayna Jain <nayna@linux.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 520451e9

tools/testing/selftests/kexec/Makefile

+1 −1
Original line number Original line Diff line number Diff line
@@ -4,7 +4,7 @@ 
uname_M := $(shell uname -m 2>/dev/null || echo not)

uname_M := $(shell uname -m 2>/dev/null || echo not)

ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)

ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)





ifeq ($(ARCH),x86)

ifeq ($(ARCH),$(filter $(ARCH),x86 ppc64le))

TEST_PROGS := test_kexec_load.sh test_kexec_file_load.sh

TEST_PROGS := test_kexec_load.sh test_kexec_file_load.sh

TEST_FILES := kexec_common_lib.sh

TEST_FILES := kexec_common_lib.sh

tools/testing/selftests/kexec/kexec_common_lib.sh

+32 −6
Original line number Original line Diff line number Diff line
@@ -91,6 +91,27 @@ get_efi_var_secureboot_mode() 
	return 0;

	return 0;

}

}





# On powerpc platform, check device-tree property

# /proc/device-tree/ibm,secureboot/os-secureboot-enforcing

# to detect secureboot state.

get_ppc64_secureboot_mode()

{

	local secure_boot_file="/proc/device-tree/ibm,secureboot/os-secureboot-enforcing"

	# Check for secure boot file existence

	if [ -f $secure_boot_file ]; then

		log_info "Secureboot is enabled (Device tree)"

		return 1;

	fi

	log_info "Secureboot is not enabled (Device tree)"

	return 0;

}



# Return the architecture of the system

get_arch()

{

	echo $(arch)

}



# Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).

# Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).

# The secure boot mode can be accessed either as the last integer

# The secure boot mode can be accessed either as the last integer

# of "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*" or from

# of "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*" or from
@@ -100,15 +121,20 @@ get_efi_var_secureboot_mode() 
get_secureboot_mode()

get_secureboot_mode()

{

{

	local secureboot_mode=0

	local secureboot_mode=0

	local system_arch=$(get_arch)





	if [ "$system_arch" == "ppc64le" ]; then

		get_ppc64_secureboot_mode

		secureboot_mode=$?

	else

		get_efivarfs_secureboot_mode

		get_efivarfs_secureboot_mode

		secureboot_mode=$?

		secureboot_mode=$?



		# fallback to using the efi_var files

		# fallback to using the efi_var files

		if [ $secureboot_mode -eq 0 ]; then

		if [ $secureboot_mode -eq 0 ]; then

			get_efi_var_secureboot_mode

			get_efi_var_secureboot_mode

			secureboot_mode=$?

			secureboot_mode=$?

		fi

		fi

	fi





	if [ $secureboot_mode -eq 0 ]; then

	if [ $secureboot_mode -eq 0 ]; then

		log_info "secure boot mode not enabled"

		log_info "secure boot mode not enabled"

tools/testing/selftests/kexec/test_kexec_file_load.sh

+6 −2
Original line number Original line Diff line number Diff line
@@ -226,8 +226,12 @@ get_secureboot_mode 
secureboot=$?

secureboot=$?





# Are there pe and ima signatures

# Are there pe and ima signatures

if [ "$(get_arch)" == 'ppc64le' ]; then

	pe_signed=0

else

	check_for_pesig

	check_for_pesig

	pe_signed=$?

	pe_signed=$?

fi





check_for_imasig

check_for_imasig

ima_signed=$?

ima_signed=$?