From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function
Date: Thu, 12 Nov 2020 15:21:46 +0100 [thread overview]
Message-ID: <20201112142146.GA19824@yuki.lan> (raw)
In-Reply-To: <20201109164605.25965-1-mdoucha@suse.cz>
Hi!
I've looked into the library and what it actually does in this case is
that it opens a sysfs file and reads a few bytes from there. I guess
that we can even avoid linking the library in this case, since we just
want to know a value of the single bit in the SecureBoot file.
The full path is:
/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
The SecureBoot is the name of the variable and the hex numbers
represends the global GUID.
Now on my system with secure boot disabled the content of the file looks
like:
cat /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c |xxd
00000000: 0600 0000 00 .....
The first four bytes are attributes, we can ingore them and the last
byte is the data byte, which tells us if secure boot is enabled or not.
So it may be as well easier to:
* Check if that file exists
* Read five bytes and return the last one
--
Cyril Hrubis
chrubis@suse.cz
next prev parent reply other threads:[~2020-11-12 14:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 16:46 [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function Martin Doucha
2020-11-09 16:46 ` [LTP] [PATCH v3 2/2] syscalls/iopl, ioperm: Check for SecureBoot lockdown Martin Doucha
2020-11-10 5:54 ` Li Wang
2020-11-10 8:52 ` Cyril Hrubis
2020-11-10 9:16 ` Li Wang
2020-11-10 10:23 ` Petr Vorel
2020-11-10 11:51 ` Petr Vorel
2020-11-10 11:55 ` Cyril Hrubis
2020-11-10 11:49 ` [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function Petr Vorel
2020-11-10 11:52 ` Martin Doucha
2020-11-10 12:04 ` Petr Vorel
2020-11-12 14:21 ` Cyril Hrubis [this message]
2020-11-12 14:57 ` Martin Doucha
2020-11-12 17:43 ` Petr Vorel
2020-11-13 6:02 ` Li Wang
2020-11-13 15:24 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201112142146.GA19824@yuki.lan \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.