From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function
Date: Fri, 13 Nov 2020 16:24:36 +0100 [thread overview]
Message-ID: <20201113152436.GA16827@yuki.lan> (raw)
In-Reply-To: <2c091ecd-af38-2569-5fd4-a1f3e3458a01@suse.cz>
Hi!
> > I've looked into the library and what it actually does in this case is
> > that it opens a sysfs file and reads a few bytes from there. I guess
> > that we can even avoid linking the library in this case, since we just
> > want to know a value of the single bit in the SecureBoot file.
> >
> > The full path is:
> >
> > /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
>
> Yes, we could read the sysfile directly. But do we want to deal with
> potential compatibility issues and test breakage if the UEFI vars API
> changes in the future? The binary format of those sysfiles is controlled
> by the UEFI Forum, not by kernel devs. The efivars library is available
> on basically all modern distros and we most likely won't do any
> SecureBoot tests on distros that don't have it.
I do not see how the code that uses the library is actually better. If
the format changes you will need a newer UEFI library that will
presumbly handle the difference. Which is even worse than hardcoding the
stuff in LTP because the UEFI library has to be updated by a distribution.
In that case patching the code in LTP will be faster and work everywhere
and not only on distributions that are fast enough to update packages.
--
Cyril Hrubis
chrubis@suse.cz
prev parent reply other threads:[~2020-11-13 15:24 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 16:46 [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function Martin Doucha
2020-11-09 16:46 ` [LTP] [PATCH v3 2/2] syscalls/iopl, ioperm: Check for SecureBoot lockdown Martin Doucha
2020-11-10 5:54 ` Li Wang
2020-11-10 8:52 ` Cyril Hrubis
2020-11-10 9:16 ` Li Wang
2020-11-10 10:23 ` Petr Vorel
2020-11-10 11:51 ` Petr Vorel
2020-11-10 11:55 ` Cyril Hrubis
2020-11-10 11:49 ` [LTP] [PATCH v3 1/2] Add tst_secureboot_enabled() helper function Petr Vorel
2020-11-10 11:52 ` Martin Doucha
2020-11-10 12:04 ` Petr Vorel
2020-11-12 14:21 ` Cyril Hrubis
2020-11-12 14:57 ` Martin Doucha
2020-11-12 17:43 ` Petr Vorel
2020-11-13 6:02 ` Li Wang
2020-11-13 15:24 ` Cyril Hrubis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201113152436.GA16827@yuki.lan \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.