From: Nageswara R Sastry <rnsastry@linux.ibm.com>
To: zohar@linux.ibm.com, linux-kselftest@vger.kernel.org,
linux-integrity@vger.kernel.org, mpe@ellerman.id.au,
shuah@kernel.org
Cc: nayna@linux.ibm.com, dja@axtens.net, gcwilson@linux.ibm.com,
Nageswara R Sastry <rnsastry@linux.ibm.com>
Subject: [PATCH 2/3] selftests/kexec: Enable secureboot tests for PowerPC
Date: Wed, 24 Nov 2021 12:38:01 +0530 [thread overview]
Message-ID: <20211124070802.1765-2-rnsastry@linux.ibm.com> (raw)
In-Reply-To: <20211124070802.1765-1-rnsastry@linux.ibm.com>
Existing test cases determine secureboot state using efi variable, which is
available only on x86 architecture.
Add support for determining secureboot state using device tree property on
PowerPC architecture.
Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
---
tools/testing/selftests/kexec/Makefile | 2 +-
.../selftests/kexec/kexec_common_lib.sh | 38 ++++++++++++++++---
.../selftests/kexec/test_kexec_file_load.sh | 8 +++-
3 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/tools/testing/selftests/kexec/Makefile b/tools/testing/selftests/kexec/Makefile
index aa91d2063249..806a150648c3 100644
--- a/tools/testing/selftests/kexec/Makefile
+++ b/tools/testing/selftests/kexec/Makefile
@@ -4,7 +4,7 @@
uname_M := $(shell uname -m 2>/dev/null || echo not)
ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
-ifeq ($(ARCH),x86)
+ifeq ($(ARCH),$(filter $(ARCH),x86 ppc64le))
TEST_PROGS := test_kexec_load.sh test_kexec_file_load.sh
TEST_FILES := kexec_common_lib.sh
diff --git a/tools/testing/selftests/kexec/kexec_common_lib.sh b/tools/testing/selftests/kexec/kexec_common_lib.sh
index 43017cfe88f7..e907c3030eb3 100755
--- a/tools/testing/selftests/kexec/kexec_common_lib.sh
+++ b/tools/testing/selftests/kexec/kexec_common_lib.sh
@@ -91,6 +91,27 @@ get_efi_var_secureboot_mode()
return 0;
}
+# On powerpc platform, check device-tree property
+# /proc/device-tree/ibm,secureboot/os-secureboot-enforcing
+# to detect secureboot state.
+get_ppc64_secureboot_mode()
+{
+ local secure_boot_file="/proc/device-tree/ibm,secureboot/os-secureboot-enforcing"
+ # Check for secure boot file existence
+ if [ -f $secure_boot_file ]; then
+ log_info "Secureboot is enabled (Device tree)"
+ return 1;
+ fi
+ log_info "Secureboot is not enabled (Device tree)"
+ return 0;
+}
+
+# Return the architecture of the system
+get_arch()
+{
+ echo $(arch)
+}
+
# Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).
# The secure boot mode can be accessed either as the last integer
# of "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*" or from
@@ -100,14 +121,19 @@ get_efi_var_secureboot_mode()
get_secureboot_mode()
{
local secureboot_mode=0
+ local system_arch=$(get_arch)
- get_efivarfs_secureboot_mode
- secureboot_mode=$?
-
- # fallback to using the efi_var files
- if [ $secureboot_mode -eq 0 ]; then
- get_efi_var_secureboot_mode
+ if [ "$system_arch" == "ppc64le" ]; then
+ get_ppc64_secureboot_mode
secureboot_mode=$?
+ else
+ get_efivarfs_secureboot_mode
+ secureboot_mode=$?
+ # fallback to using the efi_var files
+ if [ $secureboot_mode -eq 0 ]; then
+ get_efi_var_secureboot_mode
+ secureboot_mode=$?
+ fi
fi
if [ $secureboot_mode -eq 0 ]; then
diff --git a/tools/testing/selftests/kexec/test_kexec_file_load.sh b/tools/testing/selftests/kexec/test_kexec_file_load.sh
index 99f6fc23ee31..c9ccb3c93d72 100755
--- a/tools/testing/selftests/kexec/test_kexec_file_load.sh
+++ b/tools/testing/selftests/kexec/test_kexec_file_load.sh
@@ -226,8 +226,12 @@ get_secureboot_mode
secureboot=$?
# Are there pe and ima signatures
-check_for_pesig
-pe_signed=$?
+if [ "$(get_arch)" == 'ppc64le' ]; then
+ pe_signed=0
+else
+ check_for_pesig
+ pe_signed=$?
+fi
check_for_imasig
ima_signed=$?
--
2.23.0
next prev parent reply other threads:[~2021-11-24 7:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-24 7:08 [PATCH 1/3] selftest/kexec: fix "ignored null byte in input" warning Nageswara R Sastry
2021-11-24 7:08 ` Nageswara R Sastry [this message]
2021-12-13 23:23 ` [PATCH 2/3] selftests/kexec: Enable secureboot tests for PowerPC Mimi Zohar
2022-01-05 16:09 ` Nayna
2021-11-24 7:08 ` [PATCH 3/3] Add tests to verify kexec of blacklist and non blacklist kernel Nageswara R Sastry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211124070802.1765-2-rnsastry@linux.ibm.com \
--to=rnsastry@linux.ibm.com \
--cc=dja@axtens.net \
--cc=gcwilson@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=shuah@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.