From: Petr Vorel <pvorel@suse.cz>
To: Martin Doucha <mdoucha@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH 1/4] tst_lockdown: Check other lockdown configuration
Date: Fri, 21 Jul 2023 10:55:11 +0200 [thread overview]
Message-ID: <20230721085511.GB1348273@pevik> (raw)
In-Reply-To: <86c5849a-50a2-f3b2-fad5-86ecdf73310e@suse.cz>
Hi Martin,
...
> > + char flag;
> > if (access(PATH_LOCKDOWN, F_OK) != 0) {
> > - char flag;
> > -
> > + /* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
> > flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN");
> > -
> > - /* SecureBoot enabled could mean integrity lockdown */
> > if (flag == 'y' && tst_secureboot_enabled() > 0)
> > return 1;
> > tst_res(TINFO, "Unable to determine system lockdown state");
> > return 0;
> > + } else {
> There should be no "else" branch here. The code above should look like this:
> int flag;
> flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
> flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
> if (flag && tst_secureboot_enabled() > 0)
> return 1;
Good point. I don't know why I thought that the other not-yet upstreamed patch
created lockdown file. I'll send v2.
Kind regards,
Petr
> > + /* SecureBoot forces lockdown (non-mainline version) */
> > + flag = tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT");
> > + if (flag == 'y' && tst_secureboot_enabled() > 0)
> > + return 1;
> > }
> > file = SAFE_FOPEN(PATH_LOCKDOWN, "r");
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-07-21 8:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-20 15:02 [LTP] [PATCH 0/4] Add .skip_in_secureboot flag Petr Vorel
2023-07-20 15:02 ` [LTP] [PATCH 1/4] tst_lockdown: Check other lockdown configuration Petr Vorel
2023-07-20 15:16 ` Martin Doucha
2023-07-21 8:55 ` Petr Vorel [this message]
2023-07-20 15:02 ` [LTP] [PATCH 2/4] lib: Add .skip_in_secureboot flag Petr Vorel
2023-07-20 15:18 ` Martin Doucha
2023-07-20 15:02 ` [LTP] [PATCH 3/4] {delete, finit, init}_module0[1-3]: Skip on SecureBoot Petr Vorel
2023-07-20 15:26 ` Martin Doucha
2023-07-21 8:51 ` Petr Vorel
2023-07-20 15:02 ` [LTP] [PATCH 4/4] doc/c-api: Document .skip_in_* flags Petr Vorel
2023-07-20 15:27 ` Martin Doucha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230721085511.GB1348273@pevik \
--to=pvorel@suse.cz \
--cc=ltp@lists.linux.it \
--cc=mdoucha@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox