[LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot

[LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot

[Petr Vorel]

Similarly to delete_module0[13].c, finit_module02.c and init_module02.c
also fw_load.c cannot load modules due Lockdown/Secure Boot.

fw_load     0  TINFO  :  module signature enforcement: off
insmod: ERROR: could not insert module ltp_fw_load.ko: Key was rejected by service

dmesg:
[    0.000000] [      T0] secureboot: Secure boot enabled
[    0.000000] [      T0] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
...
[   17.679826] [   T1591] Loading of unsigned module is rejected

Reported-by: Avinesh Kumar <akumar@suse.de>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
FYI once the test is rewritten into new API, it will just use as in
delete_module0[13].c:

	/* lockdown and SecureBoot requires signed modules */
	.skip_in_lockdown = 1,
	.skip_in_secureboot = 1,

Kind regards,
Petr

 testcases/kernel/firmware/fw_load_user/fw_load.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/testcases/kernel/firmware/fw_load_user/fw_load.c b/testcases/kernel/firmware/fw_load_user/fw_load.c
index b2ed09e6f3..f5b918a698 100644
--- a/testcases/kernel/firmware/fw_load_user/fw_load.c
+++ b/testcases/kernel/firmware/fw_load_user/fw_load.c
@@ -29,6 +29,7 @@
 #include <string.h>
 
 #include "test.h"
+#include "tst_security.h"
 #include "safe_macros.h"
 #include "old_module.h"
 
@@ -102,6 +103,9 @@ static void help(void)
 
 void setup(int argc, char *argv[])
 {
+	if (tst_lockdown_enabled() > 0 || tst_secureboot_enabled() > 0)
+		tst_brkm(TCONF, NULL, "Cannot load unsigned modules in Lockdown/Secure Boot");
+
 	tst_parse_opts(argc, argv, options, help);
 
 	if (nflag) {
-- 
2.51.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot

[Li Wang via ltp]

On Wed, Jan 7, 2026 at 7:50 PM Petr Vorel <pvorel@suse.cz> wrote:
>
> Similarly to delete_module0[13].c, finit_module02.c and init_module02.c
> also fw_load.c cannot load modules due Lockdown/Secure Boot.
>
> fw_load     0  TINFO  :  module signature enforcement: off
> insmod: ERROR: could not insert module ltp_fw_load.ko: Key was rejected by service
>
> dmesg:
> [    0.000000] [      T0] secureboot: Secure boot enabled
> [    0.000000] [      T0] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
> ...
> [   17.679826] [   T1591] Loading of unsigned module is rejected
>
> Reported-by: Avinesh Kumar <akumar@suse.de>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>

Reviewed-by: Li Wang <liwang@redhat.com>


-- 
Regards,
Li Wang


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot

[Petr Vorel]

Hi all,

thanks for your review, merged!

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot

[Andrea Cervesato via ltp]

Hi!

Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Andrea Cervesato
SUSE QE Automation Engineer Linux
andrea.cervesato@suse.com


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp