[LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

* [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support
@ 2023-09-07  4:40 R Nageswara Sastry
  2023-09-07 11:13 ` Martin Doucha
  2023-09-07 11:46 ` Cyril Hrubis
  0 siblings, 2 replies; 3+ messages in thread
From: R Nageswara Sastry @ 2023-09-07  4:40 UTC (permalink / raw)
  To: ltp; +Cc: rnsastry

From: Nageswara R Sastry <rnsastry@linux.ibm.com>

Add PPC64 architecture support to the lockdown library.

Signed-off-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
---
v3:
 - Revert back the kernel config checking to v1 (Martin Doucha)
v2:
 - Group all the constant definitions together (Cyril Hrubis)
 - Reduce the number of variables (Martin Doucha)
---
 lib/tst_lockdown.c | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c
index 9086eba36..3ccf73092 100644
--- a/lib/tst_lockdown.c
+++ b/lib/tst_lockdown.c
@@ -14,33 +14,37 @@
 #include "tst_lockdown.h"
 #include "tst_private.h"
 
-#define EFIVAR_SECUREBOOT "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
-
+#if defined(__powerpc64__) || defined(__ppc64__)
+# define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
+# define VAR_DATA_SIZE 4
+#else
+# define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
+# define VAR_DATA_SIZE 5
+#endif
 int tst_secureboot_enabled(void)
 {
 	int fd;
 	char data[5];
 
-	if (access(EFIVAR_SECUREBOOT, F_OK)) {
-		tst_res(TINFO, "Efivar FS not available");
+	if (access(SECUREBOOT_VAR, F_OK)) {
+		tst_res(TINFO, "SecureBoot sysfs file not available");
 		return -1;
 	}
 
-	fd = open(EFIVAR_SECUREBOOT, O_RDONLY);
+	fd = open(SECUREBOOT_VAR, O_RDONLY);
 
 	if (fd == -1) {
 		tst_res(TINFO | TERRNO,
-			"Cannot open SecureBoot Efivar sysfile");
+			"Cannot open SecureBoot file");
 		return -1;
 	} else if (fd < 0) {
 		tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
 		return -1;
 	}
-
-	SAFE_READ(1, fd, data, 5);
+	SAFE_READ(1, fd, data, VAR_DATA_SIZE);
 	SAFE_CLOSE(fd);
-	tst_res(TINFO, "SecureBoot: %s", data[4] ? "on" : "off");
-	return data[4];
+	tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
+	return data[VAR_DATA_SIZE - 1];
 }
 
 int tst_lockdown_enabled(void)
@@ -51,9 +55,16 @@ int tst_lockdown_enabled(void)
 
 	if (access(PATH_LOCKDOWN, F_OK) != 0) {
 		char flag;
+
 		/* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
+#if defined(__powerpc64__) || defined(__ppc64__)
+		flag = tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM") == 'y';
+		flag |= tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM_EARLY") == 'y';
+#else
 		flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
 		flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
+#endif
+
 		if (flag && tst_secureboot_enabled() > 0)
 			return 1;
 
-- 
2.37.1 (Apple Git-137.1)


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support
  2023-09-07  4:40 [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support R Nageswara Sastry
@ 2023-09-07 11:13 ` Martin Doucha
  2023-09-07 11:46 ` Cyril Hrubis
  1 sibling, 0 replies; 3+ messages in thread
From: Martin Doucha @ 2023-09-07 11:13 UTC (permalink / raw)
  To: R Nageswara Sastry, ltp

Hi,
Reviewed-by: Martin Doucha <mdoucha@suse.cz>

On 07. 09. 23 6:40, R Nageswara Sastry wrote:
> From: Nageswara R Sastry <rnsastry@linux.ibm.com>
> 
> Add PPC64 architecture support to the lockdown library.
> 
> Signed-off-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
> ---
> v3:
>   - Revert back the kernel config checking to v1 (Martin Doucha)
> v2:
>   - Group all the constant definitions together (Cyril Hrubis)
>   - Reduce the number of variables (Martin Doucha)
> ---
>   lib/tst_lockdown.c | 31 +++++++++++++++++++++----------
>   1 file changed, 21 insertions(+), 10 deletions(-)
> 
> diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c
> index 9086eba36..3ccf73092 100644
> --- a/lib/tst_lockdown.c
> +++ b/lib/tst_lockdown.c
> @@ -14,33 +14,37 @@
>   #include "tst_lockdown.h"
>   #include "tst_private.h"
>   
> -#define EFIVAR_SECUREBOOT "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
> -
> +#if defined(__powerpc64__) || defined(__ppc64__)
> +# define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
> +# define VAR_DATA_SIZE 4
> +#else
> +# define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
> +# define VAR_DATA_SIZE 5
> +#endif
>   int tst_secureboot_enabled(void)
>   {
>   	int fd;
>   	char data[5];
>   
> -	if (access(EFIVAR_SECUREBOOT, F_OK)) {
> -		tst_res(TINFO, "Efivar FS not available");
> +	if (access(SECUREBOOT_VAR, F_OK)) {
> +		tst_res(TINFO, "SecureBoot sysfs file not available");
>   		return -1;
>   	}
>   
> -	fd = open(EFIVAR_SECUREBOOT, O_RDONLY);
> +	fd = open(SECUREBOOT_VAR, O_RDONLY);
>   
>   	if (fd == -1) {
>   		tst_res(TINFO | TERRNO,
> -			"Cannot open SecureBoot Efivar sysfile");
> +			"Cannot open SecureBoot file");
>   		return -1;
>   	} else if (fd < 0) {
>   		tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
>   		return -1;
>   	}
> -
> -	SAFE_READ(1, fd, data, 5);
> +	SAFE_READ(1, fd, data, VAR_DATA_SIZE);
>   	SAFE_CLOSE(fd);
> -	tst_res(TINFO, "SecureBoot: %s", data[4] ? "on" : "off");
> -	return data[4];
> +	tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
> +	return data[VAR_DATA_SIZE - 1];
>   }
>   
>   int tst_lockdown_enabled(void)
> @@ -51,9 +55,16 @@ int tst_lockdown_enabled(void)
>   
>   	if (access(PATH_LOCKDOWN, F_OK) != 0) {
>   		char flag;
> +
>   		/* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
> +#if defined(__powerpc64__) || defined(__ppc64__)
> +		flag = tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM") == 'y';
> +		flag |= tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM_EARLY") == 'y';
> +#else
>   		flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
>   		flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
> +#endif
> +
>   		if (flag && tst_secureboot_enabled() > 0)
>   			return 1;
>   

-- 
Martin Doucha   mdoucha@suse.cz
SW Quality Engineer
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support
  2023-09-07  4:40 [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support R Nageswara Sastry
  2023-09-07 11:13 ` Martin Doucha
@ 2023-09-07 11:46 ` Cyril Hrubis
  1 sibling, 0 replies; 3+ messages in thread
From: Cyril Hrubis @ 2023-09-07 11:46 UTC (permalink / raw)
  To: R Nageswara Sastry; +Cc: ltp

Hi!
Pushed, thanks.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-09-07 11:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-07  4:40 [LTP] [PATCH v3] lib/tst_lockdown.c: Add PPC64 architecture support R Nageswara Sastry
2023-09-07 11:13 ` Martin Doucha
2023-09-07 11:46 ` Cyril Hrubis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox