linux.git/tools/testing/selftests/kexec/kexec_common_lib.sh, branch vsnprintf Linux kernel source tree selftests/kexec: remove broken EFI_VARS secure boot fallback check 2022-06-24T08:19:22+00:00 Ard Biesheuvel ardb@kernel.org 2022-06-08T07:54:47+00:00 c07d2475f9cd7eaf6ddc60b5d284b375699d9553 Commit b433a52aa28733e0 ("selftests/kexec: update get_secureboot_mode") refactored the code that discovers the EFI secure boot mode so it only depends on either the efivars pseudo filesystem or the efivars sysfs interface, but never both. However, the latter version was not implemented correctly, given the fact that the local 'efi_vars' variable never assumes a value. This means the fallback has been dead code ever since it was introduced. So let's drop the fallback altogether. The sysfs interface has been deprecated for ~10 years now, and is only enabled on x86 to begin with, so it is time to get rid of it entirely. Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 
Commit b433a52aa28733e0 ("selftests/kexec: update get_secureboot_mode")
refactored the code that discovers the EFI secure boot mode so it only
depends on either the efivars pseudo filesystem or the efivars sysfs
interface, but never both.

However, the latter version was not implemented correctly, given the
fact that the local 'efi_vars' variable never assumes a value. This
means the fallback has been dead code ever since it was introduced.

So let's drop the fallback altogether. The sysfs interface has been
deprecated for ~10 years now, and is only enabled on x86 to begin with,
so it is time to get rid of it entirely.

Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
selftests/kexec: Enable secureboot tests for PowerPC 2022-01-05T16:44:57+00:00 Nageswara R Sastry rnsastry@linux.ibm.com 2021-11-24T07:08:01+00:00 65e38e32a959dbbb0bf5cf1ae699789f81759be6 Existing test cases determine secureboot state using efi variable, which is available only on x86 architecture. Add support for determining secureboot state using device tree property on PowerNV architecture. Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Nayna Jain <nayna@linux.ibm.com> Tested-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 
Existing test cases determine secureboot state using efi variable, which
is available only on x86 architecture.  Add support for determining
secureboot state using device tree property on PowerNV architecture.

Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
selftests/kexec: update searching for the Kconfig 2021-12-31T18:16:13+00:00 Mimi Zohar zohar@linux.ibm.com 2021-12-03T15:20:42+00:00 9be6dc8059bb235ffb0666690a26c0df15cc6d9e First check /lib/modules/`uname -r`/config, before using the IKCONFIG. In addition, the configs.ko might be compressed. Fix the configs.ko name. Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> 
First check /lib/modules/`uname -r`/config, before using the IKCONFIG.
In addition, the configs.ko might be compressed.  Fix the configs.ko
name.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
selftests/kexec: update get_secureboot_mode 2019-04-17T21:32:44+00:00 Mimi Zohar zohar@linux.ibm.com 2019-04-01T17:39:44+00:00 b433a52aa28733e0650c5e83efdccfd0637b981a The get_secureboot_mode() function unnecessarily requires both CONFIG_EFIVAR_FS and CONFIG_EFI_VARS to be enabled to determine if the system is booted in secure boot mode. On some systems the old EFI variable support is not enabled or, possibly, even implemented. This patch first checks the efivars filesystem for the SecureBoot and SetupMode flags, but falls back to using the old EFI variable support. The "secure_boot_file" and "setup_mode_file" couldn't be quoted due to globbing. This patch also removes the globbing. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
The get_secureboot_mode() function unnecessarily requires both
CONFIG_EFIVAR_FS and CONFIG_EFI_VARS to be enabled to determine if the
system is booted in secure boot mode.  On some systems the old EFI
variable support is not enabled or, possibly, even implemented.

This patch first checks the efivars filesystem for the SecureBoot and
SetupMode flags, but falls back to using the old EFI variable support.

The "secure_boot_file" and "setup_mode_file" couldn't be quoted due to
globbing.  This patch also removes the globbing.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
selftests/kexec: kexec_file_load syscall test 2019-04-17T21:32:24+00:00 Mimi Zohar zohar@linux.ibm.com 2019-01-24T23:22:06+00:00 973b71c60f160f58e624795ac5d4b08c881b8d75 The kernel can be configured to verify PE signed kernel images, IMA kernel image signatures, both types of signatures, or none. This test verifies only properly signed kernel images are loaded into memory, based on the kernel configuration and runtime policies. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
The kernel can be configured to verify PE signed kernel images, IMA
kernel image signatures, both types of signatures, or none.  This test
verifies only properly signed kernel images are loaded into memory,
based on the kernel configuration and runtime policies.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
selftests/kexec: define "require_root_privileges" 2019-04-17T21:32:19+00:00 Mimi Zohar zohar@linux.ibm.com 2019-03-06T16:19:45+00:00 c660a81796d456f0769937dd3ecf4cfd30f0ece6 Many tests require root privileges. Define a common function. Suggested-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
Many tests require root privileges.  Define a common function.

Suggested-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
selftests/kexec: define common logging functions 2019-04-17T21:32:14+00:00 Mimi Zohar zohar@linux.ibm.com 2019-02-13T16:46:55+00:00 6038c81526d748b2bba691688095ced72a620539 Define log_info, log_pass, log_fail, and log_skip functions. Suggested-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
Define log_info, log_pass, log_fail, and log_skip functions.

Suggested-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
selftests/kexec: define a set of common functions 2019-04-17T21:32:02+00:00 Mimi Zohar zohar@linux.ibm.com 2019-01-24T13:57:20+00:00 5025b0f0fa25a0b71ae7ada96b18b6b63c24302f Define, update and move get_secureboot_mode() to a common file for use by other tests. Updated to check both the efivar SecureBoot-$(UUID) and SetupMode-$(UUID), based on Dave Young's review. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 
Define, update and move get_secureboot_mode() to a common file for use
by other tests.

Updated to check both the efivar SecureBoot-$(UUID) and
SetupMode-$(UUID), based on Dave Young's review.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>