diff options
| -rwxr-xr-x | tools/testing/selftests/kexec/kexec_common_lib.sh | 86 |
1 files changed, 66 insertions, 20 deletions
diff --git a/tools/testing/selftests/kexec/kexec_common_lib.sh b/tools/testing/selftests/kexec/kexec_common_lib.sh index b7ac8f3fa025..43017cfe88f7 100755 --- a/tools/testing/selftests/kexec/kexec_common_lib.sh +++ b/tools/testing/selftests/kexec/kexec_common_lib.sh @@ -35,6 +35,63 @@ log_skip() } # Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID). +# (Based on kdump-lib.sh) +get_efivarfs_secureboot_mode() +{ + local efivarfs="/sys/firmware/efi/efivars" + local secure_boot_file="" + local setup_mode_file="" + local secureboot_mode=0 + local setup_mode=0 + + # Make sure that efivar_fs is mounted in the normal location + if ! grep -q "^\S\+ $efivarfs efivarfs" /proc/mounts; then + log_info "efivars is not mounted on $efivarfs" + return 0; + fi + secure_boot_file=$(find "$efivarfs" -name SecureBoot-* 2>/dev/null) + setup_mode_file=$(find "$efivarfs" -name SetupMode-* 2>/dev/null) + if [ -f "$secure_boot_file" ] && [ -f "$setup_mode_file" ]; then + secureboot_mode=$(hexdump -v -e '/1 "%d\ "' \ + "$secure_boot_file"|cut -d' ' -f 5) + setup_mode=$(hexdump -v -e '/1 "%d\ "' \ + "$setup_mode_file"|cut -d' ' -f 5) + + if [ $secureboot_mode -eq 1 ] && [ $setup_mode -eq 0 ]; then + log_info "secure boot mode enabled (CONFIG_EFIVAR_FS)" + return 1; + fi + fi + return 0; +} + +get_efi_var_secureboot_mode() +{ + local efi_vars + local secure_boot_file + local setup_mode_file + local secureboot_mode + local setup_mode + + if [ ! -d "$efi_vars" ]; then + log_skip "efi_vars is not enabled\n" + fi + secure_boot_file=$(find "$efi_vars" -name SecureBoot-* 2>/dev/null) + setup_mode_file=$(find "$efi_vars" -name SetupMode-* 2>/dev/null) + if [ -f "$secure_boot_file/data" ] && \ + [ -f "$setup_mode_file/data" ]; then + secureboot_mode=`od -An -t u1 "$secure_boot_file/data"` + setup_mode=`od -An -t u1 "$setup_mode_file/data"` + + if [ $secureboot_mode -eq 1 ] && [ $setup_mode -eq 0 ]; then + log_info "secure boot mode enabled (CONFIG_EFI_VARS)" + return 1; + fi + fi + return 0; +} + +# Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID). # The secure boot mode can be accessed either as the last integer # of "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*" or from # "od -An -t u1 /sys/firmware/efi/vars/SecureBoot-*/data". The efi @@ -42,32 +99,21 @@ log_skip() # Return 1 for SecureBoot mode enabled and SetupMode mode disabled. get_secureboot_mode() { - local efivarfs="/sys/firmware/efi/efivars" - local secure_boot_file="$efivarfs/../vars/SecureBoot-*/data" - local setup_mode_file="$efivarfs/../vars/SetupMode-*/data" local secureboot_mode=0 - local setup_mode=0 - # Make sure that efivars is mounted in the normal location - if ! grep -q "^\S\+ $efivarfs efivarfs" /proc/mounts; then - log_skip "efivars is not mounted on $efivarfs" - fi + get_efivarfs_secureboot_mode + secureboot_mode=$? - # Due to globbing, quoting "secure_boot_file" and "setup_mode_file" - # is not possible. (Todo: initialize variables using find or ls.) - if [ ! -e $secure_boot_file ] || [ ! -e $setup_mode_file ]; then - log_skip "unknown secureboot/setup mode" + # fallback to using the efi_var files + if [ $secureboot_mode -eq 0 ]; then + get_efi_var_secureboot_mode + secureboot_mode=$? fi - secureboot_mode=`od -An -t u1 $secure_boot_file` - setup_mode=`od -An -t u1 $setup_mode_file` - - if [ $secureboot_mode -eq 1 ] && [ $setup_mode -eq 0 ]; then - log_info "secure boot mode enabled" - return 1; + if [ $secureboot_mode -eq 0 ]; then + log_info "secure boot mode not enabled" fi - log_info "secure boot mode not enabled" - return 0; + return $secureboot_mode; } require_root_privileges() |