[LTP] [PATCH 1/4] tst_lockdown: Check other lockdown configuration
Petr Vorel
pvorel@suse.cz
Fri Jul 21 10:55:11 CEST 2023
Hi Martin,
...
> > + char flag;
> > if (access(PATH_LOCKDOWN, F_OK) != 0) {
> > - char flag;
> > -
> > + /* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
> > flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN");
> > -
> > - /* SecureBoot enabled could mean integrity lockdown */
> > if (flag == 'y' && tst_secureboot_enabled() > 0)
> > return 1;
> > tst_res(TINFO, "Unable to determine system lockdown state");
> > return 0;
> > + } else {
> There should be no "else" branch here. The code above should look like this:
> int flag;
> flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
> flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
> if (flag && tst_secureboot_enabled() > 0)
> return 1;
Good point. I don't know why I thought that the other not-yet upstreamed patch
created lockdown file. I'll send v2.
Kind regards,
Petr
> > + /* SecureBoot forces lockdown (non-mainline version) */
> > + flag = tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT");
> > + if (flag == 'y' && tst_secureboot_enabled() > 0)
> > + return 1;
> > }
> > file = SAFE_FOPEN(PATH_LOCKDOWN, "r");
More information about the ltp
mailing list