[LTP] [PATCH] lib/tst_lockdown.c: Add PPC64 architecture support

Mon Sep 4 11:54:12 CEST 2023

Hi!
> +#if defined(__powerpc64__) || defined(__ppc64__)
> +#define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
> +#else
> +#define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
> +#endif

This is not properly indented, for preprocessor directives the # has to
always be first character in the line, then inner blocks are indented by
spaces between # and the rest such as:

#if foo
# if bar
#  define BAZ
# endif
#endif

>  int tst_secureboot_enabled(void)
>  {
>  	int fd;
>  	char data[5];
>  
> -	if (access(EFIVAR_SECUREBOOT, F_OK)) {
> -		tst_res(TINFO, "Efivar FS not available");
> +	if (access(SECUREBOOT_VAR, F_OK)) {
> +		tst_res(TINFO, "SecureBoot sysfs file not available");
>  		return -1;
>  	}
>  
> -	fd = open(EFIVAR_SECUREBOOT, O_RDONLY);
> +	fd = open(SECUREBOOT_VAR, O_RDONLY);
>  
>  	if (fd == -1) {
>  		tst_res(TINFO | TERRNO,
> -			"Cannot open SecureBoot Efivar sysfile");
> +			"Cannot open SecureBoot file");
>  		return -1;
>  	} else if (fd < 0) {
>  		tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
>  		return -1;
>  	}
> -
> +	#if defined(__powerpc64__) || defined(__ppc64__)
> +	SAFE_READ(1, fd, data, 4);
> +	#else
>  	SAFE_READ(1, fd, data, 5);
> +	#endif

Here as well, the ifdefs has to start at first character in the line:

#if ...
	SAFE_READ(...);
#else
	SAFE_READ(...);
#endif

>  	SAFE_CLOSE(fd);
> +
> +	#if defined(__powerpc64__) || defined(__ppc64__)
> +	tst_res(TINFO, "SecureBoot: %s", data[3] ? "on" : "off");
> +	return data[3];
> +	#else
>  	tst_res(TINFO, "SecureBoot: %s", data[4] ? "on" : "off");
>  	return data[4];
> +	#endif
>
>  }
>  
>  int tst_lockdown_enabled(void)
> @@ -51,9 +64,16 @@ int tst_lockdown_enabled(void)
>  
>  	if (access(PATH_LOCKDOWN, F_OK) != 0) {
>  		char flag;
> +
>  		/* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
> +		#if defined(__powerpc64__) || defined(__ppc64__)
> +		flag = tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM") == 'y';
> +		flag |= tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM_EARLY") == 'y';
> +		#else
>  		flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
>  		flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
> +		#endif

However all of these cases we can just define a few constants instead of
cluttering the code with ifdefs.

#ifdef ppc
# define VAR_DATA_SIZE 5
# define VAR_DATA_OFF 4
# define KERNEL_KCONFIG1 "CONFIG_SECURITY_LOCKDOWN_LSM"
# define KERNEL_KCONFIG2 "CONFIG_SECURITY_LOCKDOWN_LSM_EARLY"
...
#else
# define VAR_DATA_SIZE 4
# define VAR_DATA_OFF 3
...
#endif

>  		if (flag && tst_secureboot_enabled() > 0)
>  			return 1;
>  
> -- 
> 2.37.1 (Apple Git-137.1)
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz