[LTP] [PATCH] lib: lockdown: Report lockdown as disabled on missing sysfs
Cyril Hrubis
chrubis@suse.cz
Wed Sep 20 20:17:11 CEST 2023
Hi!
> > We currently report -1 when secure boot sysfs file is not present which
> > is later interpreted as secure boot enabled. This causes regression in
> > *_module sycall tests executed on systems when secureboot is not
> > compiled-in or supported at all.
>
> That's incorrect usage then. The tests should check
> tst_secureboot_enabled() > 0 instead. I think it will be useful to know
> whether the function found that secureboot is disabled, or could not
> check at all. We should just document it better.
Yes, the functions do not seem to have any documentation.
So I guess that we need:
diff --git a/lib/tst_test.c b/lib/tst_test.c
index 2e58cad33..e2c195645 100644
--- a/lib/tst_test.c
+++ b/lib/tst_test.c
@@ -1163,10 +1163,10 @@ static void do_setup(int argc, char *argv[])
if (tst_test->supported_archs && !tst_is_on_arch(tst_test->supported_archs))
tst_brk(TCONF, "This arch '%s' is not supported for test!", tst_arch.name);
- if (tst_test->skip_in_lockdown && tst_lockdown_enabled())
+ if (tst_test->skip_in_lockdown && tst_lockdown_enabled() > 0)
tst_brk(TCONF, "Kernel is locked down, skipping test");
- if (tst_test->skip_in_secureboot && tst_secureboot_enabled())
+ if (tst_test->skip_in_secureboot && tst_secureboot_enabled() > 0)
tst_brk(TCONF, "SecureBoot enabled, skipping test");
if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits())
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list