[LTP] [PATCH] lib/tst_lockdown.c: Add PPC64 architecture support

Nageswara R Sastry rnsastry@linux.ibm.com
Mon Sep 4 08:56:43 CEST 2023 

Add PPC64 architecture support to the lockdown library.

Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
---
 lib/tst_lockdown.c | 34 +++++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c
index 9086eba36..6fadad808 100644
--- a/lib/tst_lockdown.c
+++ b/lib/tst_lockdown.c
@@ -14,33 +14,46 @@
 #include "tst_lockdown.h"
 #include "tst_private.h"
 
-#define EFIVAR_SECUREBOOT "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
-
+#if defined(__powerpc64__) || defined(__ppc64__)
+#define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
+#else
+#define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
+#endif
 int tst_secureboot_enabled(void)
 {
 	int fd;
 	char data[5];
 
-	if (access(EFIVAR_SECUREBOOT, F_OK)) {
-		tst_res(TINFO, "Efivar FS not available");
+	if (access(SECUREBOOT_VAR, F_OK)) {
+		tst_res(TINFO, "SecureBoot sysfs file not available");
 		return -1;
 	}
 
-	fd = open(EFIVAR_SECUREBOOT, O_RDONLY);
+	fd = open(SECUREBOOT_VAR, O_RDONLY);
 
 	if (fd == -1) {
 		tst_res(TINFO | TERRNO,
-			"Cannot open SecureBoot Efivar sysfile");
+			"Cannot open SecureBoot file");
 		return -1;
 	} else if (fd < 0) {
 		tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
 		return -1;
 	}
-
+	#if defined(__powerpc64__) || defined(__ppc64__)
+	SAFE_READ(1, fd, data, 4);
+	#else
 	SAFE_READ(1, fd, data, 5);
+	#endif
+
 	SAFE_CLOSE(fd);
+
+	#if defined(__powerpc64__) || defined(__ppc64__)
+	tst_res(TINFO, "SecureBoot: %s", data[3] ? "on" : "off");
+	return data[3];
+	#else
 	tst_res(TINFO, "SecureBoot: %s", data[4] ? "on" : "off");
 	return data[4];
+	#endif
 }
 
 int tst_lockdown_enabled(void)
@@ -51,9 +64,16 @@ int tst_lockdown_enabled(void)
 
 	if (access(PATH_LOCKDOWN, F_OK) != 0) {
 		char flag;
+
 		/* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
+		#if defined(__powerpc64__) || defined(__ppc64__)
+		flag = tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM") == 'y';
+		flag |= tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM_EARLY") == 'y';
+		#else
 		flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
 		flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
+		#endif
+
 		if (flag && tst_secureboot_enabled() > 0)
 			return 1;
 
-- 
2.37.1 (Apple Git-137.1)

More information about the ltp mailing list