[LTP] [PATCH] lib/tst_lockdown.c: Add PPC64 architecture support

R Nageswara Sastry rnsastry@linux.ibm.com
Mon Sep 4 09:03:07 CEST 2023 


On 04/09/23 12:26 pm, Nageswara R Sastry wrote:
> Add PPC64 architecture support to the lockdown library.
> 
> Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com>

Tested with and with out Secure boot enabled on PPC64LE system.

Ran testcases named:
finit_module01 finit_module01
finit_module02 finit_module02

With secure boot disabled:
...
tst_lockdown.c:90: TINFO: Kernel lockdown: off
tst_lockdown.c:51: TINFO: SecureBoot: off
…
Summary:
passed   10
failed   0
broken   0
skipped  0
warnings 0


With secure boot enabled:
...
tst_lockdown.c:90: TINFO: Kernel lockdown: on
tst_lockdown.c:51: TINFO: SecureBoot: on
…
Summary:
passed   7
failed   0
broken   0
skipped  3
warnings 0


> ---
>   lib/tst_lockdown.c | 34 +++++++++++++++++++++++++++-------
>   1 file changed, 27 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c
> index 9086eba36..6fadad808 100644
> --- a/lib/tst_lockdown.c
> +++ b/lib/tst_lockdown.c
> @@ -14,33 +14,46 @@
>   #include "tst_lockdown.h"
>   #include "tst_private.h"
>   
> -#define EFIVAR_SECUREBOOT "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
> -
> +#if defined(__powerpc64__) || defined(__ppc64__)
> +#define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
> +#else
> +#define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
> +#endif
>   int tst_secureboot_enabled(void)
>   {
>   	int fd;
>   	char data[5];
>   
> -	if (access(EFIVAR_SECUREBOOT, F_OK)) {
> -		tst_res(TINFO, "Efivar FS not available");
> +	if (access(SECUREBOOT_VAR, F_OK)) {
> +		tst_res(TINFO, "SecureBoot sysfs file not available");
>   		return -1;
>   	}
>   
> -	fd = open(EFIVAR_SECUREBOOT, O_RDONLY);
> +	fd = open(SECUREBOOT_VAR, O_RDONLY);
>   
>   	if (fd == -1) {
>   		tst_res(TINFO | TERRNO,
> -			"Cannot open SecureBoot Efivar sysfile");
> +			"Cannot open SecureBoot file");
>   		return -1;
>   	} else if (fd < 0) {
>   		tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
>   		return -1;
>   	}
> -
> +	#if defined(__powerpc64__) || defined(__ppc64__)
> +	SAFE_READ(1, fd, data, 4);
> +	#else
>   	SAFE_READ(1, fd, data, 5);
> +	#endif
> +
>   	SAFE_CLOSE(fd);
> +
> +	#if defined(__powerpc64__) || defined(__ppc64__)
> +	tst_res(TINFO, "SecureBoot: %s", data[3] ? "on" : "off");
> +	return data[3];
> +	#else
>   	tst_res(TINFO, "SecureBoot: %s", data[4] ? "on" : "off");
>   	return data[4];
> +	#endif
>   }
>   
>   int tst_lockdown_enabled(void)
> @@ -51,9 +64,16 @@ int tst_lockdown_enabled(void)
>   
>   	if (access(PATH_LOCKDOWN, F_OK) != 0) {
>   		char flag;
> +
>   		/* SecureBoot enabled could mean integrity lockdown (non-mainline version) */
> +		#if defined(__powerpc64__) || defined(__ppc64__)
> +		flag = tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM") == 'y';
> +		flag |= tst_kconfig_get("CONFIG_SECURITY_LOCKDOWN_LSM_EARLY") == 'y';
> +		#else
>   		flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y';
>   		flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y';
> +		#endif
> +
>   		if (flag && tst_secureboot_enabled() > 0)
>   			return 1;
>   

-- 
Thanks and Regards
R.Nageswara Sastry

More information about the ltp mailing list