[LTP] [PATCH 1/1] fw_load: Skip on Lockdown/Secure Boot
Petr Vorel
pvorel@suse.cz
Wed Jan 7 12:49:33 CET 2026
Similarly to delete_module0[13].c, finit_module02.c and init_module02.c
also fw_load.c cannot load modules due Lockdown/Secure Boot.
fw_load 0 TINFO : module signature enforcement: off
insmod: ERROR: could not insert module ltp_fw_load.ko: Key was rejected by service
dmesg:
[ 0.000000] [ T0] secureboot: Secure boot enabled
[ 0.000000] [ T0] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
...
[ 17.679826] [ T1591] Loading of unsigned module is rejected
Reported-by: Avinesh Kumar <akumar@suse.de>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
FYI once the test is rewritten into new API, it will just use as in
delete_module0[13].c:
/* lockdown and SecureBoot requires signed modules */
.skip_in_lockdown = 1,
.skip_in_secureboot = 1,
Kind regards,
Petr
testcases/kernel/firmware/fw_load_user/fw_load.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/testcases/kernel/firmware/fw_load_user/fw_load.c b/testcases/kernel/firmware/fw_load_user/fw_load.c
index b2ed09e6f3..f5b918a698 100644
--- a/testcases/kernel/firmware/fw_load_user/fw_load.c
+++ b/testcases/kernel/firmware/fw_load_user/fw_load.c
@@ -29,6 +29,7 @@
#include <string.h>
#include "test.h"
+#include "tst_security.h"
#include "safe_macros.h"
#include "old_module.h"
@@ -102,6 +103,9 @@ static void help(void)
void setup(int argc, char *argv[])
{
+ if (tst_lockdown_enabled() > 0 || tst_secureboot_enabled() > 0)
+ tst_brkm(TCONF, NULL, "Cannot load unsigned modules in Lockdown/Secure Boot");
+
tst_parse_opts(argc, argv, options, help);
if (nflag) {
--
2.51.0
More information about the ltp
mailing list