search

avocado-framework / avocado

Avocado is a set of tools and libraries to help with automated testing. One can call it a test framework with benefits. Native tests are written in Python and they follow the unittest pattern, but any executable can serve as a test.
https://avocado-framework.github.io/
Other
342 stars 340 forks source link

Adding check if secureboot is enabled or not #5929

Closed vaishnavibhat closed 2 months ago

vaishnavibhat commented 4 months ago

The function checks if secureboot is enabled or not from the OS side. The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status.

mr-avocado[bot] commented 4 months ago

Dear contributor, Avocado is currently at the end of sprint #105, therefore we are in feature freeze state. Please avoid merging changes that do not fall into these categories:

The feature freeze will be active until the release planned on 05/06/2024.

abdhaleegit commented 4 months ago

@vaishnavibhat fix static fails make use of double qoutes here if '00000002' in line:

vaishnavibhat commented 4 months ago

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check:

lsprop /proc/device-tree/ibm,secure-boot

/proc/device-tree/ibm,secure-boot 00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

man lsprop

LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME lsprop - list properties

SYNOPSIS lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW lsprop program is a member of the ppc64-utils suite of utils. Use it to list properties

DESCRIPTION lsprop displays properties for FILEs like Open Firmware .properties word. If the FILE is not set, the current directory is used.

OPTIONS -R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

richtja commented 4 months ago

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check: #lsprop /proc/device-tree/ibm,secure-boot /proc/device-tree/ibm,secure-boot 00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

man lsprop LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME lsprop - list properties

SYNOPSIS lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW lsprop program is a member of the ppc64-utils suite of utils. Use it to list properties

DESCRIPTION lsprop displays properties for FILEs like Open Firmware .properties word. If the FILE is not set, the current directory is used.

OPTIONS -R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

Hi @vaishnavibhat thank you for the description. So IIUIC the whole is_os_secureboot_enabled method will only work on powerpc. Therefore, I would propose to do an arch check and create and raise for example UnsupportedMachineError for unsupported architectures.

abdhaleegit commented 3 months ago

@vaishnavibhat Please fix the duplicate comit.. ammend the same do not create new commit

vaishnavibhat commented 3 months ago

Resending the patch after taking care of the review comments.

abdhaleegit commented 3 months ago

@richtja Please see if this is mergable

vaishnavibhat commented 3 months ago

@richtja Addressed the review comments. Please me know if this looks good.

Thank you