avocado icon indicating copy to clipboard operation
avocado copied to clipboard

Published 20 hours ago verified publisher icon avocado-framework

Adding check if secureboot is enabled or not

Open vaishnavibhat opened this issue 9 months ago • 8 comments

The function checks if secureboot is enabled or not from the OS side. The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status.

vaishnavibhat avatar May 08 '24 18:05 vaishnavibhat

Dear contributor, Avocado is currently at the end of sprint #105, therefore we are in feature freeze state. Please avoid merging changes that do not fall into these categories:

  • Bug fixes
  • Documentation updates

The feature freeze will be active until the release planned on 05/06/2024.

mr-avocado[bot] avatar May 08 '24 18:05 mr-avocado[bot]

@vaishnavibhat fix static fails make use of double qoutes here if '00000002' in line:

abdhaleegit avatar May 10 '24 06:05 abdhaleegit

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check: #lsprop /proc/device-tree/ibm,secure-boot /proc/device-tree/ibm,secure-boot 00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

#man lsprop LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME lsprop - list properties

SYNOPSIS lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW lsprop program is a member of the ppc64-utils suite of utils. Use it to list properties

DESCRIPTION lsprop displays properties for FILEs like Open Firmware .properties word. If the FILE is not set, the current directory is used.

OPTIONS -R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

vaishnavibhat avatar May 23 '24 09:05 vaishnavibhat

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check: #lsprop /proc/device-tree/ibm,secure-boot /proc/device-tree/ibm,secure-boot 00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

#man lsprop LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME lsprop - list properties

SYNOPSIS lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW lsprop program is a member of the ppc64-utils suite of utils. Use it to list properties

DESCRIPTION lsprop displays properties for FILEs like Open Firmware .properties word. If the FILE is not set, the current directory is used.

OPTIONS -R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

Hi @vaishnavibhat thank you for the description. So IIUIC the whole is_os_secureboot_enabled method will only work on powerpc. Therefore, I would propose to do an arch check and create and raise for example UnsupportedMachineError for unsupported architectures.

richtja avatar May 23 '24 11:05 richtja

@vaishnavibhat Please fix the duplicate comit.. ammend the same do not create new commit

abdhaleegit avatar Jun 26 '24 11:06 abdhaleegit

Resending the patch after taking care of the review comments.

vaishnavibhat avatar Jun 27 '24 04:06 vaishnavibhat

@richtja Please see if this is mergable

abdhaleegit avatar Jun 28 '24 07:06 abdhaleegit

@richtja Addressed the review comments. Please me know if this looks good.

Thank you

vaishnavibhat avatar Jul 01 '24 10:07 vaishnavibhat