selftests/kexec: Enable secureboot tests for PowerPC

Existing test cases determine secureboot state using efi variable, which
is available only on x86 architecture.  Add support for determining
secureboot state using device tree property on PowerNV architecture.

Signed-off-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Tested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

diff --git a/tools/testing/selftests/kexec/Makefile b/tools/testing/selftests/kexec/Makefile
index aa91d2063249e6c8467f69bb139c46329648d424..806a150648c36659367affe75caeba8de9a56ba7 100644 (file)
--- a/tools/testing/selftests/kexec/Makefile
+++ b/tools/testing/selftests/kexec/Makefile
@@ -4,7 +4,7 @@
 uname_M := $(shell uname -m 2>/dev/null || echo not)
 ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
 
-ifeq ($(ARCH),x86)
+ifeq ($(ARCH),$(filter $(ARCH),x86 ppc64le))
 TEST_PROGS := test_kexec_load.sh test_kexec_file_load.sh
 TEST_FILES := kexec_common_lib.sh
 

diff --git a/tools/testing/selftests/kexec/kexec_common_lib.sh b/tools/testing/selftests/kexec/kexec_common_lib.sh
index 5a1b8ae04c643761ddeaf7dd50a112bb975b82c7..0e114b34d5d7bc7ed9932878f96fdbb69ea68893 100755 (executable)
--- a/tools/testing/selftests/kexec/kexec_common_lib.sh
+++ b/tools/testing/selftests/kexec/kexec_common_lib.sh
@@ -91,6 +91,27 @@ get_efi_var_secureboot_mode()
        return 0;
 }
 
+# On powerpc platform, check device-tree property
+# /proc/device-tree/ibm,secureboot/os-secureboot-enforcing
+# to detect secureboot state.
+get_ppc64_secureboot_mode()
+{
+       local secure_boot_file="/proc/device-tree/ibm,secureboot/os-secureboot-enforcing"
+       # Check for secure boot file existence
+       if [ -f $secure_boot_file ]; then
+               log_info "Secureboot is enabled (Device tree)"
+               return 1;
+       fi
+       log_info "Secureboot is not enabled (Device tree)"
+       return 0;
+}
+
+# Return the architecture of the system
+get_arch()
+{
+       echo $(arch)
+}
+
 # Check efivar SecureBoot-$(the UUID) and SetupMode-$(the UUID).
 # The secure boot mode can be accessed either as the last integer
 # of "od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-*" or from
@@ -100,14 +121,19 @@ get_efi_var_secureboot_mode()
 get_secureboot_mode()
 {
        local secureboot_mode=0
+       local system_arch=$(get_arch)
 
-       get_efivarfs_secureboot_mode
-       secureboot_mode=$?
-
-       # fallback to using the efi_var files
-       if [ $secureboot_mode -eq 0 ]; then
-               get_efi_var_secureboot_mode
+       if [ "$system_arch" == "ppc64le" ]; then
+               get_ppc64_secureboot_mode
                secureboot_mode=$?
+       else
+               get_efivarfs_secureboot_mode
+               secureboot_mode=$?
+               # fallback to using the efi_var files
+               if [ $secureboot_mode -eq 0 ]; then
+                       get_efi_var_secureboot_mode
+                       secureboot_mode=$?
+               fi
        fi
 
        if [ $secureboot_mode -eq 0 ]; then

diff --git a/tools/testing/selftests/kexec/test_kexec_file_load.sh b/tools/testing/selftests/kexec/test_kexec_file_load.sh
index 99f6fc23ee31498165a35e2056a08bb448afe01c..c9ccb3c93d729c778f43b6d6cc4ddbe519a48915 100755 (executable)
--- a/tools/testing/selftests/kexec/test_kexec_file_load.sh
+++ b/tools/testing/selftests/kexec/test_kexec_file_load.sh
@@ -226,8 +226,12 @@ get_secureboot_mode
 secureboot=$?
 
 # Are there pe and ima signatures
-check_for_pesig
-pe_signed=$?
+if [ "$(get_arch)" == 'ppc64le' ]; then
+       pe_signed=0
+else
+       check_for_pesig
+       pe_signed=$?
+fi
 
 check_for_imasig
 ima_signed=$?