lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1548960936-7800-3-git-send-email-zohar@linux.ibm.com>
Date:   Thu, 31 Jan 2019 13:55:35 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     linux-integrity@...r.kernel.org
Cc:     linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
        David Howells <dhowells@...hat.com>,
        Dave Young <dyoung@...hat.com>,
        Eric Biederman <ebiederm@...ssion.com>,
        Mimi Zohar <zohar@...ux.ibm.com>
Subject: [PATCH 2/3] scripts/ima: define a set of common functions

Define and move get_secureboot_mode() to a common file for use by other
tests.

Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
---
 tools/testing/selftests/ima/common_lib.sh      | 20 ++++++++++++++++++++
 tools/testing/selftests/ima/test_kexec_load.sh | 17 +++--------------
 2 files changed, 23 insertions(+), 14 deletions(-)
 create mode 100755 tools/testing/selftests/ima/common_lib.sh

diff --git a/tools/testing/selftests/ima/common_lib.sh b/tools/testing/selftests/ima/common_lib.sh
new file mode 100755
index 000000000000..ae097a634da5
--- /dev/null
+++ b/tools/testing/selftests/ima/common_lib.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0+
+
+get_secureboot_mode()
+{
+	EFIVARFS="/sys/firmware/efi/efivars"
+	# Make sure that efivars is mounted in the normal location
+	if ! grep -q "^\S\+ $EFIVARFS efivarfs" /proc/mounts; then
+		echo "$TEST: efivars is not mounted on $EFIVARFS" >&2
+		exit $ksft_skip
+	fi
+
+	# Get secureboot mode
+	file="$EFIVARFS/SecureBoot-*"
+	if [ ! -e $file ]; then
+		echo "$TEST: unknown secureboot mode" >&2
+		exit $ksft_skip
+	fi
+	return `hexdump $file | awk '{print substr($4,length($4),1)}'`
+}
diff --git a/tools/testing/selftests/ima/test_kexec_load.sh b/tools/testing/selftests/ima/test_kexec_load.sh
index 74423c4229e2..5e3566738888 100755
--- a/tools/testing/selftests/ima/test_kexec_load.sh
+++ b/tools/testing/selftests/ima/test_kexec_load.sh
@@ -5,7 +5,7 @@
 # is booted in secureboot mode.
 
 TEST="$0"
-EFIVARFS="/sys/firmware/efi/efivars"
+. ./common_lib.sh
 rc=0
 
 # Kselftest framework requirement - SKIP code is 4.
@@ -17,19 +17,8 @@ if [ $(id -ru) != 0 ]; then
 	exit $ksft_skip
 fi
 
-# Make sure that efivars is mounted in the normal location
-if ! grep -q "^\S\+ $EFIVARFS efivarfs" /proc/mounts; then
-	echo "$TEST: efivars is not mounted on $EFIVARFS" >&2
-	exit $ksft_skip
-fi
-
-# Get secureboot mode
-file="$EFIVARFS/SecureBoot-*"
-if [ ! -e $file ]; then
-	echo "$TEST: unknown secureboot mode" >&2
-	exit $ksft_skip
-fi
-secureboot=`hexdump $file | awk '{print substr($4,length($4),1)}'`
+get_secureboot_mode
+secureboot=$?
 
 # kexec_load should fail in secure boot mode
 KERNEL_IMAGE="/boot/vmlinuz-`uname -r`"
-- 
2.7.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ