| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190203211958.GB4022@x230>
Date: Sun, 3 Feb 2019 22:19:58 +0100
From: Petr Vorel <pvorel@...e.cz>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
David Howells <dhowells@...hat.com>,
Dave Young <dyoung@...hat.com>,
Eric Biederman <ebiederm@...ssion.com>
Subject: Re: [PATCH 2/3] scripts/ima: define a set of common functions
Hi Mimi,
> Define and move get_secureboot_mode() to a common file for use by other
> tests.
> Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@...e.cz>
> ---
> tools/testing/selftests/ima/common_lib.sh | 20 ++++++++++++++++++++
> tools/testing/selftests/ima/test_kexec_load.sh | 17 +++--------------
> 2 files changed, 23 insertions(+), 14 deletions(-)
> create mode 100755 tools/testing/selftests/ima/common_lib.sh
> diff --git a/tools/testing/selftests/ima/common_lib.sh b/tools/testing/selftests/ima/common_lib.sh
> new file mode 100755
> index 000000000000..ae097a634da5
> --- /dev/null
> +++ b/tools/testing/selftests/ima/common_lib.sh
> @@ -0,0 +1,20 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0+
# SPDX-License-Identifier: GPL-2.0-or-later
> +
> +get_secureboot_mode()
> +{
> + EFIVARFS="/sys/firmware/efi/efivars"
local efivarfs="/sys/firmware/efi/efivars"
local file
It's a good practise to use local keyword and lower case the name of the
variable for variables used only locally (if you treat $EFIVARFS as constant,
I'd move it outside of get_secureboot_mode()).
I personally try to avoid using global variables (except constant like).
> + # Make sure that efivars is mounted in the normal location
> + if ! grep -q "^\S\+ $EFIVARFS efivarfs" /proc/mounts; then
> + echo "$TEST: efivars is not mounted on $EFIVARFS" >&2
> + exit $ksft_skip
> + fi
There could be helper function printing error and exit in selftest library.
> + # Get secureboot mode
> + file="$EFIVARFS/SecureBoot-*"
file="$efivarfs/SecureBoot-*"
...
> KERNEL_IMAGE="/boot/vmlinuz-`uname -r`"
Another candidate for helper for potential selftest library.
Kind regards,
Petr
Powered by blists - more mailing lists