From patchwork Fri Jul 21 09:15:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810825 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=SocZYdfc; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=bHUewm1k; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6kRx3jgkz1yYC for ; Fri, 21 Jul 2023 19:15:41 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 17C543CDC70 for ; Fri, 21 Jul 2023 11:15:39 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [IPv6:2001:4b78:1:20::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id E59FE3C94B8 for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 15F901000D5B for ; Fri, 21 Jul 2023 11:15:22 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 7E2C01F8B9; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KHFJsUxiFpGnK1HpIdi80dSNzr226uOK6i6u+7kpxRI=; b=SocZYdfcWsMdbL9+kTDXAPAwFzGvCwCua4ejDMQTGkSDOxdKWPz9a1d9BxZ9uJsIKYrHrO 9EB2X3IUbc8VLmHu8wBMpVxllM/1D2OL2ZrAtKDmu903+UsZWojKrr1IkT4Ub3V9QNE0Ih S+N2lC7ME5GqxAskbkOmxMLJpH71q0Q= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KHFJsUxiFpGnK1HpIdi80dSNzr226uOK6i6u+7kpxRI=; b=bHUewm1kT6ReKtNl7/gfpv5pb/f/d3G2e7H0nHmcjy/4J2qipBW1A3O7V3kWldLflaHq7Z jhwNa92Ip4AI/xDg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 57341134B0; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id YIoVFKpMumRSawAAMHmgww (envelope-from ); Fri, 21 Jul 2023 09:15:22 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Fri, 21 Jul 2023 11:15:11 +0200 Message-Id: <20230721091515.1353371-2-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230721091515.1353371-1-pvorel@suse.cz> References: <20230721091515.1353371-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v2 1/5] tst_lockdown: Check other lockdown configuration X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Originally we checked only CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y (non-mainline patch from 2017 [1]. Various distros (older releases) use other newer non-mainline patch [2] (originally from Fedora 32), which with CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y forces lockdown, when in secure boot. [1] https://lore.kernel.org/lkml/149141204578.30815.1929675368430800975.stgit@warthog.procyon.org.uk/ [2] https://lore.kernel.org/lkml/150842483945.7923.12778302394414653081.stgit@warthog.procyon.org.uk/ Signed-off-by: Petr Vorel Reviewed-by: Martin Doucha --- lib/tst_lockdown.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c index 26a57b6a1..4ce4736c3 100644 --- a/lib/tst_lockdown.c +++ b/lib/tst_lockdown.c @@ -50,11 +50,10 @@ int tst_lockdown_enabled(void) if (access(PATH_LOCKDOWN, F_OK) != 0) { char flag; - - flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN"); - - /* SecureBoot enabled could mean integrity lockdown */ - if (flag == 'y' && tst_secureboot_enabled() > 0) + /* SecureBoot enabled could mean integrity lockdown (non-mainline version) */ + flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN") == 'y'; + flag |= tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT") == 'y'; + if (flag && tst_secureboot_enabled() > 0) return 1; tst_res(TINFO, "Unable to determine system lockdown state"); From patchwork Fri Jul 21 09:15:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810824 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=qwDC1jeX; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=lCCVLZtX; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6kRk63PBz1yYC for ; Fri, 21 Jul 2023 19:15:30 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id BBA103CB7BA for ; Fri, 21 Jul 2023 11:15:26 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id DF2F93C9481 for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id 61E551000D43 for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B366A1F8D5; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=04Fuv8A2X3iotfgHYI4YNYjLC3OxXC0fbvfCWsfXuIU=; b=qwDC1jeXM9aUsC/xwujW1K3Mk31h6TfpXUfz5YnrPbAEdpwut/COxbja2//lSjvv/JpMZO WrSKWlULhjXT2zccDJjRYQ38YOhr+/ec18RiH6y+wAionhjn92EYtzhc8zTsUMj5xPp2sC 6qsVfJsqPWQj4nKnPwVwAq0g7maOgMw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=04Fuv8A2X3iotfgHYI4YNYjLC3OxXC0fbvfCWsfXuIU=; b=lCCVLZtX+GWTiOEuklGSiVy46zVnSWlC07w9WVPejRWd7xl26SJuxd8qaRAxwO54OPAF6v B3jpaLyvB1KS0EBQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8909A134B0; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id qLTEH6pMumRSawAAMHmgww (envelope-from ); Fri, 21 Jul 2023 09:15:22 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Fri, 21 Jul 2023 11:15:12 +0200 Message-Id: <20230721091515.1353371-3-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230721091515.1353371-1-pvorel@suse.cz> References: <20230721091515.1353371-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_SOFTFAIL, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH v2 2/5] tst_lockdown_enabled: Print lockdown state X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" This will be used to simplify .skip_in_lockdown in next commit. Suggested-by: Martin Doucha Signed-off-by: Petr Vorel Reviewed-by: Martin Doucha --- lib/tst_lockdown.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c index 4ce4736c3..8f2ee6762 100644 --- a/lib/tst_lockdown.c +++ b/lib/tst_lockdown.c @@ -47,6 +47,7 @@ int tst_lockdown_enabled(void) { char line[BUFSIZ]; FILE *file; + int ret; if (access(PATH_LOCKDOWN, F_OK) != 0) { char flag; @@ -65,5 +66,8 @@ int tst_lockdown_enabled(void) tst_brk(TBROK | TERRNO, "fgets %s", PATH_LOCKDOWN); SAFE_FCLOSE(file); - return (strstr(line, "[none]") == NULL); + ret = strstr(line, "[none]") == NULL; + tst_res(TINFO, "Lockdown: %s", ret ? "on" : "off"); + + return ret; } From patchwork Fri Jul 21 09:15:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810828 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=ucC9DBCX; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=768MB/5A; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6kSY03cjz1yYC for ; Fri, 21 Jul 2023 19:16:13 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 08A5D3C967F for ; Fri, 21 Jul 2023 11:16:11 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [217.194.8.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 345293C94FC for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 26CB4200C11 for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E10861FD82; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3crdV2YH74zGOSBkhAPiJJHtib+JtbhpUY3tHJvzgs8=; b=ucC9DBCXzFH8dtAPNb8GfNm0ACnYhG6vXQr1ZBA8MZ5miz1ZUp+rrxbBmSxcM1g+lClwLT sfnwXGPWff2TK3JvnXUelfh8swBNKxNS1COjY6Yny5o3NcFugkPIpHt6sK4eIZlAjIXfeU Ygr+6XOjfT6BY4fp2ViVKGoyZ8F1DoA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689930922; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3crdV2YH74zGOSBkhAPiJJHtib+JtbhpUY3tHJvzgs8=; b=768MB/5ApcZuwuj2BdB/mPOyzOa6cJPH8ULLE4Ik0SIr8lNC0+KVuIT/NjBTlUjn+x4ORB OnBgEytEPliTPMDA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id BD36D134B0; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id iDjRLKpMumRSawAAMHmgww (envelope-from ); Fri, 21 Jul 2023 09:15:22 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Fri, 21 Jul 2023 11:15:13 +0200 Message-Id: <20230721091515.1353371-4-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230721091515.1353371-1-pvorel@suse.cz> References: <20230721091515.1353371-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-7.smtp.seeweb.it Subject: [LTP] [PATCH v2 3/5] lib: Add .skip_in_secureboot flag X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" This will be used in module related tests. Reviewed-by: Martin Doucha Signed-off-by: Petr Vorel --- doc/test-writing-guidelines.txt | 1 + include/tst_test.h | 4 ++++ lib/tst_test.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/doc/test-writing-guidelines.txt b/doc/test-writing-guidelines.txt index b83a6fdb6..6d1a69165 100644 --- a/doc/test-writing-guidelines.txt +++ b/doc/test-writing-guidelines.txt @@ -393,6 +393,7 @@ https://github.com/linux-test-project/ltp/wiki/Shell-Test-API[Shell Test API]. | '.skip_filesystems' | 'TST_SKIP_FILESYSTEMS' | '.skip_in_compat' | – | '.skip_in_lockdown' | – +| '.skip_in_secureboot' | – | '.supported_archs' | not applicable | '.tags' | – | '.taint_check' | – diff --git a/include/tst_test.h b/include/tst_test.h index 22acfba59..0ac492a80 100644 --- a/include/tst_test.h +++ b/include/tst_test.h @@ -177,6 +177,7 @@ struct tst_test { int child_needs_reinit:1; int needs_devfs:1; int restore_wallclock:1; + /* * If set the test function will be executed for all available * filesystems and the current filesystem type would be set in the @@ -186,8 +187,11 @@ struct tst_test { * to the test function. */ int all_filesystems:1; + int skip_in_lockdown:1; + int skip_in_secureboot:1; int skip_in_compat:1; + /* * If set, the hugetlbfs will be mounted at .mntpoint. */ diff --git a/lib/tst_test.c b/lib/tst_test.c index 04da456c6..8f7223b0e 100644 --- a/lib/tst_test.c +++ b/lib/tst_test.c @@ -1160,6 +1160,9 @@ static void do_setup(int argc, char *argv[]) if (tst_test->skip_in_lockdown && tst_lockdown_enabled()) tst_brk(TCONF, "Kernel is locked down, skipping test"); + if (tst_test->skip_in_secureboot && tst_secureboot_enabled()) + tst_brk(TCONF, "SecureBoot enabled, skipping test"); + if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits()) tst_brk(TCONF, "Not supported in 32-bit compat mode"); From patchwork Fri Jul 21 09:15:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810827 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=rEGiYGYo; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=ghuD4aQ8; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6kSL2lTVz1yYC for ; Fri, 21 Jul 2023 19:16:02 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 7280B3CB258 for ; Fri, 21 Jul 2023 11:16:00 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [217.194.8.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 2CFC13C94B8 for ; Fri, 21 Jul 2023 11:15:24 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id 780E81A008AC for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 16B0D219F5; Fri, 21 Jul 2023 09:15:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689930923; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fOMLZ5ZgzEmY1W7lxu+lkqNSNiybmqp1KDeDoduUV78=; b=rEGiYGYoLnQv837NVYZGs7DxD9kt1wRmwt0/JmzmTp6P+V/BLm5174uz3nXXJayw5QB2Jp 52917AWGWOST4RMw8QdfIOHHTybRhHFKBdHinM0SJoQjTVLs5exPilVuEfRvib/FeJApZX p7G0T3iLVUu6Ss8YDdGkghDw5IiDHYE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689930923; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fOMLZ5ZgzEmY1W7lxu+lkqNSNiybmqp1KDeDoduUV78=; b=ghuD4aQ8l/SyybEcgSKtqGxMsQOZI1najEo7qgihuyg7fcxcf4LaFgGjEFHsxBYLIU4YNX fcMgbMSsOoXBZqBg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id E8B49134B0; Fri, 21 Jul 2023 09:15:22 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id UACMN6pMumRSawAAMHmgww (envelope-from ); Fri, 21 Jul 2023 09:15:22 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Fri, 21 Jul 2023 11:15:14 +0200 Message-Id: <20230721091515.1353371-5-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230721091515.1353371-1-pvorel@suse.cz> References: <20230721091515.1353371-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-3.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-3.smtp.seeweb.it Subject: [LTP] [PATCH v2 4/5] {delete, finit, init}_module0[1-3]: Skip on SecureBoot X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Enabled SecureBoot requires signed modules (regardless lockdown state). Signed-off-by: Petr Vorel Reviewed-by: Martin Doucha --- testcases/kernel/syscalls/delete_module/delete_module01.c | 3 ++- testcases/kernel/syscalls/delete_module/delete_module03.c | 3 ++- testcases/kernel/syscalls/finit_module/finit_module01.c | 3 ++- testcases/kernel/syscalls/finit_module/finit_module02.c | 8 +++++--- testcases/kernel/syscalls/init_module/init_module01.c | 3 ++- testcases/kernel/syscalls/init_module/init_module02.c | 7 ++++--- 6 files changed, 17 insertions(+), 10 deletions(-) diff --git a/testcases/kernel/syscalls/delete_module/delete_module01.c b/testcases/kernel/syscalls/delete_module/delete_module01.c index 6ecd2cad1..90d8b5289 100644 --- a/testcases/kernel/syscalls/delete_module/delete_module01.c +++ b/testcases/kernel/syscalls/delete_module/delete_module01.c @@ -50,8 +50,9 @@ static void cleanup(void) static struct tst_test test = { .needs_root = 1, - /* lockdown requires signed modules */ + /* lockdown and SecureBoot requires signed modules */ .skip_in_lockdown = 1, + .skip_in_secureboot = 1, .cleanup = cleanup, .test_all = do_delete_module, }; diff --git a/testcases/kernel/syscalls/delete_module/delete_module03.c b/testcases/kernel/syscalls/delete_module/delete_module03.c index 863d36188..7e92fc2af 100644 --- a/testcases/kernel/syscalls/delete_module/delete_module03.c +++ b/testcases/kernel/syscalls/delete_module/delete_module03.c @@ -72,8 +72,9 @@ static void cleanup(void) static struct tst_test test = { .needs_root = 1, - /* lockdown requires signed modules */ + /* lockdown and SecureBoot requires signed modules */ .skip_in_lockdown = 1, + .skip_in_secureboot = 1, .setup = setup, .cleanup = cleanup, .test_all = do_delete_module, diff --git a/testcases/kernel/syscalls/finit_module/finit_module01.c b/testcases/kernel/syscalls/finit_module/finit_module01.c index f960b2e40..1929c30fa 100644 --- a/testcases/kernel/syscalls/finit_module/finit_module01.c +++ b/testcases/kernel/syscalls/finit_module/finit_module01.c @@ -49,6 +49,7 @@ static struct tst_test test = { .setup = setup, .cleanup = cleanup, .needs_root = 1, - /* lockdown requires signed modules */ + /* lockdown and SecureBoot requires signed modules */ .skip_in_lockdown = 1, + .skip_in_secureboot = 1, }; diff --git a/testcases/kernel/syscalls/finit_module/finit_module02.c b/testcases/kernel/syscalls/finit_module/finit_module02.c index a7434de7d..af4feb76b 100644 --- a/testcases/kernel/syscalls/finit_module/finit_module02.c +++ b/testcases/kernel/syscalls/finit_module/finit_module02.c @@ -25,7 +25,7 @@ static char *mod_path; static int fd, fd_zero, fd_invalid = -1, fd_dir; -static int kernel_lockdown; +static int kernel_lockdown, secure_boot; static struct tst_cap cap_req = TST_CAP(TST_CAP_REQ, CAP_SYS_MODULE); static struct tst_cap cap_drop = TST_CAP(TST_CAP_DROP, CAP_SYS_MODULE); @@ -84,6 +84,8 @@ static void setup(void) tst_module_exists(MODULE_NAME, &mod_path); kernel_lockdown = tst_lockdown_enabled(); + secure_boot = tst_secureboot_enabled(); + SAFE_MKDIR(TEST_DIR, 0700); fd_dir = SAFE_OPEN(TEST_DIR, O_DIRECTORY); @@ -102,8 +104,8 @@ static void run(unsigned int n) { struct tcase *tc = &tcases[n]; - if (tc->skip_in_lockdown && kernel_lockdown) { - tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); + if (tc->skip_in_lockdown && (kernel_lockdown || secure_boot)) { + tst_res(TCONF, "Cannot load unsigned modules, skipping %s", tc->name); return; } diff --git a/testcases/kernel/syscalls/init_module/init_module01.c b/testcases/kernel/syscalls/init_module/init_module01.c index 79e567cd6..26ff0b93b 100644 --- a/testcases/kernel/syscalls/init_module/init_module01.c +++ b/testcases/kernel/syscalls/init_module/init_module01.c @@ -53,6 +53,7 @@ static struct tst_test test = { .setup = setup, .cleanup = cleanup, .needs_root = 1, - /* lockdown requires signed modules */ + /* lockdown and SecureBoot requires signed modules */ .skip_in_lockdown = 1, + .skip_in_secureboot = 1, }; diff --git a/testcases/kernel/syscalls/init_module/init_module02.c b/testcases/kernel/syscalls/init_module/init_module02.c index ad6569a06..15a482664 100644 --- a/testcases/kernel/syscalls/init_module/init_module02.c +++ b/testcases/kernel/syscalls/init_module/init_module02.c @@ -22,7 +22,7 @@ #define MODULE_NAME "init_module.ko" static unsigned long size, zero_size; -static int kernel_lockdown; +static int kernel_lockdown, secure_boot; static void *buf, *faulty_buf, *null_buf; static struct tst_cap cap_req = TST_CAP(TST_CAP_REQ, CAP_SYS_MODULE); @@ -54,6 +54,7 @@ static void setup(void) tst_module_exists(MODULE_NAME, NULL); kernel_lockdown = tst_lockdown_enabled(); + secure_boot = tst_secureboot_enabled(); fd = SAFE_OPEN(MODULE_NAME, O_RDONLY|O_CLOEXEC); SAFE_FSTAT(fd, &sb); size = sb.st_size; @@ -67,8 +68,8 @@ static void run(unsigned int n) { struct tcase *tc = &tcases[n]; - if (tc->skip_in_lockdown && kernel_lockdown) { - tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); + if (tc->skip_in_lockdown && (kernel_lockdown || secure_boot)) { + tst_res(TCONF, "Cannot load unsigned modules, skipping %s", tc->name); return; } From patchwork Fri Jul 21 09:15:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810829 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=jmiKv5x8; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=fc1C6sDK; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6kSl2q4wz1yYC for ; Fri, 21 Jul 2023 19:16:23 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 692393C967F for ; Fri, 21 Jul 2023 11:16:21 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [217.194.8.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 804003C9481 for ; Fri, 21 Jul 2023 11:15:24 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id 282B01A00CAF for ; Fri, 21 Jul 2023 11:15:23 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 50CA2219F8; Fri, 21 Jul 2023 09:15:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689930923; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X68fsnjPnSBiw4ognCFVZjIkP4xP0sNBUXZfwqyJJ3M=; b=jmiKv5x8ybw3nDry34VgoGkh9UtLBll2HhPE9ZnualLkHvamo+KVi+eSvMWCL7A4spiWNA hVMRg6Iird+D6Wzy47MMgf+q8IyCwQBh2He+agzggoGv86XWNC5JG9uAoaw9XjsDiHN/Sr m5nQFEKLyguER1v3AVFlDbyYzwiduhk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689930923; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X68fsnjPnSBiw4ognCFVZjIkP4xP0sNBUXZfwqyJJ3M=; b=fc1C6sDKI0dqwfvfRLqQakkEkdd20GW3qL2Hx7ZSvwocrosM4WBfKzD1ExyXYlOr6UT6/l 19s1AnuU3lBR86BQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 1F37F134B0; Fri, 21 Jul 2023 09:15:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id wII+BqtMumRSawAAMHmgww (envelope-from ); Fri, 21 Jul 2023 09:15:23 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Fri, 21 Jul 2023 11:15:15 +0200 Message-Id: <20230721091515.1353371-6-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230721091515.1353371-1-pvorel@suse.cz> References: <20230721091515.1353371-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-3.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_SOFTFAIL, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-3.smtp.seeweb.it Subject: [LTP] [PATCH v2 5/5] doc/c-api: Document .skip_in_* flags X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Reviewed-by: Martin Doucha Signed-off-by: Petr Vorel --- doc/c-test-api.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/c-test-api.txt b/doc/c-test-api.txt index 07c069ced..74871e6c8 100644 --- a/doc/c-test-api.txt +++ b/doc/c-test-api.txt @@ -2412,6 +2412,12 @@ static struct tst_test test = { }; ------------------------------------------------------------------------------- +1.41 Skipping test based on system state +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Test can be skipped on various conditions: on enabled SecureBoot +('.skip_in_secureboot = 1'), lockdown ('.skip_in_lockdown = 1') or in 32-bit +compat mode ('.skip_in_compat = 1'). + 2. Common problems ------------------