Message ID | 1411968789-1829-1-git-send-email-ivan.hu@canonical.com |
---|---|
State | Accepted |
Headers | show |
On 09/29/2014 01:33 PM, Ivan Hu wrote: > When secureboot enabled, it's obverious that something wrong with missing DB and > KEK variables, failures will be report. When the secureboot disabled and missing > DB and KEK variables, report the information that the machine is not in > readiness for secureboot. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 22 ++++++++++++++++------ > 1 file changed, 16 insertions(+), 6 deletions(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 53d9e13..4fd6cef 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST { > } > > static uint8_t var_found; > +static bool securebooted = false; > > static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) > { > @@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c > "The secure boot variable data invalid."); > return; > } > + if (value == 1) > + securebooted = true; > fwts_log_info_verbatum(fw, " Value: 0x%2.2x%s.", value, mode); > fwts_passed(fw, "Secure boot relative variable %s check passed.", varname); > } > @@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw) > if (!(var_found & VAR_SETUPMODE_FOUND)) > fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > "The secure boot variable SetupMode not found."); > - if (!(var_found & VAR_DB_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable DB not found."); > - if (!(var_found & VAR_KEK_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable KEK not found."); > + if (securebooted) { > + if (!(var_found & VAR_DB_FOUND)) > + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > + "The secure boot variable DB not found."); > + if (!(var_found & VAR_KEK_FOUND)) > + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > + "The secure boot variable KEK not found."); > + } else { > + if (!(var_found & VAR_DB_FOUND)) > + fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found."); > + if (!(var_found & VAR_KEK_FOUND)) > + fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found."); > + } > > fwts_uefi_free_variable_names(&name_list); > > Acked-by: Alex Hung <alex.hung@canonical.com>
On 29/09/14 06:33, Ivan Hu wrote: > When secureboot enabled, it's obverious that something wrong with missing DB and > KEK variables, failures will be report. When the secureboot disabled and missing > DB and KEK variables, report the information that the machine is not in > readiness for secureboot. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 22 ++++++++++++++++------ > 1 file changed, 16 insertions(+), 6 deletions(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 53d9e13..4fd6cef 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST { > } > > static uint8_t var_found; > +static bool securebooted = false; > > static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) > { > @@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c > "The secure boot variable data invalid."); > return; > } > + if (value == 1) > + securebooted = true; > fwts_log_info_verbatum(fw, " Value: 0x%2.2x%s.", value, mode); > fwts_passed(fw, "Secure boot relative variable %s check passed.", varname); > } > @@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw) > if (!(var_found & VAR_SETUPMODE_FOUND)) > fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > "The secure boot variable SetupMode not found."); > - if (!(var_found & VAR_DB_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable DB not found."); > - if (!(var_found & VAR_KEK_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable KEK not found."); > + if (securebooted) { > + if (!(var_found & VAR_DB_FOUND)) > + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > + "The secure boot variable DB not found."); > + if (!(var_found & VAR_KEK_FOUND)) > + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > + "The secure boot variable KEK not found."); > + } else { > + if (!(var_found & VAR_DB_FOUND)) > + fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found."); > + if (!(var_found & VAR_KEK_FOUND)) > + fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found."); > + } > > fwts_uefi_free_variable_names(&name_list); > > Thanks Ivan Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c index 53d9e13..4fd6cef 100644 --- a/src/uefi/securebootcert/securebootcert.c +++ b/src/uefi/securebootcert/securebootcert.c @@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST { } static uint8_t var_found; +static bool securebooted = false; static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) { @@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c "The secure boot variable data invalid."); return; } + if (value == 1) + securebooted = true; fwts_log_info_verbatum(fw, " Value: 0x%2.2x%s.", value, mode); fwts_passed(fw, "Secure boot relative variable %s check passed.", varname); } @@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw) if (!(var_found & VAR_SETUPMODE_FOUND)) fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", "The secure boot variable SetupMode not found."); - if (!(var_found & VAR_DB_FOUND)) - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", - "The secure boot variable DB not found."); - if (!(var_found & VAR_KEK_FOUND)) - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", - "The secure boot variable KEK not found."); + if (securebooted) { + if (!(var_found & VAR_DB_FOUND)) + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", + "The secure boot variable DB not found."); + if (!(var_found & VAR_KEK_FOUND)) + fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", + "The secure boot variable KEK not found."); + } else { + if (!(var_found & VAR_DB_FOUND)) + fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found."); + if (!(var_found & VAR_KEK_FOUND)) + fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found."); + } fwts_uefi_free_variable_names(&name_list);
When secureboot enabled, it's obverious that something wrong with missing DB and KEK variables, failures will be report. When the secureboot disabled and missing DB and KEK variables, report the information that the machine is not in readiness for secureboot. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/securebootcert/securebootcert.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-)