selftests/ima: kexec_load syscall test (a802ed0d) · Commits · 戴 / test

tools/testing/selftests/Makefile

+1 −0

0 → 100644

+11 −0

Original line number	Diff line number	Diff line
		# Makefile for kexec_load

		uname_M := $(shell uname -m 2>/dev/null \|\| echo not)
		ARCH ?= $(shell echo $(uname_M) \| sed -e s/i.86/x86/ -e s/x86_64/x86/)

		ifeq ($(ARCH),x86)
		TEST_PROGS := test_kexec_load.sh

		include ../lib.mk

		endif

0 → 100644

+4 −0

0 → 100755

+54 −0

Original line number	Diff line number	Diff line
		#!/bin/sh
		# SPDX-License-Identifier: GPL-2.0+
		# Loading a kernel image via the kexec_load syscall should fail
		# when the kerne is CONFIG_KEXEC_VERIFY_SIG enabled and the system
		# is booted in secureboot mode.

		TEST="$0"
		EFIVARFS="/sys/firmware/efi/efivars"
		rc=0

		# Kselftest framework requirement - SKIP code is 4.
		ksft_skip=4

		# kexec requires root privileges
		if [ $UID != 0 ]; then
		echo "$TEST: must be run as root" >&2
		exit $ksft_skip
		fi

		# Make sure that efivars is mounted in the normal location
		if ! grep -q "^\S\+ $EFIVARFS efivarfs" /proc/mounts; then
		echo "$TEST: efivars is not mounted on $EFIVARFS" >&2
		exit $ksft_skip
		fi

		# Get secureboot mode
		file="$EFIVARFS/SecureBoot-*"
		if [ ! -e $file ]; then
		echo "$TEST: unknown secureboot mode" >&2
		exit $ksft_skip
		fi
		secureboot=`hexdump $file \| awk '{print substr($4,length($4),1)}'`

		# kexec_load should fail in secure boot mode
		KERNEL_IMAGE="/boot/vmlinuz-`uname -r`"
		kexec -l $KERNEL_IMAGE &>> /dev/null
		if [ $? == 0 ]; then
		kexec -u
		if [ "$secureboot" == "1" ]; then
		echo "$TEST: kexec_load succeeded [FAIL]"
		rc=1
		else
		echo "$TEST: kexec_load succeeded [PASS]"
		fi
		else
		if [ "$secureboot" == "1" ]; then
		echo "$TEST: kexec_load failed [PASS]"
		else
		echo "$TEST: kexec_load failed [FAIL]"
		rc=1
		fi
		fi

		exit $rc