| Message ID | 1494923449-19709-1-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 16/05/17 09:30, Ivan Hu wrote: > Some firmwares like OVMF or EDKII may not create these UEFI variables when > they are not enabled the secure boot, it won't affect any functions because the > secure boot is not supported or enabled. So set the tests as warnings instead > of failures for the readiness of secure boot. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 38f2405..b836855 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -456,11 +456,9 @@ static int securebootcert_test1(fwts_framework *fw) > > /* check all the secure boot variables be found */ > if (!(var_found & VAR_SECUREBOOT_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable SecureBoot not found."); > + fwts_warning(fw, "The secure boot variable SecureBoot not found."); > if (!(var_found & VAR_SETUPMODE_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable SetupMode not found."); > + fwts_warning(fw, "The secure boot variable SetupMode not found."); > if (!(var_found & VAR_AUDITMODE_FOUND)) { > fwts_warning(fw, "The secure boot variable AuditMode not found."); > fwts_advice(fw, > Thanks Ivan Acked-by: Colin Ian King <colin.king@canonical.com>
On 2017-05-16 01:30 AM, Ivan Hu wrote: > Some firmwares like OVMF or EDKII may not create these UEFI variables when > they are not enabled the secure boot, it won't affect any functions because the > secure boot is not supported or enabled. So set the tests as warnings instead > of failures for the readiness of secure boot. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 38f2405..b836855 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -456,11 +456,9 @@ static int securebootcert_test1(fwts_framework *fw) > > /* check all the secure boot variables be found */ > if (!(var_found & VAR_SECUREBOOT_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable SecureBoot not found."); > + fwts_warning(fw, "The secure boot variable SecureBoot not found."); > if (!(var_found & VAR_SETUPMODE_FOUND)) > - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", > - "The secure boot variable SetupMode not found."); > + fwts_warning(fw, "The secure boot variable SetupMode not found."); > if (!(var_found & VAR_AUDITMODE_FOUND)) { > fwts_warning(fw, "The secure boot variable AuditMode not found."); > fwts_advice(fw, > Acked-by: Alex Hung <alex.hung@canonical.com>
diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c index 38f2405..b836855 100644 --- a/src/uefi/securebootcert/securebootcert.c +++ b/src/uefi/securebootcert/securebootcert.c @@ -456,11 +456,9 @@ static int securebootcert_test1(fwts_framework *fw) /* check all the secure boot variables be found */ if (!(var_found & VAR_SECUREBOOT_FOUND)) - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", - "The secure boot variable SecureBoot not found."); + fwts_warning(fw, "The secure boot variable SecureBoot not found."); if (!(var_found & VAR_SETUPMODE_FOUND)) - fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound", - "The secure boot variable SetupMode not found."); + fwts_warning(fw, "The secure boot variable SetupMode not found."); if (!(var_found & VAR_AUDITMODE_FOUND)) { fwts_warning(fw, "The secure boot variable AuditMode not found."); fwts_advice(fw,
Some firmwares like OVMF or EDKII may not create these UEFI variables when they are not enabled the secure boot, it won't affect any functions because the secure boot is not supported or enabled. So set the tests as warnings instead of failures for the readiness of secure boot. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/securebootcert/securebootcert.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)