[2/2] securebootcert: move to UNSAFE category

Message ID 1515396249-7923-2-git-send-email-ivan.hu@canonical.com
State Accepted
Headers show
Series
  • [1/2] securebootcert: add checking read-only for the AuditMode and DeployedMode
Related show

Commit Message

ivanhu Jan. 8, 2018, 7:24 a.m.
Adding the AuditMode and DeployedMode read-only test, need to actually set
variable by UEFI runtime services through firmware. So move this test to UNSAFE.

Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
---
 src/uefi/securebootcert/securebootcert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Alex Hung Jan. 9, 2018, 1:34 a.m. | #1
On 2018-01-07 11:24 PM, Ivan Hu wrote:
> Adding the AuditMode and DeployedMode read-only test, need to actually set
> variable by UEFI runtime services through firmware. So move this test to UNSAFE.
> 
> Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
> ---
>   src/uefi/securebootcert/securebootcert.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
> index 60fc489..45361fa 100644
> --- a/src/uefi/securebootcert/securebootcert.c
> +++ b/src/uefi/securebootcert/securebootcert.c
> @@ -620,6 +620,6 @@ static fwts_framework_ops securebootcert_ops = {
>   	.minor_tests = securebootcert_tests
>   };
>   
> -FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV)
> +FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV)
>   
>   #endif
> 

Acked-by: Alex Hung <alex.hung@canonical.com>
Colin King Jan. 16, 2018, 2:33 p.m. | #2
On 08/01/18 07:24, Ivan Hu wrote:
> Adding the AuditMode and DeployedMode read-only test, need to actually set
> variable by UEFI runtime services through firmware. So move this test to UNSAFE.
> 
> Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
> ---
>  src/uefi/securebootcert/securebootcert.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
> index 60fc489..45361fa 100644
> --- a/src/uefi/securebootcert/securebootcert.c
> +++ b/src/uefi/securebootcert/securebootcert.c
> @@ -620,6 +620,6 @@ static fwts_framework_ops securebootcert_ops = {
>  	.minor_tests = securebootcert_tests
>  };
>  
> -FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV)
> +FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV)
>  
>  #endif
> 

Acked-by: Colin Ian King <colin.king@canonical.com>

Patch

diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
index 60fc489..45361fa 100644
--- a/src/uefi/securebootcert/securebootcert.c
+++ b/src/uefi/securebootcert/securebootcert.c
@@ -620,6 +620,6 @@  static fwts_framework_ops securebootcert_ops = {
 	.minor_tests = securebootcert_tests
 };
 
-FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV)
+FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV)
 
 #endif