| Message ID | 1515396249-7923-2-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] securebootcert: add checking read-only for the AuditMode and DeployedMode | expand |
On 2018-01-07 11:24 PM, Ivan Hu wrote: > Adding the AuditMode and DeployedMode read-only test, need to actually set > variable by UEFI runtime services through firmware. So move this test to UNSAFE. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 60fc489..45361fa 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -620,6 +620,6 @@ static fwts_framework_ops securebootcert_ops = { > .minor_tests = securebootcert_tests > }; > > -FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV) > +FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV) > > #endif > Acked-by: Alex Hung <alex.hung@canonical.com>
On 08/01/18 07:24, Ivan Hu wrote: > Adding the AuditMode and DeployedMode read-only test, need to actually set > variable by UEFI runtime services through firmware. So move this test to UNSAFE. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/securebootcert/securebootcert.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 60fc489..45361fa 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -620,6 +620,6 @@ static fwts_framework_ops securebootcert_ops = { > .minor_tests = securebootcert_tests > }; > > -FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV) > +FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV) > > #endif > Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c index 60fc489..45361fa 100644 --- a/src/uefi/securebootcert/securebootcert.c +++ b/src/uefi/securebootcert/securebootcert.c @@ -620,6 +620,6 @@ static fwts_framework_ops securebootcert_ops = { .minor_tests = securebootcert_tests }; -FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_BATCH | FWTS_FLAG_ROOT_PRIV) +FWTS_REGISTER("securebootcert", &securebootcert_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_TEST_UEFI | FWTS_FLAG_UNSAFE | FWTS_FLAG_ROOT_PRIV) #endif
Adding the AuditMode and DeployedMode read-only test, need to actually set variable by UEFI runtime services through firmware. So move this test to UNSAFE. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/securebootcert/securebootcert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)