deleted file mode 100644
@@ -1,15 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (c) 2021 Petr Vorel <pvorel@suse.cz>
- */
-
-#ifndef TST_FIPS_H__
-#define TST_FIPS_H__
-
-/*
- * Detect whether FIPS enabled
- * @return 0: FIPS not enabled, 1: FIPS enabled
- */
-int tst_fips_enabled(void);
-
-#endif /* TST_FIPS_H__ */
deleted file mode 100644
@@ -1,11 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later
- * Copyright (c) Linux Test Project, 2020-2021
- */
-
-#ifndef TST_LOCKDOWN_H
-#define TST_LOCKDOWN_H
-
-int tst_secureboot_enabled(void);
-int tst_lockdown_enabled(void);
-
-#endif /* TST_LOCKDOWN_H */
new file mode 100644
@@ -0,0 +1,17 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (c) Linux Test Project, 2020-2024
+ */
+
+#ifndef TST_SECURITY_H__
+#define TST_SECURITY_H__
+
+/*
+ * Detect whether FIPS enabled
+ * @return 0: FIPS not enabled, 1: FIPS enabled
+ */
+int tst_fips_enabled(void);
+
+int tst_lockdown_enabled(void);
+int tst_secureboot_enabled(void);
+
+#endif /* TST_SECURITY_H__ */
@@ -40,8 +40,8 @@
#include "tst_capability.h"
#include "tst_hugepage.h"
#include "tst_assert.h"
-#include "tst_lockdown.h"
-#include "tst_fips.h"
+#include "tst_security.h"
+#include "tst_security.h"
#include "tst_taint.h"
#include "tst_memutils.h"
#include "tst_arch.h"
deleted file mode 100644
@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * Copyright (c) 2021 Petr Vorel <pvorel@suse.cz>
- */
-
-#define TST_NO_DEFAULT_MAIN
-
-#define PATH_FIPS "/proc/sys/crypto/fips_enabled"
-
-#include "tst_test.h"
-#include "tst_safe_macros.h"
-#include "tst_fips.h"
-
-int tst_fips_enabled(void)
-{
- int fips = 0;
-
- if (access(PATH_FIPS, R_OK) == 0) {
- SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
- }
-
- tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
- return fips;
-}
similarity index 86%
rename from lib/tst_lockdown.c
rename to lib/tst_security.c
@@ -1,12 +1,21 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
- * Copyright (c) Linux Test Project, 2020-2023
+ * Copyright (c) Linux Test Project, 2020-2024
*/
#define TST_NO_DEFAULT_MAIN
+#define PATH_FIPS "/proc/sys/crypto/fips_enabled"
#define PATH_LOCKDOWN "/sys/kernel/security/lockdown"
+#if defined(__powerpc64__) || defined(__ppc64__)
+# define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
+# define VAR_DATA_SIZE 4
+#else
+# define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
+# define VAR_DATA_SIZE 5
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <sys/mount.h>
@@ -14,41 +23,19 @@
#include "tst_test.h"
#include "tst_safe_macros.h"
#include "tst_safe_stdio.h"
-#include "tst_lockdown.h"
+#include "tst_security.h"
#include "tst_private.h"
-#if defined(__powerpc64__) || defined(__ppc64__)
-# define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
-# define VAR_DATA_SIZE 4
-#else
-# define SECUREBOOT_VAR "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
-# define VAR_DATA_SIZE 5
-#endif
-
-int tst_secureboot_enabled(void)
+int tst_fips_enabled(void)
{
- int fd;
- char data[5];
+ int fips = 0;
- if (access(SECUREBOOT_VAR, F_OK)) {
- tst_res(TINFO, "SecureBoot sysfs file not available");
- return -1;
+ if (access(PATH_FIPS, R_OK) == 0) {
+ SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
}
- fd = open(SECUREBOOT_VAR, O_RDONLY);
-
- if (fd == -1) {
- tst_res(TINFO | TERRNO,
- "Cannot open SecureBoot file");
- return -1;
- } else if (fd < 0) {
- tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
- return -1;
- }
- SAFE_READ(1, fd, data, VAR_DATA_SIZE);
- SAFE_CLOSE(fd);
- tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
- return data[VAR_DATA_SIZE - 1];
+ tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
+ return fips;
}
int tst_lockdown_enabled(void)
@@ -86,3 +73,29 @@ int tst_lockdown_enabled(void)
return ret;
}
+
+int tst_secureboot_enabled(void)
+{
+ int fd;
+ char data[5];
+
+ if (access(SECUREBOOT_VAR, F_OK)) {
+ tst_res(TINFO, "SecureBoot sysfs file not available");
+ return -1;
+ }
+
+ fd = open(SECUREBOOT_VAR, O_RDONLY);
+
+ if (fd == -1) {
+ tst_res(TINFO | TERRNO,
+ "Cannot open SecureBoot file");
+ return -1;
+ } else if (fd < 0) {
+ tst_brk(TBROK | TERRNO, "Invalid open() return value %d", fd);
+ return -1;
+ }
+ SAFE_READ(1, fd, data, VAR_DATA_SIZE);
+ SAFE_CLOSE(fd);
+ tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
+ return data[VAR_DATA_SIZE - 1];
+}
Merge FIPS and lockdown related library sources to new tst_security.[ch] file to shorten number of the files in the library. More security related code will be added in next commit. Signed-off-by: Petr Vorel <pvorel@suse.cz> --- changes v1->v2: * New commit: lib: Merge security related sources I'll send more cleanup in a different patchset. Kind regards, Petr include/tst_fips.h | 15 ------ include/tst_lockdown.h | 11 ---- include/tst_security.h | 17 ++++++ include/tst_test.h | 4 +- lib/tst_fips.c | 24 --------- lib/{tst_lockdown.c => tst_security.c} | 73 +++++++++++++++----------- 6 files changed, 62 insertions(+), 82 deletions(-) delete mode 100644 include/tst_fips.h delete mode 100644 include/tst_lockdown.h create mode 100644 include/tst_security.h delete mode 100644 lib/tst_fips.c rename lib/{tst_lockdown.c => tst_security.c} (86%)