From patchwork Thu Jul 20 15:02:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810528 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=C/RB20mA; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=tJP+/ffC; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6GBn3mvmz1yXp for ; Fri, 21 Jul 2023 01:02:41 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id D7A7C3CDC86 for ; Thu, 20 Jul 2023 17:02:36 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 037DD3CE974 for ; Thu, 20 Jul 2023 17:02:15 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id DA3A510011DB for ; Thu, 20 Jul 2023 17:02:14 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id D80EC21CE2; Thu, 20 Jul 2023 15:02:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689865333; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EVSitUF3n+H7SVlGIBc2/8ex23puKYes0SLZPr2RsTs=; b=C/RB20mAWG6K/gUhIPaCpmE4/QqRzBa8cab5wAOF+bKfMWHWDYAuLMdY7PSCgzFccxYVJL jDqwda+iX5uyV9s+5pstLDoOOBFS4YXb98Zw3MwuYGHd23vGgTjxq/EocezSQxIJq04onX 0WRegEPNeqAYixRNMw7WbkFZ2FDMxwc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689865333; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EVSitUF3n+H7SVlGIBc2/8ex23puKYes0SLZPr2RsTs=; b=tJP+/ffCHrZGi0wLWAbaWeVDBJIDXaFHoy1ER3UKOqdTjGpPMrF5eDOxU9LpyrSL1mQVd0 yUIoFrvuLENY2YDw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B335C138EC; Thu, 20 Jul 2023 15:02:13 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id mK8vKXVMuWR6CQAAMHmgww (envelope-from ); Thu, 20 Jul 2023 15:02:13 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 20 Jul 2023 17:02:03 +0200 Message-Id: <20230720150206.1338520-2-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230720150206.1338520-1-pvorel@suse.cz> References: <20230720150206.1338520-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_SOFTFAIL, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH 1/4] tst_lockdown: Check other lockdown configuration X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Originally we checked only CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y (non-mainline patch from 2017 [1]. Various distros (older releases) use other newer non-mainline patch [2] (originally from Fedora 32), which with CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y forces lockdown, when in secure boot. [1] https://lore.kernel.org/lkml/149141204578.30815.1929675368430800975.stgit@warthog.procyon.org.uk/ [2] https://lore.kernel.org/lkml/150842483945.7923.12778302394414653081.stgit@warthog.procyon.org.uk/ Signed-off-by: Petr Vorel --- lib/tst_lockdown.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/tst_lockdown.c b/lib/tst_lockdown.c index 26a57b6a1..f91bc919d 100644 --- a/lib/tst_lockdown.c +++ b/lib/tst_lockdown.c @@ -47,18 +47,21 @@ int tst_lockdown_enabled(void) { char line[BUFSIZ]; FILE *file; + char flag; if (access(PATH_LOCKDOWN, F_OK) != 0) { - char flag; - + /* SecureBoot enabled could mean integrity lockdown (non-mainline version) */ flag = tst_kconfig_get("CONFIG_EFI_SECURE_BOOT_LOCK_DOWN"); - - /* SecureBoot enabled could mean integrity lockdown */ if (flag == 'y' && tst_secureboot_enabled() > 0) return 1; tst_res(TINFO, "Unable to determine system lockdown state"); return 0; + } else { + /* SecureBoot forces lockdown (non-mainline version) */ + flag = tst_kconfig_get("CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT"); + if (flag == 'y' && tst_secureboot_enabled() > 0) + return 1; } file = SAFE_FOPEN(PATH_LOCKDOWN, "r"); From patchwork Thu Jul 20 15:02:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810527 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=Cryv6So6; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=Eu3bEZEY; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6GBX4c6Jz1yXp for ; Fri, 21 Jul 2023 01:02:28 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 57CCF3CE971 for ; Thu, 20 Jul 2023 17:02:26 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 2F02A3CDC92 for ; Thu, 20 Jul 2023 17:02:15 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 88B3E600BFF for ; Thu, 20 Jul 2023 17:02:14 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 2F51E22C83; Thu, 20 Jul 2023 15:02:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689865334; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zu/syvDoB2RLTyTi1rJcHcaz6JsOwC5/RVKFqoF/09Q=; b=Cryv6So6qEVS7NKxrutPZdjnBJW4iiLla8xx8mduzVqBoii+IVzhEX4G5jHNUv8nBJFDmc 0ycj80sVEHj1osthsoLK1nOg1C2WVnRS9fnzloG9xEXcFUiXGU8pEK7tbCZGQp7OUsl5Yx 0BOYZRsh/3Wqi68q40gsPVNYbeLN8XE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689865334; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zu/syvDoB2RLTyTi1rJcHcaz6JsOwC5/RVKFqoF/09Q=; b=Eu3bEZEYLON7EWSMU+1ETHJ7gZX6jYKqI4AEuAzouEOOoW8WtY4gKv6DdGjzdQse+nRTAk P+OmBftDEswnm5CQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id E89C8138EC; Thu, 20 Jul 2023 15:02:13 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id IAErNnVMuWR6CQAAMHmgww (envelope-from ); Thu, 20 Jul 2023 15:02:13 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 20 Jul 2023 17:02:04 +0200 Message-Id: <20230720150206.1338520-3-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230720150206.1338520-1-pvorel@suse.cz> References: <20230720150206.1338520-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-5.smtp.seeweb.it Subject: [LTP] [PATCH 2/4] lib: Add .skip_in_secureboot flag X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" This will be used in module related tests. Signed-off-by: Petr Vorel Reviewed-by: Martin Doucha --- doc/test-writing-guidelines.txt | 1 + include/tst_test.h | 4 ++++ lib/tst_test.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/doc/test-writing-guidelines.txt b/doc/test-writing-guidelines.txt index b83a6fdb6..6d1a69165 100644 --- a/doc/test-writing-guidelines.txt +++ b/doc/test-writing-guidelines.txt @@ -393,6 +393,7 @@ https://github.com/linux-test-project/ltp/wiki/Shell-Test-API[Shell Test API]. | '.skip_filesystems' | 'TST_SKIP_FILESYSTEMS' | '.skip_in_compat' | – | '.skip_in_lockdown' | – +| '.skip_in_secureboot' | – | '.supported_archs' | not applicable | '.tags' | – | '.taint_check' | – diff --git a/include/tst_test.h b/include/tst_test.h index 22acfba59..0ac492a80 100644 --- a/include/tst_test.h +++ b/include/tst_test.h @@ -177,6 +177,7 @@ struct tst_test { int child_needs_reinit:1; int needs_devfs:1; int restore_wallclock:1; + /* * If set the test function will be executed for all available * filesystems and the current filesystem type would be set in the @@ -186,8 +187,11 @@ struct tst_test { * to the test function. */ int all_filesystems:1; + int skip_in_lockdown:1; + int skip_in_secureboot:1; int skip_in_compat:1; + /* * If set, the hugetlbfs will be mounted at .mntpoint. */ diff --git a/lib/tst_test.c b/lib/tst_test.c index 04da456c6..8f7223b0e 100644 --- a/lib/tst_test.c +++ b/lib/tst_test.c @@ -1160,6 +1160,9 @@ static void do_setup(int argc, char *argv[]) if (tst_test->skip_in_lockdown && tst_lockdown_enabled()) tst_brk(TCONF, "Kernel is locked down, skipping test"); + if (tst_test->skip_in_secureboot && tst_secureboot_enabled()) + tst_brk(TCONF, "SecureBoot enabled, skipping test"); + if (tst_test->skip_in_compat && TST_ABI != tst_kernel_bits()) tst_brk(TCONF, "Not supported in 32-bit compat mode"); From patchwork Thu Jul 20 15:02:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810530 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=hn3qOua2; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=vx1+aFRk; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6GC90TvXz1yXp for ; Fri, 21 Jul 2023 01:03:01 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 03CA13CE995 for ; Thu, 20 Jul 2023 17:02:59 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-6.smtp.seeweb.it (in-6.smtp.seeweb.it [IPv6:2001:4b78:1:20::6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 565B33CDC8A for ; Thu, 20 Jul 2023 17:02:16 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-6.smtp.seeweb.it (Postfix) with ESMTPS id 367C81400353 for ; Thu, 20 Jul 2023 17:02:15 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id CD4E022C84; Thu, 20 Jul 2023 15:02:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689865334; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=olRBDsN7TLix9CfvHIIf9oq8hHeg9xQbSPHbKhAB2Hg=; b=hn3qOua2nvLpNZIw0Z3gDkwSXjTo3rdMG6FdN/Rf6kfv7bmQL6x9WMoP+SetnUvFkuswko XDZVvdSc3k0gS+QT6Nz2Yr9xzooxNRosXg8FI5rZuqrrS0Tlx+Drp/TMtXGmfojjcjJmwe TIvgssLmcDmeTGqvUpKiGwHXIrdj0lI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689865334; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=olRBDsN7TLix9CfvHIIf9oq8hHeg9xQbSPHbKhAB2Hg=; b=vx1+aFRkxcu+M1J7SWy/rgdn5j1ipSZRIlU7vE3pCPMDxT4Jz14CEHwVuAE3Gsb5pXTVJu Nv7g4jspbRwdZ0Ag== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 782C3138EC; Thu, 20 Jul 2023 15:02:14 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 8AO5G3ZMuWR6CQAAMHmgww (envelope-from ); Thu, 20 Jul 2023 15:02:14 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 20 Jul 2023 17:02:05 +0200 Message-Id: <20230720150206.1338520-4-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230720150206.1338520-1-pvorel@suse.cz> References: <20230720150206.1338520-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-6.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_SOFTFAIL, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-6.smtp.seeweb.it Subject: [LTP] [PATCH 3/4] {delete, finit, init}_module0[1-3]: Skip on SecureBoot X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Enabled SecureBoot requires signed modules (regardless lockdown state). Signed-off-by: Petr Vorel --- .../syscalls/delete_module/delete_module01.c | 2 ++ .../syscalls/delete_module/delete_module03.c | 2 ++ .../syscalls/finit_module/finit_module01.c | 2 ++ .../syscalls/finit_module/finit_module02.c | 17 +++++++++++++---- .../kernel/syscalls/init_module/init_module01.c | 2 ++ .../kernel/syscalls/init_module/init_module02.c | 16 ++++++++++++---- 6 files changed, 33 insertions(+), 8 deletions(-) diff --git a/testcases/kernel/syscalls/delete_module/delete_module01.c b/testcases/kernel/syscalls/delete_module/delete_module01.c index 6ecd2cad1..08597cfd6 100644 --- a/testcases/kernel/syscalls/delete_module/delete_module01.c +++ b/testcases/kernel/syscalls/delete_module/delete_module01.c @@ -52,6 +52,8 @@ static struct tst_test test = { .needs_root = 1, /* lockdown requires signed modules */ .skip_in_lockdown = 1, + /* SecureBoot requires signed modules */ + .skip_in_secureboot = 1, .cleanup = cleanup, .test_all = do_delete_module, }; diff --git a/testcases/kernel/syscalls/delete_module/delete_module03.c b/testcases/kernel/syscalls/delete_module/delete_module03.c index 863d36188..a4b5108f0 100644 --- a/testcases/kernel/syscalls/delete_module/delete_module03.c +++ b/testcases/kernel/syscalls/delete_module/delete_module03.c @@ -74,6 +74,8 @@ static struct tst_test test = { .needs_root = 1, /* lockdown requires signed modules */ .skip_in_lockdown = 1, + /* SecureBoot requires signed modules */ + .skip_in_secureboot = 1, .setup = setup, .cleanup = cleanup, .test_all = do_delete_module, diff --git a/testcases/kernel/syscalls/finit_module/finit_module01.c b/testcases/kernel/syscalls/finit_module/finit_module01.c index f960b2e40..660b567f5 100644 --- a/testcases/kernel/syscalls/finit_module/finit_module01.c +++ b/testcases/kernel/syscalls/finit_module/finit_module01.c @@ -51,4 +51,6 @@ static struct tst_test test = { .needs_root = 1, /* lockdown requires signed modules */ .skip_in_lockdown = 1, + /* SecureBoot requires signed modules */ + .skip_in_secureboot = 1, }; diff --git a/testcases/kernel/syscalls/finit_module/finit_module02.c b/testcases/kernel/syscalls/finit_module/finit_module02.c index a7434de7d..4f5962829 100644 --- a/testcases/kernel/syscalls/finit_module/finit_module02.c +++ b/testcases/kernel/syscalls/finit_module/finit_module02.c @@ -25,7 +25,7 @@ static char *mod_path; static int fd, fd_zero, fd_invalid = -1, fd_dir; -static int kernel_lockdown; +static int kernel_lockdown, secure_boot; static struct tst_cap cap_req = TST_CAP(TST_CAP_REQ, CAP_SYS_MODULE); static struct tst_cap cap_drop = TST_CAP(TST_CAP_DROP, CAP_SYS_MODULE); @@ -84,6 +84,8 @@ static void setup(void) tst_module_exists(MODULE_NAME, &mod_path); kernel_lockdown = tst_lockdown_enabled(); + secure_boot = tst_secureboot_enabled(); + SAFE_MKDIR(TEST_DIR, 0700); fd_dir = SAFE_OPEN(TEST_DIR, O_DIRECTORY); @@ -102,9 +104,16 @@ static void run(unsigned int n) { struct tcase *tc = &tcases[n]; - if (tc->skip_in_lockdown && kernel_lockdown) { - tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); - return; + if (tc->skip_in_lockdown) { + if (secure_boot) { + tst_res(TCONF, "SecureBoot enabled, skipping %s", tc->name); + return; + } + + if (kernel_lockdown) { + tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); + return; + } } fd = SAFE_OPEN(mod_path, tc->open_flags); diff --git a/testcases/kernel/syscalls/init_module/init_module01.c b/testcases/kernel/syscalls/init_module/init_module01.c index 79e567cd6..80b2b77cc 100644 --- a/testcases/kernel/syscalls/init_module/init_module01.c +++ b/testcases/kernel/syscalls/init_module/init_module01.c @@ -55,4 +55,6 @@ static struct tst_test test = { .needs_root = 1, /* lockdown requires signed modules */ .skip_in_lockdown = 1, + /* SecureBoot requires signed modules */ + .skip_in_secureboot = 1, }; diff --git a/testcases/kernel/syscalls/init_module/init_module02.c b/testcases/kernel/syscalls/init_module/init_module02.c index ad6569a06..4acbfbcd1 100644 --- a/testcases/kernel/syscalls/init_module/init_module02.c +++ b/testcases/kernel/syscalls/init_module/init_module02.c @@ -22,7 +22,7 @@ #define MODULE_NAME "init_module.ko" static unsigned long size, zero_size; -static int kernel_lockdown; +static int kernel_lockdown, secure_boot; static void *buf, *faulty_buf, *null_buf; static struct tst_cap cap_req = TST_CAP(TST_CAP_REQ, CAP_SYS_MODULE); @@ -54,6 +54,7 @@ static void setup(void) tst_module_exists(MODULE_NAME, NULL); kernel_lockdown = tst_lockdown_enabled(); + secure_boot = tst_secureboot_enabled(); fd = SAFE_OPEN(MODULE_NAME, O_RDONLY|O_CLOEXEC); SAFE_FSTAT(fd, &sb); size = sb.st_size; @@ -67,9 +68,16 @@ static void run(unsigned int n) { struct tcase *tc = &tcases[n]; - if (tc->skip_in_lockdown && kernel_lockdown) { - tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); - return; + if (tc->skip_in_lockdown) { + if (secure_boot) { + tst_res(TCONF, "SecureBoot enabled, skipping %s", tc->name); + return; + } + + if (kernel_lockdown) { + tst_res(TCONF, "Kernel is locked down, skipping %s", tc->name); + return; + } } if (tc->cap) From patchwork Thu Jul 20 15:02:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 1810529 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256 header.s=susede2_rsa header.b=k4qHDUNS; dkim=fail reason="signature verification failed" header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=0qPRJ/Ik; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6GBx693Lz1yXp for ; Fri, 21 Jul 2023 01:02:49 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id DC6873CAE7B for ; Thu, 20 Jul 2023 17:02:47 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [IPv6:2001:4b78:1:20::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 18EBE3CE978 for ; Thu, 20 Jul 2023 17:02:16 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 895E8600C57 for ; Thu, 20 Jul 2023 17:02:15 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 1CDF02069F; Thu, 20 Jul 2023 15:02:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1689865335; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ivdG9+6trBFGRS7KAVLBAszG0XL7cJqO9NIMzJIPoYY=; b=k4qHDUNSGXn++L1eUYmihOw9VESE/ovkaz50ml/ENtKAFWPObxLHqPBAEh5owfma0AcOdA pBZyqlMBTOevGts3VlnqzY1lHfLgAuioHQdnHAWq72wettFP0HNxfFVAetwImxhVTqEpK6 igIQwAX/gWQK6r+/+6ZO7onfXQpdoLM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1689865335; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ivdG9+6trBFGRS7KAVLBAszG0XL7cJqO9NIMzJIPoYY=; b=0qPRJ/IkrfpnqVJeyuDjVVD9gPXbJt+CJ52P8KEwluaEAB1i8wBK9fwwk+X3gG+OfmsY0S aMxu4JTjFS5Eb6Bw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id DACF6138EC; Thu, 20 Jul 2023 15:02:14 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id cHidM3ZMuWR6CQAAMHmgww (envelope-from ); Thu, 20 Jul 2023 15:02:14 +0000 From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 20 Jul 2023 17:02:06 +0200 Message-Id: <20230720150206.1338520-5-pvorel@suse.cz> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230720150206.1338520-1-pvorel@suse.cz> References: <20230720150206.1338520-1-pvorel@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 1.0.1 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on in-5.smtp.seeweb.it Subject: [LTP] [PATCH 4/4] doc/c-api: Document .skip_in_* flags X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Petr Vorel Reviewed-by: Martin Doucha --- doc/c-test-api.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/c-test-api.txt b/doc/c-test-api.txt index 07c069ced..74871e6c8 100644 --- a/doc/c-test-api.txt +++ b/doc/c-test-api.txt @@ -2412,6 +2412,12 @@ static struct tst_test test = { }; ------------------------------------------------------------------------------- +1.41 Skipping test based on system state +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Test can be skipped on various conditions: on enabled SecureBoot +('.skip_in_secureboot = 1'), lockdown ('.skip_in_lockdown = 1') or in 32-bit +compat mode ('.skip_in_compat = 1'). + 2. Common problems ------------------