summaryrefslogtreecommitdiff
path: root/tools/testing/selftests/kexec
AgeCommit message (Collapse)Author
2019-08-29sefltest/ima: support appended signatures (modsig)Mimi Zohar
In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image can be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. This patch adds support for detecting a kernel image signed with an appended signature and updates the existing test messages appropriately. Reviewed-by: Petr Vorel <pvorel@suse.cz> Acked-by: Shuah Khan <skhan@linuxfoundation.org> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Reviewed-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU) Tested-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner
Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-17selftests/kexec: update get_secureboot_modeMimi Zohar
The get_secureboot_mode() function unnecessarily requires both CONFIG_EFIVAR_FS and CONFIG_EFI_VARS to be enabled to determine if the system is booted in secure boot mode. On some systems the old EFI variable support is not enabled or, possibly, even implemented. This patch first checks the efivars filesystem for the SecureBoot and SetupMode flags, but falls back to using the old EFI variable support. The "secure_boot_file" and "setup_mode_file" couldn't be quoted due to globbing. This patch also removes the globbing. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: make kexec_load test independent of IMA being enabledMimi Zohar
Verify IMA is enabled before failing tests or emitting irrelevant messages. Suggested-by: Dave Young <dyoung@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Dave Young <dyoung@redhat.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: check kexec_load and kexec_file_load are enabledMimi Zohar
Skip the kexec_load and kexec_file_load tests, if they aren't configured in the kernel. This change adds a new requirement that ikconfig is configured in the kexec_load test. Suggested-by: Dave Young <dyoung@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: Add missing '=y' to config optionsPetr Vorel
so the file can be used as kernel config snippet. Signed-off-by: Petr Vorel <pvorel@suse.cz> [zohar@linux.ibm.com: remove CONFIG_KEXEC_VERIFY_SIG from config] Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: kexec_file_load syscall testMimi Zohar
The kernel can be configured to verify PE signed kernel images, IMA kernel image signatures, both types of signatures, or none. This test verifies only properly signed kernel images are loaded into memory, based on the kernel configuration and runtime policies. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: define "require_root_privileges"Mimi Zohar
Many tests require root privileges. Define a common function. Suggested-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: define common logging functionsMimi Zohar
Define log_info, log_pass, log_fail, and log_skip functions. Suggested-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: define a set of common functionsMimi Zohar
Define, update and move get_secureboot_mode() to a common file for use by other tests. Updated to check both the efivar SecureBoot-$(UUID) and SetupMode-$(UUID), based on Dave Young's review. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: cleanup the kexec selftestMimi Zohar
Remove the few bashisms and use the complete option name for clarity. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
2019-04-17selftests/kexec: move the IMA kexec_load selftest to selftests/kexecMimi Zohar
As requested move the existing kexec_load selftest and subsequent kexec tests to the selftests/kexec directory. Suggested-by: Dave Young <dyoung@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>