[kernel-tests] 64/73: Add test to validate secureboot signer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is an automated email from the git hooks/post-receive script.

jforbes pushed a commit to branch master
in repository kernel-tests.

commit e9df94673a8558de46a4ee5cd54e413766840c71
Author: Justin M. Forbes <jforbes@xxxxxxxxxx>
Date:   Wed Oct 28 11:06:55 2015 -0500

    Add test to validate secureboot signer
---
 config.example                           |  3 +++
 runtests.sh                              | 44 ++++++++++++++++++--------------
 secureboot/check_SB_signature/runtest.sh | 22 ++++++++++++++++
 3 files changed, 50 insertions(+), 19 deletions(-)

diff --git a/config.example b/config.example
index 370ae5e..0ed8c40 100644
--- a/config.example
+++ b/config.example
@@ -7,6 +7,9 @@ submit=none
 # submit=anonymous
 # submit=authenticated
 
+# Check Signature for Secure Boot
+# checksig=y
+# validsig="Fedora Secure Boot Signer"
 
 # FAS User credentials.
 # Storing your FAS password here is technically possible, but not advisable
diff --git a/runtests.sh b/runtests.sh
index 2a22401..abf1571 100755
--- a/runtests.sh
+++ b/runtests.sh
@@ -85,6 +85,10 @@ performance)
 	exit 1
 esac
 
+# Test Secure Boot?
+if  [ "$checksig" == "y" ]; then
+    dirlist="secureboot $dirlist"
+fi
 
 #Basic logfile headers
 echo "Date: $(date)" > $logfile
@@ -111,27 +115,29 @@ do
 
 		if [ "$testset" == "performance" ]; then
 			./runtest.sh >>$logfile
+		elif [ "$dir" == "secureboot" ]; then
+			./runtest.sh "$validsig" &>>$logfile
 		else
 			./runtest.sh &>>$logfile
-			complete=$?
-			case $complete in
-			0)
-				result=PASS
-				;;
-			3)
-				result=SKIP
-				;;
-			*)
-				result=FAIL
-			esac
-			printf "%-65s%-8s\n" "$testname" "$result"
-			if [ "$result" == "FAIL" ]; then
-				cleanrun=FAIL
-				if [ "$failedtests" == "None" ]; then
-					failedtests="$testname"
-				else
-					failedtests="$failedtests $testname"
-				fi
+		fi
+		complete=$?
+		case $complete in
+		0)
+			result=PASS
+			;;
+		3)
+			result=SKIP
+			;;
+		*)
+			result=FAIL
+		esac
+		printf "%-65s%-8s\n" "$testname" "$result"
+		if [ "$result" == "FAIL" ]; then
+			cleanrun=FAIL
+			if [ "$failedtests" == "None" ]; then
+				failedtests="$testname"
+			else
+				failedtests="$failedtests $testname"
 			fi
 		fi
 		popd &>/dev/null
diff --git a/secureboot/check_SB_signature/runtest.sh b/secureboot/check_SB_signature/runtest.sh
new file mode 100755
index 0000000..10eceb9
--- /dev/null
+++ b/secureboot/check_SB_signature/runtest.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Licensed under the terms of the GNU GPL License version 2
+
+# Check the Secure Boot Signer
+
+# Make sure pesign is available
+if [ ! -f /usr/bin/pesign ]; then
+	echo "pesign is required to check the secure boot signature"
+	exit 3
+fi
+
+validsig=$1
+echo "Looking for Signature $validsig"
+kver=$(uname -r)
+signer=$(/usr/bin/pesign -i /boot/vmlinuz-$kver -S | grep "common name")
+echo $signer
+if [ "$signer" == "The signer's common name is $validsig" ]; then
+	exit 0
+else 
+	exit -1
+fi

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/kernel@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux