APPLIED: [PATCH] securebootcert: report info instead of failure for missing DB and KEK when secureboot disabled (LP: #1374351 )

Keng-Yu Lin keng-yu.lin at canonical.com
Tue Sep 30 06:28:53 UTC 2014 

On Mon, Sep 29, 2014 at 1:33 PM, Ivan Hu <ivan.hu at canonical.com> wrote:
> When secureboot enabled, it's obverious that something wrong with missing DB and
> KEK variables, failures will be report. When the secureboot disabled and missing
> DB and KEK variables, report the information that the machine is not in
> readiness for secureboot.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>  src/uefi/securebootcert/securebootcert.c |   22 ++++++++++++++++------
>  1 file changed, 16 insertions(+), 6 deletions(-)
>
> diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
> index 53d9e13..4fd6cef 100644
> --- a/src/uefi/securebootcert/securebootcert.c
> +++ b/src/uefi/securebootcert/securebootcert.c
> @@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST {
>  }
>
>  static uint8_t var_found;
> +static bool securebooted = false;
>
>  static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2)
>  {
> @@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c
>                                 "The secure boot variable data invalid.");
>                         return;
>                 }
> +               if (value == 1)
> +                       securebooted = true;
>                 fwts_log_info_verbatum(fw, "  Value: 0x%2.2x%s.", value, mode);
>                 fwts_passed(fw, "Secure boot relative variable %s check passed.", varname);
>         }
> @@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw)
>         if (!(var_found & VAR_SETUPMODE_FOUND))
>                 fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
>                         "The secure boot variable SetupMode not found.");
> -       if (!(var_found & VAR_DB_FOUND))
> -               fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
> -                       "The secure boot variable DB not found.");
> -       if (!(var_found & VAR_KEK_FOUND))
> -               fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
> -                       "The secure boot variable KEK not found.");
> +       if (securebooted) {
> +               if (!(var_found & VAR_DB_FOUND))
> +                       fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
> +                               "The secure boot variable DB not found.");
> +               if (!(var_found & VAR_KEK_FOUND))
> +                       fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
> +                               "The secure boot variable KEK not found.");
> +       } else {
> +               if (!(var_found & VAR_DB_FOUND))
> +                       fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found.");
> +               if (!(var_found & VAR_KEK_FOUND))
> +                       fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found.");
> +       }
>
>         fwts_uefi_free_variable_names(&name_list);
>
> --
> 1.7.9.5
>
>
> --
> fwts-devel mailing list
> fwts-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/fwts-devel

More information about the fwts-devel mailing list