New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement secure boot kernel lockdown check #14689
Implement secure boot kernel lockdown check #14689
Conversation
Test should fail as [none] found: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@rfan1 will you provide the TW VR here for reference? |
Seems it should fail if getting [] at none only.
Done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also test that kernel lockdown is effective, e.g. by running dd if=/dev/mem count=1
, which needs to fail.
Thanks much! will do |
15c91ce
to
333d0b5
Compare
Verify that if we are "secure booted" that kernel lockdown is enabled
Co-authored-by: Fabian Vogt <fabian@ritter-vogt.de>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just another suggestion for simplifying the code
Co-authored-by: Fabian Vogt <fabian@ritter-vogt.de>
Verify that if we are "secure booted" that kernel lockdown is enabled
https://openqa.suse.de/tests/8490287 -x86_64 + sle
https://openqa.suse.de/tests/8491097 -aach64 + sle
https://openqa.opensuse.org/tests/2286256 -x86_64 + tw [failed case is tracked via bsc#1198101]