[PATCH v4a 2/2] selftests/kexec: testing CONFIG_KEXEC_BZIMAGE_VERIFY_SIG is not enough
From: Mimi Zohar
Date: Fri Mar 22 2019 - 15:36:43 EST
Add support for CONFIG_KEXEC_VERIFY_SIG being enabled, but not
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
tools/testing/selftests/kexec/test_kexec_file_load.sh | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/kexec/test_kexec_file_load.sh b/tools/testing/selftests/kexec/test_kexec_file_load.sh
index 57b636792086..fa7c24e8eefb 100755
--- a/tools/testing/selftests/kexec/test_kexec_file_load.sh
+++ b/tools/testing/selftests/kexec/test_kexec_file_load.sh
@@ -102,7 +102,8 @@ kexec_file_load_test()
log_fail "$succeed_msg (missing sig)"
fi
- if [ $pe_sig_required -eq 1 ] && [ $pe_signed -eq 0 ]; then
+ if [ $kexec_sig_required -eq 1 -o $pe_sig_required -eq 1 ] \
+ && [ $pe_signed -eq 0 ]; then
log_fail "$succeed_msg (missing PE sig)"
fi
@@ -137,7 +138,8 @@ kexec_file_load_test()
fi
fi
- if [ $pe_sig_required -eq 1 ] && [ $pe_signed -eq 0 ]; then
+ if [ $kexec_sig_required -eq 1 -o $pe_sig_required -eq 1 ] \
+ && [ $pe_signed -eq 0 ]; then
log_pass "$failed_msg (missing PE sig)"
fi
@@ -181,6 +183,10 @@ platform_keyring=$?
kconfig_enabled "CONFIG_IMA_READ_POLICY=y" "reading IMA policy permitted"
ima_read_policy=$?
+kconfig_enabled "CONFIG_KEXEC_SIG_FORCE=y" \
+ "kexec signed kernel image required"
+kexec_sig_required=$?
+
kconfig_enabled "CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y" \
"PE signed kernel image required"
pe_sig_required=$?
--
2.7.5