summaryrefslogtreecommitdiffstats
path: root/LICENSE
diff options
context:
space:
mode:
authorCalifornia Sullivan <california.l.sullivan@intel.com>2017-08-28 15:19:01 -0700
committerSaul Wold <sgw@linux.intel.com>2017-08-30 14:25:25 -0700
commitfbee56b78623808f9c6ed6f92b085ee7c504cf70 (patch)
treefba43e35e6ac703cc023159719ba00fe07394dd1 /LICENSE
parent7549a93e9985da8453e683265ad0c65694765be0 (diff)
downloadmeta-intel-fbee56b78623808f9c6ed6f92b085ee7c504cf70.tar.gz
Add secureboot selftests
This was based on the secureboot selftests in meta-refkit: https://github.com/intel/intel-iot-refkit/blob/3bf04941a3a150ed86d8ae61366ae3a19443a600/meta-refkit/lib/oeqa/selftest/cases/secureboot.py It had to be modified a bit to work in meta-intel, as we can't depend on efivar which resides in meta-openembedded. Instead, in order to test that secureboot is enabled, we first try to boot with an unsigned, then image signed with incorrect keys, and search for a "Security Violation" error message in each log. If the image booted successfully or that error did not occur, something went wrong and the third test becomes invalid. The third test is simply booting an image that is signed with the enrolled keys, getting to a login screen and running a simple command. Note that these tests can be quite time consuming, as we have to wait for the first two tests to timeout, and the timeout values have to be somewhat high as it sometimes takes a while for the ovmf firmware to come up. Original work by Mikko Ylinen and Patrick Ohly. Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'LICENSE')
0 files changed, 0 insertions, 0 deletions