path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add secureboot selftestsCalifornia Sullivan2017-08-301-0/+176
This was based on the secureboot selftests in meta-refkit: It had to be modified a bit to work in meta-intel, as we can't depend on efivar which resides in meta-openembedded. Instead, in order to test that secureboot is enabled, we first try to boot with an unsigned, then image signed with incorrect keys, and search for a "Security Violation" error message in each log. If the image booted successfully or that error did not occur, something went wrong and the third test becomes invalid. The third test is simply booting an image that is signed with the enrolled keys, getting to a login screen and running a simple command. Note that these tests can be quite time consuming, as we have to wait for the first two tests to timeout, and the timeout values have to be somewhat high as it sometimes takes a while for the ovmf firmware to come up. Original work by Mikko Ylinen and Patrick Ohly. Signed-off-by: California Sullivan <> Signed-off-by: Saul Wold <>