Adding check if secureboot is enabled or not

The function checks if secureboot is enabled or not from the OS side. The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status. Signed-off-by: Vaishnavi Bhat <[email protected]>
avocado-framework · May 23, 2024 · 8837bff · 8837bff
1 parent fb418c3
commit 8837bff
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/avocado/utils/linux.py b/avocado/utils/linux.py
@@ -25,7 +25,7 @@
 
 import os
 
-from avocado.utils import genio
+from avocado.utils import genio, process
 
 
 def get_proc_sys(key):
@@ -72,3 +72,18 @@ def enable_selinux_enforcing():
     if is_selinux_enforcing():
         return True
     return False
+
+
+def is_os_secureboot_enabled(self):
+    """
+    Check whether the secure-boot is enabled at os level.
+    Check for "00000002" in "/proc/device-tree/ibm,secure-boot" file
+    If found, then secure-boot is enabled.
+
+    :return: True if secureboot is enabled, False if otherwise
+    """
+    cmd = "lsprop /proc/device-tree/ibm,secure-boot"
+    for line in process.system_output(cmd).decode("utf-8").splitlines():
+        if "00000002" in line:
+            return True
+    return False