From 8837bff6b82bb11a8522667d798d4f58a5c2a31c Mon Sep 17 00:00:00 2001
From: Vaishnavi Bhat <vaishnavi@linux.vnet.ibm.com>
Date: Thu, 23 May 2024 15:36:51 +0530
Subject: [PATCH] Adding check if secureboot is enabled or not

The function checks if secureboot is enabled or not from the OS side.
The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status.

Signed-off-by: Vaishnavi Bhat <vaishnavi@linux.vnet.ibm.com>
---
 avocado/utils/linux.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/avocado/utils/linux.py b/avocado/utils/linux.py
index dcca20dc46..1db07b58fd 100644
--- a/avocado/utils/linux.py
+++ b/avocado/utils/linux.py
@@ -25,7 +25,7 @@
 
 import os
 
-from avocado.utils import genio
+from avocado.utils import genio, process
 
 
 def get_proc_sys(key):
@@ -72,3 +72,18 @@ def enable_selinux_enforcing():
     if is_selinux_enforcing():
         return True
     return False
+
+
+def is_os_secureboot_enabled(self):
+    """
+    Check whether the secure-boot is enabled at os level.
+    Check for "00000002" in "/proc/device-tree/ibm,secure-boot" file
+    If found, then secure-boot is enabled.
+
+    :return: True if secureboot is enabled, False if otherwise
+    """
+    cmd = "lsprop /proc/device-tree/ibm,secure-boot"
+    for line in process.system_output(cmd).decode("utf-8").splitlines():
+        if "00000002" in line:
+            return True
+    return False