Adding check if secureboot is enabled or not

[vaishnavibhat]

The function checks if secureboot is enabled or not from the OS side.
The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status.

[mr-avocado]

Dear contributor,
Avocado is currently at the end of sprint #105, therefore we are in feature freeze state.
Please avoid merging changes that do not fall into these categories:

• Bug fixes
• Documentation updates

The feature freeze will be active until the release planned on 05/06/2024.

[abdhaleegit]

LGTM

[abdhaleegit]

@vaishnavibhat fix static fails make use of double qoutes here if '00000002' in line:

[richtja]

Hi @vaishnavibhat, can you please describe to me what lsprop is and what it does, to be hones I am not familiar with it.

[vaishnavibhat]

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check:
#lsprop /proc/device-tree/ibm,secure-boot
/proc/device-tree/ibm,secure-boot
00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

#man lsprop
LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME
lsprop - list properties

SYNOPSIS
lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW
lsprop program is a member of the ppc64-utils suite of utils. Use it
to list properties

DESCRIPTION
lsprop displays properties for FILEs like Open Firmware .properties
word. If the FILE is not set, the current directory is used.

OPTIONS
-R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

[richtja]

lsprop is a tool provided by powerpc-utils. It is used to get information about /proc files .

For secureboot check: #lsprop /proc/device-tree/ibm,secure-boot /proc/device-tree/ibm,secure-boot 00000002

0 incase of secure boot disabled, 1 (enable and log only - trusted boot) and 2 (enable and enforce - secure boot)

#man lsprop LSPROP(8) Linux on Power Service Tools LSPROP(8)

NAME lsprop - list properties

SYNOPSIS lsprop [-R] [-m max-bytes] [-w num-words] [FILE...]

OVERVIEW lsprop program is a member of the ppc64-utils suite of utils. Use it to list properties

DESCRIPTION lsprop displays properties for FILEs like Open Firmware .properties word. If the FILE is not set, the current directory is used.

OPTIONS -R Process recursively

   -m max-bytes
          Read only first max-bytes bytes from the FILEs

   -w num-words
          Display up to num-words words per line

Linux Sep 2010 LSPROP(8)

Hi @vaishnavibhat thank you for the description. So IIUIC the whole is_os_secureboot_enabled method will only work on powerpc. Therefore, I would propose to do an arch check and create and raise for example UnsupportedMachineError for unsupported architectures.

[richtja]

Hi @vaishnavibhat, thank you for your update. IMO, it is on the right track. I just think that except Exception is too general for this purpose, and we can be more specific. Please let me know what do you think about it.

[richtja]

I am not sure if Exception is not too general. When lsprop is not in the system, the process.system_output(cmd) will throw FileNotFoundError` am I right?

[abdhaleegit]

@vaishnavibhat Please fix the duplicate comit.. ammend the same do not create new commit

[vaishnavibhat]

Resending the patch after taking care of the review comments.

[abdhaleegit]

@richtja Please see if this is mergable

[vaishnavibhat]

@richtja Addressed the review comments. Please me know if this looks good.

Thank you

[richtja]

Hi @vaishnavibhat, after the updates it LGTM. Thank you.