From f30c348087c1dc35f007b806617fd2d872cb56c4 Mon Sep 17 00:00:00 2001
From: Vaishnavi Bhat <vaishnavi@linux.vnet.ibm.com>
Date: Thu, 27 Jun 2024 10:24:45 +0530
Subject: [PATCH] Adding check if secureboot is enabled or not

The function checks if secureboot is enabled or not from the OS side.
The command output of "lsprop /proc/device-tree/ibm,secure-boot" is used to check the OS status.

Signed-off-by: Vaishnavi Bhat <vaishnavi@linux.vnet.ibm.com>
---
 avocado/utils/linux.py | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/avocado/utils/linux.py b/avocado/utils/linux.py
index dcca20dc46..3546c72bd8 100644
--- a/avocado/utils/linux.py
+++ b/avocado/utils/linux.py
@@ -25,7 +25,13 @@
 
 import os
 
-from avocado.utils import genio
+from avocado.utils import genio, process
+
+
+class UnsupportedMachineError(Exception):
+    """
+    Exception class for unsupported hardware
+    """
 
 
 def get_proc_sys(key):
@@ -72,3 +78,21 @@ def enable_selinux_enforcing():
     if is_selinux_enforcing():
         return True
     return False
+
+
+def is_os_secureboot_enabled():
+    """
+    Check whether the secure-boot is enabled at os level.
+    Check for "00000002" in "/proc/device-tree/ibm,secure-boot" file
+    If found, then secure-boot is enabled.
+
+    :return: True if secureboot is enabled, False if otherwise
+    """
+    try:
+        cmd = "lsprop /proc/device-tree/ibm,secure-boot"
+        for line in process.system_output(cmd).decode("utf-8").splitlines():
+            if "00000002" in line:
+                return True
+    except FileNotFoundError:
+        raise UnsupportedMachineError("lsprop not a supported command")
+    return False