Merge pull request avocado-framework#5929 from vaishnavibhat/sec_boot

Adding check if secureboot is enabled or not
richtja · Jul 9, 2024 · 232eefc · 232eefc
2 parents c44f607 + f30c348
commit 232eefc
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/avocado/utils/linux.py b/avocado/utils/linux.py
@@ -25,7 +25,13 @@
 
 import os
 
-from avocado.utils import genio
+from avocado.utils import genio, process
+
+
+class UnsupportedMachineError(Exception):
+    """
+    Exception class for unsupported hardware
+    """
 
 
 def get_proc_sys(key):
@@ -72,3 +78,21 @@ def enable_selinux_enforcing():
     if is_selinux_enforcing():
         return True
     return False
+
+
+def is_os_secureboot_enabled():
+    """
+    Check whether the secure-boot is enabled at os level.
+    Check for "00000002" in "/proc/device-tree/ibm,secure-boot" file
+    If found, then secure-boot is enabled.
+
+    :return: True if secureboot is enabled, False if otherwise
+    """
+    try:
+        cmd = "lsprop /proc/device-tree/ibm,secure-boot"
+        for line in process.system_output(cmd).decode("utf-8").splitlines():
+            if "00000002" in line:
+                return True
+    except FileNotFoundError:
+        raise UnsupportedMachineError("lsprop not a supported command")
+    return False