Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp12020imb; Thu, 28 Feb 2019 14:23:38 -0800 (PST) X-Google-Smtp-Source: APXvYqwg6j4FvYOFJmO7gZaGG+OW6wIZhiJSFEMCsNNUiea8w62O86DLze+hsLEHcXUcLSl6RE2J X-Received: by 2002:a17:902:ea85:: with SMTP id cv5mr1752962plb.119.1551392618666; Thu, 28 Feb 2019 14:23:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551392618; cv=none; d=google.com; s=arc-20160816; b=ahyg3jXqBqSPqzpjy/NpURhF5s4YIodVfJlzPsUlL7YiBZPK8txB/esiCxk5giOiLT ozSA4R0auqXhIkVl7++bmkAlvuX410WX/3943SwDR9PQzMDdm+rRfoV8Pzcfx6ieGZ/q h8iwQFmztK0MAsG73ytma6ixPnr8W79YmyLYY5VvHI3eLGCcr036DhDSyig85eBwBjHb h+uNETCW4IDMP2s/UGjh1n+wWzjwz5zuKhc4cxJBM526uW+2mINXRIGRapJgQB+NNu1E JioqR5dow9IrtmAM5HmjdZ+bwtU+QATWfiswGYCyfMNOAY6qWS5Y8E+8e++IuyMsnoso tJiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date; bh=Plz/P7I9O77GY9L83rxletYWPZQlcMVP3qzKgjja8hg=; b=aeg1ymSI83y28HlRatnqNIfF4Hexifv4zxdaCjq7/9t8rqAia520HK8bz5WymKaIg2 m/u22T6hmaUZNFnOwTib0Aso9CIcLd7dh9YufV0/yj8Z3ZrOmzk0e3BV/51c0xCKdvoQ caecM72f1OXI+oJxL0aPQMkN9jYQNOy5RpCBniGVOGoByRBhaswihhFogBom58tFuHzd sshGZ3dGH5CZqFEwSQonY3mjiiwj3kQ5LyTPPRIHvWETAvyp4xCZwiOzUJEVusUs5Ltx m/dM/966rw4wr47VPO31a96FWmiI1NMG14XpgBvaQnx/gYCo1DOQtTHq/mib0YiLZJOM mhTw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l84si9348420pfi.35.2019.02.28.14.23.22; Thu, 28 Feb 2019 14:23:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732295AbfB1WUo (ORCPT + 99 others); Thu, 28 Feb 2019 17:20:44 -0500 Received: from mx2.suse.de ([195.135.220.15]:52372 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727988AbfB1WUm (ORCPT ); Thu, 28 Feb 2019 17:20:42 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 407DAB183; Thu, 28 Feb 2019 22:20:41 +0000 (UTC) Date: Thu, 28 Feb 2019 23:20:39 +0100 From: Petr Vorel To: Mimi Zohar Cc: linux-kselftest@vger.kernel.org, Shuah Khan , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 4/5] selftests/ima: kexec_file_load syscall test Message-ID: <20190228222039.GD20335@dell5510> Reply-To: Petr Vorel References: <1551223620-11586-1-git-send-email-zohar@linux.ibm.com> <1551223620-11586-5-git-send-email-zohar@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1551223620-11586-5-git-send-email-zohar@linux.ibm.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, > The kernel can be configured to verify PE signed kernel images, IMA > kernel image signatures, both types of signatures, or none. This test > verifies only properly signed kernel images are loaded into memory, > based on the kernel configuration and runtime policies. > Signed-off-by: Mimi Zohar > --- a/tools/testing/selftests/ima/common_lib.sh ... > +# Look for config option in Kconfig file. > +# Return 1 for found and 0 for not found. I'd revert the return value (for shell is 0 as ok), but matter of preference. > +kconfig_enabled() > +{ > + local config="$1" > + local msg="$2" > + > + grep -E -q $config $IKCONFIG > + if [ $? -eq 0 ]; then > + log_info "$msg" > + return 1 > + fi > + return 0 > +} > + > +# Attempt to get the kernel config first via proc, and then by > +# extracting it from the kernel image or the configs.ko using > +# scripts/extract-ikconfig. > +# Return 1 for found and 0 for not found. "and 0 for not found": This is not true as it uses log_skip which exits. And you don't read this value anywhere. > +get_kconfig() > +{ > + local proc_config="/proc/config.gz" > + local module_dir="/lib/modules/`uname -r`" > + local configs_module="$module_dir/kernel/kernel/configs.ko" > + > + if [ ! -f $proc_config ]; then > + modprobe configs > /dev/null 2>&1 > + fi > + if [ -f $proc_config ]; then > + cat $proc_config | gunzip > $IKCONFIG 2>/dev/null > + if [ $? -eq 0 ]; then > + return 1 > + fi > + fi > + > + local extract_ikconfig="$module_dir/source/scripts/extract-ikconfig" > + if [ ! -f $extract_ikconfig ]; then > + log_skip "extract-ikconfig not found" > + fi > + > + $extract_ikconfig $KERNEL_IMAGE > $IKCONFIG 2>/dev/null > + if [ $? -eq 1 ]; then > + if [ ! -f $configs_module ]; then > + log_skip "CONFIG_IKCONFIG not enabled" > + fi > + $extract_ikconfig $configs_module > $IKCONFIG > + if [ $? -eq 1 ]; then > + log_skip "CONFIG_IKCONFIG not enabled" > + fi > + fi > + return 1 > +} Kind regards, Petr