[PATCH] securebootcert: report info instead of failure for missing DB and KEK when secureboot disabled (LP: #1374351 )

Mon Sep 29 05:33:09 UTC 2014

When secureboot enabled, it's obverious that something wrong with missing DB and
KEK variables, failures will be report. When the secureboot disabled and missing
DB and KEK variables, report the information that the machine is not in
readiness for secureboot.

Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
 src/uefi/securebootcert/securebootcert.c |   22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
index 53d9e13..4fd6cef 100644
--- a/src/uefi/securebootcert/securebootcert.c
+++ b/src/uefi/securebootcert/securebootcert.c
@@ -62,6 +62,7 @@ typedef struct _EFI_SIGNATURE_LIST {
 }
 
 static uint8_t var_found;
+static bool securebooted = false;
 
 static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2)
 {
@@ -118,6 +119,8 @@ static void securebootcert_secure_boot(fwts_framework *fw, fwts_uefi_var *var, c
 				"The secure boot variable data invalid.");
 			return;
 		}
+		if (value == 1)
+			securebooted = true;
 		fwts_log_info_verbatum(fw, "  Value: 0x%2.2x%s.", value, mode);
 		fwts_passed(fw, "Secure boot relative variable %s check passed.", varname);
 	}
@@ -359,12 +362,19 @@ static int securebootcert_test1(fwts_framework *fw)
 	if (!(var_found & VAR_SETUPMODE_FOUND))
 		fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
 			"The secure boot variable SetupMode not found.");
-	if (!(var_found & VAR_DB_FOUND))
-		fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-			"The secure boot variable DB not found.");
-	if (!(var_found & VAR_KEK_FOUND))
-		fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
-			"The secure boot variable KEK not found.");
+	if (securebooted) {
+		if (!(var_found & VAR_DB_FOUND))
+			fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
+				"The secure boot variable DB not found.");
+		if (!(var_found & VAR_KEK_FOUND))
+			fwts_failed(fw, LOG_LEVEL_HIGH, "SecureBootCertVariableNotFound",
+				"The secure boot variable KEK not found.");
+	} else {
+		if (!(var_found & VAR_DB_FOUND))
+			fwts_log_info(fw, "Not in readiness for secureboot, variable DB not found.");		
+		if (!(var_found & VAR_KEK_FOUND))
+			fwts_log_info(fw, "Not in readiness for secureboot, variable KEK not found.");
+	}
 
 	fwts_uefi_free_variable_names(&name_list);
 
-- 
1.7.9.5


