[PATCH v5 2/9] efi: Disable secure boot in bootflow_efi() test

Simon Glass sjg at chromium.org
Sun Dec 1 16:28:04 CET 2024 

This does not support secure boot so far, but if a previous test has
enabled it, it will remain enabled, thus causing this test to fail with:

   efi_load_pe() Image not authenticated

Fix this by providing a way to disable secure boot in tests.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

(no changes since v1)

 include/efi_loader.h            | 12 ++++++++++++
 lib/efi_loader/efi_var_common.c |  5 +++++
 test/boot/bootflow.c            |  1 +
 3 files changed, 18 insertions(+)

diff --git a/include/efi_loader.h b/include/efi_loader.h
index 1269907fa3c..a67d3827812 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -1117,6 +1117,18 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name);
 
 bool efi_secure_boot_enabled(void);
 
+/**
+ * efi_set_secure_boot_enabled - set whether secure boot is enabled or not
+ *
+ * This should be only be used in tests.
+ *
+ * TODO(sjg at chromium.org): Consider how we can reinit the EFI state without
+ * restarting U-Boot
+ *
+ * @enable: true to enable, false to disable
+ */
+void efi_set_secure_boot_enabled(bool enable);
+
 bool efi_capsule_auth_enabled(void);
 
 void *efi_prepare_aligned_image(void *efi, u64 *efi_size);
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index ea8d2a4cf98..0f0e6e8d792 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -362,6 +362,11 @@ bool efi_secure_boot_enabled(void)
 	return efi_secure_boot;
 }
 
+void efi_set_secure_boot_enabled(bool enable)
+{
+	efi_secure_boot = enable;
+}
+
 enum efi_auth_var_type efi_auth_var_get_type(const u16 *name,
 					     const efi_guid_t *guid)
 {
diff --git a/test/boot/bootflow.c b/test/boot/bootflow.c
index da713d8ed72..f64d91e0d64 100644
--- a/test/boot/bootflow.c
+++ b/test/boot/bootflow.c
@@ -1230,6 +1230,7 @@ static int bootflow_efi(struct unit_test_state *uts)
 	struct udevice *bootstd;
 	const char **old_order;
 
+	efi_set_secure_boot_enabled(false);
 	ut_assertok(uclass_first_device_err(UCLASS_BOOTSTD, &bootstd));
 	std = dev_get_priv(bootstd);
 	old_order = std->bootdev_order;
-- 
2.43.0

More information about the U-Boot mailing list