-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathsecureboot_test.go
More file actions
48 lines (38 loc) · 1.57 KB
/
secureboot_test.go
File metadata and controls
48 lines (38 loc) · 1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// Copyright Mondoo, Inc. 2024, 2026
// SPDX-License-Identifier: BUSL-1.1
package resources
import (
"testing"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
)
func TestReadEfiVarBool(t *testing.T) {
t.Run("enabled variable", func(t *testing.T) {
fs := afero.NewMemMapFs()
// 4-byte attribute header + 1-byte data (0x01 = enabled)
err := afero.WriteFile(fs, "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c",
[]byte{0x06, 0x00, 0x00, 0x00, 0x01}, 0o444)
assert.NoError(t, err)
assert.True(t, readEfiVarBool(fs, "SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"))
})
t.Run("disabled variable", func(t *testing.T) {
fs := afero.NewMemMapFs()
// 4-byte attribute header + 1-byte data (0x00 = disabled)
err := afero.WriteFile(fs, "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c",
[]byte{0x06, 0x00, 0x00, 0x00, 0x00}, 0o444)
assert.NoError(t, err)
assert.False(t, readEfiVarBool(fs, "SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"))
})
t.Run("missing variable", func(t *testing.T) {
fs := afero.NewMemMapFs()
assert.False(t, readEfiVarBool(fs, "SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"))
})
t.Run("truncated file", func(t *testing.T) {
fs := afero.NewMemMapFs()
// Only 3 bytes — too short to contain attributes + data
err := afero.WriteFile(fs, "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c",
[]byte{0x06, 0x00, 0x00}, 0o444)
assert.NoError(t, err)
assert.False(t, readEfiVarBool(fs, "SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"))
})
}