Initial test for testing secure-boot grain

2025-04-17 10:10:20 +00:00 · 2024-10-11 12:44:38 -06:00 · 2024-10-11 12:44:38 -06:00 · effada446c
commit effada446c
parent 76f22f0f92
2 changed files with 62 additions and 3 deletions
--- a/salt/grains/extra.py
+++ b/salt/grains/extra.py
@ -82,12 +82,20 @@ def __secure_boot(efivars_dir):
    return enabled


-def uefi():
-    """Populate UEFI grains."""
-    efivars_dir = next(
+def get_secure_boot_path():
+    """
+    Provide paths for secure boot directories and files
+    """
+    efivars_path = next(
        filter(os.path.exists, ["/sys/firmware/efi/efivars", "/sys/firmware/efi/vars"]),
        None,
    )
+    return efivars_path
+
+
+def uefi():
+    """Populate UEFI grains."""
+    efivars_dir = get_secure_boot_path()
    grains = {
        "efi": bool(efivars_dir),
        "efi-secure-boot": __secure_boot(efivars_dir) if efivars_dir else False,
--- a/tests/pytests/functional/grains/test_secure_boot.py
+++ b/tests/pytests/functional/grains/test_secure_boot.py
@ -0,0 +1,51 @@
+"""
+    :codeauthor: :email:`David Murphy <david-dm.murphy@broadcom.com`
+"""
+
+## import logging
+import os
+import tempfile
+
+import pytest
+
+import salt.utils.files
+import salt.utils.path
+from tests.support.mock import patch
+
+pytestmark = [
+    pytest.mark.skip_unless_on_linux(reason="Only supported on Linux family"),
+]
+
+## log = logging.getLogger(__name__)
+
+
+def test_secure_boot_efivars():
+    _salt_utils_files_fopen = salt.utils.files.fopen
+
+    with tempfile.TemporaryDirectory() as tempdir:
+        secure_boot_path = os.path.join(tempdir, "secure-boot/efivars")
+
+        print(
+            f"DGM test_secure_boot_efivars, secure_boot_path '{secure_boot_path}'",
+            flush=True,
+        )
+
+        with _salt_utils_files_fopen(
+            os.path.join(secure_boot_path, "/SecureBoot-dog", "wb+")
+        ) as fd:
+            binary_data = b"\x06\x00\x00\x00\x01"
+            fd.write(binary_data)
+
+    secure_boot_path_file = os.path.join(secure_boot_path, "/SecureBoot-dog")
+    print(
+        f"DGM test_secure_boot_efivars secure_boot_path file '{secure_boot_path_file}'",
+        flush=True,
+    )
+
+    with patch("salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path):
+        grains = salt.grains.extra.uefi()
+
+        print(f"DGM test_secure_boot_efivars grains '{grains}'", flush=True)
+
+        expected = {"efi": True, "efi-secure-boot": True}
+        assert grains == expected