3
Test that the computer booted in EFI mode, with Secure Boot active.
5
Copyright (C) 2016 Canonical Ltd.
8
Rod Smith <rod.smith@canonical.com>
10
This program is free software: you can redistribute it and/or modify
11
it under the terms of the GNU General Public License version 3,
12
as published by the Free Software Foundation.
14
This program is distributed in the hope that it will be useful,
15
but WITHOUT ANY WARRANTY; without even the implied warranty of
16
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
GNU General Public License for more details.
19
You should have received a copy of the GNU General Public License
20
along with this program. If not, see <http://www.gnu.org/licenses/>.
30
"""Test that the computer booted in EFI mode, with Secure Boot active.
33
0 if Secure Boot is active
34
1 if Secure Boot is inactive (could be disabled, not supported,
35
or not booted in EFI mode)
37
logging.basicConfig(level=logging.INFO)
38
sb_dir = "/sys/firmware/efi/"
39
sb_var = sb_dir + "efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
40
if os.path.isdir(sb_dir):
41
if os.path.isfile(sb_var):
42
sb_info = open(sb_var).read()
43
if ord(sb_info[4]) == 1:
44
logging.info("PASS: System booted in EFI mode boot with "
45
"Secure Boot active.")
48
logging.info("FAIL: System booted in EFI mode boot with "
49
"Secure Boot available but inactive.")
52
# NOTE: Normally, lack of sb_var indicates that the system
53
# doesn't support SB, as on many pre-Windows 8 UEFI systems.
54
# Below is therefore a bit harsh, but is done to ensure that
55
# no system slips through because it supports Secure Boot but
56
# does not create the sb_var when SB is inactive or has never
58
logging.info("FAIL: System booted in EFI mode and does not "
59
"appear to support Secure Boot.")
62
logging.info("FAIL: System did NOT boot in EFI mode.")
66
if __name__ == '__main__':