UTAH

Merge lp://qastaging/~xnox/utah/uefi into lp://qastaging/utah

  1. uefi
  2. Merge into dev
Proposed by Dimitri John Ledkov
Status: Merged
Merged at revision: 871
Proposed branch: lp://qastaging/~xnox/utah/uefi
Merge into: lp://qastaging/utah
Diff against target: 132 lines (+80/-1)
4 files modified
debian/changelog (+1/-0)
debian/control (+1/-1)
utah/isotest/data/file_list_uefi (+3/-0)
utah/isotest/iso_static_validation.py (+75/-0)
To merge this branch: bzr merge lp://qastaging/~xnox/utah/uefi
Reviewer Review Type Date Requested Status
Max Brustkern (community) Approve
Review via email: mp+159811@code.qastaging.launchpad.net

Description of the change

This is partial support for additional EFI static validation. In particular EFI files are checked to be where expected and SecureBoot signatures are checked on amd64 images. I have tested that precise/raring desktop/server pass on amd64, and that EFI tests are correctly not executed on i386 (as those images do not have EFI support).

There are a couple of additional checks left to do. The EFI capable images also have a GPT partition table with a second EFI partition that should be checked for, and it's not checked for at the moment. I will be doing a separate merge proposal for that.

To post a comment you must log in.
Revision history for this message
Max Brustkern (nuclearbob) wrote :

When I run this against a precise desktop amd64 ISO (md5sum f6a647130152f9acf6d1a7eecc2507a4) I get:
DEBUG: Verifying UEFI shim
ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
ERROR: Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/case.py", line 332, in run
    testMethod()
  File "./iso_static_validation.py", line 477, in test_efi_secure_boot_signatures
    stderr=subprocess.PIPE)
  File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

I'm investigating further.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

On 19 April 2013 15:10, Max Brustkern <email address hidden> wrote:
> When I run this against a precise desktop amd64 ISO (md5sum f6a647130152f9acf6d1a7eecc2507a4) I get:
> DEBUG: Verifying UEFI shim
> ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
> ERROR: Traceback (most recent call last):
> File "/usr/lib/python2.7/unittest/case.py", line 332, in run
> testMethod()
> File "./iso_static_validation.py", line 477, in test_efi_secure_boot_signatures
> stderr=subprocess.PIPE)
> File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
> errread, errwrite)
> File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
> raise child_exception
> OSError: [Errno 2] No such file or directory
>
> I'm investigating further.

Please install a new dependency: sudo apt-get install sbsigntool

I added it to debian/control.

Regards,

Dmitrijs.

Revision history for this message
Max Brustkern (nuclearbob) wrote :

On 04/19/2013 10:46 AM, Dmitrijs Ledkovs wrote:
> On 19 April 2013 15:10, Max Brustkern <email address hidden> wrote:
>> When I run this against a precise desktop amd64 ISO (md5sum f6a647130152f9acf6d1a7eecc2507a4) I get:
>> DEBUG: Verifying UEFI shim
>> ERROR: test_efi_secure_boot_signatures (__main__.TestValidateISO)
>> ERROR: Traceback (most recent call last):
>> File "/usr/lib/python2.7/unittest/case.py", line 332, in run
>> testMethod()
>> File "./iso_static_validation.py", line 477, in test_efi_secure_boot_signatures
>> stderr=subprocess.PIPE)
>> File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
>> errread, errwrite)
>> File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
>> raise child_exception
>> OSError: [Errno 2] No such file or directory
>>
>> I'm investigating further.
> Please install a new dependency: sudo apt-get install sbsigntool
>
> I added it to debian/control.
>
> Regards,
>
> Dmitrijs.
>
 Derp. I even saw that change to control and investigated availability
in older versions. My bad.

Revision history for this message
Max Brustkern (nuclearbob) wrote :

With the proper dependencies installed, I can validate all types of image I'd expect to work. Looks good to me. Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches