Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd: Add Boot type to system information #19371

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

systemd: Add Boot type to system information #19371

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1553fad
systemd: Add boot type to system information
leomoty Sep 21, 2023
1dd0881
tests: Add boot type
leomoty Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions pkg/systemd/hw-detect.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,16 @@ function findMemoryDevices(udevdb, info) {
info.memory = memoryArray;
}

async function getBootType() {
const secure_boot_file = cockpit.manifests.system.config.secure_boot_file;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the indirection? Storing this in the manifest seems very strange to me.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wasn't able to create the folder structure for /sys/firmware/efi/efivars

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean you could just hardcode it directly in the JS... This is a well-known value.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please do -- this isn't configuration.

try {
const result = await cockpit.file(secure_boot_file, { binary: true }).read();
return `EFI (Secure Boot ${result[4] === 1 ? "enabled" : "disabled"})`;
} catch {
return "BIOS or Legacy";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should check if /proc/sys/kernel/arch contains x86 before reporting BIOS. If we're not on x86 it might make sense to exclude this field entirely, unless we want to do some more research on this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is okay, I can wait, and I understand about missing the design bit

}
}

export default function detect() {
const info = { system: {}, pci: [], memory: [] };
const tasks = [];
Expand Down Expand Up @@ -154,6 +164,11 @@ export default function detect() {
return true;
}));

tasks.push(getBootType()
.then(result => {
info.system.boot_type = result;
}));

// Fallback if systemd < 248
if (info.memory.length === 0) {
tasks.push(machine_info.memory_info()
Expand Down
1 change: 1 addition & 0 deletions pkg/systemd/hwinfo.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
<link href="hwinfo.css" type="text/css" rel="stylesheet" />
<script src="../base1/cockpit.js"></script>
<script src="../base1/po.js"></script>
<script src="../manifests.js"></script>
<script src="po.js"></script>
</head>
<body class="pf-v5-m-tabular-nums">
Expand Down
4 changes: 4 additions & 0 deletions pkg/systemd/hwinfo.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,10 @@ class SystemInfo extends React.Component {
<DescriptionListDescription>{ bios_date ? timeformat.date(bios_date) : info.bios_date }</DescriptionListDescription>
</DescriptionListGroup>
</> }
<DescriptionListGroup>
<DescriptionListTerm>{ _("Boot type") }</DescriptionListTerm>
<DescriptionListDescription>{ info.boot_type }</DescriptionListDescription>
</DescriptionListGroup>
{ info.nproc !== undefined && <>
<DescriptionListGroup>
<DescriptionListTerm>{ _("CPU") }</DescriptionListTerm>
Expand Down
6 changes: 5 additions & 1 deletion pkg/systemd/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,5 +84,9 @@

"preload": [ "index", "services" ],

"content-security-policy": "img-src 'self' data:"
"content-security-policy": "img-src 'self' data:",

"config": {
"secure_boot_file": "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
}
}
29 changes: 26 additions & 3 deletions test/verify/check-system-info
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,9 @@ class TestSystemInfo(packagelib.PackageCase):
parsed_bios_date = m.execute("date --date $(cat /sys/class/dmi/id/bios_date) '+%B %-d, %Y'").strip()
b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(3) dd', parsed_bios_date)

# Boot Type
b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "BIOS or Legacy")

pci_selector = '#hwinfo #pci-listing'
heading_selector = ' .pf-v5-c-card__title'
# PCI
Expand Down Expand Up @@ -610,7 +613,7 @@ model name\t: Professor NumberCrunch

b.reload()
b.enter_page('/system/hwinfo')
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x Professor NumberCrunch")
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x Professor NumberCrunch")

# /proc/cpuinfo on PowerPC; complete info
m.write("/tmp/cpuinfo", """processor\t: 0
Expand All @@ -626,7 +629,7 @@ revision\t: 2.3 (pvr 004e 1203)

b.reload()
b.enter_page('/system/hwinfo')
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x POWER9 (architected), altivec supported")
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x POWER9 (architected), altivec supported")

# correct CPU count on overview
b.go("/system")
Expand Down Expand Up @@ -661,7 +664,7 @@ machine : 8561

b.go('/system/hwinfo')
b.enter_page('/system/hwinfo')
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x IBM/S390")
b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x IBM/S390")

# umount mocked /sys/class/dmi/id
m.execute("umount /sys/class/dmi/id")
Expand Down Expand Up @@ -710,6 +713,26 @@ machine : 8561
b.wait_text('#memory-listing tr:nth-of-type(2) td[data-label=Rank]', "Single rank")
b.wait_in_text('#memory-listing tr:nth-of-type(2) td[data-label=Speed]', "2400 MT/s")

# Pretend UEFI and Secure Boot is enabled
m.execute("echo -en '\\x06\\x00\\x00\\x00\\x01' > /tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c")
self.write_file("/etc/cockpit/systemd.override.json",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay. Now I understand. You're doing this to give the tests a hook to mock in a new value.

How about a bind mount instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried, couldn't create the missing folder structure, if you have any proposal I am up for it. I am sure creating a VM and booting it with EFI enabled is overkill

'{ "config": { "secure_boot_file": "/tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" } }')

b.reload()
b.go("/system/hwinfo")
b.enter_page('/system/hwinfo')

b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "EFI (Secure Boot enabled)")

# Pretend UEFI and Secure Boot is disabled
m.execute("echo -en '\\x06\\x00\\x00\\x00\\x00' > /tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c")

b.reload()
b.go("/system/hwinfo")
b.enter_page('/system/hwinfo')

b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "EFI (Secure Boot disabled)")

@ testlib.nondestructive
def testCPUSecurityMitigationsDetect(self):
b = self.browser
Expand Down