Checkbox Provider - Base

Merge ~gavin.lin/plainbox-provider-checkbox:dbx-test into plainbox-provider-checkbox:master

  1. Git
  2. lp:~gavin.lin/plainbox-provider-checkbox
  3. dbx-test
  4. Merge into master
Proposed by Gavin Lin
Status: Work in progress
Proposed branch: ~gavin.lin/plainbox-provider-checkbox:dbx-test
Merge into: plainbox-provider-checkbox:master
Diff against target: 38 lines (+20/-0)
3 files modified
units/cve/category.pxu (+3/-0)
units/cve/cve-2020-10713.pxu (+10/-0)
units/cve/test-plan.pxu (+7/-0)
Reviewer Review Type Date Requested Status
Jonathan Cave (community) Needs Fixing
Review via email: mp+390182@code.launchpad.net

Commit message

Add test to check secure boot dbx for CVE-2020-10713.

To post a comment you must log in.
Revision history for this message
Jonathan Cave (jocave) wrote :

I'm not too sure if this really represents a test of the CVE itself which if understand correctly was a vulnerability in GRUB.

It appears that this test makes sure that a particular signature is no longer trusted when enforcing secure boot? I think it would help to make the descriptions a little more clear on that.

It may also make sense to try and limit this job to running only on systems that use the grub bootloader and have secure boot enabled via requires fields.

review: Needs Fixing
Reply
Revision history for this message
Jonathan Cave (jocave) wrote :

@Gavin putting this back to work in progress as it has been dormant for a while. If you want to pick it up again than please respond to above or make changes.

Reply
Revision history for this message
OEM Taipei Bot (oem-taipei-bot) wrote :

Execute `curl -X POST http://10.102.135.31/api/v1/teams/self-contained/pipelines/plainbox-provider-checkbox/resources/merge-proposal-390182/check/webhook?webhook_token=merge-proposal-390182` within TW VPN to restart the test.
[autopkgtest]
$ cat plainbox-provider-checkbox-0.59.0-1-1c442be-in-linux-container-focal-summary.log
blame: .
badpkg: rules build failed with exit code 2
erroneous package: rules build failed with exit code 2
https://oem-share.canonical.com/partners/lyoncore/share/artifacts/plainbox-provider-checkbox-0.59.0-1-1c442be-in-linux-container-focal

Reply

Unmerged commits

1c442be... by Gavin Lin

Add test to check secure boot dbx for CVE-2020-10713

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/units/cve/category.pxu b/units/cve/category.pxu
2new file mode 100644
3index 0000000..57f52c1
4--- /dev/null
5+++ b/units/cve/category.pxu
6@@ -0,0 +1,3 @@
7+unit: category
8+id: cve
9+_name: CVE(Common Vulnerabilities and Exposures)
10diff --git a/units/cve/cve-2020-10713.pxu b/units/cve/cve-2020-10713.pxu
11new file mode 100644
12index 0000000..0fa9a2c
13--- /dev/null
14+++ b/units/cve/cve-2020-10713.pxu
15@@ -0,0 +1,10 @@
16+plugin:shell
17+category_id: com.canonical.plainbox::cve
18+id: cve/CVE-2020-10713_secure_boot_dbx
19+estimated_duration: 0.5
20+requires: executable.name == 'mokutil'
21+_description:
22+ Check secure boot dbx for CVE-2020-10713
23+_summary: Check secure boot dbx for CVE-2020-10713
24+command:
25+ mokutil --dbx |grep 59:4e:ce:20:59:16:48:f5:a0:0d:e3:0c:f6:1d:11:8d:be:ce:80:72
26diff --git a/units/cve/test-plan.pxu b/units/cve/test-plan.pxu
27new file mode 100644
28index 0000000..7812bdb
29--- /dev/null
30+++ b/units/cve/test-plan.pxu
31@@ -0,0 +1,7 @@
32+id: cve-automated
33+unit: test plan
34+_name: Automated CVE Tests
35+_description: Automated CVE(Common Vulnerabilities and Exposures) tests
36+include:
37+ cve/CVE-2020-10713_secure_boot_dbx
38+

Subscribers

People subscribed via source and target branches