github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/secboot/export_sb_test.go

github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/secboot/export_sb_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  // +build !nosecboot
     3  
     4  /*
     5   * Copyright (C) 2021 Canonical Ltd
     6   *
     7   * This program is free software: you can redistribute it and/or modify
     8   * it under the terms of the GNU General Public License version 3 as
     9   * published by the Free Software Foundation.
    10   *
    11   * This program is distributed in the hope that it will be useful,
    12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14   * GNU General Public License for more details.
    15   *
    16   * You should have received a copy of the GNU General Public License
    17   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18   *
    19   */
    20  
    21  package secboot
    22  
    23  import (
    24  	"io"
    25  
    26  	sb "github.com/snapcore/secboot"
    27  )
    28  
    29  var (
    30  	EFIImageFromBootFile = efiImageFromBootFile
    31  	LockTPMSealedKeys    = lockTPMSealedKeys
    32  )
    33  
    34  func MockSbConnectToDefaultTPM(f func() (*sb.TPMConnection, error)) (restore func()) {
    35  	old := sbConnectToDefaultTPM
    36  	sbConnectToDefaultTPM = f
    37  	return func() {
    38  		sbConnectToDefaultTPM = old
    39  	}
    40  }
    41  
    42  func MockProvisionTPM(f func(tpm *sb.TPMConnection, mode sb.ProvisionMode, newLockoutAuth []byte) error) (restore func()) {
    43  	old := provisionTPM
    44  	provisionTPM = f
    45  	return func() {
    46  		provisionTPM = old
    47  	}
    48  }
    49  
    50  func MockSbAddEFISecureBootPolicyProfile(f func(profile *sb.PCRProtectionProfile, params *sb.EFISecureBootPolicyProfileParams) error) (restore func()) {
    51  	old := sbAddEFISecureBootPolicyProfile
    52  	sbAddEFISecureBootPolicyProfile = f
    53  	return func() {
    54  		sbAddEFISecureBootPolicyProfile = old
    55  	}
    56  }
    57  
    58  func MockSbAddEFIBootManagerProfile(f func(profile *sb.PCRProtectionProfile, params *sb.EFIBootManagerProfileParams) error) (restore func()) {
    59  	old := sbAddEFIBootManagerProfile
    60  	sbAddEFIBootManagerProfile = f
    61  	return func() {
    62  		sbAddEFIBootManagerProfile = old
    63  	}
    64  }
    65  
    66  func MockSbAddSystemdEFIStubProfile(f func(profile *sb.PCRProtectionProfile, params *sb.SystemdEFIStubProfileParams) error) (restore func()) {
    67  	old := sbAddSystemdEFIStubProfile
    68  	sbAddSystemdEFIStubProfile = f
    69  	return func() {
    70  		sbAddSystemdEFIStubProfile = old
    71  	}
    72  }
    73  
    74  func MockSbAddSnapModelProfile(f func(profile *sb.PCRProtectionProfile, params *sb.SnapModelProfileParams) error) (restore func()) {
    75  	old := sbAddSnapModelProfile
    76  	sbAddSnapModelProfile = f
    77  	return func() {
    78  		sbAddSnapModelProfile = old
    79  	}
    80  }
    81  
    82  func MockSbSealKeyToTPMMultiple(f func(tpm *sb.TPMConnection, keys []*sb.SealKeyRequest, params *sb.KeyCreationParams) (sb.TPMPolicyAuthKey, error)) (restore func()) {
    83  	old := sbSealKeyToTPMMultiple
    84  	sbSealKeyToTPMMultiple = f
    85  	return func() {
    86  		sbSealKeyToTPMMultiple = old
    87  	}
    88  }
    89  
    90  func MockSbUpdateKeyPCRProtectionPolicyMultiple(f func(tpm *sb.TPMConnection, keyPaths []string, authKey sb.TPMPolicyAuthKey, pcrProfile *sb.PCRProtectionProfile) error) (restore func()) {
    91  	old := sbUpdateKeyPCRProtectionPolicyMultiple
    92  	sbUpdateKeyPCRProtectionPolicyMultiple = f
    93  	return func() {
    94  		sbUpdateKeyPCRProtectionPolicyMultiple = old
    95  	}
    96  }
    97  
    98  func MockSbBlockPCRProtectionPolicies(f func(tpm *sb.TPMConnection, pcrs []int) error) (restore func()) {
    99  	old := sbBlockPCRProtectionPolicies
   100  	sbBlockPCRProtectionPolicies = f
   101  	return func() {
   102  		sbBlockPCRProtectionPolicies = old
   103  	}
   104  }
   105  
   106  func MockSbActivateVolumeWithRecoveryKey(f func(volumeName, sourceDevicePath string,
   107  	keyReader io.Reader, options *sb.ActivateVolumeOptions) error) (restore func()) {
   108  	old := sbActivateVolumeWithRecoveryKey
   109  	sbActivateVolumeWithRecoveryKey = f
   110  	return func() {
   111  		sbActivateVolumeWithRecoveryKey = old
   112  	}
   113  }
   114  
   115  func MockSbActivateVolumeWithTPMSealedKey(f func(tpm *sb.TPMConnection, volumeName, sourceDevicePath, keyPath string,
   116  	pinReader io.Reader, options *sb.ActivateVolumeOptions) (bool, error)) (restore func()) {
   117  	old := sbActivateVolumeWithTPMSealedKey
   118  	sbActivateVolumeWithTPMSealedKey = f
   119  	return func() {
   120  		sbActivateVolumeWithTPMSealedKey = old
   121  	}
   122  }
   123  
   124  func MockSbActivateVolumeWithKey(f func(volumeName, sourceDevicePath string, key []byte,
   125  	options *sb.ActivateVolumeOptions) error) (restore func()) {
   126  	old := sbActivateVolumeWithKey
   127  	sbActivateVolumeWithKey = f
   128  	return func() {
   129  		sbActivateVolumeWithKey = old
   130  	}
   131  }
   132  
   133  func MockSbActivateVolumeWithKeyData(f func(volumeName, sourceDevicePath string, key *sb.KeyData, options *sb.ActivateVolumeOptions) (sb.SnapModelChecker, error)) (restore func()) {
   134  	oldSbActivateVolumeWithKeyData := sbActivateVolumeWithKeyData
   135  	sbActivateVolumeWithKeyData = f
   136  	return func() {
   137  		sbActivateVolumeWithKeyData = oldSbActivateVolumeWithKeyData
   138  	}
   139  }
   140  
   141  func MockSbMeasureSnapSystemEpochToTPM(f func(tpm *sb.TPMConnection, pcrIndex int) error) (restore func()) {
   142  	old := sbMeasureSnapSystemEpochToTPM
   143  	sbMeasureSnapSystemEpochToTPM = f
   144  	return func() {
   145  		sbMeasureSnapSystemEpochToTPM = old
   146  	}
   147  }
   148  
   149  func MockSbMeasureSnapModelToTPM(f func(tpm *sb.TPMConnection, pcrIndex int, model sb.SnapModel) error) (restore func()) {
   150  	old := sbMeasureSnapModelToTPM
   151  	sbMeasureSnapModelToTPM = f
   152  	return func() {
   153  		sbMeasureSnapModelToTPM = old
   154  	}
   155  }
   156  
   157  func MockRandomKernelUUID(f func() string) (restore func()) {
   158  	old := randutilRandomKernelUUID
   159  	randutilRandomKernelUUID = f
   160  	return func() {
   161  		randutilRandomKernelUUID = old
   162  	}
   163  }
   164  
   165  func MockSbInitializeLUKS2Container(f func(devicePath, label string, key []byte,
   166  	opts *sb.InitializeLUKS2ContainerOptions) error) (restore func()) {
   167  	old := sbInitializeLUKS2Container
   168  	sbInitializeLUKS2Container = f
   169  	return func() {
   170  		sbInitializeLUKS2Container = old
   171  	}
   172  }
   173  
   174  func MockSbAddRecoveryKeyToLUKS2Container(f func(devicePath string, key []byte, recoveryKey sb.RecoveryKey) error) (restore func()) {
   175  	old := sbAddRecoveryKeyToLUKS2Container
   176  	sbAddRecoveryKeyToLUKS2Container = f
   177  	return func() {
   178  		sbAddRecoveryKeyToLUKS2Container = old
   179  	}
   180  }
   181  
   182  func MockIsTPMEnabled(f func(tpm *sb.TPMConnection) bool) (restore func()) {
   183  	old := isTPMEnabled
   184  	isTPMEnabled = f
   185  	return func() {
   186  		isTPMEnabled = old
   187  	}
   188  }
   189  
   190  func MockFDEHasRevealKey(f func() bool) (restore func()) {
   191  	old := fdeHasRevealKey
   192  	fdeHasRevealKey = f
   193  	return func() {
   194  		fdeHasRevealKey = old
   195  	}
   196  }
   197  
   198  func MockSbDeactivateVolume(f func(volumeName string) error) (restore func()) {
   199  	old := sbDeactivateVolume
   200  	sbDeactivateVolume = f
   201  	return func() {
   202  		sbDeactivateVolume = old
   203  	}
   204  }