github.com/stolowski/snapd@v0.0.0-20210407085831-115137ce5a22/secboot/export_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 // +build !nosecboot 3 4 /* 5 * Copyright (C) 2020 Canonical Ltd 6 * 7 * This program is free software: you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 3 as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 package secboot 22 23 import ( 24 "io" 25 "time" 26 27 sb "github.com/snapcore/secboot" 28 ) 29 30 var ( 31 EFIImageFromBootFile = efiImageFromBootFile 32 LockTPMSealedKeys = lockTPMSealedKeys 33 ) 34 35 func MockSbConnectToDefaultTPM(f func() (*sb.TPMConnection, error)) (restore func()) { 36 old := sbConnectToDefaultTPM 37 sbConnectToDefaultTPM = f 38 return func() { 39 sbConnectToDefaultTPM = old 40 } 41 } 42 43 func MockProvisionTPM(f func(tpm *sb.TPMConnection, mode sb.ProvisionMode, newLockoutAuth []byte) error) (restore func()) { 44 old := provisionTPM 45 provisionTPM = f 46 return func() { 47 provisionTPM = old 48 } 49 } 50 51 func MockSbAddEFISecureBootPolicyProfile(f func(profile *sb.PCRProtectionProfile, params *sb.EFISecureBootPolicyProfileParams) error) (restore func()) { 52 old := sbAddEFISecureBootPolicyProfile 53 sbAddEFISecureBootPolicyProfile = f 54 return func() { 55 sbAddEFISecureBootPolicyProfile = old 56 } 57 } 58 59 func MockSbAddEFIBootManagerProfile(f func(profile *sb.PCRProtectionProfile, params *sb.EFIBootManagerProfileParams) error) (restore func()) { 60 old := sbAddEFIBootManagerProfile 61 sbAddEFIBootManagerProfile = f 62 return func() { 63 sbAddEFIBootManagerProfile = old 64 } 65 } 66 67 func MockSbAddSystemdEFIStubProfile(f func(profile *sb.PCRProtectionProfile, params *sb.SystemdEFIStubProfileParams) error) (restore func()) { 68 old := sbAddSystemdEFIStubProfile 69 sbAddSystemdEFIStubProfile = f 70 return func() { 71 sbAddSystemdEFIStubProfile = old 72 } 73 } 74 75 func MockSbAddSnapModelProfile(f func(profile *sb.PCRProtectionProfile, params *sb.SnapModelProfileParams) error) (restore func()) { 76 old := sbAddSnapModelProfile 77 sbAddSnapModelProfile = f 78 return func() { 79 sbAddSnapModelProfile = old 80 } 81 } 82 83 func MockSbSealKeyToTPMMultiple(f func(tpm *sb.TPMConnection, keys []*sb.SealKeyRequest, params *sb.KeyCreationParams) (sb.TPMPolicyAuthKey, error)) (restore func()) { 84 old := sbSealKeyToTPMMultiple 85 sbSealKeyToTPMMultiple = f 86 return func() { 87 sbSealKeyToTPMMultiple = old 88 } 89 } 90 91 func MockSbUpdateKeyPCRProtectionPolicyMultiple(f func(tpm *sb.TPMConnection, keyPaths []string, authKey sb.TPMPolicyAuthKey, pcrProfile *sb.PCRProtectionProfile) error) (restore func()) { 92 old := sbUpdateKeyPCRProtectionPolicyMultiple 93 sbUpdateKeyPCRProtectionPolicyMultiple = f 94 return func() { 95 sbUpdateKeyPCRProtectionPolicyMultiple = old 96 } 97 } 98 99 func MockSbBlockPCRProtectionPolicies(f func(tpm *sb.TPMConnection, pcrs []int) error) (restore func()) { 100 old := sbBlockPCRProtectionPolicies 101 sbBlockPCRProtectionPolicies = f 102 return func() { 103 sbBlockPCRProtectionPolicies = old 104 } 105 } 106 107 func MockSbActivateVolumeWithRecoveryKey(f func(volumeName, sourceDevicePath string, 108 keyReader io.Reader, options *sb.ActivateVolumeOptions) error) (restore func()) { 109 old := sbActivateVolumeWithRecoveryKey 110 sbActivateVolumeWithRecoveryKey = f 111 return func() { 112 sbActivateVolumeWithRecoveryKey = old 113 } 114 } 115 116 func MockSbActivateVolumeWithTPMSealedKey(f func(tpm *sb.TPMConnection, volumeName, sourceDevicePath, keyPath string, 117 pinReader io.Reader, options *sb.ActivateVolumeOptions) (bool, error)) (restore func()) { 118 old := sbActivateVolumeWithTPMSealedKey 119 sbActivateVolumeWithTPMSealedKey = f 120 return func() { 121 sbActivateVolumeWithTPMSealedKey = old 122 } 123 } 124 125 func MockSbActivateVolumeWithKey(f func(volumeName, sourceDevicePath string, key []byte, 126 options *sb.ActivateVolumeOptions) error) (restore func()) { 127 old := sbActivateVolumeWithKey 128 sbActivateVolumeWithKey = f 129 return func() { 130 sbActivateVolumeWithKey = old 131 } 132 } 133 134 func MockSbMeasureSnapSystemEpochToTPM(f func(tpm *sb.TPMConnection, pcrIndex int) error) (restore func()) { 135 old := sbMeasureSnapSystemEpochToTPM 136 sbMeasureSnapSystemEpochToTPM = f 137 return func() { 138 sbMeasureSnapSystemEpochToTPM = old 139 } 140 } 141 142 func MockSbMeasureSnapModelToTPM(f func(tpm *sb.TPMConnection, pcrIndex int, model sb.SnapModel) error) (restore func()) { 143 old := sbMeasureSnapModelToTPM 144 sbMeasureSnapModelToTPM = f 145 return func() { 146 sbMeasureSnapModelToTPM = old 147 } 148 } 149 150 func MockRandomKernelUUID(f func() string) (restore func()) { 151 old := randutilRandomKernelUUID 152 randutilRandomKernelUUID = f 153 return func() { 154 randutilRandomKernelUUID = old 155 } 156 } 157 158 func MockSbInitializeLUKS2Container(f func(devicePath, label string, key []byte, 159 opts *sb.InitializeLUKS2ContainerOptions) error) (restore func()) { 160 old := sbInitializeLUKS2Container 161 sbInitializeLUKS2Container = f 162 return func() { 163 sbInitializeLUKS2Container = old 164 } 165 } 166 167 func MockSbAddRecoveryKeyToLUKS2Container(f func(devicePath string, key []byte, recoveryKey sb.RecoveryKey) error) (restore func()) { 168 old := sbAddRecoveryKeyToLUKS2Container 169 sbAddRecoveryKeyToLUKS2Container = f 170 return func() { 171 sbAddRecoveryKeyToLUKS2Container = old 172 } 173 } 174 175 func MockIsTPMEnabled(f func(tpm *sb.TPMConnection) bool) (restore func()) { 176 old := isTPMEnabled 177 isTPMEnabled = f 178 return func() { 179 isTPMEnabled = old 180 } 181 } 182 183 func MockFDEHasRevealKey(f func() bool) (restore func()) { 184 old := FDEHasRevealKey 185 FDEHasRevealKey = f 186 return func() { 187 FDEHasRevealKey = old 188 } 189 } 190 191 func MockFdeRevealKeyCommandExtra(args []string) (restore func()) { 192 oldFdeRevealKeyCommandExtra := fdeRevealKeyCommandExtra 193 fdeRevealKeyCommandExtra = args 194 return func() { 195 fdeRevealKeyCommandExtra = oldFdeRevealKeyCommandExtra 196 } 197 } 198 199 func MockFdeRevealKeyRuntimeMax(d time.Duration) (restore func()) { 200 oldFdeRevealKeyRuntimeMax := fdeRevealKeyRuntimeMax 201 fdeRevealKeyRuntimeMax = d 202 return func() { 203 fdeRevealKeyRuntimeMax = oldFdeRevealKeyRuntimeMax 204 } 205 } 206 207 func MockFdeRevealKeyPollWaitParanoiaFactor(n int) (restore func()) { 208 oldFdeRevealKeyPollWaitParanoiaFactor := fdeRevealKeyPollWaitParanoiaFactor 209 fdeRevealKeyPollWaitParanoiaFactor = n 210 return func() { 211 fdeRevealKeyPollWaitParanoiaFactor = oldFdeRevealKeyPollWaitParanoiaFactor 212 } 213 }