From 25c93aa22cf9ce4309e63aa2a8d9a77a1da73552 Mon Sep 17 00:00:00 2001
From: Fabian Arrotin <arrfab@centos.org>
Date: Sep 21 2015 07:22:17 +0000
Subject: Adding some tests for shim/grub2 secureboot cert validation


---

diff --git a/tests/p_grub2/01_grub2_secureboot_signed.sh b/tests/p_grub2/01_grub2_secureboot_signed.sh
new file mode 100644
index 0000000..c4a6876
--- /dev/null
+++ b/tests/p_grub2/01_grub2_secureboot_signed.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# This test will verify that grub2-efi is correctly signed with correct cert in the CA chain
+
+t_Log "Running $0 -  Verifying that grub2-efi is correctly signed with correct cert"
+
+if [ "$centos_ver" = "7" ] ; then
+  t_InstallPackage pesign grub2-efi
+  pesign --show-signature --in /boot/efi/EFI/centos/grubx64.efi|grep -q 0x7f55a3434808
+  t_CheckExitStatus 0
+else
+  t_log "previous versions than CentOS 7 aren't using secureboot ... skipping"
+  exit 0
+fi
+
diff --git a/tests/p_shim/01_shim_secureboot_signed.sh b/tests/p_shim/01_shim_secureboot_signed.sh
new file mode 100644
index 0000000..2e968f2
--- /dev/null
+++ b/tests/p_shim/01_shim_secureboot_signed.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# This test will verify that shim.efi is correctly signed with correct cert in the CA chain
+
+t_Log "Running $0 -  Verifying that shim.efi is correctly signed with correct cert"
+
+if [ "$centos_ver" = "7" ] ; then
+  t_InstallPackage pesign shim
+  pesign --show-signature --in /boot/efi/EFI/centos/shim.efi|grep -q 0x7f7ff2a0f1e0
+  t_CheckExitStatus 0
+else
+  t_log "previous versions than CentOS 7 aren't using shim/secureboot ... skipping"
+  exit 0
+fi
+