Merge pull request #1119 from NicolaiSoeborg/add-MOR-bit-check

Check MemoryOverwriteRequest Control
2021-05-11 19:56:55 +02:00 · 2021-05-11 19:56:55 +02:00 · efc71ae6bb
parent 4cfd59d60c 3d2f57fe1d
commit efc71ae6bb
1 changed files with 26 additions and 0 deletions
--- a/include/tests_crypto
+++ b/include/tests_crypto
@ -292,6 +292,32 @@
    fi
 #
 #################################################################################
+#
+    # Test        : CRYP-8006
+    # Description : Check that the MemoryOverwriteRequest-bit is set to protect against cold-boot attacks
+    Register --test-no CRYP-8006 --os Linux --weight L --network NO --root-only NO --category security --description "MemoryOverwriteRequest-bit set"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        MOR_CONTROL="${ROOTDIR}sys/firmware/efi/efivars/MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829"
+        LogText "Test: looking for ${MOR_CONTROL}"
+        if [ -f "${MOR_CONTROL}" ]; then
+            DATA=$(od -An --skip-bytes=4 "$MOR_CONTROL")
+            if [ "$DATA" = " 000001" ]; then
+                LogText "Result: MOR-bit set"
+                Display --indent 2 --text "MOR-bit set" --result "${STATUS_YES}" --color GREEN
+            elif [ "$DATA" = " 000000" ]; then
+                LogText "Result: MOR-bit not set!"
+                Display --indent 2 --text "MOR-bit set" --result "${STATUS_NO}" --color RED
+            else
+                LogText "Result: MOR-bit unknown. Found: $DATA"
+                Display --indent 2 --text "MOR-bit set" --result "${STATUS_UNKNOWN}" --color YELLOW
+            fi
+        else
+            LogText "Result: could not find ${MOR_CONTROL}"
+            Display --indent 2 --text "- MOR variable not found" --result "${STATUS_WEAK}" --color WHITE
+        fi
+    fi
+#
+#################################################################################
 #
    Report "rng_found=${RNG_FOUND}"
 #