Debian.pm: load flask policy in uboot

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
---
Changes in v10:
1. Correctly get $flaskpolicy.

Changes in v9:
1. Add "xen,multiboot-module".

Changes in v8:
1. Append flask_enforcing=1 and flask_enabled=1.

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index 6827d233d49d186cafc64688e948a6e135d35eae..cff8ee0a99e1ea051d93782b21ed23d73c74faeb 100644 (file)
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -153,6 +153,25 @@ sub setupboot_uboot ($$$$) {
        my $kern = "vmlinuz-$want_kernver";
        my $initrd = "initrd.img-$want_kernver";
 
+       my $flask_commands = "";
+       if ($want_xsm) {
+           # Use the flaskpolicy from tools build job because we might
+           # want to test cross releases policy compatibility.
+           my $flaskpolicy = get_runvar('flaskpolicy',$r{buildjob});
+           $xenhopt .= " flask_enabled=1 flask_enforcing=1";
+           $flask_commands = <<END;
+
+setenv flask_policy_addr_r 0x1200000
+flaskpolicy=`readlink /boot/$flaskpolicy`
+ext2load scsi 0 \\\${flask_policy_addr_r} \$flaskpolicy
+fdt mknod /chosen module\@2
+fdt set /chosen/module\@2 compatible "xen,xsm-policy" "xen,multiboot-module"
+fdt set /chosen/module\@2 reg <\\\${flask_policy_addr_r} \\\${filesize}>
+echo Loaded $flaskpolicy to \\\${flask_policy_addr_r} (\\\${filesize})
+
+END
+       }
+
        logm("Xen options: $xenhopt");
 
        # Common kernel options
@@ -241,6 +260,8 @@ fdt set /chosen/module\@1 compatible "xen,linux-initrd" "xen,multiboot-module"
 fdt set /chosen/module\@1 reg <\\\${ramdisk_addr_r} ${size_hex_prefix}\\\${filesize}>
 echo Loaded $initrd to \\\${ramdisk_addr_r} (\\\${filesize})
 
+${flask_commands}
+
 fdt print /chosen
 
 echo Booting \\\${xen_addr_r} - \\\${fdt_addr}