Test checking sysctl separately

[kconfig-hardened-check.git] / .github / workflows / functional_test.sh

diff --git a/.github/workflows/functional_test.sh b/.github/workflows/functional_test.sh
index 50fec21fb11bbda5f25e959946dd755ba253ff25..f7a384dfd99d36b04c30e8a770bc99481f356890 100644 (file)
--- a/.github/workflows/functional_test.sh
+++ b/.github/workflows/functional_test.sh
@@ -3,6 +3,9 @@
 set -x
 set -e
 
+git status
+git show -s
+
 echo "Beginning of the functional tests"
 
 echo ">>>>> get help <<<<<"
@@ -37,7 +40,7 @@ coverage run -a --branch bin/kconfig-hardened-check -g ARM
 
 echo ">>>>> check the example kconfig files, cmdline, and sysctl <<<<<"
 cat /proc/cmdline
-echo "l1tf=off mds=full randomize_kstack_offset=on iommu.passthrough=0" > ./cmdline_example
+echo "l1tf=off mds=full mitigations=off randomize_kstack_offset=on retbleed=0 iommu.passthrough=0" > ./cmdline_example
 cat ./cmdline_example
 sysctl -a > /tmp/sysctls
 CONFIG_DIR=`find . -name config_files`
@@ -60,6 +63,13 @@ do
 done
 echo "\n>>>>> have checked $COUNT kconfigs <<<<<"
 
+echo ">>>>> check sysctl separately <<<<<"
+coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE > /dev/null
+coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m verbose > /dev/null
+coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m json > /dev/null
+coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_ok > /dev/null
+coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_fail > /dev/null
+
 echo "Collect coverage for error handling"
 
 echo ">>>>> -c and -p together <<<<<"