From f933a376e0525adcb9b58624b49377897f6b6e1b Mon Sep 17 00:00:00 2001
From: David Murphy <damurphy@vmware.com>
Date: Fri, 11 Oct 2024 12:44:38 -0600
Subject: [PATCH] Initial test for testing secure-boot grain

---
 salt/grains/extra.py                          | 14 +++--
 .../functional/grains/test_secure_boot.py     | 51 +++++++++++++++++++
 2 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 tests/pytests/functional/grains/test_secure_boot.py

diff --git a/salt/grains/extra.py b/salt/grains/extra.py
index 4180ff3b51eb..6019c1bbe6f7 100644
--- a/salt/grains/extra.py
+++ b/salt/grains/extra.py
@@ -82,12 +82,20 @@ def __secure_boot(efivars_dir):
     return enabled
 
 
-def uefi():
-    """Populate UEFI grains."""
-    efivars_dir = next(
+def get_secure_boot_path():
+    """
+    Provide paths for secure boot directories and files
+    """
+    efivars_path = next(
         filter(os.path.exists, ["/sys/firmware/efi/efivars", "/sys/firmware/efi/vars"]),
         None,
     )
+    return efivars_path
+
+
+def uefi():
+    """Populate UEFI grains."""
+    efivars_dir = get_secure_boot_path()
     grains = {
         "efi": bool(efivars_dir),
         "efi-secure-boot": __secure_boot(efivars_dir) if efivars_dir else False,
diff --git a/tests/pytests/functional/grains/test_secure_boot.py b/tests/pytests/functional/grains/test_secure_boot.py
new file mode 100644
index 000000000000..226d9e4c6d06
--- /dev/null
+++ b/tests/pytests/functional/grains/test_secure_boot.py
@@ -0,0 +1,51 @@
+"""
+    :codeauthor: :email:`David Murphy <david-dm.murphy@broadcom.com`
+"""
+
+## import logging
+import os
+import tempfile
+
+import pytest
+
+import salt.utils.files
+import salt.utils.path
+from tests.support.mock import patch
+
+pytestmark = [
+    pytest.mark.skip_unless_on_linux(reason="Only supported on Linux family"),
+]
+
+## log = logging.getLogger(__name__)
+
+
+def test_secure_boot_efivars():
+    _salt_utils_files_fopen = salt.utils.files.fopen
+
+    with tempfile.TemporaryDirectory() as tempdir:
+        secure_boot_path = os.path.join(tempdir, "secure-boot/efivars")
+
+        print(
+            f"DGM test_secure_boot_efivars, secure_boot_path '{secure_boot_path}'",
+            flush=True,
+        )
+
+        with _salt_utils_files_fopen(
+            os.path.join(secure_boot_path, "/SecureBoot-dog", "wb+")
+        ) as fd:
+            binary_data = b"\x06\x00\x00\x00\x01"
+            fd.write(binary_data)
+
+    secure_boot_path_file = os.path.join(secure_boot_path, "/SecureBoot-dog")
+    print(
+        f"DGM test_secure_boot_efivars secure_boot_path file '{secure_boot_path_file}'",
+        flush=True,
+    )
+
+    with patch("salt.grains.extra.get_secure_boot_path", return_value=secure_boot_path):
+        grains = salt.grains.extra.uefi()
+
+        print(f"DGM test_secure_boot_efivars grains '{grains}'", flush=True)
+
+        expected = {"efi": True, "efi-secure-boot": True}
+        assert grains == expected