[OSSTEST PATCH 47/49] setupboot_grub2: Do not boot with XSM policy etc. unless xsm=1

[Ian Jackson]

This prevents us from passing an XSM policy file, and
`flask=enforcing', in supposedly-non-XSM tests.

These bootloader entries can appear because the Xen upstream build
ships XSM policy files by default even if XSM is disabled in the
hypervisor, causing update-grub to generate useless `XSM enabled'
entries.

Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com>
---
 Osstest/Debian.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index c18bf718..b140ede2 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -499,6 +499,9 @@ sub setupboot_grub2 ($$$$) {
                } elsif ($want_xsm && !defined $entry->{Xenpolicy}) {
                    logm("(skipping entry at $entry->{StartLine}..$.;".
                         " XSM policy file not mentioned)");
+               } elsif (!$want_xsm && defined $entry->{Xenpolicy}) {
+                   logm("(skipping entry at $entry->{StartLine}..$.;".
+                        " XSM policy file, but we don't want XSM)");
                } elsif ($ho->{Suite} =~ m/buster/ &&
                         defined $entry->{Xenpolicy} &&
                         !$bootfiles{
-- 
2.20.1