From 820b09b0e3e3f058461764e865d16af9c1df20ba Mon Sep 17 00:00:00 2001 From: Joey Vagedes Date: Tue, 24 May 2022 19:55:01 +0000 Subject: [PATCH] Require cspell 5.20.0 Update cspell to 5.20.0 and make appropriate spelling changes to ensure CI passes. --- .../FastbootTransportTcp.c | 6 +- .../VirtualKeyboardDxe/VirtualKeyboard.c | 6 +- EmbeddedPkg/EmbeddedPkg.ci.yaml | 57 +- EmbeddedPkg/EmbeddedPkg.dec | 2 +- EmbeddedPkg/EmbeddedPkg.dsc | 2 +- EmbeddedPkg/GdbStub/SerialIo.c | 2 +- EmbeddedPkg/Include/libfdt.h | 6 +- .../AndroidBootImgLib/AndroidBootImgLib.c | 2 +- .../VirtualRealTimeClockLib.c | 2 +- .../SimpleTextInOutSerial/SimpleTextInOut.c | 2 +- EmbeddedPkg/Universal/MmcDxe/MmcBlockIo.c | 20 +- SecurityPkg/Include/Library/OemTpm2InitLib.h | 2 +- .../Include/Library/PlatformPKProtectionLib.h | 2 +- SecurityPkg/Include/Library/Tpm2CommandLib.h | 4 +- .../DxeTcg2PhysicalPresenceLib.c | 2 +- .../DxeTcg2PhysicalPresenceMinimumLib.inf | 6 +- .../DxeTpm2MeasureBootLib.c | 14 +- .../DxeTpm2MeasureBootLib.inf | 2 +- .../OemTpm2InitLibNull/OemTpm2InitLib.c | 4 +- .../PlatformPKProtectionLibVarPolicy.c | 102 +- .../UnitTest/MockPlatformPKProtectionLib.c | 2 +- .../UnitTest/SecureBootVariableLibUnitTest.c | 4066 ++++++++--------- .../TcgEventLogRecordLib.inf | 2 +- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 6 +- .../Library/Tpm2CommandLib/Tpm2Hierarchy.c | 4 +- .../Library/Tpm2CommandLib/Tpm2Integrity.c | 4 +- .../Library/Tpm2CommandLib/Tpm2Sequences.c | 8 +- SecurityPkg/SecurityPkg.ci.yaml | 29 +- SecurityPkg/SecurityPkg.dsc | 4 +- SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c | 26 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 6 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 +- .../SecureBootConfigImpl.c | 6 +- 34 files changed, 2247 insertions(+), 2167 deletions(-) diff --git a/EmbeddedPkg/Drivers/AndroidFastbootTransportTcpDxe/FastbootTransportTcp.c b/EmbeddedPkg/Drivers/AndroidFastbootTransportTcpDxe/FastbootTransportTcp.c index 97c1a4599b..b0a9e5bb8b 100644 --- a/EmbeddedPkg/Drivers/AndroidFastbootTransportTcpDxe/FastbootTransportTcp.c +++ b/EmbeddedPkg/Drivers/AndroidFastbootTransportTcpDxe/FastbootTransportTcp.c @@ -87,7 +87,7 @@ DataReceived ( */ STATIC EFI_STATUS -SubmitRecieveToken ( +SubmitReceiveToken ( VOID ) { @@ -208,7 +208,7 @@ DataReceived ( = ReceiveToken->Packet.RxData->FragmentTable[0].FragmentLength; // Prepare to receive more data - SubmitRecieveToken (); + SubmitReceiveToken (); } else { // Fatal receive error. Put an entry with NULL in the queue, signifying // to return EFI_DEVICE_ERROR from TcpFastbootTransportReceive. @@ -282,7 +282,7 @@ ConnectionAccepted ( } for (Index = 0; Index < NUM_RX_TOKENS; Index++) { - SubmitRecieveToken (); + SubmitReceiveToken (); } } diff --git a/EmbeddedPkg/Drivers/VirtualKeyboardDxe/VirtualKeyboard.c b/EmbeddedPkg/Drivers/VirtualKeyboardDxe/VirtualKeyboard.c index 4bbc3ead2c..3abba7aaf3 100644 --- a/EmbeddedPkg/Drivers/VirtualKeyboardDxe/VirtualKeyboard.c +++ b/EmbeddedPkg/Drivers/VirtualKeyboardDxe/VirtualKeyboard.c @@ -29,7 +29,7 @@ EFI_DRIVER_BINDING_PROTOCOL gVirtualKeyboardDriverBinding = { /** Check whether the driver supports this device. - @param This The Udriver binding protocol. + @param This The driver binding protocol. @param Controller The controller handle to check. @param RemainingDevicePath The remaining device path. @@ -500,7 +500,7 @@ VirtualKeyboardWaitForKey ( // will have a bad performance during this period, // e.g. usb keyboard driver. // Add a stall period can greatly increate other driver performance during - // the WaitForKey is recursivly invoked. 1ms delay will make little impact + // the WaitForKey is recursively invoked. 1ms delay will make little impact // to the thunk keyboard driver, and user can not feel the delay at all when // input. // @@ -666,7 +666,7 @@ KeyboardReadKeyStrokeWorker ( // bad performance during this period, // e.g. usb keyboard driver. // Add a stall period can greatly increate other driver performance during - // the WaitForKey is recursivly invoked. 1ms delay will make little impact + // the WaitForKey is recursively invoked. 1ms delay will make little impact // to the thunk keyboard driver, and user can not feel the delay at all when // input. // diff --git a/EmbeddedPkg/EmbeddedPkg.ci.yaml b/EmbeddedPkg/EmbeddedPkg.ci.yaml index c2b3ae984a..ac72f41bb6 100644 --- a/EmbeddedPkg/EmbeddedPkg.ci.yaml +++ b/EmbeddedPkg/EmbeddedPkg.ci.yaml @@ -61,7 +61,62 @@ "SpellCheck": { "AuditOnly": True, "IgnoreFiles": [], # use gitignore syntax to ignore errors in matching files - "ExtendWords": [], # words to extend to the dictionary for this package + "ExtendWords": [ + "ebadbufsize", + "qXfer", + "Packetq", #cspell is confused from PacketqXfer + "rwatch", + "awatch", + "e_lfanew", + "ralloc", + "Intialize", # Is misspelled in a library function + "libfdt", + "ncells", + "badncells", + "phandle", + "phandles", + "badphandle", + "nnode", + "namep", + "pdepth", + "atdepth", + "fdtstart", + "fdtend", + "txrdy", + "atmel", + "gigadevice", + "stmicro", + "jedec", + "hisilicon", + "vtutf", + "ioblocks", + "blkio", + "ismultiblock", + "readbllen", + "writebllen", + "powerup", + "emmcbackward", + "emmchs", + "udriver", + "eunknown", + "strsz", + "ffset", + "mpidr", + "abootimg", #android boot image + "Maxium", # Typo in a library header function + "Lenght", # Typo in a library header function + "eoi'ed", + "isreadonly", + "stdby", + "tcase", + "mgmnt", + "bkops", + "ddisable", + "Lauterbach", + "taggs" + + + ], # words to extend to the dictionary for this package "IgnoreStandardPaths": [], # Standard Plugin defined paths that should be ignore "AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported) } diff --git a/EmbeddedPkg/EmbeddedPkg.dec b/EmbeddedPkg/EmbeddedPkg.dec index 9a50c54a11..482ee3fc83 100644 --- a/EmbeddedPkg/EmbeddedPkg.dec +++ b/EmbeddedPkg/EmbeddedPkg.dec @@ -150,7 +150,7 @@ # Android FastBoot # - # The Android FastBoot utility has hard-coded USB Vendor IDs that it recognises + # The Android FastBoot utility has hard-coded USB Vendor IDs that it can recognise # (and 0xf00d isn't one of them!). # You'll need to pass it "-i 0xf00d" to get it to recognise this device. gEmbeddedTokenSpaceGuid.PcdAndroidFastbootUsbVendorId|0xf00d|UINT32|0x00000022 diff --git a/EmbeddedPkg/EmbeddedPkg.dsc b/EmbeddedPkg/EmbeddedPkg.dsc index 10b51ae409..f26ef13610 100644 --- a/EmbeddedPkg/EmbeddedPkg.dsc +++ b/EmbeddedPkg/EmbeddedPkg.dsc @@ -173,7 +173,7 @@ gEmbeddedTokenSpaceGuid.PcdPrePiStackSize|0 # -# Optinal feature to help prevent EFI memory map fragments +# Optional feature to help prevent EFI memory map fragments # Turned on and off via: PcdPrePiProduceMemoryTypeInformationHob # Values are in EFI Pages (4K). DXE Core will make sure that # at least this much of each type of memory can be allocated diff --git a/EmbeddedPkg/GdbStub/SerialIo.c b/EmbeddedPkg/GdbStub/SerialIo.c index 98ea611e8b..fdc9e2d75f 100644 --- a/EmbeddedPkg/GdbStub/SerialIo.c +++ b/EmbeddedPkg/GdbStub/SerialIo.c @@ -457,7 +457,7 @@ GDB_SERIAL_DEV gdbSerialDevTemplate = { 0, // ControlMask 0, // Timeout 0, // BaudRate - 1, // RceiveFifoDepth + 1, // ReceiveFifoDepth 0, // DataBits 0, // Parity 0 // StopBits diff --git a/EmbeddedPkg/Include/libfdt.h b/EmbeddedPkg/Include/libfdt.h index 6105b9c075..1fda5eae59 100644 --- a/EmbeddedPkg/Include/libfdt.h +++ b/EmbeddedPkg/Include/libfdt.h @@ -735,7 +735,7 @@ fdt_get_property_w ( * to within the device blob itself, not a copy of the value). If * lenp is non-NULL, the length of the property value is also * returned, in the integer pointed to by lenp. If namep is non-NULL, - * the property's namne will also be returned in the char * pointed to + * the property's name will also be returned in the char * pointed to * by namep (this will be a pointer to within the device tree's string * block, not a new copy of the name). * @@ -2246,7 +2246,7 @@ fdt_add_subnode_namelen ( * change the offsets of some existing nodes. * returns: - * structure block offset of the created nodeequested subnode (>=0), on + * structure block offset of the created noderequested subnode (>=0), on * success * -FDT_ERR_NOTFOUND, if the requested subnode does not exist * -FDT_ERR_BADOFFSET, if parentoffset did not point to an FDT_BEGIN_NODE @@ -2311,7 +2311,7 @@ fdt_del_node ( * returns: * 0, on success * -FDT_ERR_NOSPACE, there's not enough space in the base device tree - * -FDT_ERR_NOTFOUND, the overlay points to some inexistant nodes or + * -FDT_ERR_NOTFOUND, the overlay points to some non existant nodes or * properties in the base DT * -FDT_ERR_BADPHANDLE, * -FDT_ERR_BADOVERLAY, diff --git a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c index 1359a66db2..66c43489b4 100644 --- a/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c +++ b/EmbeddedPkg/Library/AndroidBootImgLib/AndroidBootImgLib.c @@ -175,7 +175,7 @@ AndroidBootImgGetImgSize ( /* The page size is not specified, but it should be power of 2 at least */ ASSERT (IS_VALID_ANDROID_PAGE_SIZE (Header->PageSize)); - /* Get real size of abootimg */ + /* Get real size of boot img */ *ImgSize = ALIGN_VALUE (Header->KernelSize, Header->PageSize) + ALIGN_VALUE (Header->RamdiskSize, Header->PageSize) + ALIGN_VALUE (Header->SecondStageBootloaderSize, Header->PageSize) + diff --git a/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.c b/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.c index ce288d719f..f066b1f7e1 100644 --- a/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.c +++ b/EmbeddedPkg/Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.c @@ -2,7 +2,7 @@ * * Implement virtual EFI RealTimeClock runtime services. * - * Coypright (c) 2019, Pete Batard + * Copyright (c) 2019, Pete Batard * Copyright (c) 2018, Andrei Warkentin * Copyright (c) 2011-2021, ARM Ltd. All rights reserved. * Copyright (c) 2008-2010, Apple Inc. All rights reserved. diff --git a/EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOut.c b/EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOut.c index 32944a8d9d..733d7e3fa8 100644 --- a/EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOut.c +++ b/EmbeddedPkg/SimpleTextInOutSerial/SimpleTextInOut.c @@ -554,7 +554,7 @@ OutputString ( Mode->CursorRow++; } - // CHAR_CARIAGE_RETURN + // CHAR_CARRIAGE_RETURN Mode->CursorColumn = 0; } else { Mode->CursorColumn++; diff --git a/EmbeddedPkg/Universal/MmcDxe/MmcBlockIo.c b/EmbeddedPkg/Universal/MmcDxe/MmcBlockIo.c index d695e25571..7825a90f8d 100644 --- a/EmbeddedPkg/Universal/MmcDxe/MmcBlockIo.c +++ b/EmbeddedPkg/Universal/MmcDxe/MmcBlockIo.c @@ -247,7 +247,7 @@ MmcIoBlocks ( UINTN Cmd; MMC_HOST_INSTANCE *MmcHostInstance; EFI_MMC_HOST_PROTOCOL *MmcHost; - UINTN BytesRemainingToBeTransfered; + UINTN BytesRemainingToBeTransferred; UINTN BlockCount; UINTN ConsumeSize; UINT32 MaxBlock; @@ -301,10 +301,10 @@ MmcIoBlocks ( } // Max block number in single cmd is 65535 blocks. - MaxBlock = 0xFFFF; - RemainingBlock = BlockCount; - BytesRemainingToBeTransfered = BufferSize; - while (BytesRemainingToBeTransfered > 0) { + MaxBlock = 0xFFFF; + RemainingBlock = BlockCount; + BytesRemainingToBeTransferred = BufferSize; + while (BytesRemainingToBeTransferred > 0) { if (RemainingBlock <= MaxBlock) { BlockCount = RemainingBlock; } else { @@ -349,8 +349,8 @@ MmcIoBlocks ( } ConsumeSize = BlockCount * This->Media->BlockSize; - if (BytesRemainingToBeTransfered < ConsumeSize) { - ConsumeSize = BytesRemainingToBeTransfered; + if (BytesRemainingToBeTransferred < ConsumeSize) { + ConsumeSize = BytesRemainingToBeTransferred; } Status = MmcTransferBlock (This, Cmd, Transfer, MediaId, Lba, ConsumeSize, Buffer); @@ -358,9 +358,9 @@ MmcIoBlocks ( DEBUG ((DEBUG_ERROR, "%a(): Failed to transfer block and Status:%r\n", __func__, Status)); } - RemainingBlock -= BlockCount; - BytesRemainingToBeTransfered -= ConsumeSize; - if (BytesRemainingToBeTransfered > 0) { + RemainingBlock -= BlockCount; + BytesRemainingToBeTransferred -= ConsumeSize; + if (BytesRemainingToBeTransferred > 0) { Lba += BlockCount; Buffer = (UINT8 *)Buffer + ConsumeSize; } diff --git a/SecurityPkg/Include/Library/OemTpm2InitLib.h b/SecurityPkg/Include/Library/OemTpm2InitLib.h index 8985fef82f..bdf11e49d6 100644 --- a/SecurityPkg/Include/Library/OemTpm2InitLib.h +++ b/SecurityPkg/Include/Library/OemTpm2InitLib.h @@ -96,7 +96,7 @@ OemTpm2InitDxeEntryPreRegistration ( NOTE: If this function returns an EFI_ERROR, TPM initialization WILL NOT continue. Make sure this is something you actually want to do. - @param[in] BootAttemptCount Number of ReadyToBoot events that have occured. + @param[in] BootAttemptCount Number of ReadyToBoot events that have occurred. 0 indicates that this is the first ReadyToBoot event and is where most of any custom initialization should occur. diff --git a/SecurityPkg/Include/Library/PlatformPKProtectionLib.h b/SecurityPkg/Include/Library/PlatformPKProtectionLib.h index 3586a47b77..9156c662ff 100644 --- a/SecurityPkg/Include/Library/PlatformPKProtectionLib.h +++ b/SecurityPkg/Include/Library/PlatformPKProtectionLib.h @@ -19,7 +19,7 @@ @retval EFI_SUCCESS State has been successfully updated. @retval Others Error returned from implementation specific - underying APIs. + underlying APIs. **/ EFI_STATUS diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index f278bae432..4cf9e1b8ac 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1140,7 +1140,7 @@ CopyDigestListToBuffer ( @param[in,out] DigestList TPML_DIGEST_VALUES. @return EFI_STATUS - @retval EFI_SUCCESS Buffer was succesfully copied to Digest List. + @retval EFI_SUCCESS Buffer was successfully copied to Digest List. @retval EFI_BAD_BUFFER_SIZE Bad buffer size passed to function. @retval EFI_INVALID_PARAMETER Invalid parameter passed to function: NULL pointer or BufferSize bigger than TPML_DIGEST_VALUES @@ -1221,7 +1221,7 @@ Tpm2PcrReadForActiveBank ( ); /** - MSCHANGE + MS_CHANGE Check if all hash algorithms supported in HashAlgorithmMask are present in the DigestList. diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index fcf6dd9072..e0f4beba42 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -955,7 +955,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( EFI_STATUS Status; UINTN DataSize; EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; - // EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; // MSCHANGE + // EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; // MS_CHANGE EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; // MS_CHANGE_212735 diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf index dd0d692909..e4c107a9ef 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceMinimumLib/DxeTcg2PhysicalPresenceMinimumLib.inf @@ -9,10 +9,8 @@ # ## -#Override : 00000001 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 42955a1fa2de3771a2e7c1e51cb0d149 | 2021-01-09T19-05-15 -# This is not a true override, but as this is derived from the full-featured lib, we want to track if any bugs are fixed there to ensure they are fixed here -# A minimized version of the TCG2 Physical Presence Library that implements only the features that are required by the TCG PPI 1.3 spec, -# optional features are removed, the only supported function is to Clear the TPM, and is always approved with no UX +#Override : 00000002 | SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf | 03382807a47736a9a698fda98cf2ba7c | 2022-05-24T09-00-00 | +# This is not a true override, but spell changes to ensure mu_tiano_plus passes CI is required and changes the hash. [Defines] INF_VERSION = 0x00010005 diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index 9d4834a1a7..7a267577de 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -31,8 +31,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#include // mschange for excludedFvHob support -#include // Mschange +#include // MsChange for excludedFvHob support +#include // MsChange #include #include @@ -63,7 +63,7 @@ UINTN mTcg2ImageSize; // EFI_HANDLE mTcg2CacheMeasuredHandle = NULL; MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; -EXCLUDED_HOB_DATA *mExcludedFvHobData = NULL; // mschange +EXCLUDED_HOB_DATA *mExcludedFvHobData = NULL; // MsChange /** Reads contents of a PE/COFF image in memory buffer. @@ -518,7 +518,7 @@ Tcg2MeasurePeImage ( @param MeasureBootProtocols Pointer to the located measure boot protocol instances. - @retval EFI_SUCCESS Sucessfully locate the measure boot protocol instances (at least one instance). + @retval EFI_SUCCESS Successfully locate the measure boot protocol instances (at least one instance). @retval EFI_UNSUPPORTED Measure boot is not supported. **/ EFI_STATUS @@ -784,7 +784,7 @@ DxeTpm2MeasureBootHandler ( } } - // was not found in measured list. Now check exclude list -- mschange + // was not found in measured list. Now check exclude list -- MsChange if ((ApplicationRequired == FALSE) && (mExcludedFvHobData != NULL)) { for (Index = 0; Index < mExcludedFvHobData->Num; Index++) { if (mExcludedFvHobData->ExcludedFvs[Index].FvBase == FvAddress) { @@ -796,7 +796,7 @@ DxeTpm2MeasureBootHandler ( break; } } - } // -- mschange end + } // -- MsChange end } } @@ -913,7 +913,7 @@ DxeTpm2MeasureBootLibConstructor ( mTcg2MeasuredHobData = GET_GUID_HOB_DATA (GuidHob); } - // mschange - Get excluded fv list if present + // MsChange - Get excluded fv list if present GuidHob = GetFirstGuidHob (&gExcludedFvHobGuid); if (GuidHob != NULL) { diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf index 97c27be2ad..5d9316bf69 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf @@ -58,7 +58,7 @@ [Guids] gMeasuredFvHobGuid ## SOMETIMES_CONSUMES ## HOB - gExcludedFvHobGuid ## SOMETIMES_CONSUMES ## HOB # mschange + gExcludedFvHobGuid ## SOMETIMES_CONSUMES ## HOB # MsChange [Protocols] gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.c b/SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.c index 01a26893b3..14bae5e160 100644 --- a/SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.c +++ b/SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.c @@ -53,7 +53,7 @@ OemTpm2InitPeiPreStartup ( IMPLEMENTATION: Read the TPM Enablement NV Index from the TPM itself. - If enabled, allow init to continue. - - If read fails because NV Index missing or uninitialzed: + - If read fails because NV Index missing or uninitialized: - If missing, create and initialize. - If uninitialized, set to default value (TPM ON) - If disabled, discontinue TPM init. @@ -130,7 +130,7 @@ OemTpm2InitDxeEntryPreRegistration ( NOTE: If this function returns an EFI_ERROR, TPM initialization WILL NOT continue. Make sure this is something you actually want to do. - @param[in] BootAttemptCount Number of ReadyToBoot events that have occured. + @param[in] BootAttemptCount Number of ReadyToBoot events that have occurred. 0 indicates that this is the first ReadyToBoot event and is where most of any custom initialization should occur. diff --git a/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c index 00bd63dc03..1ec93fd186 100644 --- a/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c +++ b/SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.c @@ -1,51 +1,51 @@ -/** @file - Provides an abstracted interface for configuring PK related variable protection. - - Copyright (c) Microsoft Corporation. - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ -#include -#include - -#include -#include - -/** - Disable any applicable protection against variable 'PK'. The implementation - of this interface is platform specific, depending on the protection techniques - used per platform. - - Note: It is the platform's responsibility to conduct cautious operation after - disabling this protection. - - @retval EFI_SUCCESS State has been successfully updated. - @retval Others Error returned from implementation specific - underying APIs. - -**/ -EFI_STATUS -EFIAPI -DisablePKProtection ( - VOID - ) -{ - EFI_STATUS Status = EFI_SUCCESS; - EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; - - DEBUG ((DEBUG_INFO, "%a() Entry...\n", __func__)); - - // IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled. - // The system *MUST* be reset after performing this operation. - Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy); - if (!EFI_ERROR (Status)) { - Status = VariablePolicy->DisableVariablePolicy (); - // EFI_ALREADY_STARTED means that everything is currently disabled. - // This should be considered SUCCESS. - if (Status == EFI_ALREADY_STARTED) { - Status = EFI_SUCCESS; - } - } - - return Status; -} +/** @file + Provides an abstracted interface for configuring PK related variable protection. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include + +#include +#include + +/** + Disable any applicable protection against variable 'PK'. The implementation + of this interface is platform specific, depending on the protection techniques + used per platform. + + Note: It is the platform's responsibility to conduct cautious operation after + disabling this protection. + + @retval EFI_SUCCESS State has been successfully updated. + @retval Others Error returned from implementation specific + underlying APIs. + +**/ +EFI_STATUS +EFIAPI +DisablePKProtection ( + VOID + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; + + DEBUG ((DEBUG_INFO, "%a() Entry...\n", __func__)); + + // IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled. + // The system *MUST* be reset after performing this operation. + Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy); + if (!EFI_ERROR (Status)) { + Status = VariablePolicy->DisableVariablePolicy (); + // EFI_ALREADY_STARTED means that everything is currently disabled. + // This should be considered SUCCESS. + if (Status == EFI_ALREADY_STARTED) { + Status = EFI_SUCCESS; + } + } + + return Status; +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c index a8644d272d..ed8699a092 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c @@ -23,7 +23,7 @@ @retval EFI_SUCCESS State has been successfully updated. @retval Others Error returned from implementation specific - underying APIs. + underlying APIs. **/ EFI_STATUS diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c index 5b77bb8d32..9e44a5245b 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c @@ -1,2033 +1,2033 @@ -/** @file - Unit tests of the implementation of SecureBootVariableLib. - - Copyright (C) Microsoft Corporation. - SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include - -#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests" -#define UNIT_TEST_APP_VERSION "1.0" -#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) - -extern EFI_TIME mMaxTimestamp; -extern EFI_TIME mDefaultPayloadTimestamp; - -/** - Sets the value of a variable. - - @param[in] VariableName A Null-terminated string that is the name of the vendor's variable. - Each VariableName is unique for each VendorGuid. VariableName must - contain 1 or more characters. If VariableName is an empty string, - then EFI_INVALID_PARAMETER is returned. - @param[in] VendorGuid A unique identifier for the vendor. - @param[in] Attributes Attributes bitmask to set for the variable. - @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero - causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is - set, then a SetVariable() call with a DataSize of zero will not cause any change to - the variable value (the timestamp associated with the variable may be updated however - even if no new data value is provided,see the description of the - EFI_VARIABLE_AUTHENTICATION_2 descriptor below. In this case the DataSize will not - be zero since the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be populated). - @param[in] Data The contents for the variable. - - @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as - defined by the Attributes. - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied, or the - DataSize exceeds the maximum allowed. - @retval EFI_INVALID_PARAMETER VariableName is an empty string. - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. - @retval EFI_WRITE_PROTECTED The variable in question is read-only. - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, - but the AuthInfo does NOT pass the validation check carried out by the firmware. - - @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. - -**/ -STATIC -EFI_STATUS -EFIAPI -MockSetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data - ) -{ - DEBUG (( - DEBUG_INFO, - "%a %s %g %x %x %p\n", - __func__, - VariableName, - VendorGuid, - Attributes, - DataSize, - Data - )); - check_expected_ptr (VariableName); - check_expected_ptr (VendorGuid); - check_expected_ptr (Attributes); - check_expected (DataSize); - check_expected (Data); - - return (EFI_STATUS)mock (); -} - -/** - Returns the value of a variable. - - @param[in] VariableName A Null-terminated string that is the name of the vendor's - variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] Attributes If not NULL, a pointer to the memory location to return the - attributes bitmask for the variable. - @param[in, out] DataSize On input, the size in bytes of the return Data buffer. - On output the size of data returned in Data. - @param[out] Data The buffer to return the contents of the variable. May be NULL - with a zero DataSize in order to determine the size buffer needed. - - @retval EFI_SUCCESS The function completed successfully. - @retval EFI_NOT_FOUND The variable was not found. - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. - @retval EFI_INVALID_PARAMETER VariableName is NULL. - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. - @retval EFI_INVALID_PARAMETER DataSize is NULL. - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL. - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure. - -**/ -STATIC -EFI_STATUS -EFIAPI -MockGetVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - OUT UINT32 *Attributes OPTIONAL, - IN OUT UINTN *DataSize, - OUT VOID *Data OPTIONAL - ) -{ - UINTN TargetSize; - BOOLEAN Exist; - - DEBUG (( - DEBUG_INFO, - "%a %s %g %p %x %p\n", - __func__, - VariableName, - VendorGuid, - Attributes, - *DataSize, - Data - )); - assert_non_null (DataSize); - check_expected_ptr (VariableName); - check_expected_ptr (VendorGuid); - check_expected (*DataSize); - - Exist = (BOOLEAN)mock (); - - if (!Exist) { - return EFI_NOT_FOUND; - } - - TargetSize = (UINTN)mock (); - if (TargetSize > *DataSize) { - *DataSize = TargetSize; - return EFI_BUFFER_TOO_SMALL; - } else { - assert_non_null (Data); - CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize); - } - - return EFI_SUCCESS; -} - -/// -/// Mock version of the UEFI Runtime Services Table -/// -EFI_RUNTIME_SERVICES MockRuntime = { - { - EFI_RUNTIME_SERVICES_SIGNATURE, // Signature - EFI_RUNTIME_SERVICES_REVISION, // Revision - sizeof (EFI_RUNTIME_SERVICES), // HeaderSize - 0, // CRC32 - 0 // Reserved - }, - NULL, // GetTime - NULL, // SetTime - NULL, // GetWakeupTime - NULL, // SetWakeupTime - NULL, // SetVirtualAddressMap - NULL, // ConvertPointer - MockGetVariable, // GetVariable - NULL, // GetNextVariableName - MockSetVariable, // SetVariable - NULL, // GetNextHighMonotonicCount - NULL, // ResetSystem - NULL, // UpdateCapsule - NULL, // QueryCapsuleCapabilities - NULL // QueryVariableInfo -}; - -/** - Unit test for SetSecureBootMode () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootModeShouldSetVar ( - IN UNIT_TEST_CONTEXT Context - ) -{ - UINT8 SecureBootMode; - EFI_STATUS Status; - - SecureBootMode = 0xAB; // Any random magic number... - expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode)); - expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBootMode)); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = SetSecureBootMode (SecureBootMode); - - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for GetSetupMode () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -GetSetupModeShouldGetVar ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 TargetMode; - UINT8 SetupMode; - - TargetMode = 0xAB; // Any random magic number... - expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeof (EFI_SETUP_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (SetupMode)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (SetupMode)); - will_return (MockGetVariable, &TargetMode); - - Status = GetSetupMode (&SetupMode); - - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (SetupMode, TargetMode); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for GetSetupMode () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -IsSecureBootEnableShouldGetVar ( - IN UNIT_TEST_CONTEXT Context - ) -{ - BOOLEAN Enabled; - UINT8 TargetMode; - - TargetMode = SECURE_BOOT_MODE_ENABLE; - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (TargetMode)); - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (TargetMode)); - will_return (MockGetVariable, &TargetMode); - - Enabled = IsSecureBootEnabled (); - - UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SecureBootCreateDataFromInputSimple ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_SIGNATURE_LIST *SigList = NULL; - EFI_SIGNATURE_DATA *SigData = NULL; - UINTN SigListSize = 0; - EFI_STATUS Status; - UINT8 TestData[] = { 0 }; - SECURE_BOOT_CERTIFICATE_INFO KeyInfo; - - KeyInfo.Data = TestData; - KeyInfo.DataSize = sizeof (TestData); - - Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); - - UT_ASSERT_NOT_EFI_ERROR (Status); - - UT_ASSERT_NOT_NULL (SigList); - UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); - UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); - UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); - UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); - UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize); - - SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); - UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); - UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SecureBootCreateDataFromInputNull ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_SIGNATURE_LIST *SigList = NULL; - UINTN SigListSize = 0; - EFI_STATUS Status; - SECURE_BOOT_CERTIFICATE_INFO KeyInfo = { - .Data = NULL, - .DataSize = 0 - }; - - Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NULL); - UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); - - Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SecureBootCreateDataFromInputMultiple ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_SIGNATURE_LIST *SigList = NULL; - EFI_SIGNATURE_DATA *SigData = NULL; - UINTN SigListSize = 0; - UINTN TotalSize = 0; - UINTN Index = 0; - UINT8 TestData1[] = { 0 }; - UINT8 TestData2[] = { 1, 2 }; - EFI_STATUS Status; - SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2]; - - KeyInfo[0].Data = TestData1; - KeyInfo[0].DataSize = sizeof (TestData1); - KeyInfo[1].Data = TestData2; - KeyInfo[1].DataSize = sizeof (TestData2); - - Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, KeyInfo); - UT_ASSERT_NOT_EFI_ERROR (Status); - - UT_ASSERT_NOT_NULL (SigList); - - for (Index = 0; Index < 2; Index++) { - UT_ASSERT_TRUE (SigListSize > TotalSize); - - UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); - UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); - UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); - UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); - - SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); - UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); - UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyInfo[Index].DataSize); - TotalSize = TotalSize + SigList->SignatureListSize; - SigList = (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->SignatureListSize); - } - - UT_ASSERT_EQUAL (SigListSize, TotalSize); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -CreateTimeBasedPayloadShouldPopulateDescriptor ( - IN UNIT_TEST_CONTEXT Context - ) -{ - UINT8 Data[] = { 2 }; - UINTN DataSize = sizeof (Data); - UINT8 *CheckData; - EFI_VARIABLE_AUTHENTICATION_2 *VarAuth; - EFI_STATUS Status; - EFI_TIME Time = { - .Year = 2012, - .Month = 3, - .Day = 4, - .Hour = 5, - .Minute = 6, - .Second = 7, - .Pad1 = 0, - .Nanosecond = 8910, - .TimeZone = 1112, - .Pad2 = 0 - }; - - CheckData = AllocateCopyPool (DataSize, Data); - Status = CreateTimeBasedPayload (&DataSize, &CheckData, &Time); - UT_ASSERT_NOT_EFI_ERROR (Status); - - // This is result that we did not pack this structure... - // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1, - // because the structure is not at the end of this structure, but partially - // inside it... - UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data)); - UT_ASSERT_NOT_NULL (CheckData); - - VarAuth = (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData; - UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME)); - - UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); - UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200); - UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_EFI_GUID); - UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7Guid)); - - UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data)); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -CreateTimeBasedPayloadShouldCheckInput ( - IN UNIT_TEST_CONTEXT Context - ) -{ - UINTN DataSize = 0; - UINT8 *Data = NULL; - EFI_TIME Time; - EFI_STATUS Status; - - Status = CreateTimeBasedPayload (NULL, &Data, &Time); - UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); - - Status = CreateTimeBasedPayload (&DataSize, NULL, &Time); - UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); - - Status = CreateTimeBasedPayload (&DataSize, &Data, NULL); - UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteDb () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteDbShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeleteDb (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteDbx () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteDbxShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeleteDbx (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteDbt () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteDbtShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeleteDbt (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteKEK () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteKEKShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - - expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeleteKEK (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeletePlatformKey () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeletePKShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; - - expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - expect_value (MockSetVariable, DataSize, sizeof (BootMode)); - expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeletePlatformKey (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteSecureBootVariablesShouldDelete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = 0; - UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; - - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); - - will_return (DisablePKProtection, EFI_SUCCESS); - - expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - expect_value (MockSetVariable, DataSize, sizeof (BootMode)); - expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (Dummy)); - will_return (MockGetVariable, &Dummy); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = DeleteSecureBootVariables (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteSecureBootVariablesShouldCheckProtection ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - - will_return (DisablePKProtection, EFI_SECURITY_VIOLATION); - - Status = DeleteSecureBootVariables (); - UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -DeleteSecureBootVariablesShouldProceedWithNotFound ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; - - will_return (DisablePKProtection, EFI_SUCCESS); - - expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - expect_value (MockSetVariable, DataSize, sizeof (BootMode)); - expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); - - will_return (MockSetVariable, EFI_SUCCESS); - - expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Status = DeleteSecureBootVariables (); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -EnrollFromInputShouldComplete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 Dummy = 3; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (Dummy); - - Payload = AllocateCopyPool (sizeof (Dummy), &Dummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, sizeof (Dummy), &Dummy); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldComplete ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbtDummy = 0xAD; - UINT8 DbxDummy = 0xBE; - UINT8 KekDummy = 0xEF; - UINT8 PkDummy = 0xFE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.DbtPtr = &DbtDummy; - PayloadInfo.DbtSize = sizeof (DbtDummy); - PayloadInfo.KekPtr = &KekDummy; - PayloadInfo.KekSize = sizeof (KekDummy); - PayloadInfo.PkPtr = &PkDummy; - PayloadInfo.PkSize = sizeof (PkDummy); - PayloadInfo.SecureBootKeyName = L"Food"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); - PayloadSize = sizeof (DbtDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &KekDummy, sizeof (KekDummy)); - PayloadSize = sizeof (KekDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &PkDummy, sizeof (PkDummy)); - PayloadSize = sizeof (PkDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopWhenSecure ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 TargetMode = SECURE_BOOT_MODE_ENABLE; - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (TargetMode)); - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); - - will_return (MockGetVariable, TRUE); - will_return (MockGetVariable, sizeof (TargetMode)); - will_return (MockGetVariable, &TargetMode); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopFailDBX ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbxDummy = 0xBE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbxDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.SecureBootKeyName = L"Fail DBX"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_WRITE_PROTECTED); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopFailDB ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbxDummy = 0xBE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.SecureBootKeyName = L"Fail DB"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_WRITE_PROTECTED); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopFailDBT ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbtDummy = 0xAD; - UINT8 DbxDummy = 0xBE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.DbtPtr = &DbtDummy; - PayloadInfo.DbtSize = sizeof (DbtDummy); - PayloadInfo.SecureBootKeyName = L"Fail DBT"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); - PayloadSize = sizeof (DbtDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - will_return (MockSetVariable, EFI_ACCESS_DENIED); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopFailKEK ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbtDummy = 0xAD; - UINT8 DbxDummy = 0xBE; - UINT8 KekDummy = 0xEF; - UINT8 PkDummy = 0xFE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.DbtPtr = &DbtDummy; - PayloadInfo.DbtSize = sizeof (DbtDummy); - PayloadInfo.KekPtr = &KekDummy; - PayloadInfo.KekSize = sizeof (KekDummy); - PayloadInfo.PkPtr = &PkDummy; - PayloadInfo.PkSize = sizeof (PkDummy); - PayloadInfo.SecureBootKeyName = L"Food"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); - PayloadSize = sizeof (DbtDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &KekDummy, sizeof (KekDummy)); - PayloadSize = sizeof (KekDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - will_return (MockSetVariable, EFI_DEVICE_ERROR); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesShouldStopFailPK ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbtDummy = 0xAD; - UINT8 DbxDummy = 0xBE; - UINT8 KekDummy = 0xEF; - UINT8 PkDummy = 0xFE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.DbtPtr = &DbtDummy; - PayloadInfo.DbtSize = sizeof (DbtDummy); - PayloadInfo.KekPtr = &KekDummy; - PayloadInfo.KekSize = sizeof (KekDummy); - PayloadInfo.PkPtr = &PkDummy; - PayloadInfo.PkSize = sizeof (PkDummy); - PayloadInfo.SecureBootKeyName = L"Food"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); - PayloadSize = sizeof (DbtDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &KekDummy, sizeof (KekDummy)); - PayloadSize = sizeof (KekDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &PkDummy, sizeof (PkDummy)); - PayloadSize = sizeof (PkDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - will_return (MockSetVariable, EFI_INVALID_PARAMETER); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION); - - return UNIT_TEST_PASSED; -} - -/** - Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. - - @param[in] Context [Optional] An optional parameter that enables: - 1) test-case reuse with varied parameters and - 2) test-case re-entry for Target tests that need a - reboot. This parameter is a VOID* and it is the - responsibility of the test author to ensure that the - contents are well understood by all test cases that may - consume it. - - @retval UNIT_TEST_PASSED The Unit test has completed and the test - case was successful. - @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. -**/ -UNIT_TEST_STATUS -EFIAPI -SetSecureBootVariablesDBTOptional ( - IN UNIT_TEST_CONTEXT Context - ) -{ - EFI_STATUS Status; - UINT8 DbDummy = 0xDE; - UINT8 DbxDummy = 0xBE; - UINT8 KekDummy = 0xEF; - UINT8 PkDummy = 0xFE; - UINT8 *Payload = NULL; - UINTN PayloadSize = sizeof (DbDummy); - SECURE_BOOT_PAYLOAD_INFO PayloadInfo; - - PayloadInfo.DbPtr = &DbDummy; - PayloadInfo.DbSize = sizeof (DbDummy); - PayloadInfo.DbxPtr = &DbxDummy; - PayloadInfo.DbxSize = sizeof (DbxDummy); - PayloadInfo.DbtPtr = NULL; - PayloadInfo.DbtSize = 0; - PayloadInfo.KekPtr = &KekDummy; - PayloadInfo.KekSize = sizeof (KekDummy); - PayloadInfo.PkPtr = &PkDummy; - PayloadInfo.PkSize = sizeof (PkDummy); - PayloadInfo.SecureBootKeyName = L"Food"; - - expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); - expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockGetVariable, *DataSize, 0); - - will_return (MockGetVariable, FALSE); - - Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &DbDummy, sizeof (DbDummy)); - PayloadSize = sizeof (DbDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); - expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &KekDummy, sizeof (KekDummy)); - PayloadSize = sizeof (KekDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - CopyMem (Payload, &PkDummy, sizeof (PkDummy)); - PayloadSize = sizeof (PkDummy); - Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); - UT_ASSERT_NOT_EFI_ERROR (Status); - UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); - expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); - expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); - expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); - - will_return (MockSetVariable, EFI_SUCCESS); - - Status = SetSecureBootVariablesToDefault (&PayloadInfo); - UT_ASSERT_NOT_EFI_ERROR (Status); - - return UNIT_TEST_PASSED; -} - -/** - Initialze the unit test framework, suite, and unit tests for the - SecureBootVariableLib and run the SecureBootVariableLib unit test. - - @retval EFI_SUCCESS All test cases were dispatched. - @retval EFI_OUT_OF_RESOURCES There are not enough resources available to - initialize the unit tests. -**/ -STATIC -EFI_STATUS -EFIAPI -UnitTestingEntry ( - VOID - ) -{ - EFI_STATUS Status; - UNIT_TEST_FRAMEWORK_HANDLE Framework; - UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests; - UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests; - UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests; - - Framework = NULL; - - DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION)); - - // - // Start setting up the test framework for running the tests. - // - Status = InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status)); - goto EXIT; - } - - // - // Populate the SecureBootVariableLib Unit Test Suite. - // - Status = CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "SecureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneous", NULL, NULL); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); - Status = EFI_OUT_OF_RESOURCES; - goto EXIT; - } - - Status = CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "SecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NULL, NULL); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); - Status = EFI_OUT_OF_RESOURCES; - goto EXIT; - } - - Status = CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "SecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment", NULL, NULL); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); - Status = EFI_OUT_OF_RESOURCES; - goto EXIT; - } - - // - // --------------Suite-----------Description--------------Name----------Function--------Pre---Post-------------------Context----------- - // - AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to get variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propagate to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreateDataFromInputSimple, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputNull, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputMultiple, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should populate descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayloadShouldPopulateDescriptor, NULL, NULL, NULL); - AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShouldCheckInput, NULL, NULL, NULL); - - AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with auth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVariablesShouldDelete, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should fail if protection disable fails", "DeleteSecureBootVariables Fail", DeleteSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL); - AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should continue if any variable is not found", "DeleteSecureBootVariables Proceed", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL); - - AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply with authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldComplete, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVariablesShouldComplete, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when already enabled", "SetSecureBootVariablesToDefault Already Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", SetSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", SetSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL); - AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should only be optional", "SetSecureBootVariablesToDefault DBT Optional", SetSecureBootVariablesDBTOptional, NULL, NULL, NULL); - - // - // Execute the tests. - // - Status = RunAllTestSuites (Framework); - -EXIT: - if (Framework) { - FreeUnitTestFramework (Framework); - } - - return Status; -} - -/** - Standard POSIX C entry point for host based unit test execution. -**/ -int -main ( - int argc, - char *argv[] - ) -{ - return UnitTestingEntry (); -} +/** @file + Unit tests of the implementation of SecureBootVariableLib. + + Copyright (C) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests" +#define UNIT_TEST_APP_VERSION "1.0" +#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + +extern EFI_TIME mMaxTimestamp; +extern EFI_TIME mDefaultPayloadTimestamp; + +/** + Sets the value of a variable. + + @param[in] VariableName A Null-terminated string that is the name of the vendor's variable. + Each VariableName is unique for each VendorGuid. VariableName must + contain 1 or more characters. If VariableName is an empty string, + then EFI_INVALID_PARAMETER is returned. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero + causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is + set, then a SetVariable() call with a DataSize of zero will not cause any change to + the variable value (the timestamp associated with the variable may be updated however + even if no new data value is provided,see the description of the + EFI_VARIABLE_AUTHENTICATION_2 descriptor below. In this case the DataSize will not + be zero since the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be populated). + @param[in] Data The contents for the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS being set, + but the AuthInfo does NOT pass the validation check carried out by the firmware. + + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +STATIC +EFI_STATUS +EFIAPI +MockSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + DEBUG (( + DEBUG_INFO, + "%a %s %g %x %x %p\n", + __func__, + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + )); + check_expected_ptr (VariableName); + check_expected_ptr (VendorGuid); + check_expected_ptr (Attributes); + check_expected (DataSize); + check_expected (Data); + + return (EFI_STATUS)mock (); +} + +/** + Returns the value of a variable. + + @param[in] VariableName A Null-terminated string that is the name of the vendor's + variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] Attributes If not NULL, a pointer to the memory location to return the + attributes bitmask for the variable. + @param[in, out] DataSize On input, the size in bytes of the return Data buffer. + On output the size of data returned in Data. + @param[out] Data The buffer to return the contents of the variable. May be NULL + with a zero DataSize in order to determine the size buffer needed. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER DataSize is NULL. + @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure. + +**/ +STATIC +EFI_STATUS +EFIAPI +MockGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + UINTN TargetSize; + BOOLEAN Exist; + + DEBUG (( + DEBUG_INFO, + "%a %s %g %p %x %p\n", + __func__, + VariableName, + VendorGuid, + Attributes, + *DataSize, + Data + )); + assert_non_null (DataSize); + check_expected_ptr (VariableName); + check_expected_ptr (VendorGuid); + check_expected (*DataSize); + + Exist = (BOOLEAN)mock (); + + if (!Exist) { + return EFI_NOT_FOUND; + } + + TargetSize = (UINTN)mock (); + if (TargetSize > *DataSize) { + *DataSize = TargetSize; + return EFI_BUFFER_TOO_SMALL; + } else { + assert_non_null (Data); + CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize); + } + + return EFI_SUCCESS; +} + +/// +/// Mock version of the UEFI Runtime Services Table +/// +EFI_RUNTIME_SERVICES MockRuntime = { + { + EFI_RUNTIME_SERVICES_SIGNATURE, // Signature + EFI_RUNTIME_SERVICES_REVISION, // Revision + sizeof (EFI_RUNTIME_SERVICES), // HeaderSize + 0, // CRC32 + 0 // Reserved + }, + NULL, // GetTime + NULL, // SetTime + NULL, // GetWakeupTime + NULL, // SetWakeupTime + NULL, // SetVirtualAddressMap + NULL, // ConvertPointer + MockGetVariable, // GetVariable + NULL, // GetNextVariableName + MockSetVariable, // SetVariable + NULL, // GetNextHighMonotonicCount + NULL, // ResetSystem + NULL, // UpdateCapsule + NULL, // QueryCapsuleCapabilities + NULL // QueryVariableInfo +}; + +/** + Unit test for SetSecureBootMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootModeShouldSetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 SecureBootMode; + EFI_STATUS Status; + + SecureBootMode = 0xAB; // Any random magic number... + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode)); + expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootMode (SecureBootMode); + + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for GetSetupMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +GetSetupModeShouldGetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 TargetMode; + UINT8 SetupMode; + + TargetMode = 0xAB; // Any random magic number... + expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeof (EFI_SETUP_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (SetupMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (SetupMode)); + will_return (MockGetVariable, &TargetMode); + + Status = GetSetupMode (&SetupMode); + + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (SetupMode, TargetMode); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for GetSetupMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +IsSecureBootEnableShouldGetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Enabled; + UINT8 TargetMode; + + TargetMode = SECURE_BOOT_MODE_ENABLE; + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + will_return (MockGetVariable, &TargetMode); + + Enabled = IsSecureBootEnabled (); + + UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputSimple ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + EFI_SIGNATURE_DATA *SigData = NULL; + UINTN SigListSize = 0; + EFI_STATUS Status; + UINT8 TestData[] = { 0 }; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo; + + KeyInfo.Data = TestData; + KeyInfo.DataSize = sizeof (TestData); + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); + + UT_ASSERT_NOT_EFI_ERROR (Status); + + UT_ASSERT_NOT_NULL (SigList); + UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); + UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); + UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); + UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); + UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize); + + SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); + UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); + UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputNull ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + UINTN SigListSize = 0; + EFI_STATUS Status; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo = { + .Data = NULL, + .DataSize = 0 + }; + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NULL); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputMultiple ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + EFI_SIGNATURE_DATA *SigData = NULL; + UINTN SigListSize = 0; + UINTN TotalSize = 0; + UINTN Index = 0; + UINT8 TestData1[] = { 0 }; + UINT8 TestData2[] = { 1, 2 }; + EFI_STATUS Status; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2]; + + KeyInfo[0].Data = TestData1; + KeyInfo[0].DataSize = sizeof (TestData1); + KeyInfo[1].Data = TestData2; + KeyInfo[1].DataSize = sizeof (TestData2); + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, KeyInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + UT_ASSERT_NOT_NULL (SigList); + + for (Index = 0; Index < 2; Index++) { + UT_ASSERT_TRUE (SigListSize > TotalSize); + + UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); + UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); + UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); + UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); + + SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); + UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); + UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyInfo[Index].DataSize); + TotalSize = TotalSize + SigList->SignatureListSize; + SigList = (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->SignatureListSize); + } + + UT_ASSERT_EQUAL (SigListSize, TotalSize); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +CreateTimeBasedPayloadShouldPopulateDescriptor ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 Data[] = { 2 }; + UINTN DataSize = sizeof (Data); + UINT8 *CheckData; + EFI_VARIABLE_AUTHENTICATION_2 *VarAuth; + EFI_STATUS Status; + EFI_TIME Time = { + .Year = 2012, + .Month = 3, + .Day = 4, + .Hour = 5, + .Minute = 6, + .Second = 7, + .Pad1 = 0, + .Nanosecond = 8910, + .TimeZone = 1112, + .Pad2 = 0 + }; + + CheckData = AllocateCopyPool (DataSize, Data); + Status = CreateTimeBasedPayload (&DataSize, &CheckData, &Time); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // This is result that we did not pack this structure... + // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1, + // because the structure is not at the end of this structure, but partially + // inside it... + UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data)); + UT_ASSERT_NOT_NULL (CheckData); + + VarAuth = (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData; + UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME)); + + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200); + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_EFI_GUID); + UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7Guid)); + + UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data)); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +CreateTimeBasedPayloadShouldCheckInput ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINTN DataSize = 0; + UINT8 *Data = NULL; + EFI_TIME Time; + EFI_STATUS Status; + + Status = CreateTimeBasedPayload (NULL, &Data, &Time); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = CreateTimeBasedPayload (&DataSize, NULL, &Time); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = CreateTimeBasedPayload (&DataSize, &Data, NULL); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDb () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDb (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDbx () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbxShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDbx (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDbt () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbtShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDbt (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteKEK () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteKEKShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteKEK (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeletePlatformKey () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeletePKShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeletePlatformKey (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + will_return (DisablePKProtection, EFI_SUCCESS); + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldCheckProtection ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + + will_return (DisablePKProtection, EFI_SECURITY_VIOLATION); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldProceedWithNotFound ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + will_return (DisablePKProtection, EFI_SUCCESS); + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +EnrollFromInputShouldComplete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (Dummy); + + Payload = AllocateCopyPool (sizeof (Dummy), &Dummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, sizeof (Dummy), &Dummy); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldComplete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.DbtPtr = &DbtDummy; + PayloadInfo.DbtSize = sizeof (DbtDummy); + PayloadInfo.KekPtr = &KekDummy; + PayloadInfo.KekSize = sizeof (KekDummy); + PayloadInfo.PkPtr = &PkDummy; + PayloadInfo.PkSize = sizeof (PkDummy); + PayloadInfo.SecureBootKeyName = L"Food"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopWhenSecure ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 TargetMode = SECURE_BOOT_MODE_ENABLE; + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + will_return (MockGetVariable, &TargetMode); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDBX ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbxDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.SecureBootKeyName = L"Fail DBX"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_WRITE_PROTECTED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDB ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.SecureBootKeyName = L"Fail DB"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_WRITE_PROTECTED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDBT ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.DbtPtr = &DbtDummy; + PayloadInfo.DbtSize = sizeof (DbtDummy); + PayloadInfo.SecureBootKeyName = L"Fail DBT"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_ACCESS_DENIED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailKEK ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.DbtPtr = &DbtDummy; + PayloadInfo.DbtSize = sizeof (DbtDummy); + PayloadInfo.KekPtr = &KekDummy; + PayloadInfo.KekSize = sizeof (KekDummy); + PayloadInfo.PkPtr = &PkDummy; + PayloadInfo.PkSize = sizeof (PkDummy); + PayloadInfo.SecureBootKeyName = L"Food"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_DEVICE_ERROR); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailPK ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.DbtPtr = &DbtDummy; + PayloadInfo.DbtSize = sizeof (DbtDummy); + PayloadInfo.KekPtr = &KekDummy; + PayloadInfo.KekSize = sizeof (KekDummy); + PayloadInfo.PkPtr = &PkDummy; + PayloadInfo.PkSize = sizeof (PkDummy); + PayloadInfo.SecureBootKeyName = L"Food"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_INVALID_PARAMETER); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesDBTOptional ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + PayloadInfo.DbPtr = &DbDummy; + PayloadInfo.DbSize = sizeof (DbDummy); + PayloadInfo.DbxPtr = &DbxDummy; + PayloadInfo.DbxSize = sizeof (DbxDummy); + PayloadInfo.DbtPtr = NULL; + PayloadInfo.DbtSize = 0; + PayloadInfo.KekPtr = &KekDummy; + PayloadInfo.KekSize = sizeof (KekDummy); + PayloadInfo.PkPtr = &PkDummy; + PayloadInfo.PkSize = sizeof (PkDummy); + PayloadInfo.SecureBootKeyName = L"Food"; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Initialize the unit test framework, suite, and unit tests for the + SecureBootVariableLib and run the SecureBootVariableLib unit test. + + @retval EFI_SUCCESS All test cases were dispatched. + @retval EFI_OUT_OF_RESOURCES There are not enough resources available to + initialize the unit tests. +**/ +STATIC +EFI_STATUS +EFIAPI +UnitTestingEntry ( + VOID + ) +{ + EFI_STATUS Status; + UNIT_TEST_FRAMEWORK_HANDLE Framework; + UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests; + UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests; + UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests; + + Framework = NULL; + + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION)); + + // + // Start setting up the test framework for running the tests. + // + Status = InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status)); + goto EXIT; + } + + // + // Populate the SecureBootVariableLib Unit Test Suite. + // + Status = CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "SecureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneous", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + Status = CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "SecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + Status = CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "SecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + // + // --------------Suite-----------Description--------------Name----------Function--------Pre---Post-------------------Context----------- + // + AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to get variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propagate to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreateDataFromInputSimple, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputNull, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputMultiple, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should populate descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayloadShouldPopulateDescriptor, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShouldCheckInput, NULL, NULL, NULL); + + AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with auth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVariablesShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should fail if protection disable fails", "DeleteSecureBootVariables Fail", DeleteSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should continue if any variable is not found", "DeleteSecureBootVariables Proceed", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL); + + AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply with authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldComplete, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVariablesShouldComplete, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when already enabled", "SetSecureBootVariablesToDefault Already Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", SetSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", SetSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should only be optional", "SetSecureBootVariablesToDefault DBT Optional", SetSecureBootVariablesDBTOptional, NULL, NULL, NULL); + + // + // Execute the tests. + // + Status = RunAllTestSuites (Framework); + +EXIT: + if (Framework) { + FreeUnitTestFramework (Framework); + } + + return Status; +} + +/** + Standard POSIX C entry point for host based unit test execution. +**/ +int +main ( + int argc, + char *argv[] + ) +{ + return UnitTestingEntry (); +} diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf index 71388f43f6..14798db405 100644 --- a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf +++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf @@ -1,5 +1,5 @@ ## @file -# Provides interface for firmwware TPM measurement +# Provides interface for firmware TPM measurement # # Copyright (c) 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index be6a636a60..241ced5696 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -247,7 +247,7 @@ IsHashAlgSupportedInHashAlgorithmMask ( } /** - MSCHANGE + MS_CHANGE Check if DigestList has an entry for HashAlg. @param DigestList Digest list. @@ -276,7 +276,7 @@ CheckDigestListForHashAlg ( } /** - MSCHANGE + MS_CHANGE Check if all hash algorithms supported in HashAlgorithmMask are present in the DigestList. @@ -380,7 +380,7 @@ CopyDigestListToBuffer ( @param[in,out] DigestList TPML_DIGEST_VALUES. @return EFI_STATUS - @retval EFI_SUCCESS Buffer was succesfully copied to Digest List. + @retval EFI_SUCCESS Buffer was successfully copied to Digest List. @retval EFI_BAD_BUFFER_SIZE Bad buffer size passed to function. @retval EFI_INVALID_PARAMETER Invalid parameter passed to function: NULL pointer or BufferSize bigger than TPML_DIGEST_VALUES diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c index 7144955be1..6826559682 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c @@ -278,7 +278,7 @@ Tpm2Clear ( } // - // Unmarshal the response + // un-Marshal the response // // None @@ -372,7 +372,7 @@ Tpm2ClearControl ( } // - // Unmarshal the response + // un-Marshal the response // // None diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c index 94e93b2642..b4c64896c9 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -195,7 +195,7 @@ Tpm2PcrExtend ( DEBUG_CODE_END (); // - // Unmarshal the response + // Un-marshal the response // // None @@ -290,7 +290,7 @@ Tpm2PcrEvent ( } // - // Unmarshal the response + // Un-marshal the response // Buffer = (UINT8 *)&Res.Digests; diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c index 00ae39feb7..f36fc5be05 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c @@ -156,7 +156,7 @@ Tpm2HashSequenceStart ( } // - // Unmarshal the response + // Un-marshal the response // // sequenceHandle @@ -253,7 +253,7 @@ Tpm2SequenceUpdate ( } // - // Unmarshal the response + // Un-marshal the response // // None @@ -362,7 +362,7 @@ Tpm2EventSequenceComplete ( } // - // Unmarshal the response + // Un-marshal the response // BufferPtr = (UINT8 *)&Res.Results; @@ -489,7 +489,7 @@ Tpm2SequenceComplete ( } // - // Unmarshal the response + // Un-marshal the response // BufferPtr = (UINT8 *)&Res.Digest; diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml index d9081a807a..fb07e212ae 100644 --- a/SecurityPkg/SecurityPkg.ci.yaml +++ b/SecurityPkg/SecurityPkg.ci.yaml @@ -103,7 +103,34 @@ "tpmcommlib", "tpmnvvaluelength", "wrlocked", - "xored" + "xored", + "certsn", + "certdb", + "certdbv", + "unownered", + "defaultdb", + "defaultdbx", + "smuid", + "researvedf", # Typo that cannot be easily fixed + "researved", + "revertsp", + "rdlocked", + "ssclite", + "mechanish", + "rquuse", + "rsassa", + "ecdaa", + "cphash", + "nuvia", + "certn", + "rsapss", + "rsaes", + "communciate", #typo that cannot be easily fixed + "rngdxe", + "opalite" + + + ], "IgnoreStandardPaths": [], # Standard Plugin defined paths that should be ignore "AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 49cac6e837..2d773e3244 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -307,7 +307,7 @@ SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf -## MSCHANGE BEGIN +## MS_CHANGE BEGIN SecurityPkg/Library/BaseHash2CryptoLibNull/BaseHash2CryptoLibNull.inf SecurityPkg/Library/DxeHash2CryptoLib/DxeHash2CryptoLib.inf SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.inf @@ -321,7 +321,7 @@ SecurityPkg/Library/TempPreUefiEventLogLib/TempPreUefiEventLogLib.inf SecurityPkg/Library/Tpm2DebugLib/Tpm2DebugLibNull.inf SecurityPkg/Library/Tcg2PhysicalPresencePromptLib/Tcg2PhysicalPresencePromptLibConsole.inf -## MSCHANGE END +## MS_CHANGE END [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c index 4d91753896..c7a1349e0a 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c @@ -195,7 +195,7 @@ ExchangeCommonBuffer ( // Step 1: Grab the common buffer header Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID **)&PiSmmCommunicationRegionTable); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communciation common buffer - %r!\n", __func__, Status)); + DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communication common buffer - %r!\n", __func__, Status)); return Status; } @@ -318,11 +318,11 @@ UpdatePossibleResource ( UINT8 *DataPtr; UINT8 *DataEndPtr; UINT32 NewPkgLength; - UINT32 OrignalPkgLength; + UINT32 OriginalPkgLength; - NewPkgLength = 0; - OrignalPkgLength = 0; - DataEndPtr = NULL; + NewPkgLength = 0; + OriginalPkgLength = 0; + DataEndPtr = NULL; // // Follow ACPI spec @@ -373,8 +373,8 @@ UpdatePossibleResource ( DataPtr += TPM_PRS_RES_NAME_SIZE + 1; if ((*DataPtr & (BIT7|BIT6)) == 0) { - OrignalPkgLength = (UINT32)*DataPtr; - DataEndPtr = DataPtr + OrignalPkgLength; + OriginalPkgLength = (UINT32)*DataPtr; + DataEndPtr = DataPtr + OriginalPkgLength; // // Jump over PkgLength = PkgLeadByte only @@ -407,7 +407,7 @@ UpdatePossibleResource ( break; } - if (NewPkgLength > OrignalPkgLength) { + if (NewPkgLength > OriginalPkgLength) { ASSERT (FALSE); return EFI_INVALID_PARAMETER; } @@ -436,8 +436,8 @@ UpdatePossibleResource ( // 2. Use TPM_PRS_RESL with PkgLength > 63 to hold longer input interrupt number buffer for patching // if (NewPkgLength > 63) { - NewPkgLength = 0; - OrignalPkgLength = 0; + NewPkgLength = 0; + OriginalPkgLength = 0; for (DataPtr = (UINT8 *)(Table + 1); DataPtr < (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); DataPtr += 1) @@ -449,8 +449,8 @@ UpdatePossibleResource ( DataPtr += TPM_PRS_RES_NAME_SIZE + 1; if ((*DataPtr & (BIT7|BIT6)) != 0) { - OrignalPkgLength = (UINT32)(*(DataPtr + 1) << 4) + (*DataPtr & 0x0F); - DataEndPtr = DataPtr + OrignalPkgLength; + OriginalPkgLength = (UINT32)(*(DataPtr + 1) << 4) + (*DataPtr & 0x0F); + DataEndPtr = DataPtr + OriginalPkgLength; // // Jump over PkgLength = PkgLeadByte + ByteData length // @@ -479,7 +479,7 @@ UpdatePossibleResource ( // NewPkgLength += 19 + IrqBuffserSize; - if (NewPkgLength > OrignalPkgLength) { + if (NewPkgLength > OriginalPkgLength) { ASSERT (FALSE); return EFI_INVALID_PARAMETER; } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 1d476badc2..941e28753f 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -2519,7 +2519,7 @@ OnReadyToBoot ( } if (PcdGetBool (TcgMeasureBootStringsInPcr4)) { - // mschange for some platform uefi compat + // MsChange for some platform uefi compat // // 1. This is the first boot attempt. // @@ -2558,7 +2558,7 @@ OnReadyToBoot ( // } else { if (PcdGetBool (TcgMeasureBootStringsInPcr4)) { - // mschange for hyperv uefi compat + // MsChange for hyperv uefi compat // // 6. Not first attempt, meaning a return from last attempt // diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index eb72e18e3a..48b67a6d10 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -21,7 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -#include // Mschange +#include // MsChange #include #include @@ -272,7 +272,7 @@ EndofPeiSignalNotifyCallBack ( } // MS_CHANGE - START - // Create a guid hob to save all excluded FVs for DXE - mschange start + // Create a guid hob to save all excluded FVs for DXE - MsChange start // // @@ -338,7 +338,7 @@ EndofPeiSignalNotifyCallBack ( sizeof (EXCLUDED_HOB_DATA) + (sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV) * Count) )); } - } // Done with Excluded Fv Hob - mschange end + } // Done with Excluded Fv Hob - MsChange end // MS_CHANGE - END PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid); diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 9bfcd0b750..daf61cb73f 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -65,7 +65,7 @@ Tcg2PreUefiEventLogLib ## MSChange [END] ## MS_CHANGE [BEGIN] - Add the SourceDebugEnabledLib - SourceDebugEnabledLib # MSCHANGE - runtime check if source debug is enabled + SourceDebugEnabledLib # MS_CHANGE - runtime check if source debug is enabled ## MS_CHANGE [END] [Guids] diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 2c11129526..294d2cc4f4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -350,7 +350,7 @@ CheckX509Certificate ( // Status = ReadFileContent (X509FileContext->FHandle, (VOID **)&X509Data, &X509DataSize, 0); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Error occured while reading the file.\n")); + DEBUG ((DEBUG_ERROR, "Error occurred while reading the file.\n")); goto ON_EXIT; } @@ -358,7 +358,7 @@ CheckX509Certificate ( // Parse the public key context. // if (RsaGetPublicKeyFromX509 (X509Data, X509DataSize, &X509PubKey) == FALSE) { - DEBUG ((DEBUG_ERROR, "Error occured while parsing the pubkey from certificate.\n")); + DEBUG ((DEBUG_ERROR, "Error occurred while parsing the pubkey from certificate.\n")); Status = EFI_INVALID_PARAMETER; *Error = Unsupported_Type; goto ON_EXIT; @@ -3991,7 +3991,7 @@ GetCommonNameFromX509 ( /** Format the help info for the signature data, each help info contain 3 parts. - 1. Onwer Guid. + 1. Owner Guid. 2. Content, depends on the type of the signature list. 3. Revocation time.