From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by mx.groups.io with SMTP id smtpd.web11.8421.1591167609131843236 for ; Wed, 03 Jun 2020 00:00:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=n8cc6kcx; spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.215.193, mailfrom: bret@corthon.com) Received: by mail-pg1-f193.google.com with SMTP id w20so1110172pga.6 for ; Wed, 03 Jun 2020 00:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corthon-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gBt+u36OXHW0xEabksGthqA3qw4u/SSvijaubKBL39c=; b=n8cc6kcxnyVUaC5Maz7Trmll6ZuoAdn7LQotGFE67azGbyAGXS9UmGe/11L8LfRZdq wHRkUH7zDgFcSlZvV0U6NIXJ67vP9c6D/DkLBzj9RnVgkL8vwpc1VbvO7128jA1CJ92t 5QPpCvYKRQiZYojMxszWXouIRKSaEiE5NFgu78hy6cpBG6BNEEHx0vn4st+CoCf8l0M9 CrFfToxyPMMyNm34jfEHBmiPrx1O9v96IdyWV3dvyoTrmZMBzhiIVayfwcya/3OG2pYy hTtAePZH5xlh6paVVLYmDP+VWXcTa9vEOuT6wdMeKKo6GBe+VBvYy8VpKyCHqrzberwl aytA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gBt+u36OXHW0xEabksGthqA3qw4u/SSvijaubKBL39c=; b=g4Unxc5xtUrPG5t6j4Z1sVSZG0gHDh+Ro7fYyD9crx1Z+0RW9j/s6X3nMXkNpttV2W H9LE4RQVsPbTrvkKd9QL1zyjJjXNdN80PcHUsvwzZUmgfAtPPrzZYphgMWJzS0HxzQz6 p95+/LD3brxH0ksl8zR5jNU3nV7rnAoAgX9hudLrrUG+BgqQmhBG18tFTjbgyjfRO3xY 1FNdql6iZGKGO3mUve4rCJys25jkEk4lEoKwAeFokwnxy5wFh12HP4l8Nxtdj8aT2Qd9 pA1CiEuGuLzqbYjitxSyMMaAtXgoMm4K6xDZfegfP1q0XkPfGRjbmAo/nlvhdki4ods1 z4pQ== X-Gm-Message-State: AOAM531xK+4gyg2JY99mQoWi0M6F8ZqyV88ETcklB8fuqKmhAn9QELQS WOLBfQJ5zsTfvjoyzbBNHch3cReYDao= X-Google-Smtp-Source: ABdhPJzXUe5F4GhHRvfj1BzDRXlWE1FkujuM7gr2hjIg3EbD17kC3vquDmIjC/DTus2zcsX6gJ1aow== X-Received: by 2002:a17:90b:8d8:: with SMTP id ds24mr4109910pjb.55.1591167607690; Wed, 03 Jun 2020 00:00:07 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([71.212.144.72]) by smtp.gmail.com with ESMTPSA id y6sm1262003pjn.37.2020.06.03.00.00.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jun 2020 00:00:07 -0700 (PDT) From: Bret Barkelew X-Google-Original-From: Bret Barkelew To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao Subject: [PATCH v5 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy Date: Tue, 2 Jun 2020 23:58:10 -0700 Message-Id: <20200603065810.806-15-brbarkel@microsoft.com> X-Mailer: git-send-email 2.26.2.windows.1.8.g01c50adf56.20200515075929 In-Reply-To: <20200603065810.806-1-brbarkel@microsoft.com> References: <20200603065810.806-1-brbarkel@microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 To verify that VariablePolicy is correctly integrated on platforms, add a Shell-based functional test to confirm expected behavior. NOTE: This test assumes that VariablePolicy is built with PcdAllowVariablePolicyEnforcementDisable set to TRUE. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew --- MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe= stApp.c | 1978 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.ci.yaml = | 4 +- MdeModulePkg/MdeModulePkg.dsc = | 6 + MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md = | 55 + MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe= stApp.inf | 42 + 5 files changed, 2084 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable= PolicyFuncTestApp.c b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp= /VariablePolicyFuncTestApp.c new file mode 100644 index 000000000000..e41b6e7a43d5 --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF= uncTestApp.c @@ -0,0 +1,1978 @@ +/** @file=0D +UEFI Shell based application for unit testing the Variable Policy Protocol= .=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +// TODO: Need to add to the UnitTestFrameworkPkg=0D +// #include =0D +=0D +#define UNIT_TEST_APP_NAME "Variable Policy Unit Test Application"= =0D +#define UNIT_TEST_APP_VERSION "0.1"=0D +=0D +// TODO: Need to add to the UnitTestFrameworkPkg=0D +UNIT_TEST_FRAMEWORK_HANDLE=0D +GetActiveFrameworkHandle (=0D + VOID=0D + );=0D +=0D +EDKII_VARIABLE_POLICY_PROTOCOL *mVarPol =3D NULL;=0D +=0D +=0D +EFI_GUID mTestNamespaceGuid1 =3D { 0x3b389299, 0xabaf, 0x433b, { 0xa4, 0xa= 9, 0x23, 0xc8, 0x44, 0x02, 0xfc, 0xad } };=0D +EFI_GUID mTestNamespaceGuid2 =3D { 0x4c49a3aa, 0xbcb0, 0x544c, { 0xb5, 0xb= a, 0x34, 0xd9, 0x55, 0x13, 0x0d, 0xbe } };=0D +EFI_GUID mTestNamespaceGuid3 =3D { 0x5d5ab4bb, 0xcdc1, 0x655d, { 0xc6, 0xc= b, 0x45, 0xea, 0x66, 0x24, 0x1e, 0xcf } };=0D +=0D +/**=0D + Prerequisite for most test cases.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +LocateVarPolicyPreReq (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + if (mVarPol =3D=3D NULL) {=0D + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid,=0D + NULL,=0D + (VOID **) &mVarPol);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_NOT_NULL (mVarPol);=0D + }=0D +=0D + return UNIT_TEST_PASSED;=0D +=0D +} // LocateVarPolicyPreReq=0D +=0D +/**=0D + Getting Started tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +CheckVpEnabled (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D +=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D +=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, TRUE);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // CheckVpEnabled=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +CheckVpRevision (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + UT_ASSERT_NOT_EQUAL (mVarPol->Revision, 0);=0D + UT_LOG_INFO ("VP Revision: 0x%x\n", mVarPol->Revision);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // CheckVpRevision=0D +=0D +/**=0D + NoLock Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMinSizeNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MinSizeNoLockVar",=0D + 4,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than minsize=0D + //=0D + Value1 =3D 0x12;=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var of size that matches minsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than minsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Delete the variable=0D + //=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMinSizeNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMaxSizeNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MaxSizeNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than maxsize=0D + //=0D + Value1 =3D 0x34;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size that matches maxsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than maxsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMaxSizeNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMustHaveAttrNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MustHaveAttrNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_= VARIABLE_BOOTSERVICE_ACCESS),=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that doesn't have the must-have attributes=0D + //=0D + Value =3D 0x56;=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that has exactly the required attributes=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has the required attributes and one extra att= ribute=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + return UNIT_TEST_PASSED;=0D +} // TestMustHaveAttrNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestCantHaveAttrNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"CantHaveAttrNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_NON_VOLATILE,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has a can't have attr=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that satisfies the can't have requirement=0D + //=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestCantHaveAttrNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMaxSizeNamespaceNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + //=0D + // Register a namespace-wide policy limiting max size to 4 bytes=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid2,=0D + NULL,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than maxsize=0D + //=0D + Value1 =3D 0x34;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size that matches maxsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than maxsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMaxSizeNamespaceNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMustHaveAttrWildcardNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MustHaveAttrWildcardNoLockVar###= #",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_= VARIABLE_BOOTSERVICE_ACCESS),=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that doesn't have the must-have attributes=0D + //=0D + Value =3D 0x56;=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1573",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that has exactly the required attributes=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has the required attributes and one extra att= ribute=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMustHaveAttrWildcardNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestPolicyprioritizationNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value8;=0D + UINT16 Value16;=0D + UINT32 Value32;=0D + UINT64 Value64;=0D +=0D + //=0D + // Register a policy targeting the specific var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + L"PolicyPriorityTestVar123",=0D + 8, // min size of UINT64=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a policy with wildcards in the name=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + L"PolicyPriorityTestVar###",=0D + 4, // min size of UINT32=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a policy with wildcards in the name=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + NULL,=0D + 2, // min size of UINT16=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // The idea is that the most specific policy is applied:=0D + // For varname "TestVar", the namespace-wide one should apply: UINT16 = minimum=0D + // For varname "PolicyPriorityTestVar567" the wildcard policy should a= pply: UINT32 minimum=0D + // For varname "PolicyPriorityTestVar123" the var-specific policy shou= ld apply: UINT64 minimum=0D + //=0D +=0D + //=0D + // Let's confirm the namespace-wide policy enforcement=0D + //=0D + Value8 =3D 0x78;=0D + Status =3D gRT->SetVariable (L"TestVar",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value8),=0D + &Value8);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value16 =3D 0x6543;=0D + Status =3D gRT->SetVariable (L"TestVar",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value16),=0D + &Value16);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's confirm the wildcard policy enforcement=0D + //=0D + Value16 =3D 0xabba;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value16),=0D + &Value16);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value32 =3D 0xfedcba98;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value32),=0D + &Value32);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's confirm the var-specific policy enforcement=0D + //=0D + Value32 =3D 0x8d3f627c;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value32),=0D + &Value32);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value64 =3D 0xbebecdcdafaf6767;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value64),=0D + &Value64);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestPolicyprioritizationNoLock=0D +=0D +/**=0D + LockNow Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestExistingVarLockNow (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Write a var that we'll protect next=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockNowVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to modify the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Attempt to delete the locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestExistingVarLockNow=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestNonexistentVarLockNow (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D + UINTN Size;=0D +=0D + //=0D + // Make sure the variable we're about to create the policy for doesn't e= xist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockNowVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to create the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestNonexistentVarLockNow=0D +=0D +/**=0D + LockOnCreate Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestExistingVarLockOnCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Write a var that we'll protect later=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockOnCreateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to modify the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Attempt to delete the locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestExistingVarLockOnCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestNonexistentVarLockOnCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINTN Size;=0D +=0D + //=0D + // Make sure the variable we're about to create the policy for doesn't e= xist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Register a LockOnCreate policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockOnCreateVar",=0D + 2, // min size of 2 bytes, UINT16+= =0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_RUNTIME_ACCESS, // mu= st have RT attr=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to create the var, but smaller than min size=0D + //=0D + Value1 =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Now let's make sure attribute req is enforced=0D + //=0D + Value2 =3D 0x43218765;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Now let's create a valid variable=0D + //=0D + Value2 =3D 0x43218765;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's make sure we can't modify it=0D + //=0D + Value2 =3D 0xa5a5b6b6;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Finally, let's make sure we can't delete it=0D + //=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestNonexistentVarLockOnCreate=0D +=0D +/**=0D + LockOnVarState Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateBeforeCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINTN Size;=0D + UINT8 Value;=0D +=0D + //=0D + // First of all, let's make sure the var we're trying to protect doesn't= exist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Good, now let's create a policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockOnVarStateVar"= ,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger1",=0D + 0x7E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we write the trigger var=0D + //=0D + Value =3D 0x7E;=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Ok, now we attempt to write a var protected by the trigger=0D + //=0D + Value =3D 0xFA;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Let's modify the trigger var and "untrigger" the policy=0D + //=0D + Value =3D 0x38;=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we should be able to create the var targeted by the policy=0D + //=0D + Value =3D 0x23;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Cleanup: delete the trigger and the protected var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateBeforeCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateAfterCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Let's create a policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockOnVarStateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger2",=0D + 0x5C);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to write targeted var since the policy isn't active ye= t.=0D + //=0D + Value =3D 0x17;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's modify the var to make sure the policy isn't acting like a lock= -on-create one=0D + //=0D + Value =3D 0x30;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we trigger the policy=0D + //=0D + Value =3D 0x5C;=0D + Status =3D gRT->SetVariable (L"Trigger2",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's now verify the variable is protected=0D + //=0D + Value =3D 0xB9;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Ok, to clean up, we need to remove the trigger var, so delete it, and= then delete the target var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger2",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateAfterCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateInvalidLargeTrigger (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT16 Value;=0D +=0D + //=0D + // First let's create a variable policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidLargeTriggerLockOnVarS= tateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger3",=0D + 0x5C);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now attempt to trigger the lock but with a variable larger than one b= yte=0D + //=0D + Value =3D 0x8085;=0D + Status =3D gRT->SetVariable (L"Trigger3",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should still be able to create the targeted var=0D + //=0D + Value =3D 0x1234;=0D + Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's clean up by deleting the invalid trigger and the targeted var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger3",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateInvalidLargeTrigger=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateWrongValueTrigger (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // First let's create a variable policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"WrongValueTriggerLockOnVarSta= teVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger4",=0D + 0xCA);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now attempt to trigger the lock but with a wrong value=0D + //=0D + Value =3D 0x80;=0D + Status =3D gRT->SetVariable (L"Trigger4",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should still be able to create the targeted var=0D + //=0D + Value =3D 0x14;=0D + Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's clean up by deleting the invalid trigger and the targeted var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger4",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateWrongValueTrigger=0D +=0D +/**=0D + Invalid policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestInvalidAttributesPolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // The only must/can't have attributes supported by VPE are NV, BS, and = RT. They are 1, 2, and 4, respectively.=0D + // Let's try some bits higher than that?=0D + //=0D +=0D + //=0D + // Trying must have attribute 0x8 which is EFI_VARIABLE_HARDWARE_ERROR_R= ECORD=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar1",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_HARDWARE_ERROR_RECORD= ,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO= RD returned %r\n", Status);=0D +=0D + //=0D + // Let's try 0x10 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, a deprecate= d attribute=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar2",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_AUTHENTICATED_WRITE_A= CCESS,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS returned %r\n", Status);=0D +=0D + //=0D + // Let's try 0x20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar3",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_TIME_BASED_AUTHENTICA= TED_WRITE_ACCESS,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI= CATED_WRITE_ACCESS returned %r\n", Status);=0D +=0D + //=0D + // Let's try something wild, like 0x4000=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar4",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + 0x4000,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to 0x4000 returned %r\n", Status);= =0D +=0D + //=0D + // Now repeat the same tests, but for the can't-have param=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar1",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_HARDWARE_ERROR_RECORD= ,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO= RD returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar2",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_AUTHENTICATED_WRITE_A= CCESS,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar3",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_TIME_BASED_AUTHENTICA= TED_WRITE_ACCESS,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI= CATED_WRITE_ACCESS returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar4",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + 0x4000,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to 0x4000 returned %r\n", Status);= =0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestInvalidAttributesPolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLargeMinSizePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set the min size to 2GB and see what happens=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"LargeMinSizeInvalidPolicyVar",=0D + 0x80000000,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D +=0D + UT_LOG_INFO ("Setting min size to 0x80000000 returned %r\n", Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLargeMinSizePolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestZeroMaxSizePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set the max size to 0 and see what happens=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ZeroMinSizeInvalidPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 0,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + //UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS); // this fails on QC. Real b= ug? Do we care?=0D + UT_LOG_INFO ("Setting max size to 0 returned %r\n", Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestZeroMaxSizePolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestInvalidPolicyTypePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set policy type to an invalid value and see what happens=0D + // Valid ones are:=0D + // VARIABLE_POLICY_TYPE_NO_LOCK 0=0D + // VARIABLE_POLICY_TYPE_LOCK_NOW 1=0D + // VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2=0D + // VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidPolicyTypePolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + 4);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidPolicyTypePolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + 147);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestInvalidPolicyTypePolicy=0D +=0D +/**=0D + Test dumping policy.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestDumpPolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8* Buffer;=0D + UINT32 Size;=0D +=0D + //=0D + // First let's call DumpVariablePolicy with null buffer to get size=0D + //=0D + Size =3D 0;=0D + Status =3D mVarPol->DumpVariablePolicy (NULL, &Size);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_BUFFER_TOO_SMALL);=0D +=0D + //=0D + // Now we allocate the buffer for the dump=0D + //=0D + Buffer =3D NULL;=0D + Buffer =3D AllocatePool (Size);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D +=0D + //=0D + // Now we get the dump. In this test we will not analyze the dump.=0D + //=0D + Status =3D mVarPol->DumpVariablePolicy (Buffer, &Size);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestDumpPolicy=0D +=0D +/**=0D + Test policy version.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestPolicyVersion (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + VARIABLE_POLICY_ENTRY *NewEntry;=0D +=0D + //=0D + // Create the new entry using a helper lib=0D + //=0D + NewEntry =3D NULL;=0D + Status =3D CreateBasicVariablePolicy (&mTestNamespaceGuid1,=0D + L"PolicyVersionTestNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4, // max size of 4 bytes=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK,=0D + &NewEntry);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + NewEntry->Version =3D 0x1234;=0D + Status =3D mVarPol->RegisterVariablePolicy (NewEntry);=0D + UT_LOG_INFO ("Registering policy entry with an unknown version status: %= r\n", Status);=0D +=0D + FreePool (NewEntry);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestPolicyVersion=0D +=0D +/**=0D + Lock Policy Tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +LockPolicyEngineTests (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT16 Value;=0D + UINT64 Value64;=0D + BOOLEAN State;=0D +=0D + //=0D + // First let's register a policy that we'll test after VPE lock=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"BeforeVpeLockNoLockPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4, // max size of 4 bytes=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now, lock VPE!=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // See if we can lock it again?=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_LOG_INFO ("Locking VPE for second time returned %r\n", Status);=0D +=0D + //=0D + // Let's confirm one of the policies from prior test suites is still enf= orced=0D + // Attempt to delete a locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // We'll make sure the policy from earlier in this test case is actively= filtering out by size=0D + //=0D + Value64 =3D 0x3829fed212345678;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value64),=0D + &Value64);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Let's create the variable from the policy now=0D + //=0D + Value =3D 0x323f;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now confirm that the var is locked after creation=0D + //=0D + Value =3D 0x1212;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Let's attempt to register a new policy, it should fail=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"AfterVpeLockNowPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + //=0D + // Make sure VPE is enabled=0D + //=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, TRUE);=0D +=0D + //=0D + // Finally, make sure we can't disable VPE=0D + //=0D + Status =3D mVarPol->DisableVariablePolicy ();=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // LockPolicyEngineTests=0D +=0D +/**=0D + Save context and reboot after the lock policy test suite.=0D +**/=0D +STATIC=0D +VOID=0D +EFIAPI=0D +SaveContextAndReboot (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Now, save all the data associated with this framework.=0D + // TODO: Need to add to the UnitTestFrameworkPkg=0D + Status =3D SaveFrameworkState( GetActiveFrameworkHandle(), NULL, 0 );=0D +=0D + //=0D + // If we're all good, let's book...=0D + if (!EFI_ERROR( Status ))=0D + {=0D + //=0D + // Next, we want to update the BootNext variable to USB=0D + // so that we have a fighting chance of coming back here.=0D + //=0D + // TODO: Need to add to the UnitTestFrameworkPkg=0D + // SetBootNextDevice();=0D +=0D + //=0D + // Reset=0D + DEBUG(( DEBUG_INFO, "%a - Rebooting! Launch this test again once boote= d.\n", __FUNCTION__ ));=0D + gRT->ResetSystem( EfiResetCold, EFI_SUCCESS, 0, NULL );=0D + DEBUG(( DEBUG_ERROR, "%a - Unit test failed to quit! Framework can no = longer be used!\n", __FUNCTION__ ));=0D +=0D + //=0D + // We REALLY shouldn't be here.=0D + Status =3D EFI_ABORTED;=0D + }=0D +=0D + return;=0D +} // SaveContextAndReboot=0D +=0D +/**=0D + Disable policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +DisablePolicyEngineTests (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D + UINT8 Value;=0D +=0D + //=0D + // First, we disable the variable policy=0D + //=0D + Status =3D mVarPol->DisableVariablePolicy ();=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Confirm it's disabled=0D + //=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, FALSE);=0D +=0D + //=0D + // Try locking it?=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_LOG_INFO ("Locking VP after disabling it status: %r\n", Status);=0D +=0D + //=0D + // Try modifying the var from TestExistingVarLockNow=0D + //=0D + Value =3D 0xB5;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // DisablePolicyEngineTests=0D +=0D +/**=0D + Final Cleanup: delete some variables earlier test cases created.=0D +**/=0D +STATIC=0D +VOID=0D +EFIAPI=0D +FinalCleanup (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockNowVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockOnCreateVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockOnCreateVar status: %r\n", Status);= =0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockNowVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete CantHaveAttrNoLockVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockOnVarStateVar status: %r\n", Status)= ;=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockOnVarStateVar status: %r\n", Status);=0D +} // FinalCleanup=0D +=0D +/**=0D +=0D + Main fuction sets up the unit test environment.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +UefiMain (=0D + IN EFI_HANDLE ImageHandle,=0D + IN EFI_SYSTEM_TABLE* SystemTable)=0D +{=0D + EFI_STATUS Status;=0D + UNIT_TEST_FRAMEWORK_HANDLE Framework;=0D + UNIT_TEST_SUITE_HANDLE GettingStartedTestSuite;=0D + UNIT_TEST_SUITE_HANDLE NoLockPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockNowPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockOnCreatePoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockOnVarStatePoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE InvalidPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE DumpPolicyTestSuite;=0D + UNIT_TEST_SUITE_HANDLE PolicyVersionTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockPolicyTestSuite;=0D + UNIT_TEST_SUITE_HANDLE DisablePolicyTestSuite;=0D +=0D + Framework =3D NULL;=0D + GettingStartedTestSuite =3D NULL;=0D + NoLockPoliciesTestSuite =3D NULL;=0D + LockNowPoliciesTestSuite =3D NULL;=0D + LockOnCreatePoliciesTestSuite =3D NULL;=0D + LockOnVarStatePoliciesTestSuite =3D NULL;=0D + InvalidPoliciesTestSuite =3D NULL;=0D + DumpPolicyTestSuite =3D NULL;=0D + PolicyVersionTestSuite =3D NULL; =0D + LockPolicyTestSuite =3D NULL;=0D + DisablePolicyTestSuite =3D NULL;=0D +=0D + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO= N));=0D +=0D + //=0D + // Start setting up the test framework for running the tests.=0D + //=0D + Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa= llerBaseName, UNIT_TEST_APP_VERSION);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n= ", Status));=0D + goto EXIT;=0D + }=0D +=0D + //=0D + // Test suite 1: Getting Started. Get VP protocol, check state, log revi= sion=0D + //=0D + Status =3D CreateUnitTestSuite (&GettingStartedTestSuite, Framework, "Ge= tting Started", "Common.VP.GettingStarted", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Getting St= arted Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (GettingStartedTestSuite, "Confirm VP is enabled", "Common.V= P.GettingStarted.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq, NU= LL, NULL);=0D + AddTestCase (GettingStartedTestSuite, "Check VP revision", "Common.VP.Ge= ttingStarted.CheckVpRevision", CheckVpRevision, LocateVarPolicyPreReq, NULL= , NULL);=0D +=0D + //=0D + // Test suite 2: Test NoLock Policies=0D + //=0D + Status =3D CreateUnitTestSuite (&NoLockPoliciesTestSuite, Framework, "Ex= ercise NoLock Policies", "Common.VP.NoLockPolicies", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the NoLock Pol= icies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Min Size enforcement in NoLo= ck policy", "Common.VP.NoLockPolicies.TestMinSizeNoLock", TestMinSizeNoLock= , LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo= ck policy", "Common.VP.NoLockPolicies.TestMaxSizeNoLock", TestMaxSizeNoLock= , LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem= ent in NoLock policy", "Common.VP.NoLockPolicies.TestMustHaveAttrNoLock", T= estMustHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Can't Have Attribute enforce= ment in NoLock policy", "Common.VP.NoLockPolicies.TestCantHaveAttrNoLock", = TestCantHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo= ck policy for entire namespace", "Common.VP.NoLockPolicies.TestMaxSizeNames= paceNoLock", TestMaxSizeNamespaceNoLock, LocateVarPolicyPreReq, NULL, NULL)= ;=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem= ent in NoLock policy with wildcards", "Common.VP.NoLockPolicies.TestMustHav= eAttrWildcardNoLock", TestMustHaveAttrWildcardNoLock, LocateVarPolicyPreReq= , NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test policy prioritization betwee= n namespace-wide, wildcard, and var-specific policies", "Common.VP.NoLockPo= licies.TestPolicyprioritizationNoLock", TestPolicyprioritizationNoLock, Loc= ateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 3: Test LockNow policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockNowPoliciesTestSuite, Framework, "E= xercise LockNow Policies", "Common.VP.LockNowPolicies", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockNow Po= licies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a pre-ex= isting variable", "Common.VP.LockNowPolicies.TestExistingVarLockNow", TestE= xistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a nonexi= stent variable", "Common.VP.LockNowPolicies.TestNonexistentVarLockNow", Tes= tNonexistentVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 4: Test LockOnCreate policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockOnCreatePoliciesTestSuite, Framewor= k, "Exercise LockOnCreate Policies", "Common.VP.LockOnCreate", NULL, NULL);= =0D + if (EFI_ERROR (Status))=0D + {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnCrea= te Policies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo= r a pre-existing variable", "Common.VP.LockOnCreate.TestExistingVarLockOnCr= eate", TestExistingVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo= r a nonexistent variable", "Common.VP.LockOnCreate.TestNonexistentVarLockOn= Create", TestNonexistentVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL)= ;=0D +=0D + //=0D + // Test suite 5: Test LockOnVarState policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockOnVarStatePoliciesTestSuite, Framew= ork, "Exercise LockOnVarState Policies", "Common.VP.LockOnVarState", NULL, = NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnVarS= tate Policies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y for a nonexistent variable", "Common.VP.LockOnVarState.TestLockOnVarState= BeforeCreate", TestLockOnVarStateBeforeCreate, LocateVarPolicyPreReq, NULL,= NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y for a pre-existing variable", "Common.VP.LockOnVarState.TestLockOnVarStat= eAfterCreate", TestLockOnVarStateAfterCreate, LocateVarPolicyPreReq, NULL, = NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y triggered by invalid-size variable", "Common.VP.LockOnVarState.TestLockOn= VarStateInvalidLargeTrigger", TestLockOnVarStateInvalidLargeTrigger, Locate= VarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y triggered by invalid-value variable", "Common.VP.LockOnVarState.TestLockO= nVarStateWrongValueTrigger", TestLockOnVarStateWrongValueTrigger, LocateVar= PolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 6: Test registering invalid policies=0D + //=0D + Status =3D CreateUnitTestSuite (&InvalidPoliciesTestSuite, Framework, "A= ttempt registering invalid policies", "Common.VP.InvalidPolicies", NULL, NU= LL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Invalid Po= licies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid must-ha= ve attributes", "Common.VP.InvalidPolicies.TestInvalidAttributesPolicy", Te= stInvalidAttributesPolicy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu= tes", "Common.VP.InvalidPolicies.TestLargeMinSizePolicy", TestLargeMinSizeP= olicy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu= tes", "Common.VP.InvalidPolicies.TestZeroMaxSizePolicy", TestZeroMaxSizePol= icy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid type", = "Common.VP.InvalidPolicies.TestInvalidPolicyTypePolicy", TestInvalidPolicyT= ypePolicy, LocateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 7: Test dumping the policy=0D + //=0D + Status =3D CreateUnitTestSuite (&DumpPolicyTestSuite, Framework, "Attemp= t dumping policy", "Common.VP.DumpPolicy", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Dump Polic= y Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (DumpPolicyTestSuite, "Test dumping policy", "Common.VP.Dump= Policy.TestDumpPolicy", TestDumpPolicy, LocateVarPolicyPreReq, NULL, NULL);= =0D +=0D + //=0D + // Test suite 8: Test policy version=0D + //=0D + Status =3D CreateUnitTestSuite (&PolicyVersionTestSuite, Framework, "Use= non-zero policy version", "Common.VP.PolicyVersion", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Policy Ver= sion Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (PolicyVersionTestSuite, "Test policy version", "Common.VP.D= umpPolicy.TestPolicyVersion", TestPolicyVersion, LocateVarPolicyPreReq, NUL= L, NULL);=0D +=0D + //=0D + // Test suite 9: Lock VPE and test implications=0D + //=0D + Status =3D CreateUnitTestSuite (&LockPolicyTestSuite, Framework, "Lock p= olicy, test it", "Common.VP.LockPolicyTests", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Lock Polic= y Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock= PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP= reReq, NULL, NULL);=0D + AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock= PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP= reReq, SaveContextAndReboot, NULL);=0D +=0D + //=0D + // Test suite 10: Disable var policy and confirm expected behavior=0D + //=0D + Status =3D CreateUnitTestSuite (&DisablePolicyTestSuite, Framework, "Dis= able policy, test it", "Common.VP.DisablePolicyTests", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Disable Po= licy Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (DisablePolicyTestSuite, "Confirm VP is enabled", "Common.VP= .DisablePolicyTests.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq,= NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test LockNow policy for a pre-exis= ting variable", "Common.VP.DisablePolicyTests.TestExistingVarLockNow", Test= ExistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test disabling policy", "Common.VP= .DisablePolicyTests.DisablePolicyEngineTests", DisablePolicyEngineTests, Lo= cateVarPolicyPreReq, FinalCleanup, NULL);=0D +=0D + //=0D + // Execute the tests.=0D + //=0D + Status =3D RunAllTestSuites (Framework);=0D +=0D +EXIT:=0D + if (Framework !=3D NULL) {=0D + FreeUnitTestFramework (Framework);=0D + }=0D +=0D + return Status;=0D +} // UefiMain=0D diff --git a/MdeModulePkg/MdeModulePkg.ci.yaml b/MdeModulePkg/MdeModulePkg.= ci.yaml index 1cfc1328390e..88a192d0e2a8 100644 --- a/MdeModulePkg/MdeModulePkg.ci.yaml +++ b/MdeModulePkg/MdeModulePkg.ci.yaml @@ -35,7 +35,9 @@ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D ],=0D # For UEFI shell based apps=0D - "AcceptableDependencies-UEFI_APPLICATION":[],=0D + "AcceptableDependencies-UEFI_APPLICATION":[=0D + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D + ],=0D "IgnoreInf": []=0D },=0D =0D diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index f0a75a3b337b..414a6c62dfdb 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -19,6 +19,8 @@ [Defines] BUILD_TARGETS =3D DEBUG|RELEASE|NOOPT=0D SKUID_IDENTIFIER =3D DEFAULT=0D =0D +!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc=0D +=0D [LibraryClasses]=0D #=0D # Entry point=0D @@ -314,6 +316,10 @@ [Components] MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf=0D MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf=0D MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf=0D + MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc= TestApp.inf {=0D + =0D + UnitTestBootLib|UnitTestFrameworkPkg/Library/UnitTestBootLibNull/Uni= tTestBootLibNull.inf=0D + }=0D MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf=0D MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf=0D MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf=0D diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.m= d b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md new file mode 100644 index 000000000000..804ad4173a5f --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md @@ -0,0 +1,55 @@ +# variable Policy Unit Tests=0D +=0D +## 🔹 Copyright=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +## About This Test=0D +This test verifies functionality of the Variable Policy Protocol by regist= ering various variable policies and exercising them, as well as tests locki= ng the policy, disabling it, and dumping the policy entries.=0D +=0D +Only policies that are created as a part of this test will be tested.=0D +1. Try getting test context, if empty then get VP protocol, confirm that V= P is not disabled by calling IsVariablePolicyEnabled. Log VP revision.=0D +2. "No lock" policies:=0D + * check minsize enforcement=0D + * check maxsize enforcement=0D + * check musthave attr enforcement=0D + * check canthave attr enforcement=0D + * check one of the above with empty string policy i.e. name wildcard=0D + * check another one of the above with a "#" containing policy string=0D + * check policy prioritization by having a namespace-wide policy, a pol= icy with a # wildcard, and a one-var specific policy and testing which one = is enforced=0D +3. "Lock now" policies (means if the var doesn't exist, it won't be create= d; if one exists, it can't be updated):=0D + * test a policy for an already existing variable, verify we can't writ= e into that variable=0D + * create a policy for a non-existing variable and attempt to register = such var=0D +4. "Lock on create" policies (means the var can still be created, but no u= pdates later, existing vars can't be updated):=0D + * create a var, lock it with LockOnCreate, attempt to update its conte= nts=0D + * create LockOnCreate VP, attempt to create var with invalid size, the= n invalid attr, then create valid var, attempt to update its contents=0D +5. "Lock on var state" policies (means the var protected by this policy ca= n't be created or updated once the trigger is set)=0D + * create VP, trigger lock with a valid var, attempt to create a locked= var, then modify the trigger var, create locked var=0D + * create VP, create targeted var, modify it, trigger lock, attempt to = modify var=0D + * create VP, trigger lock with invalid (larger than one byte) var, see= if VPE allows creation of the locked var (it should allow)=0D + * create VP, set locking var with wrong value, see if VPE allows creat= ion of the locked var (should allow)=0D +6. Attempt registering invalid policy entries=0D + * invalid required and banned attributes=0D + * large min size - let's say 2GB=0D + * max size equal to 0=0D + * invalid policy type=0D +7. Exercise dumping policy. No need to check the validity of the dump blob= .=0D +8. Test registering a policy with a random version.=0D +9. Lock VPE, make sure old policies are enforced, new ones can't be regist= ered.=0D + * Register a LockOnCreate policy=0D + * Lock VPE=0D + * Test locking it again.=0D + * Verify one of the prior policies is enforced=0D + * Make sure we can create variables even if those are protected by Loc= kOnCreate policy, after locking the VPE=0D + * Attempt to register new policies=0D + * Make sure can't disable VPE=0D + * Cleanup: save context and reboot=0D +10. Disable variable policy and try some things=0D + * Locate Variable Policy Protocol=0D + * Make sure VP is enabled=0D + * Register a policy=0D + * Disable VPE=0D + * Call IsVariablePolicyEnabled to confirm it's disabled.=0D + * Make sure can't lock policy=0D + * Make sure the policy from a is no longer enforced=0D + * Final cleanup: delete vars that were created in some earlier test su= ites=0D diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable= PolicyFuncTestApp.inf b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestA= pp/VariablePolicyFuncTestApp.inf new file mode 100644 index 000000000000..9ad277a547c2 --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF= uncTestApp.inf @@ -0,0 +1,42 @@ +## @file=0D +# Uefi Shell based Application that unit tests the Variable Policy Protoco= l=0D +#=0D +# Copyright (c) Microsoft Corporation.=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D VariablePolicyFuncTestApp=0D + FILE_GUID =3D B653C4C3-3FCC-4B6C-8051-5F692AEAECBA= =0D + MODULE_TYPE =3D UEFI_APPLICATION=0D + VERSION_STRING =3D 1.0=0D + ENTRY_POINT =3D UefiMain=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D X64 AARCH64=0D +#=0D +=0D +[Sources]=0D + VariablePolicyFuncTestApp.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D +=0D +[LibraryClasses]=0D + UefiApplicationEntryPoint=0D + BaseLib=0D + UnitTestLib=0D + UnitTestBootLib=0D + PrintLib=0D + UefiBootServicesTableLib=0D + UefiRuntimeServicesTableLib=0D + MemoryAllocationLib=0D + VariablePolicyHelperLib=0D +=0D +[Protocols]=0D + gEdkiiVariablePolicyProtocolGuid=0D --=20 2.26.2.windows.1.8.g01c50adf56.20200515075929