From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.web12.6862.1600841409916899295 for ; Tue, 22 Sep 2020 23:10:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=nT+kUGpy; spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.216.42, mailfrom: bret@corthon.com) Received: by mail-pj1-f42.google.com with SMTP id q4so2660871pjh.5 for ; Tue, 22 Sep 2020 23:10:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corthon-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8UsLoXf2ljSSK6sxzxjcC6HhF+h1KUla3TXrNPIOJ24=; b=nT+kUGpyl01dojEnwuldtUT5I4vbZSO1Ka7OffvqWU7cFaEoFDBsDSIbLx3n5+4hfK XnwkSaP5D+Ycbq1n7Ip994IgH5SN/gG1d1PxgNHpa4fOnUBWcEOljjqbW8eipOEp/kh3 Za3Ija6t1PU5CeOZEl2RWXjGWJ3GE+0T0tz5zwgETUKXRT9XYCmA/5SPOtJCCJJnoVL+ VYrBo+zUV5ZyIQ5stnpx32SXUf991s5Z9rH3KkqXE5K7EBwXnZDBU0eJ0LtdHfSMuUdZ yRS2eOjBVahHiOKNouDOampx8fIRskIyj4jhtYEeXkeyLOwtpuBjOBH8Uu+xO5l5sjOQ vlVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8UsLoXf2ljSSK6sxzxjcC6HhF+h1KUla3TXrNPIOJ24=; b=Cjzwr51AuyT25qmfn6KT5wyiGVll1gHQP4f5j/LvnjY9Kavp20TkCQqexcqFJ1chwR /s70ptCYEjz2AIB0Qeait8WP9pKgyRKp9Yw2+AXWrVsVfiOGcViAUOqvI6KVgIv8fpnw JRX9h0Zo/xk8ALQOmbe346a9pjU7Bux48pZkJNqtCOdE9n/insq/QzsQdC33ePhRT3Xi D+ZsPInzPWABNwyDPrOsZiNjO7DxKFHtjfuuzJhmxvDHGHw4jRP2xRfmfaa8SZaDZ3k2 FOZ5GR1Me76LmTOvneqzlal5P5zxJbRSZxdFA4ZAi0QCaxFJ9WC6jGK+1YwUtiUZU+28 16Ww== X-Gm-Message-State: AOAM532u5PwHS0ge0uXNn8sheIDw+4mrqACyIcD4fAwPJue36LZw5tzD dfMd8m0VKO/8Z31IB12BNbOqB5T12VYRFjO+ X-Google-Smtp-Source: ABdhPJxfl4QNYHRtFB5JT8O8T+C4xnwO3ONlOuxzy/FNA/y1a8HM7PyXewtmw+AusKDRcsm3jgHZJg== X-Received: by 2002:a17:90b:1211:: with SMTP id gl17mr7183799pjb.87.1600841408538; Tue, 22 Sep 2020 23:10:08 -0700 (PDT) Return-Path: Received: from localhost.localdomain (174-21-140-128.tukw.qwest.net. [174.21.140.128]) by smtp.gmail.com with ESMTPSA id x4sm16960498pff.57.2020.09.22.23.10.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Sep 2020 23:10:07 -0700 (PDT) From: "Bret Barkelew" X-Google-Original-From: Bret Barkelew To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao , Bret Barkelew , Dandan Bi Subject: [PATCH v8 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy Date: Tue, 22 Sep 2020 23:07:48 -0700 Message-Id: <20200923060748.3795-15-bret.barkelew@microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20200923060748.3795-1-bret.barkelew@microsoft.com> References: <20200923060748.3795-1-bret.barkelew@microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 To verify that VariablePolicy is correctly integrated on platforms, add a Shell-based functional test to confirm expected behavior. NOTE: This test assumes that VariablePolicy is built with PcdAllowVariablePolicyEnforcementDisable set to TRUE. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew Reviewed-by: Dandan Bi Acked-by: Jian J Wang --- MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe= stApp.c | 2226 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.ci.yaml = | 4 +- MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md = | 55 + MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe= stApp.inf | 47 + MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTestAu= thVar.h | 128 ++ 5 files changed, 2459 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable= PolicyFuncTestApp.c b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp= /VariablePolicyFuncTestApp.c new file mode 100644 index 000000000000..c2b28e4b642b --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF= uncTestApp.c @@ -0,0 +1,2226 @@ +/** @file=0D +UEFI Shell based application for unit testing the Variable Policy Protocol= .=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +#include "VariablePolicyTestAuthVar.h"=0D +=0D +// TODO: Need to add to the UnitTestFrameworkPkg=0D +// #include =0D +=0D +#define UNIT_TEST_APP_NAME "Variable Policy Unit Test Application"= =0D +#define UNIT_TEST_APP_VERSION "0.1"=0D +=0D +// TODO: Need to add to the UnitTestFrameworkPkg=0D +UNIT_TEST_FRAMEWORK_HANDLE=0D +GetActiveFrameworkHandle (=0D + VOID=0D + );=0D +=0D +EDKII_VARIABLE_POLICY_PROTOCOL *mVarPol =3D NULL;=0D +=0D +=0D +EFI_GUID mTestNamespaceGuid1 =3D { 0x3b389299, 0xabaf, 0x433b, { 0xa4, 0xa= 9, 0x23, 0xc8, 0x44, 0x02, 0xfc, 0xad } };=0D +EFI_GUID mTestNamespaceGuid2 =3D { 0x4c49a3aa, 0xbcb0, 0x544c, { 0xb5, 0xb= a, 0x34, 0xd9, 0x55, 0x13, 0x0d, 0xbe } };=0D +EFI_GUID mTestNamespaceGuid3 =3D { 0x5d5ab4bb, 0xcdc1, 0x655d, { 0xc6, 0xc= b, 0x45, 0xea, 0x66, 0x24, 0x1e, 0xcf } };=0D +=0D +#define TEST_AUTH_VAR_NAME L"DummyAuthVar"=0D +EFI_GUID mTestAuthNamespaceGuid =3D { 0xb6c5a2c6, 0x3ece, 0x4b9b, { 0x8c, = 0xc8, 0x96, 0xd8, 0xd9, 0xca, 0xd3, 0x4e } };=0D +=0D +/**=0D + Prerequisite for most test cases.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +LocateVarPolicyPreReq (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + if (mVarPol =3D=3D NULL) {=0D + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid,=0D + NULL,=0D + (VOID **) &mVarPol);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_NOT_NULL (mVarPol);=0D + }=0D +=0D + return UNIT_TEST_PASSED;=0D +} // LocateVarPolicyPreReq=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +VarPolicyEnabledPreReq (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D +=0D + UT_ASSERT_EQUAL(LocateVarPolicyPreReq(Context), UNIT_TEST_PASSED);=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + UT_ASSERT_TRUE(State);=0D +=0D + return UNIT_TEST_PASSED;=0D +}=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +VarPolicyDisabledPreReq (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D +=0D + UT_ASSERT_EQUAL(LocateVarPolicyPreReq(Context), UNIT_TEST_PASSED);=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + UT_ASSERT_FALSE(State);=0D +=0D + return UNIT_TEST_PASSED;=0D +}=0D +=0D +/**=0D + Getting Started tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +CheckVpEnabled (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D +=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D +=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, TRUE);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // CheckVpEnabled=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +CheckVpRevision (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + UT_ASSERT_NOT_EQUAL (mVarPol->Revision, 0);=0D + UT_LOG_INFO ("VP Revision: 0x%x\n", mVarPol->Revision);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // CheckVpRevision=0D +=0D +/**=0D + NOTE: Copied from SecureBootConfigImpl.c, then modified.=0D +=0D + Create a time based data payload by concatenating the EFI_VARIABLE_AUTHE= NTICATION_2=0D + descriptor with the input data. NO authentication is required in this fu= nction.=0D +=0D + @param[in, out] DataSize On input, the size of Data buffer in by= tes.=0D + On output, the size of data returned in= Data=0D + buffer in bytes.=0D + @param[in, out] Data On input, Pointer to data buffer to be = wrapped or=0D + pointer to NULL to wrap an empty payloa= d.=0D + On output, Pointer to the new payload d= ate buffer allocated from pool,=0D + it's caller's responsibility to free th= e memory when finish using it.=0D + @param[in] Time [Optional] If provided, will be used as= the timestamp for the payload.=0D + If NULL, a new timestamp will be genera= ted using GetTime().=0D +=0D + @retval EFI_SUCCESS Create time based payload successfully.= =0D + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload.=0D + @retval EFI_INVALID_PARAMETER The parameter is invalid.=0D + @retval Others Unexpected error happens.=0D +=0D +**/=0D +STATIC=0D +EFI_STATUS=0D +CreateEmptyTimeBasedPayload (=0D + IN OUT UINTN *DataSize,=0D + IN OUT UINT8 **Data,=0D + IN EFI_TIME *Time OPTIONAL=0D + )=0D +{=0D + UINT8 *NewData;=0D + UINT8 *Payload;=0D + UINTN PayloadSize;=0D + EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;=0D + UINTN DescriptorSize;=0D + EFI_TIME NewTime;=0D +=0D + if (Data =3D=3D NULL || DataSize =3D=3D NULL) {=0D + DEBUG((DEBUG_ERROR, "CreateEmptyTimeBasedPayload(), invalid arg\n"));= =0D + return EFI_INVALID_PARAMETER;=0D + }=0D +=0D + //=0D + // In Setup mode or Custom mode, the variable does not need to be signed= but the=0D + // parameters to the SetVariable() call still need to be prepared as aut= henticated=0D + // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor withou= t certificate=0D + // data in it.=0D + //=0D + Payload =3D *Data;=0D + PayloadSize =3D *DataSize;=0D +=0D + DescriptorSize =3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo= ) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);=0D + NewData =3D (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);=0D + if (NewData =3D=3D NULL) {=0D + DEBUG((DEBUG_ERROR, "CreateEmptyTimeBasedPayload() Out of resources.\n= "));=0D + return EFI_OUT_OF_RESOURCES;=0D + }=0D +=0D + if ((Payload !=3D NULL) && (PayloadSize !=3D 0)) {=0D + CopyMem (NewData + DescriptorSize, Payload, PayloadSize);=0D + }=0D +=0D + DescriptorData =3D (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);=0D +=0D + //=0D + // Use or create the timestamp.=0D + //=0D + // If Time is NULL, create a new timestamp.=0D + if (Time =3D=3D NULL)=0D + {=0D + NewTime.Year =3D 9999;=0D + NewTime.Month =3D 12;=0D + NewTime.Day =3D 31;=0D + NewTime.Hour =3D 23;=0D + NewTime.Minute =3D 59;=0D + NewTime.Second =3D 59;=0D + NewTime.Pad1 =3D 0;=0D + NewTime.Nanosecond =3D 0;=0D + NewTime.TimeZone =3D 0;=0D + NewTime.Daylight =3D 0;=0D + NewTime.Pad2 =3D 0;=0D + Time =3D &NewTime; // Use the new timestamp.=0D + }=0D + CopyMem (&DescriptorData->TimeStamp, Time, sizeof (EFI_TIME));=0D +=0D + DescriptorData->AuthInfo.Hdr.dwLength =3D OFFSET_OF (WIN_CERTIFI= CATE_UEFI_GUID, CertData);=0D + DescriptorData->AuthInfo.Hdr.wRevision =3D 0x0200;=0D + DescriptorData->AuthInfo.Hdr.wCertificateType =3D WIN_CERT_TYPE_EFI_GUID= ;=0D + CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);=0D +=0D + if (Payload !=3D NULL) {=0D + FreePool(Payload);=0D + }=0D +=0D + *DataSize =3D DescriptorSize + PayloadSize;=0D + *Data =3D NewData;=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + NoLock Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMinSizeNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MinSizeNoLockVar",=0D + 4,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than minsize=0D + //=0D + Value1 =3D 0x12;=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var of size that matches minsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than minsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Delete the variable=0D + //=0D + Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMinSizeNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMaxSizeNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MaxSizeNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than maxsize=0D + //=0D + Value1 =3D 0x34;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size that matches maxsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than maxsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMaxSizeNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMustHaveAttrNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MustHaveAttrNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_= VARIABLE_BOOTSERVICE_ACCESS),=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that doesn't have the must-have attributes=0D + //=0D + Value =3D 0x56;=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that has exactly the required attributes=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has the required attributes and one extra att= ribute=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + return UNIT_TEST_PASSED;=0D +} // TestMustHaveAttrNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestCantHaveAttrNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"CantHaveAttrNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_NON_VOLATILE,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has a can't have attr=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that satisfies the can't have requirement=0D + //=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestCantHaveAttrNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMaxSizeNamespaceNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINT8 *Buffer;=0D +=0D + //=0D + // Register a namespace-wide policy limiting max size to 4 bytes=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid2,=0D + NULL,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that is smaller than maxsize=0D + //=0D + Value1 =3D 0x34;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size that matches maxsize=0D + //=0D + Value2 =3D 0xa1b2c3d4;=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + //=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var of size larger than maxsize=0D + //=0D + Buffer =3D AllocateZeroPool (40);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D + Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D + &mTestNamespaceGuid2,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + 40,=0D + Buffer);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + FreePool (Buffer);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMaxSizeNamespaceNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestMustHaveAttrWildcardNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"MustHaveAttrWildcardNoLockVar###= #",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_= VARIABLE_BOOTSERVICE_ACCESS),=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that doesn't have the must-have attributes=0D + //=0D + Value =3D 0x56;=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1573",=0D + &mTestNamespaceGuid1,=0D + EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Try to write a var that has exactly the required attributes=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Try to write a var that has the required attributes and one extra att= ribute=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to delete the var=0D + // NOTE: some implementations of VP will require the musthave attributes= to be passed even when deleting=0D + //=0D + Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestMustHaveAttrWildcardNoLock=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestPolicyprioritizationNoLock (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value8;=0D + UINT16 Value16;=0D + UINT32 Value32;=0D + UINT64 Value64;=0D +=0D + //=0D + // Register a policy targeting the specific var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + L"PolicyPriorityTestVar123",=0D + 8, // min size of UINT64=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a policy with wildcards in the name=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + L"PolicyPriorityTestVar###",=0D + 4, // min size of UINT32=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a policy with wildcards in the name=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid3,=0D + NULL,=0D + 2, // min size of UINT16=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // The idea is that the most specific policy is applied:=0D + // For varname "TestVar", the namespace-wide one should apply: UINT16 = minimum=0D + // For varname "PolicyPriorityTestVar567" the wildcard policy should a= pply: UINT32 minimum=0D + // For varname "PolicyPriorityTestVar123" the var-specific policy shou= ld apply: UINT64 minimum=0D + //=0D +=0D + //=0D + // Let's confirm the namespace-wide policy enforcement=0D + //=0D + Value8 =3D 0x78;=0D + Status =3D gRT->SetVariable (L"TestVar",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value8),=0D + &Value8);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value16 =3D 0x6543;=0D + Status =3D gRT->SetVariable (L"TestVar",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value16),=0D + &Value16);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's confirm the wildcard policy enforcement=0D + //=0D + Value16 =3D 0xabba;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value16),=0D + &Value16);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value32 =3D 0xfedcba98;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value32),=0D + &Value32);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's confirm the var-specific policy enforcement=0D + //=0D + Value32 =3D 0x8d3f627c;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value32),=0D + &Value32);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + Value64 =3D 0xbebecdcdafaf6767;=0D + Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D + &mTestNamespaceGuid3,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value64),=0D + &Value64);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestPolicyprioritizationNoLock=0D +=0D +/**=0D + LockNow Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestExistingVarLockNow (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Write a var that we'll protect next=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockNowVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to modify the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Attempt to delete the locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestExistingVarLockNow=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestNonexistentVarLockNow (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D + UINTN Size;=0D +=0D + //=0D + // Make sure the variable we're about to create the policy for doesn't e= xist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockNowVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to create the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestNonexistentVarLockNow=0D +=0D +/**=0D + LockOnCreate Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestExistingVarLockOnCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Write a var that we'll protect later=0D + //=0D + Value =3D 0x78;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Register a LockNow policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockOnCreateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to modify the locked var=0D + //=0D + Value =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Attempt to delete the locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestExistingVarLockOnCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestNonexistentVarLockOnCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value1;=0D + UINT32 Value2;=0D + UINTN Size;=0D +=0D + //=0D + // Make sure the variable we're about to create the policy for doesn't e= xist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Register a LockOnCreate policy targeting the var=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockOnCreateVar",=0D + 2, // min size of 2 bytes, UINT16+= =0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_RUNTIME_ACCESS, // mu= st have RT attr=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Attempt to create the var, but smaller than min size=0D + //=0D + Value1 =3D 0xA5;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value1),=0D + &Value1);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Now let's make sure attribute req is enforced=0D + //=0D + Value2 =3D 0x43218765;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Now let's create a valid variable=0D + //=0D + Value2 =3D 0x43218765;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's make sure we can't modify it=0D + //=0D + Value2 =3D 0xa5a5b6b6;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D + sizeof (Value2),=0D + &Value2);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Finally, let's make sure we can't delete it=0D + //=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // This variable is deleted in final cleanup.=0D + //=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestNonexistentVarLockOnCreate=0D +=0D +/**=0D + LockOnVarState Policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateBeforeCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINTN Size;=0D + UINT8 Value;=0D +=0D + //=0D + // First of all, let's make sure the var we're trying to protect doesn't= exist=0D + //=0D + Size =3D 0;=0D + Status =3D gRT->GetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + NULL,=0D + &Size,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D +=0D + //=0D + // Good, now let's create a policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"NonexistentLockOnVarStateVar"= ,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger1",=0D + 0x7E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we write the trigger var=0D + //=0D + Value =3D 0x7E;=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Ok, now we attempt to write a var protected by the trigger=0D + //=0D + Value =3D 0xFA;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Let's modify the trigger var and "untrigger" the policy=0D + //=0D + Value =3D 0x38;=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we should be able to create the var targeted by the policy=0D + //=0D + Value =3D 0x23;=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Cleanup: delete the trigger and the protected var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger1",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateBeforeCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateAfterCreate (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // Let's create a policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ExistingLockOnVarStateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger2",=0D + 0x5C);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should be able to write targeted var since the policy isn't active ye= t.=0D + //=0D + Value =3D 0x17;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's modify the var to make sure the policy isn't acting like a lock= -on-create one=0D + //=0D + Value =3D 0x30;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now we trigger the policy=0D + //=0D + Value =3D 0x5C;=0D + Status =3D gRT->SetVariable (L"Trigger2",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's now verify the variable is protected=0D + //=0D + Value =3D 0xB9;=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Ok, to clean up, we need to remove the trigger var, so delete it, and= then delete the target var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger2",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateAfterCreate=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateInvalidLargeTrigger (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT16 Value;=0D +=0D + //=0D + // First let's create a variable policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidLargeTriggerLockOnVarS= tateVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger3",=0D + 0x5C);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now attempt to trigger the lock but with a variable larger than one b= yte=0D + //=0D + Value =3D 0x8085;=0D + Status =3D gRT->SetVariable (L"Trigger3",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should still be able to create the targeted var=0D + //=0D + Value =3D 0x1234;=0D + Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's clean up by deleting the invalid trigger and the targeted var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger3",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateInvalidLargeTrigger=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLockOnVarStateWrongValueTrigger (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8 Value;=0D +=0D + //=0D + // First let's create a variable policy=0D + //=0D + Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"WrongValueTriggerLockOnVarSta= teVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + &mTestNamespaceGuid1,=0D + L"Trigger4",=0D + 0xCA);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now attempt to trigger the lock but with a wrong value=0D + //=0D + Value =3D 0x80;=0D + Status =3D gRT->SetVariable (L"Trigger4",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Should still be able to create the targeted var=0D + //=0D + Value =3D 0x14;=0D + Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Let's clean up by deleting the invalid trigger and the targeted var=0D + //=0D + Status =3D gRT->SetVariable (L"Trigger4",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLockOnVarStateWrongValueTrigger=0D +=0D +/**=0D + Invalid policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestInvalidAttributesPolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // The only must/can't have attributes supported by VPE are NV, BS, and = RT. They are 1, 2, and 4, respectively.=0D + // Let's try some bits higher than that?=0D + //=0D +=0D + //=0D + // Trying must have attribute 0x8 which is EFI_VARIABLE_HARDWARE_ERROR_R= ECORD=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar1",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_HARDWARE_ERROR_RECORD= ,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO= RD returned %r\n", Status);=0D +=0D + //=0D + // Let's try 0x10 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, a deprecate= d attribute=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar2",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_AUTHENTICATED_WRITE_A= CCESS,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS returned %r\n", Status);=0D +=0D + //=0D + // Let's try 0x20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar3",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + EFI_VARIABLE_TIME_BASED_AUTHENTICA= TED_WRITE_ACCESS,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI= CATED_WRITE_ACCESS returned %r\n", Status);=0D +=0D + //=0D + // Let's try something wild, like 0x4000=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidMustHaveAttributesPolicyV= ar4",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + 0x4000,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting must have attr to 0x4000 returned %r\n", Status);= =0D +=0D + //=0D + // Now repeat the same tests, but for the can't-have param=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar1",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_HARDWARE_ERROR_RECORD= ,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO= RD returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar2",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_AUTHENTICATED_WRITE_A= CCESS,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar3",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + EFI_VARIABLE_TIME_BASED_AUTHENTICA= TED_WRITE_ACCESS,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI= CATED_WRITE_ACCESS returned %r\n", Status);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidCantHaveAttributesPolicyV= ar4",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + 0x4000,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + UT_LOG_INFO ("Setting cant have attr to 0x4000 returned %r\n", Status);= =0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestInvalidAttributesPolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestLargeMinSizePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set the min size to 2GB and see what happens=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"LargeMinSizeInvalidPolicyVar",=0D + 0x80000000,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D +=0D + UT_LOG_INFO ("Setting min size to 0x80000000 returned %r\n", Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestLargeMinSizePolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestZeroMaxSizePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set the max size to 0 and see what happens=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"ZeroMinSizeInvalidPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 0,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK);=0D + //UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS); // this fails on QC. Real b= ug? Do we care?=0D + UT_LOG_INFO ("Setting max size to 0 returned %r\n", Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestZeroMaxSizePolicy=0D +=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestInvalidPolicyTypePolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Let's set policy type to an invalid value and see what happens=0D + // Valid ones are:=0D + // VARIABLE_POLICY_TYPE_NO_LOCK 0=0D + // VARIABLE_POLICY_TYPE_LOCK_NOW 1=0D + // VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2=0D + // VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidPolicyTypePolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + 4);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"InvalidPolicyTypePolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + 147);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestInvalidPolicyTypePolicy=0D +=0D +/**=0D + Test dumping policy.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestDumpPolicy (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT8* Buffer;=0D + UINT32 Size;=0D +=0D + //=0D + // First let's call DumpVariablePolicy with null buffer to get size=0D + //=0D + Size =3D 0;=0D + Status =3D mVarPol->DumpVariablePolicy (NULL, &Size);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_BUFFER_TOO_SMALL);=0D +=0D + //=0D + // Now we allocate the buffer for the dump=0D + //=0D + Buffer =3D NULL;=0D + Buffer =3D AllocatePool (Size);=0D + UT_ASSERT_NOT_NULL (Buffer);=0D +=0D + //=0D + // Now we get the dump. In this test we will not analyze the dump.=0D + //=0D + Status =3D mVarPol->DumpVariablePolicy (Buffer, &Size);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestDumpPolicy=0D +=0D +/**=0D + Test policy version.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +TestPolicyVersion (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + VARIABLE_POLICY_ENTRY *NewEntry;=0D +=0D + //=0D + // Create the new entry using a helper lib=0D + //=0D + NewEntry =3D NULL;=0D + Status =3D CreateBasicVariablePolicy (&mTestNamespaceGuid1,=0D + L"PolicyVersionTestNoLockVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4, // max size of 4 bytes=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_NO_LOCK,=0D + &NewEntry);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + NewEntry->Version =3D 0x1234;=0D + Status =3D mVarPol->RegisterVariablePolicy (NewEntry);=0D + UT_LOG_INFO ("Registering policy entry with an unknown version status: %= r\n", Status);=0D +=0D + FreePool (NewEntry);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // TestPolicyVersion=0D +=0D +/**=0D + Lock Policy Tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +LockPolicyEngineTests (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT16 Value;=0D + UINT64 Value64;=0D + BOOLEAN State;=0D +=0D + //=0D + // First let's register a policy that we'll test after VPE lock=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"BeforeVpeLockNoLockPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + 4, // max size of 4 bytes=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_ON_CREAT= E);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now, lock VPE!=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // See if we can lock it again?=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_LOG_INFO ("Locking VPE for second time returned %r\n", Status);=0D +=0D + //=0D + // Let's confirm one of the policies from prior test suites is still enf= orced=0D + // Attempt to delete a locked var=0D + //=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // We'll make sure the policy from earlier in this test case is actively= filtering out by size=0D + //=0D + Value64 =3D 0x3829fed212345678;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value64),=0D + &Value64);=0D + UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF= I_INVALID_PARAMETER));=0D +=0D + //=0D + // Let's create the variable from the policy now=0D + //=0D + Value =3D 0x323f;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Now confirm that the var is locked after creation=0D + //=0D + Value =3D 0x1212;=0D + Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO= OTSERVICE_ACCESS),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D +=0D + //=0D + // Let's attempt to register a new policy, it should fail=0D + //=0D + Status =3D RegisterBasicVariablePolicy (mVarPol,=0D + &mTestNamespaceGuid1,=0D + L"AfterVpeLockNowPolicyVar",=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + //=0D + // Make sure VPE is enabled=0D + //=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, TRUE);=0D +=0D + //=0D + // Finally, make sure we can't disable VPE=0D + //=0D + Status =3D mVarPol->DisableVariablePolicy ();=0D + UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // LockPolicyEngineTests=0D +=0D +/**=0D + Save context and reboot after the lock policy test suite.=0D +**/=0D +STATIC=0D +VOID=0D +EFIAPI=0D +SaveStateAndReboot (=0D + VOID=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + //=0D + // Now, save all the data associated with this framework.=0D + // TODO: Need to add to the UnitTestFrameworkPkg=0D + Status =3D SaveFrameworkState( NULL, 0 );=0D +=0D + //=0D + // If we're all good, let's book...=0D + if (!EFI_ERROR( Status ))=0D + {=0D + //=0D + // Next, we want to update the BootNext variable to USB=0D + // so that we have a fighting chance of coming back here.=0D + //=0D + // TODO: Need to add to the UnitTestFrameworkPkg=0D + // SetBootNextDevice();=0D +=0D + //=0D + // Reset=0D + DEBUG(( DEBUG_INFO, "%a - Rebooting! Launch this test again once boote= d.\n", __FUNCTION__ ));=0D + gRT->ResetSystem( EfiResetCold, EFI_SUCCESS, 0, NULL );=0D + DEBUG(( DEBUG_ERROR, "%a - Unit test failed to quit! Framework can no = longer be used!\n", __FUNCTION__ ));=0D +=0D + //=0D + // We REALLY shouldn't be here.=0D + Status =3D EFI_ABORTED;=0D + }=0D +=0D + return;=0D +} // SaveContextAndReboot=0D +=0D +STATIC=0D +VOID=0D +IgnoreContextAndReboot (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + // Just a wrapper for prototype reuse.=0D + SaveStateAndReboot();=0D +}=0D +=0D +/**=0D + Disable policy tests.=0D +**/=0D +UNIT_TEST_STATUS=0D +EFIAPI=0D +DisablePolicyEngineTests (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + BOOLEAN State;=0D + UINT8 Value;=0D +=0D + //=0D + // First, we disable the variable policy=0D + //=0D + Status =3D mVarPol->DisableVariablePolicy ();=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + //=0D + // Confirm it's disabled=0D + //=0D + Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D + UT_ASSERT_EQUAL (State, FALSE);=0D +=0D + //=0D + // Try locking it?=0D + //=0D + Status =3D mVarPol->LockVariablePolicy ();=0D + UT_LOG_INFO ("Locking VP after disabling it status: %r\n", Status);=0D +=0D + //=0D + // Try modifying the var from TestExistingVarLockNow=0D + //=0D + Value =3D 0xB5;=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB= LE_NON_VOLATILE),=0D + sizeof (Value),=0D + &Value);=0D + UT_ASSERT_NOT_EFI_ERROR (Status);=0D +=0D + return UNIT_TEST_PASSED;=0D +} // DisablePolicyEngineTests=0D +=0D +//=0D +// Pre-Disable Setup and Test for Authenticated Variables=0D +//=0D +UNIT_TEST_STATUS=0D +TestAuthVarPart1 (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT32 Data;=0D + UINTN DataSize;=0D + UINT8 *DeleteData;=0D +=0D + // First, we need to create our dummy Authenticated Variable.=0D + Status =3D gRT->SetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOT= SERVICE_ACCESS |=0D + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_T= IME_BASED_AUTHENTICATED_WRITE_ACCESS),=0D + mTestAuthVarPayloadSize,=0D + &mTestAuthVarPayload[0]);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D +=0D + // Prove that we created it.=0D + DataSize =3D sizeof(Data);=0D + Status =3D gRT->GetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + NULL,=0D + &DataSize,=0D + &Data);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + UT_ASSERT_EQUAL(Data, 0xDEADBEEF);=0D +=0D + // Prove that we cannot delete it.=0D + DeleteData =3D NULL;=0D + DataSize =3D 0;=0D + Status =3D CreateEmptyTimeBasedPayload(&DataSize, &DeleteData, NULL);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + Status =3D gRT->SetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOT= SERVICE_ACCESS |=0D + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_T= IME_BASED_AUTHENTICATED_WRITE_ACCESS),=0D + DataSize,=0D + (VOID*)DeleteData);=0D + UT_ASSERT_STATUS_EQUAL(Status, EFI_SECURITY_VIOLATION);=0D + FreePool(DeleteData);=0D +=0D + return UNIT_TEST_PASSED;=0D +}=0D +=0D +//=0D +// Post-Disable Test for Authenticated Variables=0D +//=0D +UNIT_TEST_STATUS=0D +TestAuthVarPart2 (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D + UINT32 Data;=0D + UINTN DataSize;=0D + UINT8 *DeleteData;=0D +=0D + // Prove that it exists.=0D + DataSize =3D sizeof(Data);=0D + Status =3D gRT->GetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + NULL,=0D + &DataSize,=0D + &Data);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + UT_ASSERT_EQUAL(Data, 0xDEADBEEF);=0D +=0D + // Prove that we can delete it.=0D + DeleteData =3D NULL;=0D + DataSize =3D 0;=0D + Status =3D CreateEmptyTimeBasedPayload(&DataSize, &DeleteData, NULL);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + Status =3D gRT->SetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOT= SERVICE_ACCESS |=0D + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_T= IME_BASED_AUTHENTICATED_WRITE_ACCESS),=0D + DataSize,=0D + (VOID*)DeleteData);=0D + UT_ASSERT_NOT_EFI_ERROR(Status);=0D + FreePool(DeleteData);=0D +=0D + // Prove that we deleted it.=0D + DataSize =3D sizeof(Data);=0D + Status =3D gRT->GetVariable(TEST_AUTH_VAR_NAME,=0D + &mTestAuthNamespaceGuid,=0D + NULL,=0D + &DataSize,=0D + &Data);=0D + UT_ASSERT_STATUS_EQUAL(Status, EFI_NOT_FOUND);=0D +=0D + return UNIT_TEST_PASSED;=0D +}=0D +=0D +/**=0D + Final Cleanup: delete some variables earlier test cases created.=0D +**/=0D +STATIC=0D +VOID=0D +EFIAPI=0D +FinalCleanup (=0D + IN UNIT_TEST_CONTEXT Context=0D + )=0D +{=0D + EFI_STATUS Status;=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockNowVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockOnCreateVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockOnCreateVar status: %r\n", Status);= =0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockNowVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete CantHaveAttrNoLockVar status: %r\n", Status);=0D +=0D + Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete NonexistentLockOnVarStateVar status: %r\n", Status)= ;=0D +=0D + Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D + &mTestNamespaceGuid1,=0D + 0,=0D + 0,=0D + NULL);=0D + UT_LOG_INFO ("Delete ExistingLockOnVarStateVar status: %r\n", Status);=0D +} // FinalCleanup=0D +=0D +/**=0D +=0D + Main fuction sets up the unit test environment.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +UefiMain (=0D + IN EFI_HANDLE ImageHandle,=0D + IN EFI_SYSTEM_TABLE* SystemTable)=0D +{=0D + EFI_STATUS Status;=0D + UNIT_TEST_FRAMEWORK_HANDLE Framework;=0D + UNIT_TEST_SUITE_HANDLE GettingStartedTestSuite;=0D + UNIT_TEST_SUITE_HANDLE NoLockPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockNowPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockOnCreatePoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockOnVarStatePoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE InvalidPoliciesTestSuite;=0D + UNIT_TEST_SUITE_HANDLE DumpPolicyTestSuite;=0D + UNIT_TEST_SUITE_HANDLE PolicyVersionTestSuite;=0D + UNIT_TEST_SUITE_HANDLE LockPolicyTestSuite;=0D + UNIT_TEST_SUITE_HANDLE DisablePolicyTestSuite;=0D +=0D + Framework =3D NULL;=0D + GettingStartedTestSuite =3D NULL;=0D + NoLockPoliciesTestSuite =3D NULL;=0D + LockNowPoliciesTestSuite =3D NULL;=0D + LockOnCreatePoliciesTestSuite =3D NULL;=0D + LockOnVarStatePoliciesTestSuite =3D NULL;=0D + InvalidPoliciesTestSuite =3D NULL;=0D + DumpPolicyTestSuite =3D NULL;=0D + PolicyVersionTestSuite =3D NULL;=0D + LockPolicyTestSuite =3D NULL;=0D + DisablePolicyTestSuite =3D NULL;=0D +=0D + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO= N));=0D +=0D + //=0D + // Start setting up the test framework for running the tests.=0D + //=0D + Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa= llerBaseName, UNIT_TEST_APP_VERSION);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n= ", Status));=0D + goto EXIT;=0D + }=0D +=0D + //=0D + // Test suite 1: Getting Started. Get VP protocol, check state, log revi= sion=0D + //=0D + Status =3D CreateUnitTestSuite (&GettingStartedTestSuite, Framework, "Ge= tting Started", "Common.VP.GettingStarted", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Getting St= arted Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (GettingStartedTestSuite, "Confirm VP is enabled", "Common.V= P.GettingStarted.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq, NU= LL, NULL);=0D + AddTestCase (GettingStartedTestSuite, "Check VP revision", "Common.VP.Ge= ttingStarted.CheckVpRevision", CheckVpRevision, LocateVarPolicyPreReq, NULL= , NULL);=0D +=0D + //=0D + // Test suite 2: Test NoLock Policies=0D + //=0D + Status =3D CreateUnitTestSuite (&NoLockPoliciesTestSuite, Framework, "Ex= ercise NoLock Policies", "Common.VP.NoLockPolicies", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the NoLock Pol= icies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Min Size enforcement in NoLo= ck policy", "Common.VP.NoLockPolicies.TestMinSizeNoLock", TestMinSizeNoLock= , LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo= ck policy", "Common.VP.NoLockPolicies.TestMaxSizeNoLock", TestMaxSizeNoLock= , LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem= ent in NoLock policy", "Common.VP.NoLockPolicies.TestMustHaveAttrNoLock", T= estMustHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Can't Have Attribute enforce= ment in NoLock policy", "Common.VP.NoLockPolicies.TestCantHaveAttrNoLock", = TestCantHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo= ck policy for entire namespace", "Common.VP.NoLockPolicies.TestMaxSizeNames= paceNoLock", TestMaxSizeNamespaceNoLock, LocateVarPolicyPreReq, NULL, NULL)= ;=0D + AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem= ent in NoLock policy with wildcards", "Common.VP.NoLockPolicies.TestMustHav= eAttrWildcardNoLock", TestMustHaveAttrWildcardNoLock, LocateVarPolicyPreReq= , NULL, NULL);=0D + AddTestCase (NoLockPoliciesTestSuite, "Test policy prioritization betwee= n namespace-wide, wildcard, and var-specific policies", "Common.VP.NoLockPo= licies.TestPolicyprioritizationNoLock", TestPolicyprioritizationNoLock, Loc= ateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 3: Test LockNow policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockNowPoliciesTestSuite, Framework, "E= xercise LockNow Policies", "Common.VP.LockNowPolicies", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockNow Po= licies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a pre-ex= isting variable", "Common.VP.LockNowPolicies.TestExistingVarLockNow", TestE= xistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a nonexi= stent variable", "Common.VP.LockNowPolicies.TestNonexistentVarLockNow", Tes= tNonexistentVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 4: Test LockOnCreate policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockOnCreatePoliciesTestSuite, Framewor= k, "Exercise LockOnCreate Policies", "Common.VP.LockOnCreate", NULL, NULL);= =0D + if (EFI_ERROR (Status))=0D + {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnCrea= te Policies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo= r a pre-existing variable", "Common.VP.LockOnCreate.TestExistingVarLockOnCr= eate", TestExistingVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo= r a nonexistent variable", "Common.VP.LockOnCreate.TestNonexistentVarLockOn= Create", TestNonexistentVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL)= ;=0D +=0D + //=0D + // Test suite 5: Test LockOnVarState policies=0D + //=0D + Status =3D CreateUnitTestSuite (&LockOnVarStatePoliciesTestSuite, Framew= ork, "Exercise LockOnVarState Policies", "Common.VP.LockOnVarState", NULL, = NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnVarS= tate Policies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y for a nonexistent variable", "Common.VP.LockOnVarState.TestLockOnVarState= BeforeCreate", TestLockOnVarStateBeforeCreate, LocateVarPolicyPreReq, NULL,= NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y for a pre-existing variable", "Common.VP.LockOnVarState.TestLockOnVarStat= eAfterCreate", TestLockOnVarStateAfterCreate, LocateVarPolicyPreReq, NULL, = NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y triggered by invalid-size variable", "Common.VP.LockOnVarState.TestLockOn= VarStateInvalidLargeTrigger", TestLockOnVarStateInvalidLargeTrigger, Locate= VarPolicyPreReq, NULL, NULL);=0D + AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic= y triggered by invalid-value variable", "Common.VP.LockOnVarState.TestLockO= nVarStateWrongValueTrigger", TestLockOnVarStateWrongValueTrigger, LocateVar= PolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 6: Test registering invalid policies=0D + //=0D + Status =3D CreateUnitTestSuite (&InvalidPoliciesTestSuite, Framework, "A= ttempt registering invalid policies", "Common.VP.InvalidPolicies", NULL, NU= LL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Invalid Po= licies Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid must-ha= ve attributes", "Common.VP.InvalidPolicies.TestInvalidAttributesPolicy", Te= stInvalidAttributesPolicy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu= tes", "Common.VP.InvalidPolicies.TestLargeMinSizePolicy", TestLargeMinSizeP= olicy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu= tes", "Common.VP.InvalidPolicies.TestZeroMaxSizePolicy", TestZeroMaxSizePol= icy, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid type", = "Common.VP.InvalidPolicies.TestInvalidPolicyTypePolicy", TestInvalidPolicyT= ypePolicy, LocateVarPolicyPreReq, NULL, NULL);=0D +=0D + //=0D + // Test suite 7: Test dumping the policy=0D + //=0D + Status =3D CreateUnitTestSuite (&DumpPolicyTestSuite, Framework, "Attemp= t dumping policy", "Common.VP.DumpPolicy", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Dump Polic= y Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (DumpPolicyTestSuite, "Test dumping policy", "Common.VP.Dump= Policy.TestDumpPolicy", TestDumpPolicy, LocateVarPolicyPreReq, NULL, NULL);= =0D +=0D + //=0D + // Test suite 8: Test policy version=0D + //=0D + Status =3D CreateUnitTestSuite (&PolicyVersionTestSuite, Framework, "Use= non-zero policy version", "Common.VP.PolicyVersion", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Policy Ver= sion Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (PolicyVersionTestSuite, "Test policy version", "Common.VP.D= umpPolicy.TestPolicyVersion", TestPolicyVersion, LocateVarPolicyPreReq, NUL= L, NULL);=0D +=0D + //=0D + // Test suite 9: Lock VPE and test implications=0D + //=0D + Status =3D CreateUnitTestSuite (&LockPolicyTestSuite, Framework, "Lock p= olicy, test it", "Common.VP.LockPolicyTests", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Lock Polic= y Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock= PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP= reReq, NULL, NULL);=0D + AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock= PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP= reReq, IgnoreContextAndReboot, NULL);=0D +=0D + //=0D + // Test suite 10: Disable var policy and confirm expected behavior=0D + //=0D + Status =3D CreateUnitTestSuite (&DisablePolicyTestSuite, Framework, "Dis= able policy, test it", "Common.VP.DisablePolicyTests", NULL, NULL);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Disable Po= licy Test Suite\n"));=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + goto EXIT;=0D + }=0D + AddTestCase (DisablePolicyTestSuite, "Confirm VP is enabled", "Common.VP= .DisablePolicyTests.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq,= NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test LockNow policy for a pre-exis= ting variable", "Common.VP.DisablePolicyTests.TestExistingVarLockNow", Test= ExistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test AuthVar protection while Vari= ablePolicy is enabled", "Common.VP.DisablePolicyTests.TestAuthVar1", TestAu= thVarPart1, VarPolicyEnabledPreReq, NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test disabling policy", "Common.VP= .DisablePolicyTests.DisablePolicyEngineTests", DisablePolicyEngineTests, Lo= cateVarPolicyPreReq, NULL, NULL);=0D + AddTestCase (DisablePolicyTestSuite, "Test AuthVar protection while Vari= ablePolicy is disabled", "Common.VP.DisablePolicyTests.TestAuthVar2", TestA= uthVarPart2, VarPolicyDisabledPreReq, FinalCleanup, NULL);=0D +=0D + //=0D + // Execute the tests.=0D + //=0D + Status =3D RunAllTestSuites (Framework);=0D +=0D +EXIT:=0D + if (Framework !=3D NULL) {=0D + FreeUnitTestFramework (Framework);=0D + }=0D +=0D + return Status;=0D +} // UefiMain=0D diff --git a/MdeModulePkg/MdeModulePkg.ci.yaml b/MdeModulePkg/MdeModulePkg.= ci.yaml index 20d53fc5a5fa..a1beee9f4aab 100644 --- a/MdeModulePkg/MdeModulePkg.ci.yaml +++ b/MdeModulePkg/MdeModulePkg.ci.yaml @@ -53,7 +53,9 @@ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D ],=0D # For UEFI shell based apps=0D - "AcceptableDependencies-UEFI_APPLICATION":[],=0D + "AcceptableDependencies-UEFI_APPLICATION":[=0D + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D + ],=0D "IgnoreInf": []=0D },=0D =0D diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.m= d b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md new file mode 100644 index 000000000000..804ad4173a5f --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md @@ -0,0 +1,55 @@ +# variable Policy Unit Tests=0D +=0D +## 🔹 Copyright=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +## About This Test=0D +This test verifies functionality of the Variable Policy Protocol by regist= ering various variable policies and exercising them, as well as tests locki= ng the policy, disabling it, and dumping the policy entries.=0D +=0D +Only policies that are created as a part of this test will be tested.=0D +1. Try getting test context, if empty then get VP protocol, confirm that V= P is not disabled by calling IsVariablePolicyEnabled. Log VP revision.=0D +2. "No lock" policies:=0D + * check minsize enforcement=0D + * check maxsize enforcement=0D + * check musthave attr enforcement=0D + * check canthave attr enforcement=0D + * check one of the above with empty string policy i.e. name wildcard=0D + * check another one of the above with a "#" containing policy string=0D + * check policy prioritization by having a namespace-wide policy, a pol= icy with a # wildcard, and a one-var specific policy and testing which one = is enforced=0D +3. "Lock now" policies (means if the var doesn't exist, it won't be create= d; if one exists, it can't be updated):=0D + * test a policy for an already existing variable, verify we can't writ= e into that variable=0D + * create a policy for a non-existing variable and attempt to register = such var=0D +4. "Lock on create" policies (means the var can still be created, but no u= pdates later, existing vars can't be updated):=0D + * create a var, lock it with LockOnCreate, attempt to update its conte= nts=0D + * create LockOnCreate VP, attempt to create var with invalid size, the= n invalid attr, then create valid var, attempt to update its contents=0D +5. "Lock on var state" policies (means the var protected by this policy ca= n't be created or updated once the trigger is set)=0D + * create VP, trigger lock with a valid var, attempt to create a locked= var, then modify the trigger var, create locked var=0D + * create VP, create targeted var, modify it, trigger lock, attempt to = modify var=0D + * create VP, trigger lock with invalid (larger than one byte) var, see= if VPE allows creation of the locked var (it should allow)=0D + * create VP, set locking var with wrong value, see if VPE allows creat= ion of the locked var (should allow)=0D +6. Attempt registering invalid policy entries=0D + * invalid required and banned attributes=0D + * large min size - let's say 2GB=0D + * max size equal to 0=0D + * invalid policy type=0D +7. Exercise dumping policy. No need to check the validity of the dump blob= .=0D +8. Test registering a policy with a random version.=0D +9. Lock VPE, make sure old policies are enforced, new ones can't be regist= ered.=0D + * Register a LockOnCreate policy=0D + * Lock VPE=0D + * Test locking it again.=0D + * Verify one of the prior policies is enforced=0D + * Make sure we can create variables even if those are protected by Loc= kOnCreate policy, after locking the VPE=0D + * Attempt to register new policies=0D + * Make sure can't disable VPE=0D + * Cleanup: save context and reboot=0D +10. Disable variable policy and try some things=0D + * Locate Variable Policy Protocol=0D + * Make sure VP is enabled=0D + * Register a policy=0D + * Disable VPE=0D + * Call IsVariablePolicyEnabled to confirm it's disabled.=0D + * Make sure can't lock policy=0D + * Make sure the policy from a is no longer enforced=0D + * Final cleanup: delete vars that were created in some earlier test su= ites=0D diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable= PolicyFuncTestApp.inf b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestA= pp/VariablePolicyFuncTestApp.inf new file mode 100644 index 000000000000..bfbac406b504 --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF= uncTestApp.inf @@ -0,0 +1,47 @@ +## @file=0D +# Uefi Shell based Application that unit tests the Variable Policy Protoco= l=0D +#=0D +# Copyright (c) Microsoft Corporation.=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D VariablePolicyFuncTestApp=0D + FILE_GUID =3D B653C4C3-3FCC-4B6C-8051-5F692AEAECBA= =0D + MODULE_TYPE =3D UEFI_APPLICATION=0D + VERSION_STRING =3D 1.0=0D + ENTRY_POINT =3D UefiMain=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D X64 AARCH64=0D +#=0D +=0D +[Sources]=0D + VariablePolicyFuncTestApp.c=0D + VariablePolicyTestAuthVar.h=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D +=0D +[LibraryClasses]=0D + UefiApplicationEntryPoint=0D + BaseLib=0D + BaseMemoryLib=0D + UnitTestLib=0D + UnitTestBootLib=0D + PrintLib=0D + UefiBootServicesTableLib=0D + UefiRuntimeServicesTableLib=0D + MemoryAllocationLib=0D + VariablePolicyHelperLib=0D +=0D +[Guids]=0D + gEfiCertPkcs7Guid=0D +=0D +[Protocols]=0D + gEdkiiVariablePolicyProtocolGuid=0D diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable= PolicyTestAuthVar.h b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp= /VariablePolicyTestAuthVar.h new file mode 100644 index 000000000000..c90310226827 --- /dev/null +++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyT= estAuthVar.h @@ -0,0 +1,128 @@ +/** @file -- VarPolicyTestAuthVar.h=0D +Payload to be used to create an Authenticated Variable for testing.=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef _VAR_POLICY_TEST_AUTH_VAR_H_=0D +#define _VAR_POLICY_TEST_AUTH_VAR_H_=0D +=0D +UINT8 mTestAuthVarPayload[] =3D {=0D + // EFI_VARIABLE_AUTHENTICATION_2=0D + // Timestamp=0D + 0xE4, 0x07, 0x08, 0x15, 0x0D, 0x1E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, = 0x00, 0x00, 0x00, 0x00,=0D + // AuthInfo (WIN_CERTIFICATE_UEFI_GUID)=0D + // Hdr (WIN_CERTIFICATE)=0D + // dwLength=0D + 0x45, 0x05, 0x00, 0x00,=0D + // wRevision=0D + 0x00, 0x02,=0D + // wCertificateType=0D + // (WIN_CERT_TYPE_EFI_GUID)=0D + 0xF1, 0x0E,=0D + // CertType=0D + // (gEfiCertPkcs7Guid)=0D + 0x9D, 0xD2, 0xAF, 0x4A, 0xDF, 0x68, 0xEE, 0x49, 0x8A, 0xA9, 0x34, 0x7D, = 0x37, 0x56, 0x65, 0xA7,=0D + // CertData (Packed SignedData Signature)=0D + // Digest Buffer Was...=0D + // Name (DummyAuthVar)=0D + // 44 00 75 00 6D 00 6D 00 79 00 41 00 75 00 74 00 68 00 56 00 61= 00 72 00=0D + // Vendor Guid (mTestAuthNamespaceGuid)=0D + // C6 A2 C5 B6 CE 3E 9B 4B 8C C8 96 D8 D9 CA D3 4E=0D + // Attributes (NV + BS + RT, TimeAuth)=0D + // 27 00 00 00=0D + // Timestamp=0D + // E4 07 08 15 0D 1E 00 00 00 00 00 00 00 00 00 00=0D + // Data (0xDEADBEEF)=0D + // EF BE AD DE=0D + 0x30, 0x82, 0x05, 0x29, 0x02, 0x01, 0x01, 0x31, 0x0F, 0x30, 0x0D, 0x06, = 0x09, 0x60, 0x86, 0x48,=0D + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, = 0x2A, 0x86, 0x48, 0x86,=0D + 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x03, 0x82, 0x30, 0x82, 0x03, = 0x7E, 0x30, 0x82, 0x02,=0D + 0x66, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5A, 0xAE, 0x85, 0xA8, = 0x61, 0x6E, 0x80, 0xA3,=0D + 0x4D, 0x11, 0x69, 0x06, 0xC3, 0xFE, 0x2D, 0x89, 0x30, 0x0D, 0x06, 0x09, = 0x2A, 0x86, 0x48, 0x86,=0D + 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x3F, 0x31, 0x3D, 0x30, = 0x3B, 0x06, 0x03, 0x55,=0D + 0x04, 0x03, 0x1E, 0x34, 0x00, 0x50, 0x00, 0x41, 0x00, 0x4C, 0x00, 0x49, = 0x00, 0x4E, 0x00, 0x44,=0D + 0x00, 0x52, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x45, 0x00, 0x5F, 0x00, 0x53, = 0x00, 0x65, 0x00, 0x6C,=0D + 0x00, 0x66, 0x00, 0x68, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x74, 0x00, 0x5F, = 0x00, 0x53, 0x00, 0x69,=0D + 0x00, 0x67, 0x00, 0x6E, 0x00, 0x65, 0x00, 0x72, 0x30, 0x20, 0x17, 0x0D, = 0x30, 0x30, 0x30, 0x31,=0D + 0x30, 0x31, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18, 0x0F, 0x32, = 0x39, 0x39, 0x39, 0x31,=0D + 0x32, 0x33, 0x31, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x3F, = 0x31, 0x3D, 0x30, 0x3B,=0D + 0x06, 0x03, 0x55, 0x04, 0x03, 0x1E, 0x34, 0x00, 0x50, 0x00, 0x41, 0x00, = 0x4C, 0x00, 0x49, 0x00,=0D + 0x4E, 0x00, 0x44, 0x00, 0x52, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x45, 0x00, = 0x5F, 0x00, 0x53, 0x00,=0D + 0x65, 0x00, 0x6C, 0x00, 0x66, 0x00, 0x68, 0x00, 0x6F, 0x00, 0x73, 0x00, = 0x74, 0x00, 0x5F, 0x00,=0D + 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x65, 0x00, 0x72, 0x30, = 0x82, 0x01, 0x22, 0x30,=0D + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, = 0x05, 0x00, 0x03, 0x82,=0D + 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, = 0xC9, 0xA2, 0x80, 0xE7,=0D + 0x3A, 0x0B, 0x3E, 0xCF, 0xEE, 0x0E, 0x22, 0x65, 0xF5, 0x03, 0xD2, 0x6A, = 0x99, 0xBF, 0x5F, 0x48,=0D + 0xF4, 0xC0, 0xD3, 0x19, 0xE7, 0x6B, 0x09, 0xFC, 0x0C, 0xB0, 0x3B, 0x69, = 0x3A, 0x07, 0x6F, 0x36,=0D + 0x57, 0xF6, 0x63, 0xAF, 0x6B, 0x7B, 0x30, 0x55, 0xD5, 0xE9, 0xF4, 0xDE, = 0x89, 0xE3, 0x5F, 0xA1,=0D + 0x71, 0x13, 0x3E, 0x84, 0x5D, 0x46, 0x9F, 0x78, 0xA9, 0x5B, 0xA5, 0x46, = 0x3B, 0x38, 0x4F, 0x00,=0D + 0x06, 0x63, 0x0E, 0x7A, 0x0A, 0x93, 0xE7, 0x36, 0x87, 0xCC, 0x47, 0xBD, = 0xFB, 0x0A, 0x5D, 0x45,=0D + 0x9C, 0xC4, 0x1B, 0xE6, 0x9E, 0xCB, 0xAB, 0xF9, 0x20, 0x11, 0xEF, 0x03, = 0xCA, 0x9F, 0xE9, 0x29,=0D + 0x1A, 0x05, 0xF8, 0xB3, 0x46, 0xB0, 0x3D, 0xFD, 0x88, 0x7C, 0x82, 0x0E, = 0x3C, 0x6F, 0xEA, 0x5B,=0D + 0xFF, 0xA8, 0xA4, 0xE0, 0x40, 0x2B, 0x25, 0xE8, 0x59, 0x46, 0xEE, 0xDB, = 0x4B, 0x5F, 0x02, 0xB3,=0D + 0x21, 0x33, 0x47, 0x2E, 0xD5, 0x66, 0x79, 0xF3, 0x79, 0x93, 0x18, 0x75, = 0x94, 0x4A, 0x01, 0xCF,=0D + 0x59, 0x86, 0xF4, 0x8B, 0x35, 0xBD, 0xA4, 0x58, 0xA4, 0x76, 0x89, 0x77, = 0x55, 0x55, 0xB1, 0xE4,=0D + 0x00, 0x09, 0x78, 0xF3, 0x29, 0x5B, 0xC0, 0xED, 0xD6, 0x68, 0x7E, 0xDB, = 0xAA, 0x9F, 0x4E, 0xFE,=0D + 0x67, 0x41, 0x4E, 0x6C, 0xC8, 0xDD, 0x52, 0xD6, 0xA5, 0x8A, 0x8A, 0x56, = 0x50, 0x51, 0x27, 0x29,=0D + 0x2B, 0xD3, 0x1B, 0x4D, 0xCE, 0x93, 0x76, 0x8E, 0x55, 0x53, 0x55, 0x30, = 0x10, 0xF5, 0xF9, 0x6C,=0D + 0xAE, 0xDA, 0xBA, 0xAC, 0x36, 0x79, 0x11, 0x02, 0xD0, 0x24, 0x07, 0xA6, = 0xD1, 0x56, 0xCB, 0xEC,=0D + 0x81, 0x29, 0xA8, 0xC1, 0x2E, 0x9D, 0x9B, 0xF9, 0xE9, 0xF4, 0x55, 0x74, = 0xA0, 0x52, 0x87, 0x49,=0D + 0x4F, 0xAC, 0x71, 0xFF, 0x30, 0x12, 0x24, 0xDD, 0x6D, 0x50, 0x5C, 0x7D, = 0x02, 0x03, 0x01, 0x00,=0D + 0x01, 0xA3, 0x74, 0x30, 0x72, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1D, 0x01, = 0x04, 0x69, 0x30, 0x67,=0D + 0x80, 0x10, 0x0E, 0xB2, 0xFB, 0xDC, 0xD5, 0xAB, 0xCC, 0xB4, 0x3B, 0x46, = 0x1B, 0x60, 0x18, 0xFD,=0D + 0xDE, 0x74, 0xA1, 0x41, 0x30, 0x3F, 0x31, 0x3D, 0x30, 0x3B, 0x06, 0x03, = 0x55, 0x04, 0x03, 0x1E,=0D + 0x34, 0x00, 0x50, 0x00, 0x41, 0x00, 0x4C, 0x00, 0x49, 0x00, 0x4E, 0x00, = 0x44, 0x00, 0x52, 0x00,=0D + 0x4F, 0x00, 0x4D, 0x00, 0x45, 0x00, 0x5F, 0x00, 0x53, 0x00, 0x65, 0x00, = 0x6C, 0x00, 0x66, 0x00,=0D + 0x68, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x74, 0x00, 0x5F, 0x00, 0x53, 0x00, = 0x69, 0x00, 0x67, 0x00,=0D + 0x6E, 0x00, 0x65, 0x00, 0x72, 0x82, 0x10, 0x5A, 0xAE, 0x85, 0xA8, 0x61, = 0x6E, 0x80, 0xA3, 0x4D,=0D + 0x11, 0x69, 0x06, 0xC3, 0xFE, 0x2D, 0x89, 0x30, 0x0D, 0x06, 0x09, 0x2A, = 0x86, 0x48, 0x86, 0xF7,=0D + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xB5, = 0xA2, 0xD0, 0x1B, 0x70,=0D + 0x24, 0xC2, 0xE8, 0x64, 0xCD, 0xF1, 0xE9, 0x97, 0x9E, 0xA7, 0xC1, 0x86, = 0x92, 0x06, 0x2F, 0x8F,=0D + 0x33, 0x64, 0x0A, 0xB9, 0x2B, 0x77, 0xE2, 0x70, 0x82, 0xDE, 0x06, 0xD3, = 0x69, 0x8E, 0xB4, 0x69,=0D + 0xF1, 0x6B, 0x59, 0x5E, 0x68, 0x5F, 0xB4, 0xFA, 0x30, 0xC3, 0xB6, 0xA1, = 0x72, 0x1A, 0xD4, 0x01,=0D + 0xED, 0x69, 0x4A, 0x96, 0x0F, 0x1C, 0xC3, 0x6F, 0x80, 0x0B, 0xE5, 0xD4, = 0x46, 0xBE, 0x27, 0x9D,=0D + 0xDE, 0x68, 0xB3, 0xA1, 0x93, 0xC3, 0x1A, 0x47, 0x20, 0x7A, 0x87, 0x80, = 0x13, 0x85, 0x1E, 0x46,=0D + 0x01, 0x42, 0x6A, 0x68, 0x46, 0xE2, 0x77, 0x3D, 0x2E, 0x50, 0xA1, 0x96, = 0x23, 0x83, 0x03, 0xD1,=0D + 0x57, 0xDD, 0xC6, 0x63, 0x59, 0xB7, 0x1A, 0x49, 0xA2, 0xC9, 0x44, 0x8D, = 0xC7, 0x81, 0x18, 0xE8,=0D + 0x52, 0x3A, 0x74, 0x32, 0xD3, 0xE6, 0x6D, 0x54, 0x9F, 0xC9, 0x87, 0x1C, = 0xBC, 0x81, 0xEB, 0x6D,=0D + 0x5D, 0x58, 0xF7, 0x91, 0x81, 0x5B, 0xB0, 0x86, 0xB4, 0x06, 0xE7, 0x19, = 0x44, 0xE9, 0x24, 0x28,=0D + 0xF5, 0x42, 0x7A, 0x7A, 0x28, 0x94, 0x3E, 0x70, 0x61, 0x1B, 0x68, 0x8D, = 0xA9, 0x48, 0x3A, 0xFE,=0D + 0x7D, 0xB5, 0x29, 0x10, 0xCE, 0xD6, 0xC1, 0xFF, 0x16, 0xDF, 0x90, 0x94, = 0x16, 0xC8, 0xFA, 0x9E,=0D + 0x52, 0x49, 0xE5, 0xC3, 0xF5, 0x8C, 0x87, 0xC2, 0x93, 0x3D, 0x3D, 0x27, = 0x23, 0x37, 0xC3, 0xDA,=0D + 0x55, 0x92, 0x12, 0xE9, 0x1F, 0xEB, 0x32, 0xB5, 0xD8, 0x30, 0xD6, 0xC0, = 0x23, 0x45, 0xBB, 0x06,=0D + 0xBC, 0x11, 0xA6, 0xA3, 0x47, 0x82, 0x04, 0xCB, 0xAA, 0x98, 0xCA, 0xF9, = 0x00, 0x0E, 0xD3, 0xC3,=0D + 0x09, 0xF6, 0x21, 0x4C, 0x90, 0xE0, 0x78, 0x08, 0xAE, 0x8F, 0xB1, 0x7D, = 0x62, 0x3F, 0x6A, 0x1E,=0D + 0xD6, 0xF1, 0x8E, 0xEE, 0xFD, 0x49, 0x04, 0xDE, 0x14, 0x9C, 0x7B, 0x31, = 0x82, 0x01, 0x7E, 0x30,=0D + 0x82, 0x01, 0x7A, 0x02, 0x01, 0x01, 0x30, 0x53, 0x30, 0x3F, 0x31, 0x3D, = 0x30, 0x3B, 0x06, 0x03,=0D + 0x55, 0x04, 0x03, 0x1E, 0x34, 0x00, 0x50, 0x00, 0x41, 0x00, 0x4C, 0x00, = 0x49, 0x00, 0x4E, 0x00,=0D + 0x44, 0x00, 0x52, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x45, 0x00, 0x5F, 0x00, = 0x53, 0x00, 0x65, 0x00,=0D + 0x6C, 0x00, 0x66, 0x00, 0x68, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x74, 0x00, = 0x5F, 0x00, 0x53, 0x00,=0D + 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x65, 0x00, 0x72, 0x02, 0x10, 0x5A, = 0xAE, 0x85, 0xA8, 0x61,=0D + 0x6E, 0x80, 0xA3, 0x4D, 0x11, 0x69, 0x06, 0xC3, 0xFE, 0x2D, 0x89, 0x30, = 0x0D, 0x06, 0x09, 0x60,=0D + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0D, = 0x06, 0x09, 0x2A, 0x86,=0D + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, = 0x00, 0xA6, 0x06, 0xE7,=0D + 0x46, 0x7E, 0xFB, 0x4A, 0xA7, 0x25, 0x2F, 0x52, 0x1D, 0xBC, 0x5C, 0x41, = 0x3B, 0xD3, 0x13, 0x50,=0D + 0xCE, 0x5F, 0xE2, 0x4B, 0x31, 0xED, 0x28, 0x5E, 0xF5, 0x36, 0xBD, 0x1C, = 0x38, 0xA1, 0xB6, 0x45,=0D + 0x7C, 0xFD, 0xAB, 0x7B, 0x0C, 0xBF, 0x06, 0x06, 0xBB, 0x95, 0x5E, 0x47, = 0x10, 0x7C, 0xD8, 0x10,=0D + 0x76, 0x74, 0x81, 0x2D, 0x40, 0x3A, 0xD0, 0xF4, 0x15, 0x9D, 0xDF, 0x44, = 0x2B, 0xA4, 0xCD, 0xF7,=0D + 0x44, 0x77, 0x9F, 0x35, 0x46, 0xD3, 0x30, 0x67, 0x44, 0x33, 0xF4, 0x7B, = 0xB6, 0xC0, 0xE4, 0xA2,=0D + 0xAD, 0xDF, 0xAF, 0x56, 0x41, 0xA3, 0x0D, 0x76, 0x36, 0xB9, 0x7E, 0x29, = 0x49, 0x17, 0x43, 0xAF,=0D + 0xB0, 0xA0, 0xC0, 0xF1, 0xE1, 0xE6, 0xCA, 0x62, 0x9F, 0x3E, 0x9D, 0x6C, = 0x63, 0x03, 0xF6, 0xDF,=0D + 0x84, 0x32, 0xB1, 0x01, 0x0C, 0x12, 0x83, 0x52, 0x13, 0x2F, 0xAE, 0xBC, = 0x79, 0xB7, 0x75, 0xF6,=0D + 0x10, 0x20, 0xFC, 0x7A, 0x13, 0x92, 0xF7, 0x87, 0x50, 0xF5, 0x9C, 0xD9, = 0xE4, 0xEA, 0x4C, 0x3D,=0D + 0x31, 0xED, 0x7F, 0xA6, 0x6C, 0x58, 0xAD, 0x6C, 0x31, 0xAF, 0xC4, 0x64, = 0xAE, 0x11, 0xBF, 0x72,=0D + 0xF5, 0xAA, 0x69, 0xB4, 0x76, 0xDB, 0x73, 0x8F, 0x8C, 0x3E, 0x23, 0x4A, = 0x2D, 0xB7, 0x65, 0x65,=0D + 0x10, 0xA8, 0xC6, 0x52, 0x14, 0xE2, 0xC6, 0x2B, 0x07, 0xCE, 0x45, 0x58, = 0x6F, 0x92, 0x78, 0xAA,=0D + 0xB5, 0xE9, 0x76, 0x39, 0x8A, 0x17, 0xE3, 0x0B, 0xA5, 0x12, 0x0F, 0x2A, = 0xC1, 0xCE, 0xC5, 0x4F,=0D + 0xD8, 0xA7, 0xD1, 0x7C, 0x3F, 0xE3, 0x23, 0x9B, 0x53, 0x56, 0x18, 0x28, = 0x66, 0xC7, 0xB3, 0x04,=0D + 0x38, 0xE3, 0x40, 0xCC, 0xB2, 0x18, 0xA8, 0xC7, 0x11, 0xE1, 0x67, 0xD8, = 0xBF, 0xBE, 0x8D, 0x2A,=0D + 0x75, 0x00, 0x96, 0x8F, 0x7F, 0x80, 0xCF, 0xDB, 0xF0, 0x0D, 0xB5, 0x8D, = 0x73,=0D + // Data=0D + 0xEF, 0xBE, 0xAD, 0xDE=0D +};=0D +UINTN mTestAuthVarPayloadSize =3D sizeof(mTestAuthVarPayload);=0D +=0D +#endif // _VAR_POLICY_TEST_AUTH_VAR_H_=0D --=20 2.28.0.windows.1