From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.10133.1603780227676751646 for ; Mon, 26 Oct 2020 23:30:28 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: arvinx.chen@intel.com) IronPort-SDR: HNv9ZR7JimliICTDn8liYduZgJVRBD0epuM6QJ4QykhUu2k62rbqLZ+VE88CtAfTz3NcXLa9KO qEisX+qxNDew== X-IronPort-AV: E=McAfee;i="6000,8403,9786"; a="168159462" X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="168159462" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 23:30:26 -0700 IronPort-SDR: FE2+vmutIGwzMYQRo5O41/JbO/WJea8lI/1b7kbk0eqtjyZg5lVc8+7vRpLx/miql86/C514Ut aGTB9SD1u01A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="303654388" Received: from unknown (HELO chiena2x-mobl2.gar.corp.intel.com) ([10.5.241.150]) by fmsmga008.fm.intel.com with ESMTP; 26 Oct 2020 23:30:24 -0700 From: "Chen, ArvinX" To: devel@edk2.groups.io Cc: Eric Jin , Wei6 Xu Subject: [PATCH 2/2] uefi-sct/SctPkg: Correct check image test behavior Date: Tue, 27 Oct 2020 14:30:21 +0800 Message-Id: <20201027063021.261-1-arvinx.chen@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Now, in our SCT test case "CheckImage" behavior have some problems.Once tool need to check the "EFI_SECURITY_VIOLATION" have correct return from "EFI_FIRMWARE_MANAGEMENT_PROTOCOL->CheckImage" function, the function wil because tool behavior probability return EFI_BUFFER_TOO_SMALL,so we should gave it a correct header info to make the test item can process correctly. Cc: ArvinX Chen Cc: Eric Jin Cc: Wei6 Xu Signed-off-by: ArvinX Chen --- .../FirmwareManagementBBTestConformance.c | 11 ++++++++- .../FirmwareManagement/BlackBoxTest/Guid.c | 1 + .../FirmwareManagement/BlackBoxTest/Guid.h | 5 ++++ .../SctPkg/UEFI/Protocol/FirmwareManagement.h | 23 +++++++++++++++++++ 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/FirmwareManagementBBTestConformance.c b/uefi-sct/SctPkg/TestCa= se/UEFI/EFI/Protocol/FirmwareManagement/BlackBoxTest/FirmwareManagementBBTe= stConformance.c index 720326d0..7c6c709b 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/FirmwareManagementBBTestConformance.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/FirmwareManagementBBTestConformance.c @@ -2901,7 +2901,8 @@ BBTestCheckImageConformanceTestCheckpoint2 ( UINTN i;=0D EFI_FIRMWARE_IMAGE_DESCRIPTOR *p;=0D UINTN FunctionTested;=0D -=0D + EFI_FIRMWARE_IMAGE_AUTHENTICATION *EFIA;=0D + EFI_GUID gEfiCertPkcs7Guid;=0D //=0D // Init=0D //=0D @@ -2909,6 +2910,7 @@ BBTestCheckImageConformanceTestCheckpoint2 ( Status =3D EFI_SUCCESS;=0D AssertionType =3D EFI_TEST_ASSERTION_PASSED;=0D TestGuid =3D gFirmwareManagementBBTestConformanceAssertionGuid012;=0D + gEfiCertPkcs7Guid =3D gFirmwareManagementBBTestConformanceSupportGuid005= ;=0D ResultMessageLabel =3D L"CheckImage, conformance checkpoint #2";=0D =0D BufferImageInfo =3D NULL;=0D @@ -3020,6 +3022,13 @@ BBTestCheckImageConformanceTestCheckpoint2 ( ResultMessageData =3D L"test case initialization failure.";=0D goto Exit;=0D }=0D +=0D + EFIA =3D Image;=0D + EFIA->AuthInfo.Hdr.dwLength =3D sizeof(WIN_CERTIFICATE_UEFI_GU= ID)+0x10;=0D + EFIA->AuthInfo.Hdr.wRevision =3D 0x0200;=0D + EFIA->AuthInfo.Hdr.wCertificateType =3D WIN_CERT_TYPE_EFI_GUID;=0D + for (i=3D0; iAuthInfo.CertType)[i]= =3D((UINT8*)&gEfiCertPkcs7Guid)[i], i++);=0D +=0D BufferImage =3D Image;=0D FunctionTested++;=0D Status =3D FirmwareManagement->CheckImage ( =0D diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/Guid.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareMa= nagement/BlackBoxTest/Guid.c index 91cf1ba6..cd541496 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.c @@ -43,6 +43,7 @@ EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid0= 01=3DEFI_TEST_FIRMWAREMAN EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid002=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_002_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid003=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_003_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid004=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_004_GUID;=0D +EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid005=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_005_GUID;=0D =0D EFI_GUID gFirmwareManagementBBTestConformanceAssertionGuid001=3DEFI_TEST_F= IRMWAREMANAGEMENTBBTESTCONFORMANCE_ASSERTION_001_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceAssertionGuid002=3DEFI_TEST_F= IRMWAREMANAGEMENTBBTESTCONFORMANCE_ASSERTION_002_GUID;=0D diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareMa= nagement/BlackBoxTest/Guid.h index b5277f7e..b045021e 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.h @@ -67,6 +67,11 @@ extern EFI_GUID gFirmwareManagementBBTestConformanceSupp= ortGuid003; =0D extern EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid004;=0D =0D +#define EFI_TEST_FIRMWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_005_GUID \=0D +{ 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0= xa7 }}=0D +=0D +extern EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid005;=0D +=0D // ***********************************************************************= *****=0D // Conformance - Assertion=0D // ***********************************************************************= *****=0D diff --git a/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h b/uefi-sct/= SctPkg/UEFI/Protocol/FirmwareManagement.h index b8876a96..c35ed3f4 100644 --- a/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h +++ b/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h @@ -58,6 +58,22 @@ UINT64 AttributesSetting; UINT64 Compatibilities;=0D } EFI_FIRMWARE_IMAGE_DESCRIPTOR;=0D =0D +typedef struct {=0D + ///=0D + /// It is included in the signature of AuthInfo. It is used to ensure fr= eshness/no replay.=0D + /// It is incremented during each firmware image operation.=0D + ///=0D + UINT64 MonotonicCount;=0D + ///=0D + /// Provides the authorization for the firmware image operations. It is = a signature across=0D + /// the image data and the Monotonic Count value. Caller uses the privat= e key that is=0D + /// associated with a public key that has been provisioned via the key e= xchange.=0D + /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.Ce= rtType must=0D + /// be EFI_CERT_TYPE_PKCS7_GUID.=0D + ///=0D + WIN_CERTIFICATE_UEFI_GUID AuthInfo;=0D +} EFI_FIRMWARE_IMAGE_AUTHENTICATION;=0D +=0D //=0D // Image Attribute Definitions=0D //=0D @@ -79,6 +95,13 @@ UINT64 Compatibilities; =0D #define EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION 1=0D =0D +//=0D +// _WIN_CERTIFICATE.wCertificateType=0D +//=0D +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002=0D +#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0=0D +#define WIN_CERT_TYPE_EFI_GUID 0x0EF1=0D +=0D /*++=0D //=0D // Image Attribute Authentication Required=0D --=20 2.26.2.windows.1