From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web08.28835.1604311178435078253 for ; Mon, 02 Nov 2020 01:59:38 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: arvinx.chen@intel.com) IronPort-SDR: 6bt9fI6235z65H/5k24FUKx8Qn+AOGO0GwarVoLkAEY7vCAGVlNOCVUrRCHe47+s7mgMz72VcU o9D68xfNt1rw== X-IronPort-AV: E=McAfee;i="6000,8403,9792"; a="168076896" X-IronPort-AV: E=Sophos;i="5.77,444,1596524400"; d="scan'208";a="168076896" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 01:59:37 -0800 IronPort-SDR: yRuBJRhWqdSh+b03x/loD4P0B9SizZ6xfpF67UWMREIcRzIDrG7ZynxdDaB1Bqwe4Zb2BMIU6T kMDx2ZLPqubw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,444,1596524400"; d="scan'208";a="305393178" Received: from crystalh-mobl1.gar.corp.intel.com (HELO chiena2x-mobl2.gar.corp.intel.com) ([10.5.242.10]) by fmsmga008.fm.intel.com with ESMTP; 02 Nov 2020 01:59:36 -0800 From: "Chen, ArvinX" To: devel@edk2.groups.io Cc: G Edhaya Chandran , Eric Jin , Wei6 Xu Subject: [PATCH 2/2] uefi-sct/SctPkg: Correct check image test behavior Date: Mon, 2 Nov 2020 17:59:33 +0800 Message-Id: <20201102095933.715-1-arvinx.chen@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Now, in our SCT test case "CheckImage" behavior have some problems.Once=0D tool need to check the "EFI_SECURITY_VIOLATION" have correct return from=0D "EFI_FIRMWARE_MANAGEMENT_PROTOCOL->CheckImage" function, the function wil=0D because tool behavior probability return EFI_BUFFER_TOO_SMALL,so we should= =0D gave it a correct header info to make the test item can process correctly.= =0D =0D Cc: ArvinX Chen =0D Cc: G Edhaya Chandran =0D Cc: Eric Jin =0D Cc: Wei6 Xu =0D Signed-off-by: ArvinX Chen =0D ---=0D .../FirmwareManagementBBTestConformance.c | 11 ++++++++-=0D .../FirmwareManagement/BlackBoxTest/Guid.c | 1 +=0D .../FirmwareManagement/BlackBoxTest/Guid.h | 5 ++++=0D .../SctPkg/UEFI/Protocol/FirmwareManagement.h | 23 +++++++++++++++++++=0D 4 files changed, 39 insertions(+), 1 deletion(-)=0D =0D diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/FirmwareManagementBBTestConformance.c b/uefi-sct/SctPkg/TestCa= se/UEFI/EFI/Protocol/FirmwareManagement/BlackBoxTest/FirmwareManagementBBTe= stConformance.c=0D index 720326d0..7c6c709b 100644=0D --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/FirmwareManagementBBTestConformance.c=0D +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/FirmwareManagementBBTestConformance.c=0D @@ -2901,7 +2901,8 @@ BBTestCheckImageConformanceTestCheckpoint2 (=0D UINTN i;=0D EFI_FIRMWARE_IMAGE_DESCRIPTOR *p;=0D UINTN FunctionTested;=0D -=0D + EFI_FIRMWARE_IMAGE_AUTHENTICATION *EFIA;=0D + EFI_GUID gEfiCertPkcs7Guid;=0D //=0D // Init=0D //=0D @@ -2909,6 +2910,7 @@ BBTestCheckImageConformanceTestCheckpoint2 (=0D Status =3D EFI_SUCCESS;=0D AssertionType =3D EFI_TEST_ASSERTION_PASSED;=0D TestGuid =3D gFirmwareManagementBBTestConformanceAssertionGuid012;=0D + gEfiCertPkcs7Guid =3D gFirmwareManagementBBTestConformanceSupportGuid005= ;=0D ResultMessageLabel =3D L"CheckImage, conformance checkpoint #2";=0D =0D BufferImageInfo =3D NULL;=0D @@ -3020,6 +3022,13 @@ BBTestCheckImageConformanceTestCheckpoint2 (=0D ResultMessageData =3D L"test case initialization failure.";=0D goto Exit;=0D }=0D +=0D + EFIA =3D Image;=0D + EFIA->AuthInfo.Hdr.dwLength =3D sizeof(WIN_CERTIFICATE_UEFI_GU= ID)+0x10;=0D + EFIA->AuthInfo.Hdr.wRevision =3D 0x0200;=0D + EFIA->AuthInfo.Hdr.wCertificateType =3D WIN_CERT_TYPE_EFI_GUID;=0D + for (i=3D0; iAuthInfo.CertType)[i]= =3D((UINT8*)&gEfiCertPkcs7Guid)[i], i++);=0D +=0D BufferImage =3D Image;=0D FunctionTested++;=0D Status =3D FirmwareManagement->CheckImage ( =0D diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/Guid.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareMa= nagement/BlackBoxTest/Guid.c=0D index 91cf1ba6..cd541496 100644=0D --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.c=0D +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.c=0D @@ -43,6 +43,7 @@ EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid0= 01=3DEFI_TEST_FIRMWAREMAN=0D EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid002=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_002_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid003=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_003_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid004=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_004_GUID;=0D +EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid005=3DEFI_TEST_FIR= MWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_005_GUID;=0D =0D EFI_GUID gFirmwareManagementBBTestConformanceAssertionGuid001=3DEFI_TEST_F= IRMWAREMANAGEMENTBBTESTCONFORMANCE_ASSERTION_001_GUID;=0D EFI_GUID gFirmwareManagementBBTestConformanceAssertionGuid002=3DEFI_TEST_F= IRMWAREMANAGEMENTBBTESTCONFORMANCE_ASSERTION_002_GUID;=0D diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/= BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareMa= nagement/BlackBoxTest/Guid.h=0D index b5277f7e..b045021e 100644=0D --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.h=0D +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/FirmwareManagement/BlackBo= xTest/Guid.h=0D @@ -67,6 +67,11 @@ extern EFI_GUID gFirmwareManagementBBTestConformanceSupp= ortGuid003;=0D =0D extern EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid004;=0D =0D +#define EFI_TEST_FIRMWAREMANAGEMENTBBTESTCONFORMANCE_SUPPORT_005_GUID \=0D +{ 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0= xa7 }}=0D +=0D +extern EFI_GUID gFirmwareManagementBBTestConformanceSupportGuid005;=0D +=0D // ***********************************************************************= *****=0D // Conformance - Assertion=0D // ***********************************************************************= *****=0D diff --git a/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h b/uefi-sct/= SctPkg/UEFI/Protocol/FirmwareManagement.h=0D index b8876a96..c35ed3f4 100644=0D --- a/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h=0D +++ b/uefi-sct/SctPkg/UEFI/Protocol/FirmwareManagement.h=0D @@ -58,6 +58,22 @@ UINT64 AttributesSetting;=0D UINT64 Compatibilities;=0D } EFI_FIRMWARE_IMAGE_DESCRIPTOR;=0D =0D +typedef struct {=0D + ///=0D + /// It is included in the signature of AuthInfo. It is used to ensure fr= eshness/no replay.=0D + /// It is incremented during each firmware image operation.=0D + ///=0D + UINT64 MonotonicCount;=0D + ///=0D + /// Provides the authorization for the firmware image operations. It is = a signature across=0D + /// the image data and the Monotonic Count value. Caller uses the privat= e key that is=0D + /// associated with a public key that has been provisioned via the key e= xchange.=0D + /// Because this is defined as a signature, WIN_CERTIFICATE_UEFI_GUID.Ce= rtType must=0D + /// be EFI_CERT_TYPE_PKCS7_GUID.=0D + ///=0D + WIN_CERTIFICATE_UEFI_GUID AuthInfo;=0D +} EFI_FIRMWARE_IMAGE_AUTHENTICATION;=0D +=0D //=0D // Image Attribute Definitions=0D //=0D @@ -79,6 +95,13 @@ UINT64 Compatibilities;=0D =0D #define EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION 1=0D =0D +//=0D +// _WIN_CERTIFICATE.wCertificateType=0D +//=0D +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002=0D +#define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0=0D +#define WIN_CERT_TYPE_EFI_GUID 0x0EF1=0D +=0D /*++=0D //=0D // Image Attribute Authentication Required=0D -- =0D 2.26.2.windows.1=0D =0D