From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web08.732.1651687493686187181 for ; Wed, 04 May 2022 11:05:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=VwS619o4; spf=pass (domain: gmail.com, ip: 209.85.210.175, mailfrom: kuqin12@gmail.com) Received: by mail-pf1-f175.google.com with SMTP id d25so1728585pfo.10 for ; Wed, 04 May 2022 11:04:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YsHlVb0P/KUxsaKw8wB+zWs4ztU9kRF1zmYU3F0VvrY=; b=VwS619o4SMT5ce4rDI5+XHvptWexvd6PQL3m71xD7Z7JEdHTclmg/EMNLToVU8cWm7 60IduJIRvm1GO7yt4HgbabSlEknPbBd9XQNk5Ict92IT8BZj2Kn4xceX4Air3io2dg9R xFlPWAT6v653Vx+1AHnMDvPY6/5meeBTBlI1d5dNVMNkKxVaV7Ho/S/i2CnXPCywciZR j++HmL7wsooc7P89LXY1a2T/BE5iuJYtQEruTLGj3D+yu5Ik4Q5dZ0z6QTOD+lkkNvRr BTP53QgE3SxRgBUeLgAHGegCWzUAafNaXuIJqEALtLMXCF7GZn5k+u10fUGbMbjUxGt3 D1kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YsHlVb0P/KUxsaKw8wB+zWs4ztU9kRF1zmYU3F0VvrY=; b=mI+wuZdhefgid4TWtqR8+4/jUgCoBemcmQNJkaOGD6vwekPeyW3f5ZgrHA/tCBf+T5 E9lP8gdhc4Ippzo1BbpHQE84EoC3Mg2K9nvgH7YsIexgMv+057lsir3URth70p28tBAe 1xD/Fcli2VBWb2KA5DjYdJ5fuic8K6UXVc9Wfop4trP7z+yMeupWjgLHYfL7eA9OY8wO alxfpaeOqPcNQKCcSuomdg4bzLu5vBuwDuMwBTKf8PIN44MGn22vA3+eoh2yUbJgocnW TzHRb1XAcq1GFCbMmC5yRURWewOedPjlSmkIqGS0na2g/mMVMZdyPOVHNvf/RAJ+TG0V Ucrw== X-Gm-Message-State: AOAM531VWYnIHwFadAooNZ61Wat0I0DCSuqgAJ3yK0qRVOru5m85wac3 VTb1QSl0D5rGeyr7MibchE9BJ69r+w1MYQ== X-Google-Smtp-Source: ABdhPJxsCMCL1EA6ZiWr04+R9HhNKmQB6Bwk1nkfeYrzrG1uOKtmKhu8XBMUrXgR6UggTT+h9CnfrA== X-Received: by 2002:a63:ee50:0:b0:3c5:f762:c709 with SMTP id n16-20020a63ee50000000b003c5f762c709mr2146490pgk.222.1651687498764; Wed, 04 May 2022 11:04:58 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.47.82.110]) by smtp.gmail.com with ESMTPSA id n5-20020aa79045000000b0050dc7628143sm8496347pfo.29.2022.05.04.11.04.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 11:04:58 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [PATCH v1 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests Date: Wed, 4 May 2022 11:04:35 -0700 Message-Id: <20220504180438.1321-10-kuqin12@gmail.com> X-Mailer: git-send-email 2.35.1.windows.2 In-Reply-To: <20220504180438.1321-1-kuqin12@gmail.com> References: <20220504180438.1321-1-kuqin12@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: kuqin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This change added unit test and enabled it from pipeline for the updated SecureBootVariableLib. The unit test covers all implemented interfaces and certain corner cases. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c | 36 + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c | 201 ++ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c | 13 + SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c | 2037 ++++++++++++++++++++ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf | 33 + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf | 45 + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf | 25 + SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf | 36 + SecurityPkg/SecurityPkg.ci.yaml | 11 + SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 + 10 files changed, 2475 insertions(+) diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c new file mode 100644 index 000000000000..a8644d272df6 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c @@ -0,0 +1,36 @@ +/** @file + Provides a mocked interface for configuring PK related variable protection. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include +#include +#include +#include + +#include + +/** + Disable any applicable protection against variable 'PK'. The implementation + of this interface is platform specific, depending on the protection techniques + used per platform. + + Note: It is the platform's responsibility to conduct cautious operation after + disabling this protection. + + @retval EFI_SUCCESS State has been successfully updated. + @retval Others Error returned from implementation specific + underying APIs. + +**/ +EFI_STATUS +EFIAPI +DisablePKProtection ( + VOID + ) +{ + return (EFI_STATUS)mock (); +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c new file mode 100644 index 000000000000..df271c39f26c --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c @@ -0,0 +1,201 @@ +/** @file + The UEFI Library provides functions and macros that simplify the development of + UEFI Drivers and UEFI Applications. These functions and macros help manage EFI + events, build simple locks utilizing EFI Task Priority Levels (TPLs), install + EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers, + and print messages on the console output and standard error devices. + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include + +/** + Returns the status whether get the variable success. The function retrieves + variable through the UEFI Runtime Service GetVariable(). The + returned buffer is allocated using AllocatePool(). The caller is responsible + for freeing this buffer with FreePool(). + + If Name is NULL, then ASSERT(). + If Guid is NULL, then ASSERT(). + If Value is NULL, then ASSERT(). + + @param[in] Name The pointer to a Null-terminated Unicode string. + @param[in] Guid The pointer to an EFI_GUID structure + @param[out] Value The buffer point saved the variable info. + @param[out] Size The buffer size of the variable. + + @return EFI_OUT_OF_RESOURCES Allocate buffer failed. + @return EFI_SUCCESS Find the specified variable. + @return Others Errors Return errors from call to gRT->GetVariable. + +**/ +EFI_STATUS +EFIAPI +GetVariable2 ( + IN CONST CHAR16 *Name, + IN CONST EFI_GUID *Guid, + OUT VOID **Value, + OUT UINTN *Size OPTIONAL + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + + ASSERT (Name != NULL && Guid != NULL && Value != NULL); + + // + // Try to get the variable size. + // + BufferSize = 0; + *Value = NULL; + if (Size != NULL) { + *Size = 0; + } + + Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value); + if (Status != EFI_BUFFER_TOO_SMALL) { + return Status; + } + + // + // Allocate buffer to get the variable. + // + *Value = AllocatePool (BufferSize); + ASSERT (*Value != NULL); + if (*Value == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Get the variable data. + // + Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value); + if (EFI_ERROR (Status)) { + FreePool (*Value); + *Value = NULL; + } + + if (Size != NULL) { + *Size = BufferSize; + } + + return Status; +} + +/** Return the attributes of the variable. + + Returns the status whether get the variable success. The function retrieves + variable through the UEFI Runtime Service GetVariable(). The + returned buffer is allocated using AllocatePool(). The caller is responsible + for freeing this buffer with FreePool(). The attributes are returned if + the caller provides a valid Attribute parameter. + + If Name is NULL, then ASSERT(). + If Guid is NULL, then ASSERT(). + If Value is NULL, then ASSERT(). + + @param[in] Name The pointer to a Null-terminated Unicode string. + @param[in] Guid The pointer to an EFI_GUID structure + @param[out] Value The buffer point saved the variable info. + @param[out] Size The buffer size of the variable. + @param[out] Attr The pointer to the variable attributes as found in var store + + @retval EFI_OUT_OF_RESOURCES Allocate buffer failed. + @retval EFI_SUCCESS Find the specified variable. + @retval Others Errors Return errors from call to gRT->GetVariable. + +**/ +EFI_STATUS +EFIAPI +GetVariable3 ( + IN CONST CHAR16 *Name, + IN CONST EFI_GUID *Guid, + OUT VOID **Value, + OUT UINTN *Size OPTIONAL, + OUT UINT32 *Attr OPTIONAL + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + + ASSERT (Name != NULL && Guid != NULL && Value != NULL); + + // + // Try to get the variable size. + // + BufferSize = 0; + *Value = NULL; + if (Size != NULL) { + *Size = 0; + } + + if (Attr != NULL) { + *Attr = 0; + } + + Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value); + if (Status != EFI_BUFFER_TOO_SMALL) { + return Status; + } + + // + // Allocate buffer to get the variable. + // + *Value = AllocatePool (BufferSize); + ASSERT (*Value != NULL); + if (*Value == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Get the variable data. + // + Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value); + if (EFI_ERROR (Status)) { + FreePool (*Value); + *Value = NULL; + } + + if (Size != NULL) { + *Size = BufferSize; + } + + return Status; +} + +/** + Returns a pointer to an allocated buffer that contains the contents of a + variable retrieved through the UEFI Runtime Service GetVariable(). This + function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables. + The returned buffer is allocated using AllocatePool(). The caller is + responsible for freeing this buffer with FreePool(). + + If Name is NULL, then ASSERT(). + If Value is NULL, then ASSERT(). + + @param[in] Name The pointer to a Null-terminated Unicode string. + @param[out] Value The buffer point saved the variable info. + @param[out] Size The buffer size of the variable. + + @return EFI_OUT_OF_RESOURCES Allocate buffer failed. + @return EFI_SUCCESS Find the specified variable. + @return Others Errors Return errors from call to gRT->GetVariable. + +**/ +EFI_STATUS +EFIAPI +GetEfiGlobalVariable2 ( + IN CONST CHAR16 *Name, + OUT VOID **Value, + OUT UINTN *Size OPTIONAL + ) +{ + return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size); +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c new file mode 100644 index 000000000000..e86192a05f32 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c @@ -0,0 +1,13 @@ +/** @file + Mock implementation of the UEFI Runtime Services Table Library. + + Copyright (C) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +extern EFI_RUNTIME_SERVICES gMockRuntime; + +EFI_RUNTIME_SERVICES *gRT = &gMockRuntime; diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c new file mode 100644 index 000000000000..a23135dfb016 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c @@ -0,0 +1,2037 @@ +/** @file + Unit tests of the implementation of SecureBootVariableLib. + + Copyright (C) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests" +#define UNIT_TEST_APP_VERSION "1.0" +#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + +extern EFI_TIME mMaxTimestamp; +extern EFI_TIME mDefaultPayloadTimestamp; + +/** + Sets the value of a variable. + + @param[in] VariableName A Null-terminated string that is the name of the vendor's variable. + Each VariableName is unique for each VendorGuid. VariableName must + contain 1 or more characters. If VariableName is an empty string, + then EFI_INVALID_PARAMETER is returned. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero + causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is + set, then a SetVariable() call with a DataSize of zero will not cause any change to + the variable value (the timestamp associated with the variable may be updated however + even if no new data value is provided,see the description of the + EFI_VARIABLE_AUTHENTICATION_2 descriptor below. In this case the DataSize will not + be zero since the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be populated). + @param[in] Data The contents for the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, + but the AuthInfo does NOT pass the validation check carried out by the firmware. + + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +STATIC +EFI_STATUS +EFIAPI +MockSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + DEBUG (( + DEBUG_INFO, + "%a %s %g %x %x %p\n", + __FUNCTION__, + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + )); + check_expected_ptr (VariableName); + check_expected_ptr (VendorGuid); + check_expected_ptr (Attributes); + check_expected (DataSize); + check_expected (Data); + + return (EFI_STATUS)mock (); +} + +/** + Returns the value of a variable. + + @param[in] VariableName A Null-terminated string that is the name of the vendor's + variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] Attributes If not NULL, a pointer to the memory location to return the + attributes bitmask for the variable. + @param[in, out] DataSize On input, the size in bytes of the return Data buffer. + On output the size of data returned in Data. + @param[out] Data The buffer to return the contents of the variable. May be NULL + with a zero DataSize in order to determine the size buffer needed. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER DataSize is NULL. + @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure. + +**/ +STATIC +EFI_STATUS +EFIAPI +MockGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + UINTN TargetSize; + BOOLEAN Exist; + + DEBUG (( + DEBUG_INFO, + "%a %s %g %p %x %p\n", + __FUNCTION__, + VariableName, + VendorGuid, + Attributes, + *DataSize, + Data + )); + assert_non_null (DataSize); + check_expected_ptr (VariableName); + check_expected_ptr (VendorGuid); + check_expected (*DataSize); + + Exist = (BOOLEAN)mock (); + + if (!Exist) { + return EFI_NOT_FOUND; + } + + TargetSize = (UINTN)mock (); + if (TargetSize > *DataSize) { + *DataSize = TargetSize; + return EFI_BUFFER_TOO_SMALL; + } else { + assert_non_null (Data); + CopyMem (Data, (VOID *)mock (), TargetSize); + } + + return EFI_SUCCESS; +} + +/// +/// Mock version of the UEFI Runtime Services Table +/// +EFI_RUNTIME_SERVICES gMockRuntime = { + { + EFI_RUNTIME_SERVICES_SIGNATURE, // Signature + EFI_RUNTIME_SERVICES_REVISION, // Revision + sizeof (EFI_RUNTIME_SERVICES), // HeaderSize + 0, // CRC32 + 0 // Reserved + }, + NULL, // GetTime + NULL, // SetTime + NULL, // GetWakeupTime + NULL, // SetWakeupTime + NULL, // SetVirtualAddressMap + NULL, // ConvertPointer + MockGetVariable, // GetVariable + NULL, // GetNextVariableName + MockSetVariable, // SetVariable + NULL, // GetNextHighMonotonicCount + NULL, // ResetSystem + NULL, // UpdateCapsule + NULL, // QueryCapsuleCapabilities + NULL // QueryVariableInfo +}; + +/** + Unit test for SetSecureBootMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootModeShouldSetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 SecureBootMode; + EFI_STATUS Status; + + SecureBootMode = 0xAB; // Any random magic number... + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode)); + expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootMode (SecureBootMode); + + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for GetSetupMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +GetSetupModeShouldGetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 TargetMode; + UINT8 SetupMode; + + TargetMode = 0xAB; // Any random magic number... + expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeof (EFI_SETUP_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (SetupMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (SetupMode)); + will_return (MockGetVariable, &TargetMode); + + Status = GetSetupMode (&SetupMode); + + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (SetupMode, TargetMode); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for GetSetupMode () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +IsSecureBootEnableShouldGetVar ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Enabled; + UINT8 TargetMode; + + TargetMode = SECURE_BOOT_MODE_ENABLE; + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + will_return (MockGetVariable, &TargetMode); + + Enabled = IsSecureBootEnabled (); + + UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputSimple ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + EFI_SIGNATURE_DATA *SigData = NULL; + UINTN SigListSize = 0; + EFI_STATUS Status; + UINT8 TestData[] = { 0 }; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo = { + .Data = TestData, + .DataSize = sizeof (TestData) + }; + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); + + UT_ASSERT_NOT_EFI_ERROR (Status); + + UT_ASSERT_NOT_NULL (SigList); + UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); + UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); + UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); + UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData)); + UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize); + + SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); + UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); + UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputNull ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + UINTN SigListSize = 0; + EFI_STATUS Status; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo = { + .Data = NULL, + .DataSize = 0 + }; + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NULL); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SecureBootCreateDataFromInputMultiple ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_SIGNATURE_LIST *SigList = NULL; + EFI_SIGNATURE_DATA *SigData = NULL; + UINTN SigListSize = 0; + UINTN TotalSize = 0; + UINTN Index = 0; + UINT8 TestData1[] = { 0 }; + UINT8 TestData2[] = { 1, 2 }; + EFI_STATUS Status; + SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2] = { + { + .Data = TestData1, + .DataSize = sizeof (TestData1) + }, + { + .Data = TestData2, + .DataSize = sizeof (TestData2) + } + }; + + Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, KeyInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + UT_ASSERT_NOT_NULL (SigList); + + for (Index = 0; Index < 2; Index++) { + UT_ASSERT_TRUE (SigListSize > TotalSize); + + UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)); + UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); + UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0); + UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize); + + SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST)); + UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid)); + UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyInfo[Index].DataSize); + TotalSize = TotalSize + SigList->SignatureListSize; + SigList = (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->SignatureListSize); + } + + UT_ASSERT_EQUAL (SigListSize, TotalSize); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +CreateTimeBasedPayloadShouldPopulateDescriptor ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINT8 Data[] = { 2 }; + UINTN DataSize = sizeof (Data); + UINT8 *CheckData; + EFI_VARIABLE_AUTHENTICATION_2 *VarAuth; + EFI_STATUS Status; + EFI_TIME Time = { + .Year = 2012, + .Month = 3, + .Day = 4, + .Hour = 5, + .Minute = 6, + .Second = 7, + .Pad1 = 0, + .Nanosecond = 8910, + .TimeZone = 1112, + .Pad2 = 0 + }; + + CheckData = AllocateCopyPool (DataSize, Data); + Status = CreateTimeBasedPayload (&DataSize, &CheckData, &Time); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // This is result that we did not pack this structure... + // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1, + // because the structure is not at the end of this structure, but partially + // inside it... + UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data)); + UT_ASSERT_NOT_NULL (CheckData); + + VarAuth = (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData; + UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME)); + + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200); + UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_EFI_GUID); + UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7Guid)); + + UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data)); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +CreateTimeBasedPayloadShouldCheckInput ( + IN UNIT_TEST_CONTEXT Context + ) +{ + UINTN DataSize = 0; + UINT8 *Data = NULL; + EFI_TIME Time; + EFI_STATUS Status; + + Status = CreateTimeBasedPayload (NULL, &Data, &Time); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = CreateTimeBasedPayload (&DataSize, NULL, &Time); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + Status = CreateTimeBasedPayload (&DataSize, &Data, NULL); + UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDb () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDb (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDbx () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbxShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDbx (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteDbt () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteDbtShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteDbt (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteKEK () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteKEKShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteKEK (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeletePlatformKey () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeletePKShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeletePlatformKey (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldDelete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = 0; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE); + + will_return (DisablePKProtection, EFI_SUCCESS); + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, sizeof (Dummy)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (Dummy)); + will_return (MockGetVariable, &Dummy); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldCheckProtection ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + + will_return (DisablePKProtection, EFI_SECURITY_VIOLATION); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +DeleteSecureBootVariablesShouldProceedWithNotFound ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE; + + will_return (DisablePKProtection, EFI_SUCCESS); + + expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + expect_value (MockSetVariable, DataSize, sizeof (BootMode)); + expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode)); + + will_return (MockSetVariable, EFI_SUCCESS); + + expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Status = DeleteSecureBootVariables (); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +EnrollFromInputShouldComplete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 Dummy = 3; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (Dummy); + + Payload = AllocateCopyPool (sizeof (Dummy), &Dummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (Dummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, sizeof (Dummy), &Dummy); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldComplete ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .DbtPtr = &DbtDummy, + .DbtSize = sizeof (DbtDummy), + .KekPtr = &KekDummy, + .KekSize = sizeof (KekDummy), + .PkPtr = &PkDummy, + .PkSize = sizeof (PkDummy), + .SecureBootKeyName = L"Food" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopWhenSecure ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 TargetMode = SECURE_BOOT_MODE_ENABLE; + SECURE_BOOT_PAYLOAD_INFO PayloadInfo; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, sizeof (TargetMode)); + + will_return (MockGetVariable, TRUE); + will_return (MockGetVariable, sizeof (TargetMode)); + will_return (MockGetVariable, &TargetMode); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDBX ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbxDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .SecureBootKeyName = L"Fail DBX" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_WRITE_PROTECTED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDB ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .SecureBootKeyName = L"Fail DB" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_WRITE_PROTECTED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailDBT ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .DbtPtr = &DbtDummy, + .DbtSize = sizeof (DbtDummy), + .SecureBootKeyName = L"Fail DBT" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_ACCESS_DENIED); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailKEK ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .DbtPtr = &DbtDummy, + .DbtSize = sizeof (DbtDummy), + .KekPtr = &KekDummy, + .KekSize = sizeof (KekDummy), + .PkPtr = &PkDummy, + .PkSize = sizeof (PkDummy), + .SecureBootKeyName = L"Food" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_DEVICE_ERROR); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesShouldStopFailPK ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbtDummy = 0xAD; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .DbtPtr = &DbtDummy, + .DbtSize = sizeof (DbtDummy), + .KekPtr = &KekDummy, + .KekSize = sizeof (KekDummy), + .PkPtr = &PkDummy, + .PkSize = sizeof (PkDummy), + .SecureBootKeyName = L"Food" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbtDummy, sizeof (DbtDummy)); + PayloadSize = sizeof (DbtDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_INVALID_PARAMETER); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION); + + return UNIT_TEST_PASSED; +} + +/** + Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib. + + @param[in] Context [Optional] An optional parameter that enables: + 1) test-case reuse with varied parameters and + 2) test-case re-entry for Target tests that need a + reboot. This parameter is a VOID* and it is the + responsibility of the test author to ensure that the + contents are well understood by all test cases that may + consume it. + + @retval UNIT_TEST_PASSED The Unit test has completed and the test + case was successful. + @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed. +**/ +UNIT_TEST_STATUS +EFIAPI +SetSecureBootVariablesDBTOptional ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + UINT8 DbDummy = 0xDE; + UINT8 DbxDummy = 0xBE; + UINT8 KekDummy = 0xEF; + UINT8 PkDummy = 0xFE; + UINT8 *Payload = NULL; + UINTN PayloadSize = sizeof (DbDummy); + SECURE_BOOT_PAYLOAD_INFO PayloadInfo = { + .DbPtr = &DbDummy, + .DbSize = sizeof (DbDummy), + .DbxPtr = &DbxDummy, + .DbxSize = sizeof (DbxDummy), + .DbtPtr = NULL, + .DbtSize = 0, + .KekPtr = &KekDummy, + .KekSize = sizeof (KekDummy), + .PkPtr = &PkDummy, + .PkSize = sizeof (PkDummy), + .SecureBootKeyName = L"Food" + }; + + expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME)); + expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockGetVariable, *DataSize, 0); + + will_return (MockGetVariable, FALSE); + + Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &DbDummy, sizeof (DbDummy)); + PayloadSize = sizeof (DbDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE)); + expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &KekDummy, sizeof (KekDummy)); + PayloadSize = sizeof (KekDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + CopyMem (Payload, &PkDummy, sizeof (PkDummy)); + PayloadSize = sizeof (PkDummy); + Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp); + UT_ASSERT_NOT_EFI_ERROR (Status); + UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME)); + expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid); + expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS); + expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy)); + + will_return (MockSetVariable, EFI_SUCCESS); + + Status = SetSecureBootVariablesToDefault (&PayloadInfo); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Initialze the unit test framework, suite, and unit tests for the + SecureBootVariableLib and run the SecureBootVariableLib unit test. + + @retval EFI_SUCCESS All test cases were dispatched. + @retval EFI_OUT_OF_RESOURCES There are not enough resources available to + initialize the unit tests. +**/ +STATIC +EFI_STATUS +EFIAPI +UnitTestingEntry ( + VOID + ) +{ + EFI_STATUS Status; + UNIT_TEST_FRAMEWORK_HANDLE Framework; + UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests; + UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests; + UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests; + + Framework = NULL; + + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION)); + + // + // Start setting up the test framework for running the tests. + // + Status = InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status)); + goto EXIT; + } + + // + // Populate the SecureBootVariableLib Unit Test Suite. + // + Status = CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "SecureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneous", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + Status = CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "SecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + Status = CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "SecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment", NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n")); + Status = EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + // + // --------------Suite-----------Description--------------Name----------Function--------Pre---Post-------------------Context----------- + // + AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to get variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propagate to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreateDataFromInputSimple, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputNull, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputMultiple, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should populate descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayloadShouldPopulateDescriptor, NULL, NULL, NULL); + AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShouldCheckInput, NULL, NULL, NULL); + + AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with auth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVariablesShouldDelete, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should fail if protection disable fails", "DeleteSecureBootVariables Fail", DeleteSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL); + AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should continue if any variable is not found", "DeleteSecureBootVariables Proceed", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL); + + AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply with authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldComplete, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVariablesShouldComplete, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when already enabled", "SetSecureBootVariablesToDefault Already Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", SetSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", SetSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL); + AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should only be optional", "SetSecureBootVariablesToDefault DBT Optional", SetSecureBootVariablesDBTOptional, NULL, NULL, NULL); + + // + // Execute the tests. + // + Status = RunAllTestSuites (Framework); + +EXIT: + if (Framework) { + FreeUnitTestFramework (Framework); + } + + return Status; +} + +/** + Standard POSIX C entry point for host based unit test execution. +**/ +int +main ( + int argc, + char *argv[] + ) +{ + return UnitTestingEntry (); +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf new file mode 100644 index 000000000000..1e19033c5a91 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf @@ -0,0 +1,33 @@ +## @file +# Provides an abstracted interface for configuring PK related variable protection. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MockPlatformPKProtectionLib + FILE_GUID = 5FCD74D3-3965-4D56-AB83-000B9B4806A0 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformPKProtectionLib|HOST_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + MockPlatformPKProtectionLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + UnitTestLib diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf new file mode 100644 index 000000000000..a84242ac7205 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf @@ -0,0 +1,45 @@ +## @file +# Instance of UEFI Library. +# +# The UEFI Library provides functions and macros that simplify the development of +# UEFI Drivers and UEFI Applications. These functions and macros help manage EFI +# events, build simple locks utilizing EFI Task Priority Levels (TPLs), install +# EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers, +# and print messages on the console output and standard error devices. +# +# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MockUefiLib + FILE_GUID = E3B7AEF9-4E55-49AF-B035-ED776C928EC6 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = UefiLib|HOST_APPLICATION + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + MockUefiLib.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + PrintLib + PcdLib + MemoryAllocationLib + DebugLib + BaseMemoryLib + BaseLib + UefiRuntimeServicesTableLib + +[Guids] + gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf new file mode 100644 index 000000000000..f832a93e2254 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf @@ -0,0 +1,25 @@ +## @file +# Mock implementation of the UEFI Runtime Services Table Library. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MockUefiRuntimeServicesTableLib + FILE_GUID = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = UefiRuntimeServicesTableLib|HOST_APPLICATION + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + MockUefiRuntimeServicesTableLib.c + +[Packages] + MdePkg/MdePkg.dec diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf new file mode 100644 index 000000000000..f99fb09be52e --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf @@ -0,0 +1,36 @@ +## @file +# Unit tests of the implementation of SecureBootVariableLib. +# +# Copyright (C) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010006 + BASE_NAME = SecureBootVariableLibUnitTest + FILE_GUID = 71C5359E-08FB-450E-9766-BC70482DF66B + MODULE_TYPE = HOST_APPLICATION + VERSION_STRING = 1.0 + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SecureBootVariableLibUnitTest.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + SecureBootVariableLib + BaseLib + BaseMemoryLib + DebugLib + UefiLib + UnitTestLib diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml index 791214239899..2138b0a5e21b 100644 --- a/SecurityPkg/SecurityPkg.ci.yaml +++ b/SecurityPkg/SecurityPkg.ci.yaml @@ -15,6 +15,7 @@ ## "", "" ## ] "ExceptionList": [ + "8005", "gRT", ], ## Both file path and directory path are accepted. "IgnoreFiles": [ @@ -26,6 +27,10 @@ "CompilerPlugin": { "DscPath": "SecurityPkg.dsc" }, + ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin + "HostUnitTestCompilerPlugin": { + "DscPath": "Test/SecurityPkgHostTest.dsc" + }, "CharEncodingCheck": { "IgnoreFiles": [] }, @@ -33,6 +38,7 @@ "AcceptableDependencies": [ "MdePkg/MdePkg.dec", "MdeModulePkg/MdeModulePkg.dec", + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec", "SecurityPkg/SecurityPkg.dec", "StandaloneMmPkg/StandaloneMmPkg.dec", "CryptoPkg/CryptoPkg.dec" @@ -47,6 +53,11 @@ "DscPath": "SecurityPkg.dsc", "IgnoreInf": [] }, + ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck + "HostUnitTestDscCompleteCheck": { + "IgnoreInf": [""], + "DscPath": "Test/SecurityPkgHostTest.dsc" + }, "GuidCheck": { "IgnoreGuidName": [], "IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"], diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc new file mode 100644 index 000000000000..c4df01fe1b73 --- /dev/null +++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc @@ -0,0 +1,38 @@ +## @file +# SecurityPkg DSC file used to build host-based unit tests. +# +# Copyright (C) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + PLATFORM_NAME = SecurityPkgHostTest + PLATFORM_GUID = 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0 + PLATFORM_VERSION = 0.1 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/SecurityPkg/HostTest + SUPPORTED_ARCHITECTURES = IA32|X64 + BUILD_TARGETS = NOOPT + SKUID_IDENTIFIER = DEFAULT + +!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc + +[LibraryClasses] + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + +[Components] + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf + SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf + + # + # Build SecurityPkg HOST_APPLICATION Tests + # + SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf { + + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf + PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf + UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf + } -- 2.34.1.windows.1