public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>, Min Xu <min.m.xu@intel.com>
Subject: [PATCH v2 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests
Date: Mon, 13 Jun 2022 13:39:40 -0700	[thread overview]
Message-ID: <20220613203943.704-10-kuqin12@gmail.com> (raw)
In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com>

From: kuqin <kuqin@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.

The unit test covers all implemented interfaces and certain corner cases.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
---
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c       |   36 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c                       |  201 ++
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c   |   13 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c     | 2037 ++++++++++++++++++++
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf     |   33 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf                     |   45 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf |   25 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf   |   36 +
 SecurityPkg/SecurityPkg.ci.yaml                                                        |   11 +
 SecurityPkg/Test/SecurityPkgHostTest.dsc                                               |   38 +
 10 files changed, 2475 insertions(+)

diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
new file mode 100644
index 000000000000..a8644d272df6
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
@@ -0,0 +1,36 @@
+/** @file
+  Provides a mocked interface for configuring PK related variable protection.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+
+/**
+  Disable any applicable protection against variable 'PK'. The implementation
+  of this interface is platform specific, depending on the protection techniques
+  used per platform.
+
+  Note: It is the platform's responsibility to conduct cautious operation after
+        disabling this protection.
+
+  @retval     EFI_SUCCESS             State has been successfully updated.
+  @retval     Others                  Error returned from implementation specific
+                                      underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+  VOID
+  )
+{
+  return (EFI_STATUS)mock ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index 000000000000..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file
+  The UEFI Library provides functions and macros that simplify the development of
+  UEFI Drivers and UEFI Applications.  These functions and macros help manage EFI
+  events, build simple locks utilizing EFI Task Priority Levels (TPLs), install
+  EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers,
+  and print messages on the console output and standard error devices.
+
+  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+/**
+  Returns the status whether get the variable success. The function retrieves
+  variable  through the UEFI Runtime Service GetVariable().  The
+  returned buffer is allocated using AllocatePool().  The caller is responsible
+  for freeing this buffer with FreePool().
+
+  If Name  is NULL, then ASSERT().
+  If Guid  is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[in]  Guid  The pointer to an EFI_GUID structure
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+
+  @return EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @return EFI_SUCCESS               Find the specified variable.
+  @return Others Errors             Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable2 (
+  IN CONST CHAR16    *Name,
+  IN CONST EFI_GUID  *Guid,
+  OUT VOID           **Value,
+  OUT UINTN          *Size OPTIONAL
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BufferSize;
+
+  ASSERT (Name != NULL && Guid != NULL && Value != NULL);
+
+  //
+  // Try to get the variable size.
+  //
+  BufferSize = 0;
+  *Value     = NULL;
+  if (Size != NULL) {
+    *Size = 0;
+  }
+
+  Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value);
+  if (Status != EFI_BUFFER_TOO_SMALL) {
+    return Status;
+  }
+
+  //
+  // Allocate buffer to get the variable.
+  //
+  *Value = AllocatePool (BufferSize);
+  ASSERT (*Value != NULL);
+  if (*Value == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Get the variable data.
+  //
+  Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value);
+  if (EFI_ERROR (Status)) {
+    FreePool (*Value);
+    *Value = NULL;
+  }
+
+  if (Size != NULL) {
+    *Size = BufferSize;
+  }
+
+  return Status;
+}
+
+/** Return the attributes of the variable.
+
+  Returns the status whether get the variable success. The function retrieves
+  variable  through the UEFI Runtime Service GetVariable().  The
+  returned buffer is allocated using AllocatePool().  The caller is responsible
+  for freeing this buffer with FreePool().  The attributes are returned if
+  the caller provides a valid Attribute parameter.
+
+  If Name  is NULL, then ASSERT().
+  If Guid  is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[in]  Guid  The pointer to an EFI_GUID structure
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+  @param[out] Attr  The pointer to the variable attributes as found in var store
+
+  @retval EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @retval EFI_SUCCESS               Find the specified variable.
+  @retval Others Errors             Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable3 (
+  IN CONST CHAR16    *Name,
+  IN CONST EFI_GUID  *Guid,
+  OUT VOID           **Value,
+  OUT UINTN          *Size OPTIONAL,
+  OUT UINT32         *Attr OPTIONAL
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BufferSize;
+
+  ASSERT (Name != NULL && Guid != NULL && Value != NULL);
+
+  //
+  // Try to get the variable size.
+  //
+  BufferSize = 0;
+  *Value     = NULL;
+  if (Size != NULL) {
+    *Size = 0;
+  }
+
+  if (Attr != NULL) {
+    *Attr = 0;
+  }
+
+  Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value);
+  if (Status != EFI_BUFFER_TOO_SMALL) {
+    return Status;
+  }
+
+  //
+  // Allocate buffer to get the variable.
+  //
+  *Value = AllocatePool (BufferSize);
+  ASSERT (*Value != NULL);
+  if (*Value == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Get the variable data.
+  //
+  Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value);
+  if (EFI_ERROR (Status)) {
+    FreePool (*Value);
+    *Value = NULL;
+  }
+
+  if (Size != NULL) {
+    *Size = BufferSize;
+  }
+
+  return Status;
+}
+
+/**
+  Returns a pointer to an allocated buffer that contains the contents of a
+  variable retrieved through the UEFI Runtime Service GetVariable().  This
+  function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables.
+  The returned buffer is allocated using AllocatePool().  The caller is
+  responsible for freeing this buffer with FreePool().
+
+  If Name is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+
+  @return EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @return EFI_SUCCESS               Find the specified variable.
+  @return Others Errors             Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetEfiGlobalVariable2 (
+  IN CONST CHAR16  *Name,
+  OUT VOID         **Value,
+  OUT UINTN        *Size OPTIONAL
+  )
+{
+  return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size);
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
new file mode 100644
index 000000000000..e86192a05f32
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
@@ -0,0 +1,13 @@
+/** @file
+  Mock implementation of the UEFI Runtime Services Table Library.
+
+  Copyright (C) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+extern EFI_RUNTIME_SERVICES  gMockRuntime;
+
+EFI_RUNTIME_SERVICES  *gRT = &gMockRuntime;
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
new file mode 100644
index 000000000000..a23135dfb016
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
@@ -0,0 +1,2037 @@
+/** @file
+  Unit tests of the implementation of SecureBootVariableLib.
+
+  Copyright (C) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+#include <UefiSecureBoot.h>
+#include <Guid/GlobalVariable.h>
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Library/UnitTestLib.h>
+#include <Library/SecureBootVariableLib.h>
+
+#define UNIT_TEST_APP_NAME     "SecureBootVariableLib Unit Tests"
+#define UNIT_TEST_APP_VERSION  "1.0"
+#define VAR_AUTH_DESC_SIZE     OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)
+
+extern EFI_TIME  mMaxTimestamp;
+extern EFI_TIME  mDefaultPayloadTimestamp;
+
+/**
+  Sets the value of a variable.
+
+  @param[in]  VariableName       A Null-terminated string that is the name of the vendor's variable.
+                                 Each VariableName is unique for each VendorGuid. VariableName must
+                                 contain 1 or more characters. If VariableName is an empty string,
+                                 then EFI_INVALID_PARAMETER is returned.
+  @param[in]  VendorGuid         A unique identifier for the vendor.
+  @param[in]  Attributes         Attributes bitmask to set for the variable.
+  @param[in]  DataSize           The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or
+                                 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
+                                 causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
+                                 set, then a SetVariable() call with a DataSize of zero will not cause any change to
+                                 the variable value (the timestamp associated with the variable may be updated however
+                                 even if no new data value is provided,see the description of the
+                                 EFI_VARIABLE_AUTHENTICATION_2 descriptor below. In this case the DataSize will not
+                                 be zero since the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be populated).
+  @param[in]  Data               The contents for the variable.
+
+  @retval EFI_SUCCESS            The firmware has successfully stored the variable and its data as
+                                 defined by the Attributes.
+  @retval EFI_INVALID_PARAMETER  An invalid combination of attribute bits, name, and GUID was supplied, or the
+                                 DataSize exceeds the maximum allowed.
+  @retval EFI_INVALID_PARAMETER  VariableName is an empty string.
+  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.
+  @retval EFI_DEVICE_ERROR       The variable could not be retrieved due to a hardware error.
+  @retval EFI_WRITE_PROTECTED    The variable in question is read-only.
+  @retval EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
+  @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,
+                                 but the AuthInfo does NOT pass the validation check carried out by the firmware.
+
+  @retval EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockSetVariable (
+  IN  CHAR16    *VariableName,
+  IN  EFI_GUID  *VendorGuid,
+  IN  UINT32    Attributes,
+  IN  UINTN     DataSize,
+  IN  VOID      *Data
+  )
+{
+  DEBUG ((
+    DEBUG_INFO,
+    "%a %s %g %x %x %p\n",
+    __FUNCTION__,
+    VariableName,
+    VendorGuid,
+    Attributes,
+    DataSize,
+    Data
+    ));
+  check_expected_ptr (VariableName);
+  check_expected_ptr (VendorGuid);
+  check_expected_ptr (Attributes);
+  check_expected (DataSize);
+  check_expected (Data);
+
+  return (EFI_STATUS)mock ();
+}
+
+/**
+  Returns the value of a variable.
+
+  @param[in]       VariableName  A Null-terminated string that is the name of the vendor's
+                                 variable.
+  @param[in]       VendorGuid    A unique identifier for the vendor.
+  @param[out]      Attributes    If not NULL, a pointer to the memory location to return the
+                                 attributes bitmask for the variable.
+  @param[in, out]  DataSize      On input, the size in bytes of the return Data buffer.
+                                 On output the size of data returned in Data.
+  @param[out]      Data          The buffer to return the contents of the variable. May be NULL
+                                 with a zero DataSize in order to determine the size buffer needed.
+
+  @retval EFI_SUCCESS            The function completed successfully.
+  @retval EFI_NOT_FOUND          The variable was not found.
+  @retval EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
+  @retval EFI_INVALID_PARAMETER  VariableName is NULL.
+  @retval EFI_INVALID_PARAMETER  VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER  DataSize is NULL.
+  @retval EFI_INVALID_PARAMETER  The DataSize is not too small and Data is NULL.
+  @retval EFI_DEVICE_ERROR       The variable could not be retrieved due to a hardware error.
+  @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockGetVariable (
+  IN     CHAR16    *VariableName,
+  IN     EFI_GUID  *VendorGuid,
+  OUT    UINT32    *Attributes     OPTIONAL,
+  IN OUT UINTN     *DataSize,
+  OUT    VOID      *Data           OPTIONAL
+  )
+{
+  UINTN    TargetSize;
+  BOOLEAN  Exist;
+
+  DEBUG ((
+    DEBUG_INFO,
+    "%a %s %g %p %x %p\n",
+    __FUNCTION__,
+    VariableName,
+    VendorGuid,
+    Attributes,
+    *DataSize,
+    Data
+    ));
+  assert_non_null (DataSize);
+  check_expected_ptr (VariableName);
+  check_expected_ptr (VendorGuid);
+  check_expected (*DataSize);
+
+  Exist = (BOOLEAN)mock ();
+
+  if (!Exist) {
+    return EFI_NOT_FOUND;
+  }
+
+  TargetSize = (UINTN)mock ();
+  if (TargetSize > *DataSize) {
+    *DataSize = TargetSize;
+    return EFI_BUFFER_TOO_SMALL;
+  } else {
+    assert_non_null (Data);
+    CopyMem (Data, (VOID *)mock (), TargetSize);
+  }
+
+  return EFI_SUCCESS;
+}
+
+///
+/// Mock version of the UEFI Runtime Services Table
+///
+EFI_RUNTIME_SERVICES  gMockRuntime = {
+  {
+    EFI_RUNTIME_SERVICES_SIGNATURE,     // Signature
+    EFI_RUNTIME_SERVICES_REVISION,      // Revision
+    sizeof (EFI_RUNTIME_SERVICES),      // HeaderSize
+    0,                                  // CRC32
+    0                                   // Reserved
+  },
+  NULL,               // GetTime
+  NULL,               // SetTime
+  NULL,               // GetWakeupTime
+  NULL,               // SetWakeupTime
+  NULL,               // SetVirtualAddressMap
+  NULL,               // ConvertPointer
+  MockGetVariable,    // GetVariable
+  NULL,               // GetNextVariableName
+  MockSetVariable,    // SetVariable
+  NULL,               // GetNextHighMonotonicCount
+  NULL,               // ResetSystem
+  NULL,               // UpdateCapsule
+  NULL,               // QueryCapsuleCapabilities
+  NULL                // QueryVariableInfo
+};
+
+/**
+  Unit test for SetSecureBootMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootModeShouldSetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINT8       SecureBootMode;
+  EFI_STATUS  Status;
+
+  SecureBootMode = 0xAB; // Any random magic number...
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode));
+  expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = SetSecureBootMode (SecureBootMode);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+GetSetupModeShouldGetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       TargetMode;
+  UINT8       SetupMode;
+
+  TargetMode = 0xAB; // Any random magic number...
+  expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeof (EFI_SETUP_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (SetupMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (SetupMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Status = GetSetupMode (&SetupMode);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (SetupMode, TargetMode);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsSecureBootEnableShouldGetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Enabled;
+  UINT8    TargetMode;
+
+  TargetMode = SECURE_BOOT_MODE_ENABLE;
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Enabled = IsSecureBootEnabled ();
+
+  UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputSimple (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    = NULL;
+  EFI_SIGNATURE_DATA            *SigData    = NULL;
+  UINTN                         SigListSize = 0;
+  EFI_STATUS                    Status;
+  UINT8                         TestData[] = { 0 };
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo    = {
+    .Data     = TestData,
+    .DataSize = sizeof (TestData)
+  };
+
+  Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  UT_ASSERT_NOT_NULL (SigList);
+  UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid));
+  UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));
+  UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+  UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));
+  UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize);
+
+  SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST));
+  UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid));
+  UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData));
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputNull (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    = NULL;
+  UINTN                         SigListSize = 0;
+  EFI_STATUS                    Status;
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo = {
+    .Data     = NULL,
+    .DataSize = 0
+  };
+
+  Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NULL);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputMultiple (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    = NULL;
+  EFI_SIGNATURE_DATA            *SigData    = NULL;
+  UINTN                         SigListSize = 0;
+  UINTN                         TotalSize   = 0;
+  UINTN                         Index       = 0;
+  UINT8                         TestData1[] = { 0 };
+  UINT8                         TestData2[] = { 1, 2 };
+  EFI_STATUS                    Status;
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo[2] = {
+    {
+      .Data     = TestData1,
+      .DataSize = sizeof (TestData1)
+    },
+    {
+      .Data     = TestData2,
+      .DataSize = sizeof (TestData2)
+    }
+  };
+
+  Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, KeyInfo);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  UT_ASSERT_NOT_NULL (SigList);
+
+  for (Index = 0; Index < 2; Index++) {
+    UT_ASSERT_TRUE (SigListSize > TotalSize);
+
+    UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid));
+    UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);
+    UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+    UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);
+
+    SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST));
+    UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid));
+    UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyInfo[Index].DataSize);
+    TotalSize = TotalSize + SigList->SignatureListSize;
+    SigList   = (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->SignatureListSize);
+  }
+
+  UT_ASSERT_EQUAL (SigListSize, TotalSize);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldPopulateDescriptor (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINT8                          Data[]   = { 2 };
+  UINTN                          DataSize = sizeof (Data);
+  UINT8                          *CheckData;
+  EFI_VARIABLE_AUTHENTICATION_2  *VarAuth;
+  EFI_STATUS                     Status;
+  EFI_TIME                       Time = {
+    .Year       = 2012,
+    .Month      = 3,
+    .Day        = 4,
+    .Hour       = 5,
+    .Minute     = 6,
+    .Second     = 7,
+    .Pad1       = 0,
+    .Nanosecond = 8910,
+    .TimeZone   = 1112,
+    .Pad2       = 0
+  };
+
+  CheckData = AllocateCopyPool (DataSize, Data);
+  Status    = CreateTimeBasedPayload (&DataSize, &CheckData, &Time);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  // This is result that we did not pack this structure...
+  // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1,
+  // because the structure is not at the end of this structure, but partially
+  // inside it...
+  UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data));
+  UT_ASSERT_NOT_NULL (CheckData);
+
+  VarAuth = (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData;
+  UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME));
+
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200);
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_EFI_GUID);
+  UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7Guid));
+
+  UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data));
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldCheckInput (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINTN       DataSize = 0;
+  UINT8       *Data    = NULL;
+  EFI_TIME    Time;
+  EFI_STATUS  Status;
+
+  Status = CreateTimeBasedPayload (NULL, &Data, &Time);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status = CreateTimeBasedPayload (&DataSize, NULL, &Time);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status = CreateTimeBasedPayload (&DataSize, &Data, NULL);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDb () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeleteDb ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDbx () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbxShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeleteDbx ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDbt () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbtShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeleteDbt ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteKEK () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteKEKShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeleteKEK ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeletePlatformKey () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeletePKShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+  UINT8       BootMode    = CUSTOM_SECURE_BOOT_MODE;
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeletePlatformKey ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = 0;
+  UINT8       BootMode    = CUSTOM_SECURE_BOOT_MODE;
+
+  Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  will_return (DisablePKProtection, EFI_SUCCESS);
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = DeleteSecureBootVariables ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldCheckProtection (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+
+  will_return (DisablePKProtection, EFI_SECURITY_VIOLATION);
+
+  Status = DeleteSecureBootVariables ();
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldProceedWithNotFound (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       BootMode = CUSTOM_SECURE_BOOT_MODE;
+
+  will_return (DisablePKProtection, EFI_SUCCESS);
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Status = DeleteSecureBootVariables ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+EnrollFromInputShouldComplete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       = 3;
+  UINT8       *Payload    = NULL;
+  UINTN       PayloadSize = sizeof (Dummy);
+
+  Payload = AllocateCopyPool (sizeof (Dummy), &Dummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, sizeof (Dummy), &Dummy);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldComplete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbtDummy    = 0xAD;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     KekDummy    = 0xEF;
+  UINT8                     PkDummy     = 0xFE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .DbtPtr            = &DbtDummy,
+    .DbtSize           = sizeof (DbtDummy),
+    .KekPtr            = &KekDummy,
+    .KekSize           = sizeof (KekDummy),
+    .PkPtr             = &PkDummy,
+    .PkSize            = sizeof (PkDummy),
+    .SecureBootKeyName = L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize = sizeof (DbtDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize = sizeof (KekDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize = sizeof (PkDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopWhenSecure (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     TargetMode = SECURE_BOOT_MODE_ENABLE;
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo;
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBX (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbxDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .SecureBootKeyName = L"Fail DBX"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDB (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .SecureBootKeyName = L"Fail DB"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBT (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbtDummy    = 0xAD;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .DbtPtr            = &DbtDummy,
+    .DbtSize           = sizeof (DbtDummy),
+    .SecureBootKeyName = L"Fail DBT"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize = sizeof (DbtDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  will_return (MockSetVariable, EFI_ACCESS_DENIED);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailKEK (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbtDummy    = 0xAD;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     KekDummy    = 0xEF;
+  UINT8                     PkDummy     = 0xFE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .DbtPtr            = &DbtDummy,
+    .DbtSize           = sizeof (DbtDummy),
+    .KekPtr            = &KekDummy,
+    .KekSize           = sizeof (KekDummy),
+    .PkPtr             = &PkDummy,
+    .PkSize            = sizeof (PkDummy),
+    .SecureBootKeyName = L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize = sizeof (DbtDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize = sizeof (KekDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  will_return (MockSetVariable, EFI_DEVICE_ERROR);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailPK (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbtDummy    = 0xAD;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     KekDummy    = 0xEF;
+  UINT8                     PkDummy     = 0xFE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .DbtPtr            = &DbtDummy,
+    .DbtSize           = sizeof (DbtDummy),
+    .KekPtr            = &KekDummy,
+    .KekSize           = sizeof (KekDummy),
+    .PkPtr             = &PkDummy,
+    .PkSize            = sizeof (PkDummy),
+    .SecureBootKeyName = L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize = sizeof (DbtDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize = sizeof (KekDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize = sizeof (PkDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  will_return (MockSetVariable, EFI_INVALID_PARAMETER);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that the
+                         contents are well understood by all test cases that may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and the test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesDBTOptional (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     = 0xDE;
+  UINT8                     DbxDummy    = 0xBE;
+  UINT8                     KekDummy    = 0xEF;
+  UINT8                     PkDummy     = 0xFE;
+  UINT8                     *Payload    = NULL;
+  UINTN                     PayloadSize = sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo = {
+    .DbPtr             = &DbDummy,
+    .DbSize            = sizeof (DbDummy),
+    .DbxPtr            = &DbxDummy,
+    .DbxSize           = sizeof (DbxDummy),
+    .DbtPtr            = NULL,
+    .DbtSize           = 0,
+    .KekPtr            = &KekDummy,
+    .KekSize           = sizeof (KekDummy),
+    .PkPtr             = &PkDummy,
+    .PkSize            = sizeof (PkDummy),
+    .SecureBootKeyName = L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize = sizeof (DbDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize = sizeof (KekDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize = sizeof (PkDummy);
+  Status      = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Initialze the unit test framework, suite, and unit tests for the
+  SecureBootVariableLib and run the SecureBootVariableLib unit test.
+
+  @retval  EFI_SUCCESS           All test cases were dispatched.
+  @retval  EFI_OUT_OF_RESOURCES  There are not enough resources available to
+                                 initialize the unit tests.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+UnitTestingEntry (
+  VOID
+  )
+{
+  EFI_STATUS                  Status;
+  UNIT_TEST_FRAMEWORK_HANDLE  Framework;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarMiscTests;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarDeleteTests;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarEnrollTests;
+
+  Framework = NULL;
+
+  DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION));
+
+  //
+  // Start setting up the test framework for running the tests.
+  //
+  Status = InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status));
+    goto EXIT;
+  }
+
+  //
+  // Populate the SecureBootVariableLib Unit Test Suite.
+  //
+  Status = CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "SecureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneous", NULL, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+    Status = EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  Status = CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "SecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NULL, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+    Status = EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  Status = CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "SecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment", NULL, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+    Status = EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  //
+  // --------------Suite-----------Description--------------Name----------Function--------Pre---Post-------------------Context-----------
+  //
+  AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to get variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propagate to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreateDataFromInputSimple, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputNull, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputMultiple, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should populate descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayloadShouldPopulateDescriptor, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShouldCheckInput, NULL, NULL, NULL);
+
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with auth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVariablesShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should fail if protection disable fails", "DeleteSecureBootVariables Fail", DeleteSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should continue if any variable is not found", "DeleteSecureBootVariables Proceed", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL);
+
+  AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply with authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldComplete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVariablesShouldComplete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when already enabled", "SetSecureBootVariablesToDefault Already Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", SetSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", SetSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should only be optional", "SetSecureBootVariablesToDefault DBT Optional", SetSecureBootVariablesDBTOptional, NULL, NULL, NULL);
+
+  //
+  // Execute the tests.
+  //
+  Status = RunAllTestSuites (Framework);
+
+EXIT:
+  if (Framework) {
+    FreeUnitTestFramework (Framework);
+  }
+
+  return Status;
+}
+
+/**
+  Standard POSIX C entry point for host based unit test execution.
+**/
+int
+main (
+  int   argc,
+  char  *argv[]
+  )
+{
+  return UnitTestingEntry ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..1e19033c5a91
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
@@ -0,0 +1,33 @@
+## @file
+#  Provides an abstracted interface for configuring PK related variable protection.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = MockPlatformPKProtectionLib
+  FILE_GUID                      = 5FCD74D3-3965-4D56-AB83-000B9B4806A0
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformPKProtectionLib|HOST_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
+#
+
+[Sources]
+  MockPlatformPKProtectionLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  UnitTestLib
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
new file mode 100644
index 000000000000..a84242ac7205
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -0,0 +1,45 @@
+## @file
+# Instance of UEFI Library.
+#
+# The UEFI Library provides functions and macros that simplify the development of
+#  UEFI Drivers and UEFI Applications.  These functions and macros help manage EFI
+#  events, build simple locks utilizing EFI Task Priority Levels (TPLs), install
+#  EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers,
+#  and print messages on the console output and standard error devices.
+#
+# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = MockUefiLib
+  FILE_GUID                      = E3B7AEF9-4E55-49AF-B035-ED776C928EC6
+  MODULE_TYPE                    = UEFI_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = UefiLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES           = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  PrintLib
+  PcdLib
+  MemoryAllocationLib
+  DebugLib
+  BaseMemoryLib
+  BaseLib
+  UefiRuntimeServicesTableLib
+
+[Guids]
+  gEfiGlobalVariableGuid                        ## SOMETIMES_CONSUMES  ## Variable
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
new file mode 100644
index 000000000000..f832a93e2254
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
@@ -0,0 +1,25 @@
+## @file
+#  Mock implementation of the UEFI Runtime Services Table Library.
+#
+#  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = MockUefiRuntimeServicesTableLib
+  FILE_GUID                      = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1
+  MODULE_TYPE                    = UEFI_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = UefiRuntimeServicesTableLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES           = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiRuntimeServicesTableLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
new file mode 100644
index 000000000000..f99fb09be52e
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
@@ -0,0 +1,36 @@
+## @file
+# Unit tests of the implementation of SecureBootVariableLib.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010006
+  BASE_NAME                      = SecureBootVariableLibUnitTest
+  FILE_GUID                      = 71C5359E-08FB-450E-9766-BC70482DF66B
+  MODULE_TYPE                    = HOST_APPLICATION
+  VERSION_STRING                 = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  SecureBootVariableLibUnitTest.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  SecureBootVariableLib
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  UefiLib
+  UnitTestLib
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml
index 791214239899..2138b0a5e21b 100644
--- a/SecurityPkg/SecurityPkg.ci.yaml
+++ b/SecurityPkg/SecurityPkg.ci.yaml
@@ -15,6 +15,7 @@
         ##     "<ErrorID>", "<KeyWord>"
         ## ]
         "ExceptionList": [
+            "8005", "gRT",
         ],
         ## Both file path and directory path are accepted.
         "IgnoreFiles": [
@@ -26,6 +27,10 @@
     "CompilerPlugin": {
         "DscPath": "SecurityPkg.dsc"
     },
+    ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
+    "HostUnitTestCompilerPlugin": {
+        "DscPath": "Test/SecurityPkgHostTest.dsc"
+    },
     "CharEncodingCheck": {
         "IgnoreFiles": []
     },
@@ -33,6 +38,7 @@
         "AcceptableDependencies": [
             "MdePkg/MdePkg.dec",
             "MdeModulePkg/MdeModulePkg.dec",
+            "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",
             "SecurityPkg/SecurityPkg.dec",
             "StandaloneMmPkg/StandaloneMmPkg.dec",
             "CryptoPkg/CryptoPkg.dec"
@@ -47,6 +53,11 @@
         "DscPath": "SecurityPkg.dsc",
         "IgnoreInf": []
     },
+    ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
+    "HostUnitTestDscCompleteCheck": {
+        "IgnoreInf": [""],
+        "DscPath": "Test/SecurityPkgHostTest.dsc"
+    },
     "GuidCheck": {
         "IgnoreGuidName": [],
         "IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc
new file mode 100644
index 000000000000..c4df01fe1b73
--- /dev/null
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -0,0 +1,38 @@
+## @file
+# SecurityPkg DSC file used to build host-based unit tests.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  PLATFORM_NAME           = SecurityPkgHostTest
+  PLATFORM_GUID           = 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0
+  PLATFORM_VERSION        = 0.1
+  DSC_SPECIFICATION       = 0x00010005
+  OUTPUT_DIRECTORY        = Build/SecurityPkg/HostTest
+  SUPPORTED_ARCHITECTURES = IA32|X64
+  BUILD_TARGETS           = NOOPT
+  SKUID_IDENTIFIER        = DEFAULT
+
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+
+[LibraryClasses]
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
+[Components]
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+
+  #
+  # Build SecurityPkg HOST_APPLICATION Tests
+  #
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf {
+    <LibraryClasses>
+      SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+      UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
+      PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
+      UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+  }
-- 
2.35.1.windows.2


  parent reply	other threads:[~2022-06-13 20:40 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-13 20:39 [PATCH v2 00/11] Enhance Secure Boot Variable Libraries Kun Qin
2022-06-13 20:39 ` [PATCH v2 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Kun Qin
2022-06-13 20:39 ` [PATCH v2 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface Kun Qin
2022-06-13 20:39 ` [PATCH v2 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Kun Qin
2022-06-13 20:39 ` [PATCH v2 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator Kun Qin
2022-06-13 20:39 ` [PATCH v2 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces Kun Qin
2022-06-13 20:39 ` [PATCH v2 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation Kun Qin
2022-06-13 20:39 ` [PATCH v2 07/11] SecurityPkg: Secure Boot Drivers: Added common header files Kun Qin
2022-06-13 20:39 ` [PATCH v2 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern Kun Qin
2022-06-13 20:39 ` Kun Qin [this message]
2022-06-13 20:39 ` [PATCH v2 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency Kun Qin
2022-06-13 20:39 ` [PATCH v2 11/11] EmulatorPkg: " Kun Qin
2022-06-24  9:08   ` Ni, Ray
2022-06-30 19:44 ` [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries Michael Kubacki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220613203943.704-10-kuqin12@gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox