From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, Min Xu <min.m.xu@intel.com>
Subject: [PATCH v2 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests
Date: Mon, 13 Jun 2022 13:39:40 -0700 [thread overview]
Message-ID: <20220613203943.704-10-kuqin12@gmail.com> (raw)
In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com>
From: kuqin <kuqin@microsoft.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.
The unit test covers all implemented interfaces and certain corner cases.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
---
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c | 36 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c | 201 ++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c | 13 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c | 2037 ++++++++++++++++++++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf | 33 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf | 45 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf | 25 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf | 36 +
SecurityPkg/SecurityPkg.ci.yaml | 11 +
SecurityPkg/Test/SecurityPkgHostTest.dsc | 38 +
10 files changed, 2475 insertions(+)
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
new file mode 100644
index 000000000000..a8644d272df6
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.c
@@ -0,0 +1,36 @@
+/** @file
+ Provides a mocked interface for configuring PK related variable protection.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+
+/**
+ Disable any applicable protection against variable 'PK'. The implementation
+ of this interface is platform specific, depending on the protection techniques
+ used per platform.
+
+ Note: It is the platform's responsibility to conduct cautious operation after
+ disabling this protection.
+
+ @retval EFI_SUCCESS State has been successfully updated.
+ @retval Others Error returned from implementation specific
+ underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+ VOID
+ )
+{
+ return (EFI_STATUS)mock ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index 000000000000..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file
+ The UEFI Library provides functions and macros that simplify the development of
+ UEFI Drivers and UEFI Applications. These functions and macros help manage EFI
+ events, build simple locks utilizing EFI Task Priority Levels (TPLs), install
+ EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers,
+ and print messages on the console output and standard error devices.
+
+ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+/**
+ Returns the status whether get the variable success. The function retrieves
+ variable through the UEFI Runtime Service GetVariable(). The
+ returned buffer is allocated using AllocatePool(). The caller is responsible
+ for freeing this buffer with FreePool().
+
+ If Name is NULL, then ASSERT().
+ If Guid is NULL, then ASSERT().
+ If Value is NULL, then ASSERT().
+
+ @param[in] Name The pointer to a Null-terminated Unicode string.
+ @param[in] Guid The pointer to an EFI_GUID structure
+ @param[out] Value The buffer point saved the variable info.
+ @param[out] Size The buffer size of the variable.
+
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.
+ @return EFI_SUCCESS Find the specified variable.
+ @return Others Errors Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable2 (
+ IN CONST CHAR16 *Name,
+ IN CONST EFI_GUID *Guid,
+ OUT VOID **Value,
+ OUT UINTN *Size OPTIONAL
+ )
+{
+ EFI_STATUS Status;
+ UINTN BufferSize;
+
+ ASSERT (Name != NULL && Guid != NULL && Value != NULL);
+
+ //
+ // Try to get the variable size.
+ //
+ BufferSize = 0;
+ *Value = NULL;
+ if (Size != NULL) {
+ *Size = 0;
+ }
+
+ Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value);
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ //
+ // Allocate buffer to get the variable.
+ //
+ *Value = AllocatePool (BufferSize);
+ ASSERT (*Value != NULL);
+ if (*Value == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Get the variable data.
+ //
+ Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &BufferSize, *Value);
+ if (EFI_ERROR (Status)) {
+ FreePool (*Value);
+ *Value = NULL;
+ }
+
+ if (Size != NULL) {
+ *Size = BufferSize;
+ }
+
+ return Status;
+}
+
+/** Return the attributes of the variable.
+
+ Returns the status whether get the variable success. The function retrieves
+ variable through the UEFI Runtime Service GetVariable(). The
+ returned buffer is allocated using AllocatePool(). The caller is responsible
+ for freeing this buffer with FreePool(). The attributes are returned if
+ the caller provides a valid Attribute parameter.
+
+ If Name is NULL, then ASSERT().
+ If Guid is NULL, then ASSERT().
+ If Value is NULL, then ASSERT().
+
+ @param[in] Name The pointer to a Null-terminated Unicode string.
+ @param[in] Guid The pointer to an EFI_GUID structure
+ @param[out] Value The buffer point saved the variable info.
+ @param[out] Size The buffer size of the variable.
+ @param[out] Attr The pointer to the variable attributes as found in var store
+
+ @retval EFI_OUT_OF_RESOURCES Allocate buffer failed.
+ @retval EFI_SUCCESS Find the specified variable.
+ @retval Others Errors Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable3 (
+ IN CONST CHAR16 *Name,
+ IN CONST EFI_GUID *Guid,
+ OUT VOID **Value,
+ OUT UINTN *Size OPTIONAL,
+ OUT UINT32 *Attr OPTIONAL
+ )
+{
+ EFI_STATUS Status;
+ UINTN BufferSize;
+
+ ASSERT (Name != NULL && Guid != NULL && Value != NULL);
+
+ //
+ // Try to get the variable size.
+ //
+ BufferSize = 0;
+ *Value = NULL;
+ if (Size != NULL) {
+ *Size = 0;
+ }
+
+ if (Attr != NULL) {
+ *Attr = 0;
+ }
+
+ Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value);
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ //
+ // Allocate buffer to get the variable.
+ //
+ *Value = AllocatePool (BufferSize);
+ ASSERT (*Value != NULL);
+ if (*Value == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Get the variable data.
+ //
+ Status = gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &BufferSize, *Value);
+ if (EFI_ERROR (Status)) {
+ FreePool (*Value);
+ *Value = NULL;
+ }
+
+ if (Size != NULL) {
+ *Size = BufferSize;
+ }
+
+ return Status;
+}
+
+/**
+ Returns a pointer to an allocated buffer that contains the contents of a
+ variable retrieved through the UEFI Runtime Service GetVariable(). This
+ function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables.
+ The returned buffer is allocated using AllocatePool(). The caller is
+ responsible for freeing this buffer with FreePool().
+
+ If Name is NULL, then ASSERT().
+ If Value is NULL, then ASSERT().
+
+ @param[in] Name The pointer to a Null-terminated Unicode string.
+ @param[out] Value The buffer point saved the variable info.
+ @param[out] Size The buffer size of the variable.
+
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.
+ @return EFI_SUCCESS Find the specified variable.
+ @return Others Errors Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetEfiGlobalVariable2 (
+ IN CONST CHAR16 *Name,
+ OUT VOID **Value,
+ OUT UINTN *Size OPTIONAL
+ )
+{
+ return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size);
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
new file mode 100644
index 000000000000..e86192a05f32
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.c
@@ -0,0 +1,13 @@
+/** @file
+ Mock implementation of the UEFI Runtime Services Table Library.
+
+ Copyright (C) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+extern EFI_RUNTIME_SERVICES gMockRuntime;
+
+EFI_RUNTIME_SERVICES *gRT = &gMockRuntime;
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
new file mode 100644
index 000000000000..a23135dfb016
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
@@ -0,0 +1,2037 @@
+/** @file
+ Unit tests of the implementation of SecureBootVariableLib.
+
+ Copyright (C) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+#include <UefiSecureBoot.h>
+#include <Guid/GlobalVariable.h>
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Library/UnitTestLib.h>
+#include <Library/SecureBootVariableLib.h>
+
+#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests"
+#define UNIT_TEST_APP_VERSION "1.0"
+#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)
+
+extern EFI_TIME mMaxTimestamp;
+extern EFI_TIME mDefaultPayloadTimestamp;
+
+/**
+ Sets the value of a variable.
+
+ @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.
+ Each VariableName is unique for each VendorGuid. VariableName must
+ contain 1 or more characters. If VariableName is an empty string,
+ then EFI_INVALID_PARAMETER is returned.
+ @param[in] VendorGuid A unique identifier for the vendor.
+ @param[in] Attributes Attributes bitmask to set for the variable.
+ @param[in] DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
+ causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
+ set, then a SetVariable() call with a DataSize of zero will not cause any change to
+ the variable value (the timestamp associated with the variable may be updated however
+ even if no new data value is provided,see the description of the
+ EFI_VARIABLE_AUTHENTICATION_2 descriptor below. In this case the DataSize will not
+ be zero since the EFI_VARIABLE_AUTHENTICATION_2 descriptor will be populated).
+ @param[in] Data The contents for the variable.
+
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
+ defined by the Attributes.
+ @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied, or the
+ DataSize exceeds the maximum allowed.
+ @retval EFI_INVALID_PARAMETER VariableName is an empty string.
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
+ @retval EFI_WRITE_PROTECTED The variable in question is read-only.
+ @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,
+ but the AuthInfo does NOT pass the validation check carried out by the firmware.
+
+ @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockSetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ DEBUG ((
+ DEBUG_INFO,
+ "%a %s %g %x %x %p\n",
+ __FUNCTION__,
+ VariableName,
+ VendorGuid,
+ Attributes,
+ DataSize,
+ Data
+ ));
+ check_expected_ptr (VariableName);
+ check_expected_ptr (VendorGuid);
+ check_expected_ptr (Attributes);
+ check_expected (DataSize);
+ check_expected (Data);
+
+ return (EFI_STATUS)mock ();
+}
+
+/**
+ Returns the value of a variable.
+
+ @param[in] VariableName A Null-terminated string that is the name of the vendor's
+ variable.
+ @param[in] VendorGuid A unique identifier for the vendor.
+ @param[out] Attributes If not NULL, a pointer to the memory location to return the
+ attributes bitmask for the variable.
+ @param[in, out] DataSize On input, the size in bytes of the return Data buffer.
+ On output the size of data returned in Data.
+ @param[out] Data The buffer to return the contents of the variable. May be NULL
+ with a zero DataSize in order to determine the size buffer needed.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_NOT_FOUND The variable was not found.
+ @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.
+ @retval EFI_INVALID_PARAMETER VariableName is NULL.
+ @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.
+ @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
+ @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockGetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT UINT32 *Attributes OPTIONAL,
+ IN OUT UINTN *DataSize,
+ OUT VOID *Data OPTIONAL
+ )
+{
+ UINTN TargetSize;
+ BOOLEAN Exist;
+
+ DEBUG ((
+ DEBUG_INFO,
+ "%a %s %g %p %x %p\n",
+ __FUNCTION__,
+ VariableName,
+ VendorGuid,
+ Attributes,
+ *DataSize,
+ Data
+ ));
+ assert_non_null (DataSize);
+ check_expected_ptr (VariableName);
+ check_expected_ptr (VendorGuid);
+ check_expected (*DataSize);
+
+ Exist = (BOOLEAN)mock ();
+
+ if (!Exist) {
+ return EFI_NOT_FOUND;
+ }
+
+ TargetSize = (UINTN)mock ();
+ if (TargetSize > *DataSize) {
+ *DataSize = TargetSize;
+ return EFI_BUFFER_TOO_SMALL;
+ } else {
+ assert_non_null (Data);
+ CopyMem (Data, (VOID *)mock (), TargetSize);
+ }
+
+ return EFI_SUCCESS;
+}
+
+///
+/// Mock version of the UEFI Runtime Services Table
+///
+EFI_RUNTIME_SERVICES gMockRuntime = {
+ {
+ EFI_RUNTIME_SERVICES_SIGNATURE, // Signature
+ EFI_RUNTIME_SERVICES_REVISION, // Revision
+ sizeof (EFI_RUNTIME_SERVICES), // HeaderSize
+ 0, // CRC32
+ 0 // Reserved
+ },
+ NULL, // GetTime
+ NULL, // SetTime
+ NULL, // GetWakeupTime
+ NULL, // SetWakeupTime
+ NULL, // SetVirtualAddressMap
+ NULL, // ConvertPointer
+ MockGetVariable, // GetVariable
+ NULL, // GetNextVariableName
+ MockSetVariable, // SetVariable
+ NULL, // GetNextHighMonotonicCount
+ NULL, // ResetSystem
+ NULL, // UpdateCapsule
+ NULL, // QueryCapsuleCapabilities
+ NULL // QueryVariableInfo
+};
+
+/**
+ Unit test for SetSecureBootMode () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootModeShouldSetVar (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 SecureBootMode;
+ EFI_STATUS Status;
+
+ SecureBootMode = 0xAB; // Any random magic number...
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode));
+ expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBootMode));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = SetSecureBootMode (SecureBootMode);
+
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+GetSetupModeShouldGetVar (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 TargetMode;
+ UINT8 SetupMode;
+
+ TargetMode = 0xAB; // Any random magic number...
+ expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeof (EFI_SETUP_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (SetupMode));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (SetupMode));
+ will_return (MockGetVariable, &TargetMode);
+
+ Status = GetSetupMode (&SetupMode);
+
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (SetupMode, TargetMode);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsSecureBootEnableShouldGetVar (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ BOOLEAN Enabled;
+ UINT8 TargetMode;
+
+ TargetMode = SECURE_BOOT_MODE_ENABLE;
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (TargetMode));
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (TargetMode));
+ will_return (MockGetVariable, &TargetMode);
+
+ Enabled = IsSecureBootEnabled ();
+
+ UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputSimple (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_SIGNATURE_LIST *SigList = NULL;
+ EFI_SIGNATURE_DATA *SigData = NULL;
+ UINTN SigListSize = 0;
+ EFI_STATUS Status;
+ UINT8 TestData[] = { 0 };
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo = {
+ .Data = TestData,
+ .DataSize = sizeof (TestData)
+ };
+
+ Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo);
+
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ UT_ASSERT_NOT_NULL (SigList);
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid));
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize);
+
+ SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST));
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid));
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData));
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputNull (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_SIGNATURE_LIST *SigList = NULL;
+ UINTN SigListSize = 0;
+ EFI_STATUS Status;
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo = {
+ .Data = NULL,
+ .DataSize = 0
+ };
+
+ Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NULL);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+ Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &KeyInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputMultiple (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_SIGNATURE_LIST *SigList = NULL;
+ EFI_SIGNATURE_DATA *SigData = NULL;
+ UINTN SigListSize = 0;
+ UINTN TotalSize = 0;
+ UINTN Index = 0;
+ UINT8 TestData1[] = { 0 };
+ UINT8 TestData2[] = { 1, 2 };
+ EFI_STATUS Status;
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2] = {
+ {
+ .Data = TestData1,
+ .DataSize = sizeof (TestData1)
+ },
+ {
+ .Data = TestData2,
+ .DataSize = sizeof (TestData2)
+ }
+ };
+
+ Status = SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, KeyInfo);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ UT_ASSERT_NOT_NULL (SigList);
+
+ for (Index = 0; Index < 2; Index++) {
+ UT_ASSERT_TRUE (SigListSize > TotalSize);
+
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid));
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);
+
+ SigData = (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATURE_LIST));
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid));
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyInfo[Index].DataSize);
+ TotalSize = TotalSize + SigList->SignatureListSize;
+ SigList = (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->SignatureListSize);
+ }
+
+ UT_ASSERT_EQUAL (SigListSize, TotalSize);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldPopulateDescriptor (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINT8 Data[] = { 2 };
+ UINTN DataSize = sizeof (Data);
+ UINT8 *CheckData;
+ EFI_VARIABLE_AUTHENTICATION_2 *VarAuth;
+ EFI_STATUS Status;
+ EFI_TIME Time = {
+ .Year = 2012,
+ .Month = 3,
+ .Day = 4,
+ .Hour = 5,
+ .Minute = 6,
+ .Second = 7,
+ .Pad1 = 0,
+ .Nanosecond = 8910,
+ .TimeZone = 1112,
+ .Pad2 = 0
+ };
+
+ CheckData = AllocateCopyPool (DataSize, Data);
+ Status = CreateTimeBasedPayload (&DataSize, &CheckData, &Time);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ // This is result that we did not pack this structure...
+ // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1,
+ // because the structure is not at the end of this structure, but partially
+ // inside it...
+ UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data));
+ UT_ASSERT_NOT_NULL (CheckData);
+
+ VarAuth = (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData;
+ UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME));
+
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200);
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_EFI_GUID);
+ UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7Guid));
+
+ UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data));
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldCheckInput (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ UINTN DataSize = 0;
+ UINT8 *Data = NULL;
+ EFI_TIME Time;
+ EFI_STATUS Status;
+
+ Status = CreateTimeBasedPayload (NULL, &Data, &Time);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+ Status = CreateTimeBasedPayload (&DataSize, NULL, &Time);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+ Status = CreateTimeBasedPayload (&DataSize, &Data, NULL);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteDb () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeleteDb ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteDbx () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbxShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeleteDbx ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteDbt () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbtShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeleteDbt ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteKEK () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteKEKShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeleteKEK ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeletePlatformKey () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeletePKShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+ UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE;
+
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeletePlatformKey ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldDelete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = 0;
+ UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE;
+
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+ will_return (DisablePKProtection, EFI_SUCCESS);
+
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (Dummy));
+ will_return (MockGetVariable, &Dummy);
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = DeleteSecureBootVariables ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldCheckProtection (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+
+ will_return (DisablePKProtection, EFI_SECURITY_VIOLATION);
+
+ Status = DeleteSecureBootVariables ();
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldProceedWithNotFound (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 BootMode = CUSTOM_SECURE_BOOT_MODE;
+
+ will_return (DisablePKProtection, EFI_SUCCESS);
+
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, sizeof (EFI_CUSTOM_MODE_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Status = DeleteSecureBootVariables ();
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+EnrollFromInputShouldComplete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Dummy = 3;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (Dummy);
+
+ Payload = AllocateCopyPool (sizeof (Dummy), &Dummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, sizeof (Dummy), &Dummy);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldComplete (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbtDummy = 0xAD;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 KekDummy = 0xEF;
+ UINT8 PkDummy = 0xFE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .DbtPtr = &DbtDummy,
+ .DbtSize = sizeof (DbtDummy),
+ .KekPtr = &KekDummy,
+ .KekSize = sizeof (KekDummy),
+ .PkPtr = &PkDummy,
+ .PkSize = sizeof (PkDummy),
+ .SecureBootKeyName = L"Food"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+ PayloadSize = sizeof (DbtDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+ PayloadSize = sizeof (KekDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+ PayloadSize = sizeof (PkDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopWhenSecure (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 TargetMode = SECURE_BOOT_MODE_ENABLE;
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo;
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (TargetMode));
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+ will_return (MockGetVariable, TRUE);
+ will_return (MockGetVariable, sizeof (TargetMode));
+ will_return (MockGetVariable, &TargetMode);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBX (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbxDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .SecureBootKeyName = L"Fail DBX"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDB (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .SecureBootKeyName = L"Fail DB"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBT (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbtDummy = 0xAD;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .DbtPtr = &DbtDummy,
+ .DbtSize = sizeof (DbtDummy),
+ .SecureBootKeyName = L"Fail DBT"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+ PayloadSize = sizeof (DbtDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ will_return (MockSetVariable, EFI_ACCESS_DENIED);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailKEK (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbtDummy = 0xAD;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 KekDummy = 0xEF;
+ UINT8 PkDummy = 0xFE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .DbtPtr = &DbtDummy,
+ .DbtSize = sizeof (DbtDummy),
+ .KekPtr = &KekDummy,
+ .KekSize = sizeof (KekDummy),
+ .PkPtr = &PkDummy,
+ .PkSize = sizeof (PkDummy),
+ .SecureBootKeyName = L"Food"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+ PayloadSize = sizeof (DbtDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+ PayloadSize = sizeof (KekDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ will_return (MockSetVariable, EFI_DEVICE_ERROR);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailPK (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbtDummy = 0xAD;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 KekDummy = 0xEF;
+ UINT8 PkDummy = 0xFE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .DbtPtr = &DbtDummy,
+ .DbtSize = sizeof (DbtDummy),
+ .KekPtr = &KekDummy,
+ .KekSize = sizeof (KekDummy),
+ .PkPtr = &PkDummy,
+ .PkSize = sizeof (PkDummy),
+ .SecureBootKeyName = L"Food"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+ PayloadSize = sizeof (DbtDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+ PayloadSize = sizeof (KekDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+ PayloadSize = sizeof (PkDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ will_return (MockSetVariable, EFI_INVALID_PARAMETER);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVariableLib.
+
+ @param[in] Context [Optional] An optional parameter that enables:
+ 1) test-case reuse with varied parameters and
+ 2) test-case re-entry for Target tests that need a
+ reboot. This parameter is a VOID* and it is the
+ responsibility of the test author to ensure that the
+ contents are well understood by all test cases that may
+ consume it.
+
+ @retval UNIT_TEST_PASSED The Unit test has completed and the test
+ case was successful.
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesDBTOptional (
+ IN UNIT_TEST_CONTEXT Context
+ )
+{
+ EFI_STATUS Status;
+ UINT8 DbDummy = 0xDE;
+ UINT8 DbxDummy = 0xBE;
+ UINT8 KekDummy = 0xEF;
+ UINT8 PkDummy = 0xFE;
+ UINT8 *Payload = NULL;
+ UINTN PayloadSize = sizeof (DbDummy);
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo = {
+ .DbPtr = &DbDummy,
+ .DbSize = sizeof (DbDummy),
+ .DbxPtr = &DbxDummy,
+ .DbxSize = sizeof (DbxDummy),
+ .DbtPtr = NULL,
+ .DbtSize = 0,
+ .KekPtr = &KekDummy,
+ .KekSize = sizeof (KekDummy),
+ .PkPtr = &PkDummy,
+ .PkSize = sizeof (PkDummy),
+ .SecureBootKeyName = L"Food"
+ };
+
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME, sizeof (EFI_SECURE_BOOT_MODE_NAME));
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockGetVariable, *DataSize, 0);
+
+ will_return (MockGetVariable, FALSE);
+
+ Payload = AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+ PayloadSize = sizeof (DbDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABASE, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+ PayloadSize = sizeof (KekDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME, sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+ PayloadSize = sizeof (PkDummy);
+ Status = CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPayloadTimestamp);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, sizeof (EFI_PLATFORM_KEY_NAME));
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+ will_return (MockSetVariable, EFI_SUCCESS);
+
+ Status = SetSecureBootVariablesToDefault (&PayloadInfo);
+ UT_ASSERT_NOT_EFI_ERROR (Status);
+
+ return UNIT_TEST_PASSED;
+}
+
+/**
+ Initialze the unit test framework, suite, and unit tests for the
+ SecureBootVariableLib and run the SecureBootVariableLib unit test.
+
+ @retval EFI_SUCCESS All test cases were dispatched.
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available to
+ initialize the unit tests.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+UnitTestingEntry (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UNIT_TEST_FRAMEWORK_HANDLE Framework;
+ UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests;
+ UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests;
+ UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests;
+
+ Framework = NULL;
+
+ DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION));
+
+ //
+ // Start setting up the test framework for running the tests.
+ //
+ Status = InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status));
+ goto EXIT;
+ }
+
+ //
+ // Populate the SecureBootVariableLib Unit Test Suite.
+ //
+ Status = CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "SecureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneous", NULL, NULL);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+ Status = EFI_OUT_OF_RESOURCES;
+ goto EXIT;
+ }
+
+ Status = CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "SecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NULL, NULL);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+ Status = EFI_OUT_OF_RESOURCES;
+ goto EXIT;
+ }
+
+ Status = CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "SecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment", NULL, NULL);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVariableLib\n"));
+ Status = EFI_OUT_OF_RESOURCES;
+ goto EXIT;
+ }
+
+ //
+ // --------------Suite-----------Description--------------Name----------Function--------Pre---Post-------------------Context-----------
+ //
+ AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to get variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propagate to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreateDataFromInputSimple, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputNull, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateDataFromInputMultiple, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should populate descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayloadShouldPopulateDescriptor, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShouldCheckInput, NULL, NULL, NULL);
+
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with auth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVariablesShouldDelete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should fail if protection disable fails", "DeleteSecureBootVariables Fail", DeleteSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should continue if any variable is not found", "DeleteSecureBootVariables Proceed", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL);
+
+ AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply with authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldComplete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVariablesShouldComplete, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when already enabled", "SetSecureBootVariablesToDefault Already Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", SetSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", SetSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL);
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault should only be optional", "SetSecureBootVariablesToDefault DBT Optional", SetSecureBootVariablesDBTOptional, NULL, NULL, NULL);
+
+ //
+ // Execute the tests.
+ //
+ Status = RunAllTestSuites (Framework);
+
+EXIT:
+ if (Framework) {
+ FreeUnitTestFramework (Framework);
+ }
+
+ return Status;
+}
+
+/**
+ Standard POSIX C entry point for host based unit test execution.
+**/
+int
+main (
+ int argc,
+ char *argv[]
+ )
+{
+ return UnitTestingEntry ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..1e19033c5a91
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
@@ -0,0 +1,33 @@
+## @file
+# Provides an abstracted interface for configuring PK related variable protection.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockPlatformPKProtectionLib
+ FILE_GUID = 5FCD74D3-3965-4D56-AB83-000B9B4806A0
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PlatformPKProtectionLib|HOST_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ MockPlatformPKProtectionLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ UnitTestLib
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
new file mode 100644
index 000000000000..a84242ac7205
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -0,0 +1,45 @@
+## @file
+# Instance of UEFI Library.
+#
+# The UEFI Library provides functions and macros that simplify the development of
+# UEFI Drivers and UEFI Applications. These functions and macros help manage EFI
+# events, build simple locks utilizing EFI Task Priority Levels (TPLs), install
+# EFI Driver Model related protocols, manage Unicode string tables for UEFI Drivers,
+# and print messages on the console output and standard error devices.
+#
+# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockUefiLib
+ FILE_GUID = E3B7AEF9-4E55-49AF-B035-ED776C928EC6
+ MODULE_TYPE = UEFI_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = UefiLib|HOST_APPLICATION
+
+#
+# VALID_ARCHITECTURES = IA32 X64 EBC
+#
+
+[Sources]
+ MockUefiLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ PrintLib
+ PcdLib
+ MemoryAllocationLib
+ DebugLib
+ BaseMemoryLib
+ BaseLib
+ UefiRuntimeServicesTableLib
+
+[Guids]
+ gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
new file mode 100644
index 000000000000..f832a93e2254
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
@@ -0,0 +1,25 @@
+## @file
+# Mock implementation of the UEFI Runtime Services Table Library.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockUefiRuntimeServicesTableLib
+ FILE_GUID = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1
+ MODULE_TYPE = UEFI_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = UefiRuntimeServicesTableLib|HOST_APPLICATION
+
+#
+# VALID_ARCHITECTURES = IA32 X64 EBC
+#
+
+[Sources]
+ MockUefiRuntimeServicesTableLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
new file mode 100644
index 000000000000..f99fb09be52e
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf
@@ -0,0 +1,36 @@
+## @file
+# Unit tests of the implementation of SecureBootVariableLib.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = SecureBootVariableLibUnitTest
+ FILE_GUID = 71C5359E-08FB-450E-9766-BC70482DF66B
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ SecureBootVariableLibUnitTest.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ SecureBootVariableLib
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ UefiLib
+ UnitTestLib
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml
index 791214239899..2138b0a5e21b 100644
--- a/SecurityPkg/SecurityPkg.ci.yaml
+++ b/SecurityPkg/SecurityPkg.ci.yaml
@@ -15,6 +15,7 @@
## "<ErrorID>", "<KeyWord>"
## ]
"ExceptionList": [
+ "8005", "gRT",
],
## Both file path and directory path are accepted.
"IgnoreFiles": [
@@ -26,6 +27,10 @@
"CompilerPlugin": {
"DscPath": "SecurityPkg.dsc"
},
+ ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
+ "HostUnitTestCompilerPlugin": {
+ "DscPath": "Test/SecurityPkgHostTest.dsc"
+ },
"CharEncodingCheck": {
"IgnoreFiles": []
},
@@ -33,6 +38,7 @@
"AcceptableDependencies": [
"MdePkg/MdePkg.dec",
"MdeModulePkg/MdeModulePkg.dec",
+ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",
"SecurityPkg/SecurityPkg.dec",
"StandaloneMmPkg/StandaloneMmPkg.dec",
"CryptoPkg/CryptoPkg.dec"
@@ -47,6 +53,11 @@
"DscPath": "SecurityPkg.dsc",
"IgnoreInf": []
},
+ ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
+ "HostUnitTestDscCompleteCheck": {
+ "IgnoreInf": [""],
+ "DscPath": "Test/SecurityPkgHostTest.dsc"
+ },
"GuidCheck": {
"IgnoreGuidName": [],
"IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc
new file mode 100644
index 000000000000..c4df01fe1b73
--- /dev/null
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -0,0 +1,38 @@
+## @file
+# SecurityPkg DSC file used to build host-based unit tests.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ PLATFORM_NAME = SecurityPkgHostTest
+ PLATFORM_GUID = 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0
+ PLATFORM_VERSION = 0.1
+ DSC_SPECIFICATION = 0x00010005
+ OUTPUT_DIRECTORY = Build/SecurityPkg/HostTest
+ SUPPORTED_ARCHITECTURES = IA32|X64
+ BUILD_TARGETS = NOOPT
+ SKUID_IDENTIFIER = DEFAULT
+
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+
+[LibraryClasses]
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
+[Components]
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+
+ #
+ # Build SecurityPkg HOST_APPLICATION Tests
+ #
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.inf {
+ <LibraryClasses>
+ SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+ UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
+ PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
+ UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+ }
--
2.35.1.windows.2
next prev parent reply other threads:[~2022-06-13 20:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-13 20:39 [PATCH v2 00/11] Enhance Secure Boot Variable Libraries Kun Qin
2022-06-13 20:39 ` [PATCH v2 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Kun Qin
2022-06-13 20:39 ` [PATCH v2 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface Kun Qin
2022-06-13 20:39 ` [PATCH v2 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Kun Qin
2022-06-13 20:39 ` [PATCH v2 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator Kun Qin
2022-06-13 20:39 ` [PATCH v2 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces Kun Qin
2022-06-13 20:39 ` [PATCH v2 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation Kun Qin
2022-06-13 20:39 ` [PATCH v2 07/11] SecurityPkg: Secure Boot Drivers: Added common header files Kun Qin
2022-06-13 20:39 ` [PATCH v2 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern Kun Qin
2022-06-13 20:39 ` Kun Qin [this message]
2022-06-13 20:39 ` [PATCH v2 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency Kun Qin
2022-06-13 20:39 ` [PATCH v2 11/11] EmulatorPkg: " Kun Qin
2022-06-24 9:08 ` Ni, Ray
2022-06-30 19:44 ` [edk2-devel] [PATCH v2 00/11] Enhance Secure Boot Variable Libraries Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220613203943.704-10-kuqin12@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox