From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web10.2854.1680906059556530823 for ; Fri, 07 Apr 2023 15:21:03 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=iRtfRjtB; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: michael.d.kinney@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1680906063; x=1712442063; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jWUSlt8yyEf8OnQoIMW2LSt4KcHETCeRBWFQHeXjBOE=; b=iRtfRjtBsgFpWqs38dHnbdevW7oE/p5A6HudNCHRqGYoHpkZxz1657sh WP/4x+X9oXFRVd/f/qMkv7u76Oija9j0Vmhg33Xb601TVN/39K7hYWgp/ h5o7meEY6nf1/GyEgSBAyhlLNi2qp1dKPkST++LZwJBDD4TjW3PXiYDfH 7FOpeXGP3eXJjY7ZGwS2uoBrh7C6m7Ag1iEZKoVYnwxGs0ZeM9E+MHfhm UruJ3/XXER2XmCCKQI+7n1bhWzLO0fTRd63FZo+b+IAbYFPuTOkmYm6Xn aqaV8IW5wzbZ+bONHppeZTK0IRRqg9BWbuDkI+JLFpXeLXpRnL43VLekg w==; X-IronPort-AV: E=McAfee;i="6600,9927,10673"; a="343085663" X-IronPort-AV: E=Sophos;i="5.98,328,1673942400"; d="scan'208";a="343085663" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2023 15:21:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10673"; a="690177477" X-IronPort-AV: E=Sophos;i="5.98,328,1673942400"; d="scan'208";a="690177477" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.18.108]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2023 15:21:02 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Chris Johnson , Jiewen Yao , Jian J Wang , Oliver Smith-Denny Subject: [Patch v3 07/12] SecurityPkg: Add gmock example Date: Fri, 7 Apr 2023 15:20:45 -0700 Message-Id: <20230407222051.1095-8-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.39.1.windows.1 In-Reply-To: <20230407222051.1095-1-michael.d.kinney@intel.com> References: <20230407222051.1095-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Chris Johnson REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Chris Johnson Acked-by: Jiewen Yao Reviewed-by: Oliver Smith-Denny Reviewed-by: Michael D Kinney --- .../SecureBootVariableLibGoogleTest.cpp | 174 ++++++++++++++++++ .../SecureBootVariableLibGoogleTest.inf | 32 ++++ .../UnitTest/MockPlatformPKProtectionLib.inf | 4 +- .../UnitTest/MockUefiLib.inf | 4 +- .../MockUefiRuntimeServicesTableLib.inf | 4 +- .../UnitTest/SecureBootVariableLibUnitTest.c | 2 +- SecurityPkg/SecurityPkg.dec | 1 + .../Library/MockPlatformPKProtectionLib.h | 28 +++ .../MockPlatformPKProtectionLib.cpp | 11 ++ .../MockPlatformPKProtectionLib.inf | 34 ++++ SecurityPkg/Test/SecurityPkgHostTest.dsc | 8 + 11 files changed, 295 insertions(+), 7 deletions(-) create mode 100644 SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp create mode 100644 SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf create mode 100644 SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h create mode 100644 SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp create mode 100644 SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf diff --git a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp new file mode 100644 index 000000000000..c9190c8ffd61 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp @@ -0,0 +1,174 @@ +/** @file + Unit tests for the implementation of SecureBootVariableLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +extern "C" { + #include + #include + #include + #include + #include + #include +} + +using namespace testing; + +////////////////////////////////////////////////////////////////////////////// +class SetSecureBootModeTest : public Test { + protected: + MockUefiRuntimeServicesTableLib RtServicesMock; + UINT8 SecureBootMode; + EFI_STATUS Status; + + void SetUp() override { + // Any random magic number can be used for these tests + SecureBootMode = 0xAB; + } +}; + +// Test SetSecureBootMode() API from SecureBootVariableLib to verify the +// expected error is returned when the call to gRT->SetVariable() fails. +TEST_F(SetSecureBootModeTest, SetVarError) { + EXPECT_CALL(RtServicesMock, gRT_SetVariable) + .WillOnce(Return(EFI_INVALID_PARAMETER)); + + Status = SetSecureBootMode(SecureBootMode); + EXPECT_EQ(Status, EFI_INVALID_PARAMETER); +} + +// Test SetSecureBootMode() API from SecureBootVariableLib to verify the +// expected secure boot mode is written to the correct variable in the call +// to gRT->SetVariable(). +TEST_F(SetSecureBootModeTest, PropogateModeToSetVar) { + EXPECT_CALL(RtServicesMock, + gRT_SetVariable( + Char16StrEq(EFI_CUSTOM_MODE_NAME), + BufferEq(&gEfiCustomModeEnableGuid, sizeof(EFI_GUID)), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(SecureBootMode), + BufferEq(&SecureBootMode, sizeof(SecureBootMode)))) + .WillOnce(Return(EFI_SUCCESS)); + + Status = SetSecureBootMode(SecureBootMode); + EXPECT_EQ(Status, EFI_SUCCESS); +} + +////////////////////////////////////////////////////////////////////////////// +class GetSetupModeTest : public Test { + protected: + MockUefiRuntimeServicesTableLib RtServicesMock; + UINT8 SetupMode; + EFI_STATUS Status; + UINT8 ExpSetupMode; + + void SetUp() override { + // Any random magic number can be used for these tests + ExpSetupMode = 0xAB; + } +}; + +// Test GetSetupMode() API from SecureBootVariableLib to verify the expected +// error is returned when the call to gRT->GetVariable() fails. +TEST_F(GetSetupModeTest, GetVarError) { + EXPECT_CALL(RtServicesMock, gRT_GetVariable) + .WillOnce(Return(EFI_INVALID_PARAMETER)); + + Status = GetSetupMode (&SetupMode); + EXPECT_EQ(Status, EFI_INVALID_PARAMETER); +} + +// Test GetSetupMode() API from SecureBootVariableLib to verify the expected +// setup mode is returned (and with a success return code) when the mode is +// successfully read from the call to gRT->GetVariable(). +TEST_F(GetSetupModeTest, FetchModeFromGetVar) { + EXPECT_CALL(RtServicesMock, + gRT_GetVariable( + Char16StrEq(EFI_SETUP_MODE_NAME), + BufferEq(&gEfiGlobalVariableGuid, sizeof(EFI_GUID)), + _, + Pointee(Eq(sizeof(SetupMode))), + NotNull())) + .WillOnce(DoAll( + SetArgPointee<3>(sizeof(ExpSetupMode)), + SetArgBuffer<4>(&ExpSetupMode, sizeof(ExpSetupMode)), + Return(EFI_SUCCESS))); + + Status = GetSetupMode (&SetupMode); + ASSERT_EQ(Status, EFI_SUCCESS); + EXPECT_EQ(SetupMode, ExpSetupMode); +} + +////////////////////////////////////////////////////////////////////////////// +class IsSecureBootEnabledTest : public Test { + protected: + MockUefiLib UefiLibMock; + BOOLEAN Enabled; +}; + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE +// is returned when the call to GetEfiGlobalVariable2() fails. +TEST_F(IsSecureBootEnabledTest, GetVarError) { + EXPECT_CALL(UefiLibMock, GetEfiGlobalVariable2) + .WillOnce(Return(EFI_ABORTED)); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, FALSE); +} + +////////////////////////////////////////////////////////////////////////////// +class IsSecureBootEnabledAllocTest : public IsSecureBootEnabledTest { + protected: + UINT8 *BootEnabledBuffer; + + void SetUp() override { + BootEnabledBuffer = (UINT8*) AllocatePool(1); + ASSERT_NE(BootEnabledBuffer, nullptr); + } +}; + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify TRUE +// is returned when the call to GetEfiGlobalVariable2() is successful and +// returns SECURE_BOOT_MODE_ENABLE. +TEST_F(IsSecureBootEnabledAllocTest, IsEnabled) { + *BootEnabledBuffer = SECURE_BOOT_MODE_ENABLE; + EXPECT_CALL(UefiLibMock, + GetEfiGlobalVariable2( + Char16StrEq(EFI_SECURE_BOOT_MODE_NAME), + NotNull(), + _)) + .WillOnce(DoAll( + SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)), + Return(EFI_SUCCESS))); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, TRUE); +} + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE +// is returned when the call to GetEfiGlobalVariable2() is successful and +// returns SECURE_BOOT_MODE_DISABLE. +TEST_F(IsSecureBootEnabledAllocTest, IsDisabled) { + *BootEnabledBuffer = SECURE_BOOT_MODE_DISABLE; + EXPECT_CALL(UefiLibMock, + GetEfiGlobalVariable2( + Char16StrEq(EFI_SECURE_BOOT_MODE_NAME), + NotNull(), + _)) + .WillOnce(DoAll( + SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)), + Return(EFI_SUCCESS))); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, FALSE); +} + +int main(int argc, char* argv[]) { + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf new file mode 100644 index 000000000000..5503dcfa32d1 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf @@ -0,0 +1,32 @@ +## @file +# Unit test suite for the SecureBootVariableLib using Google Test +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = SecureBootVariableLibGoogleTest + FILE_GUID = C88372AB-726B-4344-A250-6C7F826C874E + VERSION_STRING = 1.0 + MODULE_TYPE = HOST_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SecureBootVariableLibGoogleTest.cpp + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + GoogleTestLib + SecureBootVariableLib diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf index 1e19033c5a91..c927ef709958 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf @@ -10,9 +10,9 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = MockPlatformPKProtectionLib FILE_GUID = 5FCD74D3-3965-4D56-AB83-000B9B4806A0 - MODULE_TYPE = DXE_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = PlatformPKProtectionLib|HOST_APPLICATION + LIBRARY_CLASS = PlatformPKProtectionLib # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf index a84242ac7205..fecf46841131 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf @@ -18,9 +18,9 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = MockUefiLib FILE_GUID = E3B7AEF9-4E55-49AF-B035-ED776C928EC6 - MODULE_TYPE = UEFI_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = UefiLib|HOST_APPLICATION + LIBRARY_CLASS = UefiLib # # VALID_ARCHITECTURES = IA32 X64 EBC diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf index f832a93e2254..6fe04189606e 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf @@ -10,9 +10,9 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = MockUefiRuntimeServicesTableLib FILE_GUID = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1 - MODULE_TYPE = UEFI_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = UefiRuntimeServicesTableLib|HOST_APPLICATION + LIBRARY_CLASS = UefiRuntimeServicesTableLib # # VALID_ARCHITECTURES = IA32 X64 EBC diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c index a23135dfb016..3a92d5d83457 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c @@ -163,7 +163,7 @@ MockGetVariable ( return EFI_BUFFER_TOO_SMALL; } else { assert_non_null (Data); - CopyMem (Data, (VOID *)mock (), TargetSize); + CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize); } return EFI_SUCCESS; diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0382090f4e75..0a8042d63fe1 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -21,6 +21,7 @@ [Defines] [Includes] Include + Test/Mock/Include [LibraryClasses] ## @libraryclass Provides hash interfaces from different implementations. diff --git a/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h new file mode 100644 index 000000000000..8024f4be2975 --- /dev/null +++ b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h @@ -0,0 +1,28 @@ +/** @file + Google Test mocks for PlatformPKProtectionLib + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef MOCK_PLATFORM_PK_PROTECTION_LIB_H_ +#define MOCK_PLATFORM_PK_PROTECTION_LIB_H_ + +#include +#include +extern "C" { +#include +#include +} + +struct MockPlatformPKProtectionLib { + MOCK_INTERFACE_DECLARATION (MockPlatformPKProtectionLib); + + MOCK_FUNCTION_DECLARATION ( + EFI_STATUS, + DisablePKProtection, + () + ); +}; + +#endif diff --git a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp new file mode 100644 index 000000000000..5ea030f6dfcf --- /dev/null +++ b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp @@ -0,0 +1,11 @@ +/** @file + Google Test mocks for PlatformPKProtectionLib + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include + +MOCK_INTERFACE_DEFINITION(MockPlatformPKProtectionLib); + +MOCK_FUNCTION_DEFINITION(MockPlatformPKProtectionLib, DisablePKProtection, 0, EFIAPI); diff --git a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf new file mode 100644 index 000000000000..3ed638eaf74c --- /dev/null +++ b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf @@ -0,0 +1,34 @@ +## @file +# Google Test mocks for PlatformPKProtectionLib +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MockPlatformPKProtectionLib + FILE_GUID = C1383D85-E0ED-44E0-A0A6-125F1D78B6E9 + MODULE_TYPE = HOST_APPLICATION + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformPKProtectionLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + MockPlatformPKProtectionLib.cpp + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + GoogleTestLib + +[BuildOptions] + MSFT:*_*_*_CC_FLAGS = /EHsc diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc index c4df01fe1b73..ad5b4fc350ea 100644 --- a/SecurityPkg/Test/SecurityPkgHostTest.dsc +++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc @@ -25,6 +25,7 @@ [Components] SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf + SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf # # Build SecurityPkg HOST_APPLICATION Tests @@ -36,3 +37,10 @@ [Components] PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf } + SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf { + + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf + PlatformPKProtectionLib|SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf + UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf + } -- 2.39.1.windows.1