[PATCH 4/4] uefirtvariable: add test for setvariable with both authenticated attributes are set (LP: #1356207)
Keng-Yu Lin
keng-yu.lin at canonical.com
Wed Aug 13 09:19:33 UTC 2014
On Wed, Aug 13, 2014 at 4:00 PM, Ivan Hu <ivan.hu at canonical.com> wrote:
> Add test for both EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS are set in a setvariable
> call. From UEFI spec, firmware must return EFI_INVALID_PARAMETER when both
> authenticated attributes are set.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
> src/uefi/uefirtvariable/uefirtvariable.c | 55 +++++++++++++++++++++++++++---
> 1 file changed, 50 insertions(+), 5 deletions(-)
>
> diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
> index a69c804..46c7f0e 100644
> --- a/src/uefi/uefirtvariable/uefirtvariable.c
> +++ b/src/uefi/uefirtvariable/uefirtvariable.c
> @@ -941,11 +941,20 @@ static int setvariable_invalidattr(
> ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable);
>
> if ((status == EFI_SUCCESS) && (ioret != -1)) {
> - fwts_warning(fw,
> - "After ExitBootServices() is performed, the "
> - "attributes %" PRIu32 ", "
> - "for SetVariable shouldn't be set successfully.",
> - attributes);
> + if ((attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) &&
> + (attributes | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) &&
> + (status != EFI_INVALID_PARAMETER)) {
> + fwts_warning(fw,
> + "Both the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute and the "
> + "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute are set "
> + "in a SetVariable call, then the firmware must return EFI_INVALID_PARAMETER.");
> + } else {
> + fwts_warning(fw,
> + "After ExitBootServices() is performed, the "
> + "attributes %" PRIu32 ", "
> + "for SetVariable shouldn't be set successfully.",
> + attributes);
> + }
> return FWTS_ERROR;
> }
> return FWTS_OK;
> @@ -1225,6 +1234,36 @@ static int setvariable_test6(fwts_framework *fw)
> return FWTS_OK;
> }
>
> +static int setvariable_test7(fwts_framework *fw)
> +{
> + int ret;
> + uint64_t datasize = 10;
> + uint8_t datadiff = 0;
> + uint32_t attr;
> +
> + attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
> + ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff);
> + if (ret == FWTS_ERROR) {
> + fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable",
> + "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> + "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail.");
> + setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
> + return FWTS_ERROR;
> + }
> +
> + if (setvariable_checkvariable_notfound(fw, variablenametest,
> + >estguid1) == FWTS_ERROR) {
> + fwts_log_info(fw,
> + "Get the variable which is set by SetVariable with both "
> + "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> + "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) "
> + "attributes are set %" PRIu32 " , test failed.", attr);
> + setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
> + return FWTS_ERROR;
> + }
> + return FWTS_OK;
> +}
> +
> static int do_queryvariableinfo(
> uint64_t *status,
> uint64_t *remvarstoragesize,
> @@ -1429,6 +1468,12 @@ static int uefirtvariable_test3(fwts_framework *fw)
> return ret;
> fwts_passed(fw, "SetVariable on Invalid Attributes passed.");
>
> + fwts_log_info(fw, "Testing SetVariable with both Authenticated Attributes set.");
> + ret = setvariable_test7(fw);
> + if (ret != FWTS_OK)
> + return ret;
> + fwts_passed(fw, "Testing SetVariable with both Authenticated Attributes set passed.");
> +
> return FWTS_OK;
> }
>
> --
> 1.7.9.5
>
Acked-by: Keng-Yu Lin <kengyu at canonical.com>
More information about the fwts-devel
mailing list