[PATCH 00/15] Authenticated variable tests (LP: #1384134)

Colin Ian King colin.king at canonical.com
Wed Oct 22 09:47:09 UTC 2014 

Thanks Ivan,

Is there anything I need to be aware of or to check when I test this
patch set out?

COlin

On 22/10/14 10:35, Ivan Hu wrote:
> These patches add the tests for the authenticated variable setting via
> setvariable UEFI runtime service. These tests are base on the
> EFI_VARIABLE_AUTHENTICATION_2 descriptor which setvariable with
> attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set.
> 
> These authenticated variables(include digest, signed content etc.) are
> generated followed by the UEFI spec. 2.4, section 7.2.1.
> 
> * Create authenticated variable test
>   This test checks the setvariable with the new authenticated variable which
>   was created with TIME_BASED_AUTHENTICATED.
> * Authenticated variable test with the same authenticated variable
>   With one existing variable, but set the same authenticated
>   variable, firmware should check the authenticated variable and
>   return EFI_SECURITY_VIOLATION.
> * Authenticated variable test with another valid authenticated variable
>   With one existing variable, but set authenticated variable, which created
>   by another valid key, firmware should check the authenticated variable
>   and return return EFI_SECURITY_VIOLATION.
> * Append authenticated variable test
>   This test add the normal append operation and then check the total data size
>   and the data.
> * Update authenticated variable test
>   This test update the new authenticated variable created by the same key but
>   a new timestame and data.
> * Authenticated variable test with old authenticated variable
>   Set the old data and timestamp authenticated variable, firmware should
>   check and return EFI_SECURITY_VIOLATION.
> * Delete authenticated variable test
>   Test for deleting the test authenticated variable.
> * Authenticated variable test with invalid modified data
>   This test sets the authenticated variable with invalid modified data,
>   firmware should check the data and return EFI_SECURITY_VIOLATION.
> * Authenticated variable test with invalid modified timestamp
>   This test sets the authenticated variable with invalid timestamp, not the
>   same timestamp as the one hashed in the authenticated variable, firmware
>   should check it and return EFI_SECURITY_VIOLATION.
> * Authenticated variable test with different guid
>   This test sets the authenticated variable with invalid guid, not the same
>   guid as the one hashed in the authenticated variable, firmware should check
>   it and return EFI_SECURITY_VIOLATION.
> * Authenticated variable test with invalid attributes
>   This test sets the authenticated variable with the invalid attributes. The
>   authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor,
>   set the authenticated variable with invalid
>   EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of
>   EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute,
>   firmware should return EFI_SECURITY_VIOLATION.
> * Test with both authenticated attributes are set
>   Set the authitecated variable with both
>   EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and the 
>   EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attributes, firmware
>   should return EFI_INVALID_PARAMETER.
> * Set and delete authenticated variable created by different key test
>   After previous test authenticated variable was deleted, test with setting and
>   deleting another authenticated variable which created by different key.
> 
> Ivan Hu (15):
>   uefirtauthvar: add the test for creating authenticated variable
>   uefirtauthvar: cleanup environment before testing
>   uefirtauthvar: add test with setting the same authenticated variable
>   uefirtauthvar: add test for setting authenticated variable created by
>     another key
>   uefirtauthvar: add the normal append operation test
>   uefirtauthvar: add test update the authenticated variable
>   uefirtauthvar: add setting old authenticated variable test
>   uefirtauthvar: delete authenticated variable test
>   uefirtauthvar: setting authenticated variable with invalid modified
>     data test
>   uefirtauthvar: setting authenticated variable with invalid modified
>     timestamp
>   uefirtauthvar: setting authenticated variable with different guid
>     test
>   uefirtauthvar: setting authenticated variable with invalid attribute
>     test
>   uefirtauthvar: test with both authenticated attributes are set
>   uefirtauthvar: Set and delete authenticated variable created by
>     different key test
>   uefirtauthvar: cleanup environment for another authenticated variable
> 
>  src/Makefile.am                        |    3 +-
>  src/uefi/uefirtauthvar/authvardefs.h   |  998 ++++++++++++++++++++++++++++++++
>  src/uefi/uefirtauthvar/uefirtauthvar.c |  837 ++++++++++++++++++++++++++
>  3 files changed, 1837 insertions(+), 1 deletion(-)
>  create mode 100644 src/uefi/uefirtauthvar/authvardefs.h
>  create mode 100644 src/uefi/uefirtauthvar/uefirtauthvar.c
>

More information about the fwts-devel mailing list