ACK: [PATCH 07/15] uefirtauthvar: add setting old authenticated variable test

Alex Hung alex.hung at canonical.com
Wed Oct 29 03:08:40 UTC 2014 

On 14-10-22 05:38 PM, Ivan Hu wrote:
> Set the old data and timestamp authenticated variable, fw need to
> check the authenticaed information and return EFI_SECURITY_VIOLATION.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>   src/uefi/uefirtauthvar/uefirtauthvar.c |   36 ++++++++++++++++++++++++++++++++
>   1 file changed, 36 insertions(+)
>
> diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
> index 0af2714..0d98f33 100644
> --- a/src/uefi/uefirtauthvar/uefirtauthvar.c
> +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
> @@ -429,12 +429,48 @@ static int uefirtauthvar_test5(fwts_framework *fw)
>   	return FWTS_OK;
>   }
>   
> +/*
> + * After updated, set the old data and timestamp authenticated variable,
> + * AuthVarCreate, expect EFI_SECURITY_VIOLATION returned.
> + */
> +static int uefirtauthvar_test6(fwts_framework *fw)
> +{
> +	long ioret;
> +	uint64_t status;
> +	int supcheck;
> +
> +	ioret = setvar(&gtestguid, attributes, sizeof(AuthVarCreate), AuthVarCreate, &status);
> +
> +	if (ioret == -1) {
> +		supcheck = check_fw_support(fw, status);
> +		if (supcheck != FWTS_OK)
> +			return supcheck;
> +
> +		if (status == EFI_SECURITY_VIOLATION) {
> +			fwts_passed(fw, "Authenticated variable test with old authenticated variable passed.");
> +			return FWTS_OK;
> +		}
> +
> +		fwts_failed(fw, LOG_LEVEL_MEDIUM,
> +			"UEFISetOldAuthVar",
> +			"Set authenticated variable fail");
> +			fwts_uefi_print_status_info(fw, status);
> +	}
> +
> +	fwts_failed(fw, LOG_LEVEL_HIGH,
> +		"UEFISetOldAuthVar",
> +		"Set authenticated variable expected fail but success");
> +
> +	return FWTS_ERROR;
> +}
> +
>   static fwts_framework_minor_test uefirtauthvar_tests[] = {
>   	{ uefirtauthvar_test1, "Create authenticated variable test." },
>   	{ uefirtauthvar_test2, "Authenticated variable test with the same authenticated variable." },
>   	{ uefirtauthvar_test3, "Authenticated variable test with another valid authenticated variable." },
>   	{ uefirtauthvar_test4, "Append authenticated variable test." },
>   	{ uefirtauthvar_test5, "Update authenticated variable test." },
> +	{ uefirtauthvar_test6, "Authenticated variable test with old authenticated variable." },
>   	{ NULL, NULL }
>   };
>   
Acked-by: Alex Hung <alex.hung at canonical.com>

More information about the fwts-devel mailing list