[PATCH 1/2] uefirtvariable: modify both authenticated attributes setting test

Ivan Hu ivan.hu at canonical.com
Mon Feb 5 09:35:57 UTC 2018


UEFI spec 2.7 introduces new attribute
EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for
EFI_VARIABLE_AUTHENTICATION_3 and the attribute
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated

And specify
If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the
EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a
SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER.

Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
 src/lib/include/fwts_uefi.h              |  3 ++-
 src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
index bf93613..e90d115 100644
--- a/src/lib/include/fwts_uefi.h
+++ b/src/lib/include/fwts_uefi.h
@@ -43,7 +43,8 @@ enum {
 	FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD =			0x00000008,
 	FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS =			0x00000010,
 	FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS =	0x00000020,
-	FWTS_UEFI_VARIABLE_APPEND_WRITE =				0x00000040
+	FWTS_UEFI_VARIABLE_APPEND_WRITE =				0x00000040,
+	FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS =		0x00000080
 };
 
 enum {
diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
index f5c79a0..b038216 100644
--- a/src/uefi/uefirtvariable/uefirtvariable.c
+++ b/src/uefi/uefirtvariable/uefirtvariable.c
@@ -885,7 +885,7 @@ static int setvariable_insertvariable(
 
 	if (ioret == -1) {
 		if ((status == EFI_INVALID_PARAMETER) &&
-			((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
+			((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) ||
 			(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) ||
 			(attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) {
 			fwts_uefi_print_status_info(fw, status);
@@ -1045,7 +1045,7 @@ static int setvariable_invalidattr(
 	ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable);
 
 	if ((status == EFI_SUCCESS) && (ioret != -1)) {
-		if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) &&
+		if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) &&
 			(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) &&
 			(status != EFI_INVALID_PARAMETER)) {
 			fwts_warning(fw,
@@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw)
 	uint8_t datadiff = 0;
 	uint32_t attr;
 
-	attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+	attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
 	ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, &gtestguid1, datadiff);
 	if (ret == FWTS_ERROR) {
 		fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable",
-			"Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
+			"Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
 			"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail.");
 		setvariable_insertvariable(fw, 0, datasize, variablenametest, &gtestguid1, datadiff);
 		return FWTS_ERROR;
@@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw)
 		&gtestguid1) == FWTS_ERROR) {
 		fwts_log_info(fw,
 			"Get the variable which is set by SetVariable with both "
-			"authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
+			"authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
 			"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) "
 			"attributes are set %" PRIu32 " , test failed.", attr);
 		setvariable_insertvariable(fw, 0, datasize, variablenametest, &gtestguid1, datadiff);
-- 
2.7.4




More information about the fwts-devel mailing list