[PATCH 1/2] uefirtvariable: modify both authenticated attributes setting test
Ivan Hu
ivan.hu at canonical.com
Mon Feb 5 09:35:57 UTC 2018
UEFI spec 2.7 introduces new attribute
EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for
EFI_VARIABLE_AUTHENTICATION_3 and the attribute
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated
And specify
If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the
EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a
SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER.
Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
src/lib/include/fwts_uefi.h | 3 ++-
src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++-----
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
index bf93613..e90d115 100644
--- a/src/lib/include/fwts_uefi.h
+++ b/src/lib/include/fwts_uefi.h
@@ -43,7 +43,8 @@ enum {
FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008,
FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010,
FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020,
- FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040
+ FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040,
+ FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS = 0x00000080
};
enum {
diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
index f5c79a0..b038216 100644
--- a/src/uefi/uefirtvariable/uefirtvariable.c
+++ b/src/uefi/uefirtvariable/uefirtvariable.c
@@ -885,7 +885,7 @@ static int setvariable_insertvariable(
if (ioret == -1) {
if ((status == EFI_INVALID_PARAMETER) &&
- ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
+ ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) ||
(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) ||
(attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) {
fwts_uefi_print_status_info(fw, status);
@@ -1045,7 +1045,7 @@ static int setvariable_invalidattr(
ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable);
if ((status == EFI_SUCCESS) && (ioret != -1)) {
- if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) &&
+ if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) &&
(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) &&
(status != EFI_INVALID_PARAMETER)) {
fwts_warning(fw,
@@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw)
uint8_t datadiff = 0;
uint32_t attr;
- attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff);
if (ret == FWTS_ERROR) {
fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable",
- "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
+ "Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail.");
setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
return FWTS_ERROR;
@@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw)
>estguid1) == FWTS_ERROR) {
fwts_log_info(fw,
"Get the variable which is set by SetVariable with both "
- "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
+ "authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) "
"attributes are set %" PRIu32 " , test failed.", attr);
setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
--
2.7.4
More information about the fwts-devel
mailing list