ACK: [PATCH 1/2] uefirtvariable: modify both authenticated attributes setting test
Alex Hung
alex.hung at canonical.com
Tue Feb 6 00:29:56 UTC 2018
On 2018-02-05 01:35 AM, Ivan Hu wrote:
> UEFI spec 2.7 introduces new attribute
> EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for
> EFI_VARIABLE_AUTHENTICATION_3 and the attribute
> EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated
>
> And specify
> If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the
> EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a
> SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
> src/lib/include/fwts_uefi.h | 3 ++-
> src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++-----
> 2 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
> index bf93613..e90d115 100644
> --- a/src/lib/include/fwts_uefi.h
> +++ b/src/lib/include/fwts_uefi.h
> @@ -43,7 +43,8 @@ enum {
> FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008,
> FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010,
> FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020,
> - FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040
> + FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040,
> + FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS = 0x00000080
> };
>
> enum {
> diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
> index f5c79a0..b038216 100644
> --- a/src/uefi/uefirtvariable/uefirtvariable.c
> +++ b/src/uefi/uefirtvariable/uefirtvariable.c
> @@ -885,7 +885,7 @@ static int setvariable_insertvariable(
>
> if (ioret == -1) {
> if ((status == EFI_INVALID_PARAMETER) &&
> - ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
> + ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) ||
> (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) ||
> (attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) {
> fwts_uefi_print_status_info(fw, status);
> @@ -1045,7 +1045,7 @@ static int setvariable_invalidattr(
> ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable);
>
> if ((status == EFI_SUCCESS) && (ioret != -1)) {
> - if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) &&
> + if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) &&
> (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) &&
> (status != EFI_INVALID_PARAMETER)) {
> fwts_warning(fw,
> @@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw)
> uint8_t datadiff = 0;
> uint32_t attr;
>
> - attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> + attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff);
> if (ret == FWTS_ERROR) {
> fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable",
> - "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> + "Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
> "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail.");
> setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
> return FWTS_ERROR;
> @@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw)
> >estguid1) == FWTS_ERROR) {
> fwts_log_info(fw,
> "Get the variable which is set by SetVariable with both "
> - "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> + "authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
> "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) "
> "attributes are set %" PRIu32 " , test failed.", attr);
> setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
>
Acked-by: Alex Hung <alex.hung at canonical.com>
More information about the fwts-devel
mailing list