ACK: [PATCH 1/2] uefirtvariable: modify both authenticated attributes setting test

Alex Hung alex.hung at canonical.com
Tue Feb 6 00:29:56 UTC 2018


On 2018-02-05 01:35 AM, Ivan Hu wrote:
> UEFI spec 2.7 introduces new attribute
> EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for
> EFI_VARIABLE_AUTHENTICATION_3 and the attribute
> EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated
> 
> And specify
> If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the
> EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a
> SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER.
> 
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>   src/lib/include/fwts_uefi.h              |  3 ++-
>   src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++-----
>   2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
> index bf93613..e90d115 100644
> --- a/src/lib/include/fwts_uefi.h
> +++ b/src/lib/include/fwts_uefi.h
> @@ -43,7 +43,8 @@ enum {
>   	FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD =			0x00000008,
>   	FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS =			0x00000010,
>   	FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS =	0x00000020,
> -	FWTS_UEFI_VARIABLE_APPEND_WRITE =				0x00000040
> +	FWTS_UEFI_VARIABLE_APPEND_WRITE =				0x00000040,
> +	FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS =		0x00000080
>   };
>   
>   enum {
> diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
> index f5c79a0..b038216 100644
> --- a/src/uefi/uefirtvariable/uefirtvariable.c
> +++ b/src/uefi/uefirtvariable/uefirtvariable.c
> @@ -885,7 +885,7 @@ static int setvariable_insertvariable(
>   
>   	if (ioret == -1) {
>   		if ((status == EFI_INVALID_PARAMETER) &&
> -			((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
> +			((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) ||
>   			(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) ||
>   			(attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) {
>   			fwts_uefi_print_status_info(fw, status);
> @@ -1045,7 +1045,7 @@ static int setvariable_invalidattr(
>   	ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable);
>   
>   	if ((status == EFI_SUCCESS) && (ioret != -1)) {
> -		if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) &&
> +		if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) &&
>   			(attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) &&
>   			(status != EFI_INVALID_PARAMETER)) {
>   			fwts_warning(fw,
> @@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw)
>   	uint8_t datadiff = 0;
>   	uint32_t attr;
>   
> -	attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> +	attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
>   	ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, &gtestguid1, datadiff);
>   	if (ret == FWTS_ERROR) {
>   		fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable",
> -			"Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> +			"Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
>   			"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail.");
>   		setvariable_insertvariable(fw, 0, datasize, variablenametest, &gtestguid1, datadiff);
>   		return FWTS_ERROR;
> @@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw)
>   		&gtestguid1) == FWTS_ERROR) {
>   		fwts_log_info(fw,
>   			"Get the variable which is set by SetVariable with both "
> -			"authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS "
> +			"authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS "
>   			"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) "
>   			"attributes are set %" PRIu32 " , test failed.", attr);
>   		setvariable_insertvariable(fw, 0, datasize, variablenametest, &gtestguid1, datadiff);
> 

Acked-by: Alex Hung <alex.hung at canonical.com>



More information about the fwts-devel mailing list