[PATCH 00/15] Authenticated variable tests (LP: #1384134)

Ivan Hu ivan.hu at canonical.com
Wed Oct 22 09:35:45 UTC 2014 

These patches add the tests for the authenticated variable setting via
setvariable UEFI runtime service. These tests are base on the
EFI_VARIABLE_AUTHENTICATION_2 descriptor which setvariable with
attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set.

These authenticated variables(include digest, signed content etc.) are
generated followed by the UEFI spec. 2.4, section 7.2.1.

* Create authenticated variable test
  This test checks the setvariable with the new authenticated variable which
  was created with TIME_BASED_AUTHENTICATED.
* Authenticated variable test with the same authenticated variable
  With one existing variable, but set the same authenticated
  variable, firmware should check the authenticated variable and
  return EFI_SECURITY_VIOLATION.
* Authenticated variable test with another valid authenticated variable
  With one existing variable, but set authenticated variable, which created
  by another valid key, firmware should check the authenticated variable
  and return return EFI_SECURITY_VIOLATION.
* Append authenticated variable test
  This test add the normal append operation and then check the total data size
  and the data.
* Update authenticated variable test
  This test update the new authenticated variable created by the same key but
  a new timestame and data.
* Authenticated variable test with old authenticated variable
  Set the old data and timestamp authenticated variable, firmware should
  check and return EFI_SECURITY_VIOLATION.
* Delete authenticated variable test
  Test for deleting the test authenticated variable.
* Authenticated variable test with invalid modified data
  This test sets the authenticated variable with invalid modified data,
  firmware should check the data and return EFI_SECURITY_VIOLATION.
* Authenticated variable test with invalid modified timestamp
  This test sets the authenticated variable with invalid timestamp, not the
  same timestamp as the one hashed in the authenticated variable, firmware
  should check it and return EFI_SECURITY_VIOLATION.
* Authenticated variable test with different guid
  This test sets the authenticated variable with invalid guid, not the same
  guid as the one hashed in the authenticated variable, firmware should check
  it and return EFI_SECURITY_VIOLATION.
* Authenticated variable test with invalid attributes
  This test sets the authenticated variable with the invalid attributes. The
  authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor,
  set the authenticated variable with invalid
  EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of
  EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute,
  firmware should return EFI_SECURITY_VIOLATION.
* Test with both authenticated attributes are set
  Set the authitecated variable with both
  EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and the 
  EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attributes, firmware
  should return EFI_INVALID_PARAMETER.
* Set and delete authenticated variable created by different key test
  After previous test authenticated variable was deleted, test with setting and
  deleting another authenticated variable which created by different key.

Ivan Hu (15):
  uefirtauthvar: add the test for creating authenticated variable
  uefirtauthvar: cleanup environment before testing
  uefirtauthvar: add test with setting the same authenticated variable
  uefirtauthvar: add test for setting authenticated variable created by
    another key
  uefirtauthvar: add the normal append operation test
  uefirtauthvar: add test update the authenticated variable
  uefirtauthvar: add setting old authenticated variable test
  uefirtauthvar: delete authenticated variable test
  uefirtauthvar: setting authenticated variable with invalid modified
    data test
  uefirtauthvar: setting authenticated variable with invalid modified
    timestamp
  uefirtauthvar: setting authenticated variable with different guid
    test
  uefirtauthvar: setting authenticated variable with invalid attribute
    test
  uefirtauthvar: test with both authenticated attributes are set
  uefirtauthvar: Set and delete authenticated variable created by
    different key test
  uefirtauthvar: cleanup environment for another authenticated variable

 src/Makefile.am                        |    3 +-
 src/uefi/uefirtauthvar/authvardefs.h   |  998 ++++++++++++++++++++++++++++++++
 src/uefi/uefirtauthvar/uefirtauthvar.c |  837 ++++++++++++++++++++++++++
 3 files changed, 1837 insertions(+), 1 deletion(-)
 create mode 100644 src/uefi/uefirtauthvar/authvardefs.h
 create mode 100644 src/uefi/uefirtauthvar/uefirtauthvar.c

-- 
1.7.9.5

More information about the fwts-devel mailing list