[PATCH 00/15] Authenticated variable tests (LP: #1384134)

[IvanHu]

Hi Colin,

I believe no. I've tested with Intel Server Board S1200 and Desktop 
Board DQ57TM. These tests should be able to use to test the UEFI enabled 
machines, especially which claims secureboot supported.

Ivan

On 10/22/2014 05:47 PM, Colin Ian King wrote:
> Thanks Ivan,
>
> Is there anything I need to be aware of or to check when I test this
> patch set out?
>
> COlin
>
> On 22/10/14 10:35, Ivan Hu wrote:
>> These patches add the tests for the authenticated variable setting via
>> setvariable UEFI runtime service. These tests are base on the
>> EFI_VARIABLE_AUTHENTICATION_2 descriptor which setvariable with
>> attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set.
>>
>> These authenticated variables(include digest, signed content etc.) are
>> generated followed by the UEFI spec. 2.4, section 7.2.1.
>>
>> * Create authenticated variable test
>>    This test checks the setvariable with the new authenticated variable which
>>    was created with TIME_BASED_AUTHENTICATED.
>> * Authenticated variable test with the same authenticated variable
>>    With one existing variable, but set the same authenticated
>>    variable, firmware should check the authenticated variable and
>>    return EFI_SECURITY_VIOLATION.
>> * Authenticated variable test with another valid authenticated variable
>>    With one existing variable, but set authenticated variable, which created
>>    by another valid key, firmware should check the authenticated variable
>>    and return return EFI_SECURITY_VIOLATION.
>> * Append authenticated variable test
>>    This test add the normal append operation and then check the total data size
>>    and the data.
>> * Update authenticated variable test
>>    This test update the new authenticated variable created by the same key but
>>    a new timestame and data.
>> * Authenticated variable test with old authenticated variable
>>    Set the old data and timestamp authenticated variable, firmware should
>>    check and return EFI_SECURITY_VIOLATION.
>> * Delete authenticated variable test
>>    Test for deleting the test authenticated variable.
>> * Authenticated variable test with invalid modified data
>>    This test sets the authenticated variable with invalid modified data,
>>    firmware should check the data and return EFI_SECURITY_VIOLATION.
>> * Authenticated variable test with invalid modified timestamp
>>    This test sets the authenticated variable with invalid timestamp, not the
>>    same timestamp as the one hashed in the authenticated variable, firmware
>>    should check it and return EFI_SECURITY_VIOLATION.
>> * Authenticated variable test with different guid
>>    This test sets the authenticated variable with invalid guid, not the same
>>    guid as the one hashed in the authenticated variable, firmware should check
>>    it and return EFI_SECURITY_VIOLATION.
>> * Authenticated variable test with invalid attributes
>>    This test sets the authenticated variable with the invalid attributes. The
>>    authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor,
>>    set the authenticated variable with invalid
>>    EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of
>>    EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute,
>>    firmware should return EFI_SECURITY_VIOLATION.
>> * Test with both authenticated attributes are set
>>    Set the authitecated variable with both
>>    EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and the
>>    EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attributes, firmware
>>    should return EFI_INVALID_PARAMETER.
>> * Set and delete authenticated variable created by different key test
>>    After previous test authenticated variable was deleted, test with setting and
>>    deleting another authenticated variable which created by different key.
>>
>> Ivan Hu (15):
>>    uefirtauthvar: add the test for creating authenticated variable
>>    uefirtauthvar: cleanup environment before testing
>>    uefirtauthvar: add test with setting the same authenticated variable
>>    uefirtauthvar: add test for setting authenticated variable created by
>>      another key
>>    uefirtauthvar: add the normal append operation test
>>    uefirtauthvar: add test update the authenticated variable
>>    uefirtauthvar: add setting old authenticated variable test
>>    uefirtauthvar: delete authenticated variable test
>>    uefirtauthvar: setting authenticated variable with invalid modified
>>      data test
>>    uefirtauthvar: setting authenticated variable with invalid modified
>>      timestamp
>>    uefirtauthvar: setting authenticated variable with different guid
>>      test
>>    uefirtauthvar: setting authenticated variable with invalid attribute
>>      test
>>    uefirtauthvar: test with both authenticated attributes are set
>>    uefirtauthvar: Set and delete authenticated variable created by
>>      different key test
>>    uefirtauthvar: cleanup environment for another authenticated variable
>>
>>   src/Makefile.am                        |    3 +-
>>   src/uefi/uefirtauthvar/authvardefs.h   |  998 ++++++++++++++++++++++++++++++++
>>   src/uefi/uefirtauthvar/uefirtauthvar.c |  837 ++++++++++++++++++++++++++
>>   3 files changed, 1837 insertions(+), 1 deletion(-)
>>   create mode 100644 src/uefi/uefirtauthvar/authvardefs.h
>>   create mode 100644 src/uefi/uefirtauthvar/uefirtauthvar.c
>>
>
>