[PATCH 03/15][RESEND] uefirtauthvar: add test with setting the same authenticated variable

[Ivan Hu]

Add the test with one existing variable, but set the same authenticated
variable, firmware need to check the setting authenticated variable and
return EFI_SECURITY_VIOLATION.

Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
 src/uefi/uefirtauthvar/uefirtauthvar.c |   36 ++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
index 4be4a6f..69460a2 100644
--- a/src/uefi/uefirtauthvar/uefirtauthvar.c
+++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
@@ -223,8 +223,44 @@ static int uefirtauthvar_test1(fwts_framework *fw)
 	return FWTS_OK;
 }
 
+/*
+ * With one existing variable, but set the same authenticated variable,
+ * AuthVarCreate, expect EFI_SECURITY_VIOLATION returned.
+ */
+static int uefirtauthvar_test2(fwts_framework *fw)
+{
+	long ioret;
+	uint64_t status;
+	int supcheck;
+
+	ioret = setvar(&gtestguid, attributes, sizeof(AuthVarCreate), AuthVarCreate, &status);
+
+	if (ioret == -1) {
+		supcheck = check_fw_support(fw, status);
+		if (supcheck != FWTS_OK)
+			return supcheck;
+
+		if (status == EFI_SECURITY_VIOLATION) {
+			fwts_passed(fw, "Set the same authenticated variable test passed.");
+			return FWTS_OK;
+		}
+
+		fwts_failed(fw, LOG_LEVEL_MEDIUM,
+			"UEFISetSameAuthVar",
+			"Set authenticated variable fail");
+			fwts_uefi_print_status_info(fw, status);
+	}
+
+	fwts_failed(fw, LOG_LEVEL_HIGH,
+		"UEFISetSameAuthVar",
+		"Set authenticated variable expected fail but success");
+
+	return FWTS_ERROR;
+}
+
 static fwts_framework_minor_test uefirtauthvar_tests[] = {
 	{ uefirtauthvar_test1, "Create authenticated variable test." },
+	{ uefirtauthvar_test2, "Authenticated variable test with the same authenticated variable." },
 	{ NULL, NULL }
 };
 
-- 
1.7.9.5