ACK: [PATCH 03/15][RESEND] uefirtauthvar: add test with setting the same authenticated variable

Colin Ian King colin.king at canonical.com
Thu Oct 23 16:45:00 UTC 2014 

On 23/10/14 08:25, Ivan Hu wrote:
> Add the test with one existing variable, but set the same authenticated
> variable, firmware need to check the setting authenticated variable and
> return EFI_SECURITY_VIOLATION.
> 
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>  src/uefi/uefirtauthvar/uefirtauthvar.c |   36 ++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
> 
> diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
> index 4be4a6f..69460a2 100644
> --- a/src/uefi/uefirtauthvar/uefirtauthvar.c
> +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
> @@ -223,8 +223,44 @@ static int uefirtauthvar_test1(fwts_framework *fw)
>  	return FWTS_OK;
>  }
>  
> +/*
> + * With one existing variable, but set the same authenticated variable,
> + * AuthVarCreate, expect EFI_SECURITY_VIOLATION returned.
> + */
> +static int uefirtauthvar_test2(fwts_framework *fw)
> +{
> +	long ioret;
> +	uint64_t status;
> +	int supcheck;
> +
> +	ioret = setvar(&gtestguid, attributes, sizeof(AuthVarCreate), AuthVarCreate, &status);
> +
> +	if (ioret == -1) {
> +		supcheck = check_fw_support(fw, status);
> +		if (supcheck != FWTS_OK)
> +			return supcheck;
> +
> +		if (status == EFI_SECURITY_VIOLATION) {
> +			fwts_passed(fw, "Set the same authenticated variable test passed.");
> +			return FWTS_OK;
> +		}
> +
> +		fwts_failed(fw, LOG_LEVEL_MEDIUM,
> +			"UEFISetSameAuthVar",
> +			"Set authenticated variable fail");
> +			fwts_uefi_print_status_info(fw, status);
> +	}
> +
> +	fwts_failed(fw, LOG_LEVEL_HIGH,
> +		"UEFISetSameAuthVar",
> +		"Set authenticated variable expected fail but success");
> +
> +	return FWTS_ERROR;
> +}
> +
>  static fwts_framework_minor_test uefirtauthvar_tests[] = {
>  	{ uefirtauthvar_test1, "Create authenticated variable test." },
> +	{ uefirtauthvar_test2, "Authenticated variable test with the same authenticated variable." },
>  	{ NULL, NULL }
>  };
>  
> 
Acked-by: Colin Ian King <colin.king at canonical.com>

More information about the fwts-devel mailing list