[PATCH 12/15] uefirtauthvar: setting authenticated variable with invalid attribute test
Keng-Yu Lin
keng-yu.lin at canonical.com
Wed Oct 29 04:07:46 UTC 2014
On Wed, Oct 22, 2014 at 5:40 PM, Ivan Hu <ivan.hu at canonical.com> wrote:
> This test sets with the invalid attributes. The authenticated variable is
> followed EFI_VARIABLE_AUTHENTICATION_2 descriptor, set the authenticated
> variable with invalid EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute, firmware should
> return EFI_SECURITY_VIOLATION.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
> src/uefi/uefirtauthvar/uefirtauthvar.c | 44 ++++++++++++++++++++++++++++++++
> 1 file changed, 44 insertions(+)
>
> diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
> index 00da3c7..fc59487 100644
> --- a/src/uefi/uefirtauthvar/uefirtauthvar.c
> +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
> @@ -622,6 +622,49 @@ static int uefirtauthvar_test10(fwts_framework *fw)
> return FWTS_ERROR;
> }
>
> +/*
> + * The authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor,
> + * set the authenticated variable with invalid
> + * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of
> + * EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute should
> + * return EFI_SECURITY_VIOLATION.
> + */
> +static int uefirtauthvar_test11(fwts_framework *fw)
> +{
> + long ioret;
> +
> + uint64_t status;
> + int supcheck;
> + uint32_t attr = FWTS_UEFI_VAR_NON_VOLATILE |
> + FWTS_UEFI_VAR_BOOTSERVICE_ACCESS |
> + FWTS_UEFI_VAR_RUNTIME_ACCESS |
> + FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
> +
> + ioret = setvar(>estguid, attr, sizeof(AuthVarCreate), AuthVarCreate, &status);
> +
> + if (ioret == -1) {
> + supcheck = check_fw_support(fw, status);
> + if (supcheck != FWTS_OK)
> + return supcheck;
> +
> + if (status == EFI_SECURITY_VIOLATION) {
> + fwts_passed(fw, "Set authenticated variable test with invalid attributes passed.");
> + return FWTS_OK;
> + }
> +
> + fwts_failed(fw, LOG_LEVEL_MEDIUM,
> + "UEFISetAuthVarInvalidAttr",
> + "Set authenticated variable fail");
> + fwts_uefi_print_status_info(fw, status);
> + }
> +
> + fwts_failed(fw, LOG_LEVEL_HIGH,
> + "UEFISetAuthVarInvalidAttr",
> + "Set authenticated variable expected fail but success");
> +
> + return FWTS_ERROR;
> +}
> +
> static fwts_framework_minor_test uefirtauthvar_tests[] = {
> { uefirtauthvar_test1, "Create authenticated variable test." },
> { uefirtauthvar_test2, "Authenticated variable test with the same authenticated variable." },
> @@ -633,6 +676,7 @@ static fwts_framework_minor_test uefirtauthvar_tests[] = {
> { uefirtauthvar_test8, "Authenticated variable test with invalid modified data." },
> { uefirtauthvar_test9, "Authenticated variable test with invalid modified timestamp." },
> { uefirtauthvar_test10, "Authenticated variable test with different guid." },
> + { uefirtauthvar_test11, "Authenticated variable test with invalid attributes." },
> { NULL, NULL }
> };
>
> --
> 1.7.9.5
>
>
Acked-by: Keng-Yu Lin <kengyu at canonical.com>
More information about the fwts-devel
mailing list