| Message ID | 1521186302-8920-1-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | uefirtauthvar: remove test with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | expand |
On 2018-03-16 12:45 AM, Ivan Hu wrote: > Attribute EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS has been deprecated in > UEFI 2.7, test with this attribute is not proper anymore. And some tests > have been added to uefirtvariable test for checking > EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute supporting on firmware. > so, remove this test. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/uefirtauthvar/uefirtauthvar.c | 48 ++-------------------------------- > 1 file changed, 2 insertions(+), 46 deletions(-) > > diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c > index 7d837a3..c203174 100644 > --- a/src/uefi/uefirtauthvar/uefirtauthvar.c > +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c > @@ -673,53 +673,10 @@ static int uefirtauthvar_test10(fwts_framework *fw) > } > > /* > - * The authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor, > - * set the authenticated variable with invalid > - * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of > - * EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute should > - * return EFI_SECURITY_VIOLATION. > - */ > -static int uefirtauthvar_test11(fwts_framework *fw) > -{ > - long ioret; > - > - uint64_t status; > - uint32_t attr = FWTS_UEFI_VAR_NON_VOLATILE | > - FWTS_UEFI_VAR_BOOTSERVICE_ACCESS | > - FWTS_UEFI_VAR_RUNTIME_ACCESS | > - FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS; > - > - ioret = setvar(>estguid, attr, sizeof(AuthVarCreate), AuthVarCreate, &status); > - > - if (ioret == -1) { > - int supcheck = check_fw_support(fw, status); > - > - if (supcheck != FWTS_OK) > - return supcheck; > - > - if (status == EFI_SECURITY_VIOLATION) { > - fwts_passed(fw, "Set authenticated variable test with invalid attributes passed."); > - return FWTS_OK; > - } > - > - fwts_failed(fw, LOG_LEVEL_MEDIUM, > - "UEFISetAuthVarInvalidAttr", > - "Set authenticated variable fail"); > - fwts_uefi_print_status_info(fw, status); > - } > - > - fwts_failed(fw, LOG_LEVEL_HIGH, > - "UEFISetAuthVarInvalidAttr", > - "Set authenticated variable expected fail but success"); > - > - return FWTS_ERROR; > -} > - > -/* > * Test with setting and deleting another authenticated variable, > * after previous test authenticated variable was deleted. > */ > -static int uefirtauthvar_test12(fwts_framework *fw) > +static int uefirtauthvar_test11(fwts_framework *fw) > { > long ioret; > > @@ -825,8 +782,7 @@ static fwts_framework_minor_test uefirtauthvar_tests[] = { > { uefirtauthvar_test8, "Authenticated variable test with invalid modified data." }, > { uefirtauthvar_test9, "Authenticated variable test with invalid modified timestamp." }, > { uefirtauthvar_test10, "Authenticated variable test with different guid." }, > - { uefirtauthvar_test11, "Authenticated variable test with invalid attributes." }, > - { uefirtauthvar_test12, "Set and delete authenticated variable created by different key test." }, > + { uefirtauthvar_test11, "Set and delete authenticated variable created by different key test." }, > { NULL, NULL } > }; > > Acked-by: Alex Hung <alex.hung@canonical.com>
On 16/03/18 07:45, Ivan Hu wrote: > Attribute EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS has been deprecated in > UEFI 2.7, test with this attribute is not proper anymore. And some tests > have been added to uefirtvariable test for checking > EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute supporting on firmware. > so, remove this test. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/uefirtauthvar/uefirtauthvar.c | 48 ++-------------------------------- > 1 file changed, 2 insertions(+), 46 deletions(-) > > diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c > index 7d837a3..c203174 100644 > --- a/src/uefi/uefirtauthvar/uefirtauthvar.c > +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c > @@ -673,53 +673,10 @@ static int uefirtauthvar_test10(fwts_framework *fw) > } > > /* > - * The authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor, > - * set the authenticated variable with invalid > - * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of > - * EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute should > - * return EFI_SECURITY_VIOLATION. > - */ > -static int uefirtauthvar_test11(fwts_framework *fw) > -{ > - long ioret; > - > - uint64_t status; > - uint32_t attr = FWTS_UEFI_VAR_NON_VOLATILE | > - FWTS_UEFI_VAR_BOOTSERVICE_ACCESS | > - FWTS_UEFI_VAR_RUNTIME_ACCESS | > - FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS; > - > - ioret = setvar(>estguid, attr, sizeof(AuthVarCreate), AuthVarCreate, &status); > - > - if (ioret == -1) { > - int supcheck = check_fw_support(fw, status); > - > - if (supcheck != FWTS_OK) > - return supcheck; > - > - if (status == EFI_SECURITY_VIOLATION) { > - fwts_passed(fw, "Set authenticated variable test with invalid attributes passed."); > - return FWTS_OK; > - } > - > - fwts_failed(fw, LOG_LEVEL_MEDIUM, > - "UEFISetAuthVarInvalidAttr", > - "Set authenticated variable fail"); > - fwts_uefi_print_status_info(fw, status); > - } > - > - fwts_failed(fw, LOG_LEVEL_HIGH, > - "UEFISetAuthVarInvalidAttr", > - "Set authenticated variable expected fail but success"); > - > - return FWTS_ERROR; > -} > - > -/* > * Test with setting and deleting another authenticated variable, > * after previous test authenticated variable was deleted. > */ > -static int uefirtauthvar_test12(fwts_framework *fw) > +static int uefirtauthvar_test11(fwts_framework *fw) > { > long ioret; > > @@ -825,8 +782,7 @@ static fwts_framework_minor_test uefirtauthvar_tests[] = { > { uefirtauthvar_test8, "Authenticated variable test with invalid modified data." }, > { uefirtauthvar_test9, "Authenticated variable test with invalid modified timestamp." }, > { uefirtauthvar_test10, "Authenticated variable test with different guid." }, > - { uefirtauthvar_test11, "Authenticated variable test with invalid attributes." }, > - { uefirtauthvar_test12, "Set and delete authenticated variable created by different key test." }, > + { uefirtauthvar_test11, "Set and delete authenticated variable created by different key test." }, > { NULL, NULL } > }; > > Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c index 7d837a3..c203174 100644 --- a/src/uefi/uefirtauthvar/uefirtauthvar.c +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c @@ -673,53 +673,10 @@ static int uefirtauthvar_test10(fwts_framework *fw) } /* - * The authenticated variable is followed EFI_VARIABLE_AUTHENTICATION_2 descriptor, - * set the authenticated variable with invalid - * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS instead of - * EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute should - * return EFI_SECURITY_VIOLATION. - */ -static int uefirtauthvar_test11(fwts_framework *fw) -{ - long ioret; - - uint64_t status; - uint32_t attr = FWTS_UEFI_VAR_NON_VOLATILE | - FWTS_UEFI_VAR_BOOTSERVICE_ACCESS | - FWTS_UEFI_VAR_RUNTIME_ACCESS | - FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS; - - ioret = setvar(>estguid, attr, sizeof(AuthVarCreate), AuthVarCreate, &status); - - if (ioret == -1) { - int supcheck = check_fw_support(fw, status); - - if (supcheck != FWTS_OK) - return supcheck; - - if (status == EFI_SECURITY_VIOLATION) { - fwts_passed(fw, "Set authenticated variable test with invalid attributes passed."); - return FWTS_OK; - } - - fwts_failed(fw, LOG_LEVEL_MEDIUM, - "UEFISetAuthVarInvalidAttr", - "Set authenticated variable fail"); - fwts_uefi_print_status_info(fw, status); - } - - fwts_failed(fw, LOG_LEVEL_HIGH, - "UEFISetAuthVarInvalidAttr", - "Set authenticated variable expected fail but success"); - - return FWTS_ERROR; -} - -/* * Test with setting and deleting another authenticated variable, * after previous test authenticated variable was deleted. */ -static int uefirtauthvar_test12(fwts_framework *fw) +static int uefirtauthvar_test11(fwts_framework *fw) { long ioret; @@ -825,8 +782,7 @@ static fwts_framework_minor_test uefirtauthvar_tests[] = { { uefirtauthvar_test8, "Authenticated variable test with invalid modified data." }, { uefirtauthvar_test9, "Authenticated variable test with invalid modified timestamp." }, { uefirtauthvar_test10, "Authenticated variable test with different guid." }, - { uefirtauthvar_test11, "Authenticated variable test with invalid attributes." }, - { uefirtauthvar_test12, "Set and delete authenticated variable created by different key test." }, + { uefirtauthvar_test11, "Set and delete authenticated variable created by different key test." }, { NULL, NULL } };
Attribute EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS has been deprecated in UEFI 2.7, test with this attribute is not proper anymore. And some tests have been added to uefirtvariable test for checking EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute supporting on firmware. so, remove this test. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/uefirtauthvar/uefirtauthvar.c | 48 ++-------------------------------- 1 file changed, 2 insertions(+), 46 deletions(-)