From: Chris Johnson <chris.n.john...@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Signed-off-by: Chris Johnson <chris.n.john...@intel.com>
Acked-by: Jiewen Yao <jiewen....@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
---
.../SecureBootVariableLibGoogleTest.cpp | 174 ++++++++++++++++++
.../SecureBootVariableLibGoogleTest.inf | 32 ++++
.../UnitTest/MockPlatformPKProtectionLib.inf | 4 +-
.../UnitTest/MockUefiLib.inf | 4 +-
.../MockUefiRuntimeServicesTableLib.inf | 4 +-
.../UnitTest/SecureBootVariableLibUnitTest.c | 2 +-
SecurityPkg/SecurityPkg.dec | 1 +
.../Library/MockPlatformPKProtectionLib.h | 28 +++
.../MockPlatformPKProtectionLib.cpp | 11 ++
.../MockPlatformPKProtectionLib.inf | 34 ++++
SecurityPkg/Test/SecurityPkgHostTest.dsc | 8 +
11 files changed, 295 insertions(+), 7 deletions(-)
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf
create mode 100644
SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h
create mode 100644
SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp
create mode 100644
SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
diff --git
a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp
b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp
new file mode 100644
index 000000000000..c9190c8ffd61
--- /dev/null
+++
b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp
@@ -0,0 +1,174 @@
+/** @file
+ Unit tests for the implementation of SecureBootVariableLib.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <Library/GoogleTestLib.h>
+#include <GoogleTest/Library/MockUefiLib.h>
+#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <UefiSecureBoot.h>
+ #include <Guid/AuthenticatedVariableFormat.h>
+ #include <Guid/ImageAuthentication.h>
+ #include <Library/SecureBootVariableLib.h>
+ #include <Library/MemoryAllocationLib.h>
+}
+
+using namespace testing;
+
+//////////////////////////////////////////////////////////////////////////////
+class SetSecureBootModeTest : public Test {
+ protected:
+ MockUefiRuntimeServicesTableLib RtServicesMock;
+ UINT8 SecureBootMode;
+ EFI_STATUS Status;
+
+ void SetUp() override {
+ // Any random magic number can be used for these tests
+ SecureBootMode = 0xAB;
+ }
+};
+
+// Test SetSecureBootMode() API from SecureBootVariableLib to verify the
+// expected error is returned when the call to gRT->SetVariable() fails.
+TEST_F(SetSecureBootModeTest, SetVarError) {
+ EXPECT_CALL(RtServicesMock, gRT_SetVariable)
+ .WillOnce(Return(EFI_INVALID_PARAMETER));
+
+ Status = SetSecureBootMode(SecureBootMode);
+ EXPECT_EQ(Status, EFI_INVALID_PARAMETER);
+}
+
+// Test SetSecureBootMode() API from SecureBootVariableLib to verify the
+// expected secure boot mode is written to the correct variable in the call
+// to gRT->SetVariable().
+TEST_F(SetSecureBootModeTest, PropogateModeToSetVar) {
+ EXPECT_CALL(RtServicesMock,
+ gRT_SetVariable(
+ Char16StrEq(EFI_CUSTOM_MODE_NAME),
+ BufferEq(&gEfiCustomModeEnableGuid, sizeof(EFI_GUID)),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(SecureBootMode),
+ BufferEq(&SecureBootMode, sizeof(SecureBootMode))))
+ .WillOnce(Return(EFI_SUCCESS));
+
+ Status = SetSecureBootMode(SecureBootMode);
+ EXPECT_EQ(Status, EFI_SUCCESS);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class GetSetupModeTest : public Test {
+ protected:
+ MockUefiRuntimeServicesTableLib RtServicesMock;
+ UINT8 SetupMode;
+ EFI_STATUS Status;
+ UINT8 ExpSetupMode;
+
+ void SetUp() override {
+ // Any random magic number can be used for these tests
+ ExpSetupMode = 0xAB;
+ }
+};
+
+// Test GetSetupMode() API from SecureBootVariableLib to verify the expected
+// error is returned when the call to gRT->GetVariable() fails.
+TEST_F(GetSetupModeTest, GetVarError) {
+ EXPECT_CALL(RtServicesMock, gRT_GetVariable)
+ .WillOnce(Return(EFI_INVALID_PARAMETER));
+
+ Status = GetSetupMode (&SetupMode);
+ EXPECT_EQ(Status, EFI_INVALID_PARAMETER);
+}
+
+// Test GetSetupMode() API from SecureBootVariableLib to verify the expected
+// setup mode is returned (and with a success return code) when the mode is
+// successfully read from the call to gRT->GetVariable().
+TEST_F(GetSetupModeTest, FetchModeFromGetVar) {
+ EXPECT_CALL(RtServicesMock,
+ gRT_GetVariable(
+ Char16StrEq(EFI_SETUP_MODE_NAME),
+ BufferEq(&gEfiGlobalVariableGuid, sizeof(EFI_GUID)),
+ _,
+ Pointee(Eq(sizeof(SetupMode))),
+ NotNull()))
+ .WillOnce(DoAll(
+ SetArgPointee<3>(sizeof(ExpSetupMode)),
+ SetArgBuffer<4>(&ExpSetupMode, sizeof(ExpSetupMode)),
+ Return(EFI_SUCCESS)));
+
+ Status = GetSetupMode (&SetupMode);
+ ASSERT_EQ(Status, EFI_SUCCESS);
+ EXPECT_EQ(SetupMode, ExpSetupMode);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class IsSecureBootEnabledTest : public Test {
+ protected:
+ MockUefiLib UefiLibMock;
+ BOOLEAN Enabled;
+};
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE
+// is returned when the call to GetEfiGlobalVariable2() fails.
+TEST_F(IsSecureBootEnabledTest, GetVarError) {
+ EXPECT_CALL(UefiLibMock, GetEfiGlobalVariable2)
+ .WillOnce(Return(EFI_ABORTED));
+
+ Enabled = IsSecureBootEnabled ();
+ EXPECT_EQ(Enabled, FALSE);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class IsSecureBootEnabledAllocTest : public IsSecureBootEnabledTest {
+ protected:
+ UINT8 *BootEnabledBuffer;
+
+ void SetUp() override {
+ BootEnabledBuffer = (UINT8*) AllocatePool(1);
+ ASSERT_NE(BootEnabledBuffer, nullptr);
+ }
+};
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify TRUE
+// is returned when the call to GetEfiGlobalVariable2() is successful and
+// returns SECURE_BOOT_MODE_ENABLE.
+TEST_F(IsSecureBootEnabledAllocTest, IsEnabled) {
+ *BootEnabledBuffer = SECURE_BOOT_MODE_ENABLE;
+ EXPECT_CALL(UefiLibMock,
+ GetEfiGlobalVariable2(
+ Char16StrEq(EFI_SECURE_BOOT_MODE_NAME),
+ NotNull(),
+ _))
+ .WillOnce(DoAll(
+ SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)),
+ Return(EFI_SUCCESS)));
+
+ Enabled = IsSecureBootEnabled ();
+ EXPECT_EQ(Enabled, TRUE);
+}
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE
+// is returned when the call to GetEfiGlobalVariable2() is successful and
+// returns SECURE_BOOT_MODE_DISABLE.
+TEST_F(IsSecureBootEnabledAllocTest, IsDisabled) {
+ *BootEnabledBuffer = SECURE_BOOT_MODE_DISABLE;
+ EXPECT_CALL(UefiLibMock,
+ GetEfiGlobalVariable2(
+ Char16StrEq(EFI_SECURE_BOOT_MODE_NAME),
+ NotNull(),
+ _))
+ .WillOnce(DoAll(
+ SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)),
+ Return(EFI_SUCCESS)));
+
+ Enabled = IsSecureBootEnabled ();
+ EXPECT_EQ(Enabled, FALSE);
+}
+
+int main(int argc, char* argv[]) {
+ testing::InitGoogleTest(&argc, argv);
+ return RUN_ALL_TESTS();
+}
diff --git
a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf
b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf
new file mode 100644
index 000000000000..5503dcfa32d1
--- /dev/null
+++
b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf
@@ -0,0 +1,32 @@
+## @file
+# Unit test suite for the SecureBootVariableLib using Google Test
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010017
+ BASE_NAME = SecureBootVariableLibGoogleTest
+ FILE_GUID = C88372AB-726B-4344-A250-6C7F826C874E
+ VERSION_STRING = 1.0
+ MODULE_TYPE = HOST_APPLICATION
+
+#
+# The following information is for reference only and not required by the
build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ SecureBootVariableLibGoogleTest.cpp
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ GoogleTestLib
+ SecureBootVariableLib
diff --git
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
index 1e19033c5a91..c927ef709958 100644
---
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
+++
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
@@ -10,9 +10,9 @@ [Defines]
INF_VERSION = 0x00010005
BASE_NAME = MockPlatformPKProtectionLib
FILE_GUID = 5FCD74D3-3965-4D56-AB83-000B9B4806A0
- MODULE_TYPE = DXE_DRIVER
+ MODULE_TYPE = HOST_APPLICATION
VERSION_STRING = 1.0
- LIBRARY_CLASS = PlatformPKProtectionLib|HOST_APPLICATION
+ LIBRARY_CLASS = PlatformPKProtectionLib
#
# The following information is for reference only and not required by the
build tools.
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
index a84242ac7205..fecf46841131 100644
--- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -18,9 +18,9 @@ [Defines]
INF_VERSION = 0x00010005
BASE_NAME = MockUefiLib
FILE_GUID = E3B7AEF9-4E55-49AF-B035-ED776C928EC6
- MODULE_TYPE = UEFI_DRIVER
+ MODULE_TYPE = HOST_APPLICATION
VERSION_STRING = 1.0
- LIBRARY_CLASS = UefiLib|HOST_APPLICATION
+ LIBRARY_CLASS = UefiLib
#
# VALID_ARCHITECTURES = IA32 X64 EBC
diff --git
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
index f832a93e2254..6fe04189606e 100644
---
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
+++
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
@@ -10,9 +10,9 @@ [Defines]
INF_VERSION = 0x00010005
BASE_NAME = MockUefiRuntimeServicesTableLib
FILE_GUID = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1
- MODULE_TYPE = UEFI_DRIVER
+ MODULE_TYPE = HOST_APPLICATION
VERSION_STRING = 1.0
- LIBRARY_CLASS = UefiRuntimeServicesTableLib|HOST_APPLICATION
+ LIBRARY_CLASS = UefiRuntimeServicesTableLib
#
# VALID_ARCHITECTURES = IA32 X64 EBC
diff --git
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
index a23135dfb016..3a92d5d83457 100644
---
a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
+++
b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c
@@ -163,7 +163,7 @@ MockGetVariable (
return EFI_BUFFER_TOO_SMALL;
} else {
assert_non_null (Data);
- CopyMem (Data, (VOID *)mock (), TargetSize);
+ CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize);
}
return EFI_SUCCESS;
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 0382090f4e75..0a8042d63fe1 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -21,6 +21,7 @@ [Defines]
[Includes]
Include
+ Test/Mock/Include
[LibraryClasses]
## @libraryclass Provides hash interfaces from different implementations.
diff --git
a/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h
b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h
new file mode 100644
index 000000000000..8024f4be2975
--- /dev/null
+++
b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h
@@ -0,0 +1,28 @@
+/** @file
+ Google Test mocks for PlatformPKProtectionLib
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_PLATFORM_PK_PROTECTION_LIB_H_
+#define MOCK_PLATFORM_PK_PROTECTION_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+#include <Uefi.h>
+#include <Library/PlatformPKProtectionLib.h>
+}
+
+struct MockPlatformPKProtectionLib {
+ MOCK_INTERFACE_DECLARATION (MockPlatformPKProtectionLib);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ DisablePKProtection,
+ ()
+ );
+};
+
+#endif
diff --git
a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp
b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp
new file mode 100644
index 000000000000..5ea030f6dfcf
--- /dev/null
+++
b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp
@@ -0,0 +1,11 @@
+/** @file
+ Google Test mocks for PlatformPKProtectionLib
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <GoogleTest/Library/MockPlatformPKProtectionLib.h>
+
+MOCK_INTERFACE_DEFINITION(MockPlatformPKProtectionLib);
+
+MOCK_FUNCTION_DEFINITION(MockPlatformPKProtectionLib, DisablePKProtection, 0,
EFIAPI);
diff --git
a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..3ed638eaf74c
--- /dev/null
+++
b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Google Test mocks for PlatformPKProtectionLib
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockPlatformPKProtectionLib
+ FILE_GUID = C1383D85-E0ED-44E0-A0A6-125F1D78B6E9
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PlatformPKProtectionLib
+
+#
+# The following information is for reference only and not required by the
build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ MockPlatformPKProtectionLib.cpp
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ GoogleTestLib
+
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc
b/SecurityPkg/Test/SecurityPkgHostTest.dsc
index c4df01fe1b73..ad5b4fc350ea 100644
--- a/SecurityPkg/Test/SecurityPkgHostTest.dsc
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -25,6 +25,7 @@ [Components]
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+
SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
#
# Build SecurityPkg HOST_APPLICATION Tests
@@ -36,3 +37,10 @@ [Components]
PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
}
+
SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf
{
+ <LibraryClasses>
+
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+
PlatformPKProtectionLib|SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
+ UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
+ }
--
2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102731): https://edk2.groups.io/g/devel/message/102731
Mute This Topic: https://groups.io/mt/98134499/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
