[PATCH v5 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy


Bret Barkelew <bret@...>
 

https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522

To verify that VariablePolicy is correctly integrated
on platforms, add a Shell-based functional test to
confirm expected behavior.

NOTE: This test assumes that VariablePolicy is built
with PcdAllowVariablePolicyEnforcementDisable set to
TRUE.

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>
Cc: Bret Barkelew <brbarkel@...>
Signed-off-by: Bret Barkelew <brbarkel@...>
---
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe=
stApp.c | 1978 ++++++++++++++++++++
MdeModulePkg/MdeModulePkg.ci.yaml =
| 4 +-
MdeModulePkg/MdeModulePkg.dsc =
| 6 +
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md =
| 55 +
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFuncTe=
stApp.inf | 42 +
5 files changed, 2084 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable=
PolicyFuncTestApp.c b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp=
/VariablePolicyFuncTestApp.c
new file mode 100644
index 000000000000..e41b6e7a43d5
--- /dev/null
+++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF=
uncTestApp.c
@@ -0,0 +1,1978 @@
+/** @file=0D
+UEFI Shell based application for unit testing the Variable Policy Protocol=
.=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+#include <Library/UefiLib.h>=0D
+#include <Library/PrintLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+#include <Library/UnitTestLib.h>=0D
+#include <Library/UefiBootServicesTableLib.h>=0D
+#include <Protocol/VariablePolicy.h>=0D
+#include <Library/VariablePolicyHelperLib.h>=0D
+#include <Library/UefiRuntimeServicesTableLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+=0D
+// TODO: Need to add to the UnitTestFrameworkPkg=0D
+// #include <Library/UnitTestBootLib.h>=0D
+=0D
+#define UNIT_TEST_APP_NAME "Variable Policy Unit Test Application"=
=0D
+#define UNIT_TEST_APP_VERSION "0.1"=0D
+=0D
+// TODO: Need to add to the UnitTestFrameworkPkg=0D
+UNIT_TEST_FRAMEWORK_HANDLE=0D
+GetActiveFrameworkHandle (=0D
+ VOID=0D
+ );=0D
+=0D
+EDKII_VARIABLE_POLICY_PROTOCOL *mVarPol =3D NULL;=0D
+=0D
+=0D
+EFI_GUID mTestNamespaceGuid1 =3D { 0x3b389299, 0xabaf, 0x433b, { 0xa4, 0xa=
9, 0x23, 0xc8, 0x44, 0x02, 0xfc, 0xad } };=0D
+EFI_GUID mTestNamespaceGuid2 =3D { 0x4c49a3aa, 0xbcb0, 0x544c, { 0xb5, 0xb=
a, 0x34, 0xd9, 0x55, 0x13, 0x0d, 0xbe } };=0D
+EFI_GUID mTestNamespaceGuid3 =3D { 0x5d5ab4bb, 0xcdc1, 0x655d, { 0xc6, 0xc=
b, 0x45, 0xea, 0x66, 0x24, 0x1e, 0xcf } };=0D
+=0D
+/**=0D
+ Prerequisite for most test cases.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+LocateVarPolicyPreReq (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ if (mVarPol =3D=3D NULL) {=0D
+ Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid,=0D
+ NULL,=0D
+ (VOID **) &mVarPol);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_NOT_NULL (mVarPol);=0D
+ }=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+=0D
+} // LocateVarPolicyPreReq=0D
+=0D
+/**=0D
+ Getting Started tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CheckVpEnabled (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ BOOLEAN State;=0D
+=0D
+ Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (State, TRUE);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // CheckVpEnabled=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CheckVpRevision (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UT_ASSERT_NOT_EQUAL (mVarPol->Revision, 0);=0D
+ UT_LOG_INFO ("VP Revision: 0x%x\n", mVarPol->Revision);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // CheckVpRevision=0D
+=0D
+/**=0D
+ NoLock Policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestMinSizeNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value1;=0D
+ UINT32 Value2;=0D
+ UINT8 *Buffer;=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"MinSizeNoLockVar",=0D
+ 4,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that is smaller than minsize=0D
+ //=0D
+ Value1 =3D 0x12;=0D
+ Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value1),=0D
+ &Value1);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Try to write a var of size that matches minsize=0D
+ //=0D
+ Value2 =3D 0xa1b2c3d4;=0D
+ Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var of size larger than minsize=0D
+ //=0D
+ Buffer =3D AllocateZeroPool (40);=0D
+ UT_ASSERT_NOT_NULL (Buffer);=0D
+ Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ 40,=0D
+ Buffer);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Delete the variable=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MinSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ FreePool (Buffer);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestMinSizeNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestMaxSizeNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value1;=0D
+ UINT32 Value2;=0D
+ UINT8 *Buffer;=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"MaxSizeNoLockVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ 4,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that is smaller than maxsize=0D
+ //=0D
+ Value1 =3D 0x34;=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value1),=0D
+ &Value1);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var of size that matches maxsize=0D
+ //=0D
+ Value2 =3D 0xa1b2c3d4;=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var of size larger than maxsize=0D
+ //=0D
+ Buffer =3D AllocateZeroPool (40);=0D
+ UT_ASSERT_NOT_NULL (Buffer);=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ 40,=0D
+ Buffer);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ FreePool (Buffer);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestMaxSizeNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestMustHaveAttrNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"MustHaveAttrNoLockVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_=
VARIABLE_BOOTSERVICE_ACCESS),=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that doesn't have the must-have attributes=0D
+ //=0D
+ Value =3D 0x56;=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Try to write a var that has exactly the required attributes=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ // NOTE: some implementations of VP will require the musthave attributes=
to be passed even when deleting=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that has the required attributes and one extra att=
ribute=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ // NOTE: some implementations of VP will require the musthave attributes=
to be passed even when deleting=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestMustHaveAttrNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestCantHaveAttrNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"CantHaveAttrNoLockVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ EFI_VARIABLE_NON_VOLATILE,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that has a can't have attr=0D
+ //=0D
+ Value =3D 0x78;=0D
+ Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Try to write a var that satisfies the can't have requirement=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestCantHaveAttrNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestMaxSizeNamespaceNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value1;=0D
+ UINT32 Value2;=0D
+ UINT8 *Buffer;=0D
+=0D
+ //=0D
+ // Register a namespace-wide policy limiting max size to 4 bytes=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid2,=0D
+ NULL,=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ 4,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that is smaller than maxsize=0D
+ //=0D
+ Value1 =3D 0x34;=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid2,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value1),=0D
+ &Value1);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid2,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var of size that matches maxsize=0D
+ //=0D
+ Value2 =3D 0xa1b2c3d4;=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid2,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid2,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var of size larger than maxsize=0D
+ //=0D
+ Buffer =3D AllocateZeroPool (40);=0D
+ UT_ASSERT_NOT_NULL (Buffer);=0D
+ Status =3D gRT->SetVariable (L"MaxSizeNoLockVar",=0D
+ &mTestNamespaceGuid2,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ 40,=0D
+ Buffer);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ FreePool (Buffer);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestMaxSizeNamespaceNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestMustHaveAttrWildcardNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"MustHaveAttrWildcardNoLockVar###=
#",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_=
VARIABLE_BOOTSERVICE_ACCESS),=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that doesn't have the must-have attributes=0D
+ //=0D
+ Value =3D 0x56;=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1573",=0D
+ &mTestNamespaceGuid1,=0D
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Try to write a var that has exactly the required attributes=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ // NOTE: some implementations of VP will require the musthave attributes=
to be passed even when deleting=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar1234",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Try to write a var that has the required attributes and one extra att=
ribute=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to delete the var=0D
+ // NOTE: some implementations of VP will require the musthave attributes=
to be passed even when deleting=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"MustHaveAttrWildcardNoLockVar5612",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestMustHaveAttrWildcardNoLock=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestPolicyprioritizationNoLock (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value8;=0D
+ UINT16 Value16;=0D
+ UINT32 Value32;=0D
+ UINT64 Value64;=0D
+=0D
+ //=0D
+ // Register a policy targeting the specific var=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid3,=0D
+ L"PolicyPriorityTestVar123",=0D
+ 8, // min size of UINT64=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Register a policy with wildcards in the name=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid3,=0D
+ L"PolicyPriorityTestVar###",=0D
+ 4, // min size of UINT32=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Register a policy with wildcards in the name=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid3,=0D
+ NULL,=0D
+ 2, // min size of UINT16=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // The idea is that the most specific policy is applied:=0D
+ // For varname "TestVar", the namespace-wide one should apply: UINT16 =
minimum=0D
+ // For varname "PolicyPriorityTestVar567" the wildcard policy should a=
pply: UINT32 minimum=0D
+ // For varname "PolicyPriorityTestVar123" the var-specific policy shou=
ld apply: UINT64 minimum=0D
+ //=0D
+=0D
+ //=0D
+ // Let's confirm the namespace-wide policy enforcement=0D
+ //=0D
+ Value8 =3D 0x78;=0D
+ Status =3D gRT->SetVariable (L"TestVar",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value8),=0D
+ &Value8);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ Value16 =3D 0x6543;=0D
+ Status =3D gRT->SetVariable (L"TestVar",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value16),=0D
+ &Value16);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's confirm the wildcard policy enforcement=0D
+ //=0D
+ Value16 =3D 0xabba;=0D
+ Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value16),=0D
+ &Value16);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ Value32 =3D 0xfedcba98;=0D
+ Status =3D gRT->SetVariable (L"PolicyPriorityTestVar567",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value32),=0D
+ &Value32);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's confirm the var-specific policy enforcement=0D
+ //=0D
+ Value32 =3D 0x8d3f627c;=0D
+ Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value32),=0D
+ &Value32);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ Value64 =3D 0xbebecdcdafaf6767;=0D
+ Status =3D gRT->SetVariable (L"PolicyPriorityTestVar123",=0D
+ &mTestNamespaceGuid3,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value64),=0D
+ &Value64);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestPolicyprioritizationNoLock=0D
+=0D
+/**=0D
+ LockNow Policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestExistingVarLockNow (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // Write a var that we'll protect next=0D
+ //=0D
+ Value =3D 0x78;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Register a LockNow policy targeting the var=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"ExistingLockNowVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Attempt to modify the locked var=0D
+ //=0D
+ Value =3D 0xA5;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Attempt to delete the locked var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // This variable is deleted in final cleanup.=0D
+ //=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestExistingVarLockNow=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestNonexistentVarLockNow (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+ UINTN Size;=0D
+=0D
+ //=0D
+ // Make sure the variable we're about to create the policy for doesn't e=
xist=0D
+ //=0D
+ Size =3D 0;=0D
+ Status =3D gRT->GetVariable (L"NonexistentLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ NULL,=0D
+ &Size,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D
+=0D
+ //=0D
+ // Register a LockNow policy targeting the var=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"NonexistentLockNowVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Attempt to create the locked var=0D
+ //=0D
+ Value =3D 0xA5;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestNonexistentVarLockNow=0D
+=0D
+/**=0D
+ LockOnCreate Policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestExistingVarLockOnCreate (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // Write a var that we'll protect later=0D
+ //=0D
+ Value =3D 0x78;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Register a LockNow policy targeting the var=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"ExistingLockOnCreateVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_ON_CREAT=
E);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Attempt to modify the locked var=0D
+ //=0D
+ Value =3D 0xA5;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Attempt to delete the locked var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // This variable is deleted in final cleanup.=0D
+ //=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestExistingVarLockOnCreate=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestNonexistentVarLockOnCreate (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value1;=0D
+ UINT32 Value2;=0D
+ UINTN Size;=0D
+=0D
+ //=0D
+ // Make sure the variable we're about to create the policy for doesn't e=
xist=0D
+ //=0D
+ Size =3D 0;=0D
+ Status =3D gRT->GetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ NULL,=0D
+ &Size,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D
+=0D
+ //=0D
+ // Register a LockOnCreate policy targeting the var=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"NonexistentLockOnCreateVar",=0D
+ 2, // min size of 2 bytes, UINT16+=
=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ EFI_VARIABLE_RUNTIME_ACCESS, // mu=
st have RT attr=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_ON_CREAT=
E);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Attempt to create the var, but smaller than min size=0D
+ //=0D
+ Value1 =3D 0xA5;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D
+ sizeof (Value1),=0D
+ &Value1);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Now let's make sure attribute req is enforced=0D
+ //=0D
+ Value2 =3D 0x43218765;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Now let's create a valid variable=0D
+ //=0D
+ Value2 =3D 0x43218765;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's make sure we can't modify it=0D
+ //=0D
+ Value2 =3D 0xa5a5b6b6;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE),=0D
+ sizeof (Value2),=0D
+ &Value2);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Finally, let's make sure we can't delete it=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // This variable is deleted in final cleanup.=0D
+ //=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestNonexistentVarLockOnCreate=0D
+=0D
+/**=0D
+ LockOnVarState Policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestLockOnVarStateBeforeCreate (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN Size;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // First of all, let's make sure the var we're trying to protect doesn't=
exist=0D
+ //=0D
+ Size =3D 0;=0D
+ Status =3D gRT->GetVariable (L"NonexistentLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ NULL,=0D
+ &Size,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D
+=0D
+ //=0D
+ // Good, now let's create a policy=0D
+ //=0D
+ Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"NonexistentLockOnVarStateVar"=
,=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ &mTestNamespaceGuid1,=0D
+ L"Trigger1",=0D
+ 0x7E);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now we write the trigger var=0D
+ //=0D
+ Value =3D 0x7E;=0D
+ Status =3D gRT->SetVariable (L"Trigger1",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Ok, now we attempt to write a var protected by the trigger=0D
+ //=0D
+ Value =3D 0xFA;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Let's modify the trigger var and "untrigger" the policy=0D
+ //=0D
+ Value =3D 0x38;=0D
+ Status =3D gRT->SetVariable (L"Trigger1",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now we should be able to create the var targeted by the policy=0D
+ //=0D
+ Value =3D 0x23;=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Cleanup: delete the trigger and the protected var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"Trigger1",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestLockOnVarStateBeforeCreate=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestLockOnVarStateAfterCreate (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // Let's create a policy=0D
+ //=0D
+ Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"ExistingLockOnVarStateVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ &mTestNamespaceGuid1,=0D
+ L"Trigger2",=0D
+ 0x5C);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should be able to write targeted var since the policy isn't active ye=
t.=0D
+ //=0D
+ Value =3D 0x17;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's modify the var to make sure the policy isn't acting like a lock=
-on-create one=0D
+ //=0D
+ Value =3D 0x30;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now we trigger the policy=0D
+ //=0D
+ Value =3D 0x5C;=0D
+ Status =3D gRT->SetVariable (L"Trigger2",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's now verify the variable is protected=0D
+ //=0D
+ Value =3D 0xB9;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Ok, to clean up, we need to remove the trigger var, so delete it, and=
then delete the target var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"Trigger2",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestLockOnVarStateAfterCreate=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestLockOnVarStateInvalidLargeTrigger (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT16 Value;=0D
+=0D
+ //=0D
+ // First let's create a variable policy=0D
+ //=0D
+ Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidLargeTriggerLockOnVarS=
tateVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ &mTestNamespaceGuid1,=0D
+ L"Trigger3",=0D
+ 0x5C);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now attempt to trigger the lock but with a variable larger than one b=
yte=0D
+ //=0D
+ Value =3D 0x8085;=0D
+ Status =3D gRT->SetVariable (L"Trigger3",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should still be able to create the targeted var=0D
+ //=0D
+ Value =3D 0x1234;=0D
+ Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's clean up by deleting the invalid trigger and the targeted var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"Trigger3",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"InvalidLargeTriggerLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestLockOnVarStateInvalidLargeTrigger=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestLockOnVarStateWrongValueTrigger (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // First let's create a variable policy=0D
+ //=0D
+ Status =3D RegisterVarStateVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"WrongValueTriggerLockOnVarSta=
teVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ &mTestNamespaceGuid1,=0D
+ L"Trigger4",=0D
+ 0xCA);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now attempt to trigger the lock but with a wrong value=0D
+ //=0D
+ Value =3D 0x80;=0D
+ Status =3D gRT->SetVariable (L"Trigger4",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Should still be able to create the targeted var=0D
+ //=0D
+ Value =3D 0x14;=0D
+ Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Let's clean up by deleting the invalid trigger and the targeted var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"Trigger4",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"WrongValueTriggerLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestLockOnVarStateWrongValueTrigger=0D
+=0D
+/**=0D
+ Invalid policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestInvalidAttributesPolicy (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // The only must/can't have attributes supported by VPE are NV, BS, and =
RT. They are 1, 2, and 4, respectively.=0D
+ // Let's try some bits higher than that?=0D
+ //=0D
+=0D
+ //=0D
+ // Trying must have attribute 0x8 which is EFI_VARIABLE_HARDWARE_ERROR_R=
ECORD=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidMustHaveAttributesPolicyV=
ar1",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ EFI_VARIABLE_HARDWARE_ERROR_RECORD=
,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO=
RD returned %r\n", Status);=0D
+=0D
+ //=0D
+ // Let's try 0x10 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, a deprecate=
d attribute=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidMustHaveAttributesPolicyV=
ar2",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ EFI_VARIABLE_AUTHENTICATED_WRITE_A=
CCESS,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_AUTHENTICATED_WRITE=
_ACCESS returned %r\n", Status);=0D
+=0D
+ //=0D
+ // Let's try 0x20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidMustHaveAttributesPolicyV=
ar3",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ EFI_VARIABLE_TIME_BASED_AUTHENTICA=
TED_WRITE_ACCESS,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting must have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI=
CATED_WRITE_ACCESS returned %r\n", Status);=0D
+=0D
+ //=0D
+ // Let's try something wild, like 0x4000=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidMustHaveAttributesPolicyV=
ar4",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ 0x4000,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting must have attr to 0x4000 returned %r\n", Status);=
=0D
+=0D
+ //=0D
+ // Now repeat the same tests, but for the can't-have param=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidCantHaveAttributesPolicyV=
ar1",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ EFI_VARIABLE_HARDWARE_ERROR_RECORD=
,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_HARDWARE_ERROR_RECO=
RD returned %r\n", Status);=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidCantHaveAttributesPolicyV=
ar2",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ EFI_VARIABLE_AUTHENTICATED_WRITE_A=
CCESS,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_AUTHENTICATED_WRITE=
_ACCESS returned %r\n", Status);=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidCantHaveAttributesPolicyV=
ar3",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ EFI_VARIABLE_TIME_BASED_AUTHENTICA=
TED_WRITE_ACCESS,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting cant have attr to EFI_VARIABLE_TIME_BASED_AUTHENTI=
CATED_WRITE_ACCESS returned %r\n", Status);=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidCantHaveAttributesPolicyV=
ar4",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ 0x4000,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ UT_LOG_INFO ("Setting cant have attr to 0x4000 returned %r\n", Status);=
=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestInvalidAttributesPolicy=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestLargeMinSizePolicy (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // Let's set the min size to 2GB and see what happens=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"LargeMinSizeInvalidPolicyVar",=0D
+ 0x80000000,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+=0D
+ UT_LOG_INFO ("Setting min size to 0x80000000 returned %r\n", Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestLargeMinSizePolicy=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestZeroMaxSizePolicy (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // Let's set the max size to 0 and see what happens=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"ZeroMinSizeInvalidPolicyVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ 0,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK);=0D
+ //UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS); // this fails on QC. Real b=
ug? Do we care?=0D
+ UT_LOG_INFO ("Setting max size to 0 returned %r\n", Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestZeroMaxSizePolicy=0D
+=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestInvalidPolicyTypePolicy (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // Let's set policy type to an invalid value and see what happens=0D
+ // Valid ones are:=0D
+ // VARIABLE_POLICY_TYPE_NO_LOCK 0=0D
+ // VARIABLE_POLICY_TYPE_LOCK_NOW 1=0D
+ // VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2=0D
+ // VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidPolicyTypePolicyVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ 4);=0D
+ UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D
+=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"InvalidPolicyTypePolicyVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ 147);=0D
+ UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestInvalidPolicyTypePolicy=0D
+=0D
+/**=0D
+ Test dumping policy.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestDumpPolicy (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8* Buffer;=0D
+ UINT32 Size;=0D
+=0D
+ //=0D
+ // First let's call DumpVariablePolicy with null buffer to get size=0D
+ //=0D
+ Size =3D 0;=0D
+ Status =3D mVarPol->DumpVariablePolicy (NULL, &Size);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_BUFFER_TOO_SMALL);=0D
+=0D
+ //=0D
+ // Now we allocate the buffer for the dump=0D
+ //=0D
+ Buffer =3D NULL;=0D
+ Buffer =3D AllocatePool (Size);=0D
+ UT_ASSERT_NOT_NULL (Buffer);=0D
+=0D
+ //=0D
+ // Now we get the dump. In this test we will not analyze the dump.=0D
+ //=0D
+ Status =3D mVarPol->DumpVariablePolicy (Buffer, &Size);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestDumpPolicy=0D
+=0D
+/**=0D
+ Test policy version.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+TestPolicyVersion (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ VARIABLE_POLICY_ENTRY *NewEntry;=0D
+=0D
+ //=0D
+ // Create the new entry using a helper lib=0D
+ //=0D
+ NewEntry =3D NULL;=0D
+ Status =3D CreateBasicVariablePolicy (&mTestNamespaceGuid1,=0D
+ L"PolicyVersionTestNoLockVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ 4, // max size of 4 bytes=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_NO_LOCK,=0D
+ &NewEntry);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ NewEntry->Version =3D 0x1234;=0D
+ Status =3D mVarPol->RegisterVariablePolicy (NewEntry);=0D
+ UT_LOG_INFO ("Registering policy entry with an unknown version status: %=
r\n", Status);=0D
+=0D
+ FreePool (NewEntry);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // TestPolicyVersion=0D
+=0D
+/**=0D
+ Lock Policy Tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+LockPolicyEngineTests (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT16 Value;=0D
+ UINT64 Value64;=0D
+ BOOLEAN State;=0D
+=0D
+ //=0D
+ // First let's register a policy that we'll test after VPE lock=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"BeforeVpeLockNoLockPolicyVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ 4, // max size of 4 bytes=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_ON_CREAT=
E);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now, lock VPE!=0D
+ //=0D
+ Status =3D mVarPol->LockVariablePolicy ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // See if we can lock it again?=0D
+ //=0D
+ Status =3D mVarPol->LockVariablePolicy ();=0D
+ UT_LOG_INFO ("Locking VPE for second time returned %r\n", Status);=0D
+=0D
+ //=0D
+ // Let's confirm one of the policies from prior test suites is still enf=
orced=0D
+ // Attempt to delete a locked var=0D
+ //=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // We'll make sure the policy from earlier in this test case is actively=
filtering out by size=0D
+ //=0D
+ Value64 =3D 0x3829fed212345678;=0D
+ Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value64),=0D
+ &Value64);=0D
+ UT_ASSERT_TRUE ((Status =3D=3D EFI_WRITE_PROTECTED) || (Status =3D=3D EF=
I_INVALID_PARAMETER));=0D
+=0D
+ //=0D
+ // Let's create the variable from the policy now=0D
+ //=0D
+ Value =3D 0x323f;=0D
+ Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Now confirm that the var is locked after creation=0D
+ //=0D
+ Value =3D 0x1212;=0D
+ Status =3D gRT->SetVariable (L"BeforeVpeLockNoLockPolicyVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BO=
OTSERVICE_ACCESS),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ //=0D
+ // Let's attempt to register a new policy, it should fail=0D
+ //=0D
+ Status =3D RegisterBasicVariablePolicy (mVarPol,=0D
+ &mTestNamespaceGuid1,=0D
+ L"AfterVpeLockNowPolicyVar",=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW);=0D
+ UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D
+=0D
+ //=0D
+ // Make sure VPE is enabled=0D
+ //=0D
+ Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (State, TRUE);=0D
+=0D
+ //=0D
+ // Finally, make sure we can't disable VPE=0D
+ //=0D
+ Status =3D mVarPol->DisableVariablePolicy ();=0D
+ UT_ASSERT_NOT_EQUAL (Status, EFI_SUCCESS);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // LockPolicyEngineTests=0D
+=0D
+/**=0D
+ Save context and reboot after the lock policy test suite.=0D
+**/=0D
+STATIC=0D
+VOID=0D
+EFIAPI=0D
+SaveContextAndReboot (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // Now, save all the data associated with this framework.=0D
+ // TODO: Need to add to the UnitTestFrameworkPkg=0D
+ Status =3D SaveFrameworkState( GetActiveFrameworkHandle(), NULL, 0 );=0D
+=0D
+ //=0D
+ // If we're all good, let's book...=0D
+ if (!EFI_ERROR( Status ))=0D
+ {=0D
+ //=0D
+ // Next, we want to update the BootNext variable to USB=0D
+ // so that we have a fighting chance of coming back here.=0D
+ //=0D
+ // TODO: Need to add to the UnitTestFrameworkPkg=0D
+ // SetBootNextDevice();=0D
+=0D
+ //=0D
+ // Reset=0D
+ DEBUG(( DEBUG_INFO, "%a - Rebooting! Launch this test again once boote=
d.\n", __FUNCTION__ ));=0D
+ gRT->ResetSystem( EfiResetCold, EFI_SUCCESS, 0, NULL );=0D
+ DEBUG(( DEBUG_ERROR, "%a - Unit test failed to quit! Framework can no =
longer be used!\n", __FUNCTION__ ));=0D
+=0D
+ //=0D
+ // We REALLY shouldn't be here.=0D
+ Status =3D EFI_ABORTED;=0D
+ }=0D
+=0D
+ return;=0D
+} // SaveContextAndReboot=0D
+=0D
+/**=0D
+ Disable policy tests.=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DisablePolicyEngineTests (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ BOOLEAN State;=0D
+ UINT8 Value;=0D
+=0D
+ //=0D
+ // First, we disable the variable policy=0D
+ //=0D
+ Status =3D mVarPol->DisableVariablePolicy ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Confirm it's disabled=0D
+ //=0D
+ Status =3D mVarPol->IsVariablePolicyEnabled (&State);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (State, FALSE);=0D
+=0D
+ //=0D
+ // Try locking it?=0D
+ //=0D
+ Status =3D mVarPol->LockVariablePolicy ();=0D
+ UT_LOG_INFO ("Locking VP after disabling it status: %r\n", Status);=0D
+=0D
+ //=0D
+ // Try modifying the var from TestExistingVarLockNow=0D
+ //=0D
+ Value =3D 0xB5;=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIAB=
LE_NON_VOLATILE),=0D
+ sizeof (Value),=0D
+ &Value);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+} // DisablePolicyEngineTests=0D
+=0D
+/**=0D
+ Final Cleanup: delete some variables earlier test cases created.=0D
+**/=0D
+STATIC=0D
+VOID=0D
+EFIAPI=0D
+FinalCleanup (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ Status =3D gRT->SetVariable (L"ExistingLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete ExistingLockNowVar status: %r\n", Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete ExistingLockOnCreateVar status: %r\n", Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnCreateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete NonexistentLockOnCreateVar status: %r\n", Status);=
=0D
+=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockNowVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete NonexistentLockNowVar status: %r\n", Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"CantHaveAttrNoLockVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete CantHaveAttrNoLockVar status: %r\n", Status);=0D
+=0D
+ Status =3D gRT->SetVariable (L"NonexistentLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete NonexistentLockOnVarStateVar status: %r\n", Status)=
;=0D
+=0D
+ Status =3D gRT->SetVariable (L"ExistingLockOnVarStateVar",=0D
+ &mTestNamespaceGuid1,=0D
+ 0,=0D
+ 0,=0D
+ NULL);=0D
+ UT_LOG_INFO ("Delete ExistingLockOnVarStateVar status: %r\n", Status);=0D
+} // FinalCleanup=0D
+=0D
+/**=0D
+=0D
+ Main fuction sets up the unit test environment.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+UefiMain (=0D
+ IN EFI_HANDLE ImageHandle,=0D
+ IN EFI_SYSTEM_TABLE* SystemTable)=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UNIT_TEST_FRAMEWORK_HANDLE Framework;=0D
+ UNIT_TEST_SUITE_HANDLE GettingStartedTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE NoLockPoliciesTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE LockNowPoliciesTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE LockOnCreatePoliciesTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE LockOnVarStatePoliciesTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE InvalidPoliciesTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE DumpPolicyTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE PolicyVersionTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE LockPolicyTestSuite;=0D
+ UNIT_TEST_SUITE_HANDLE DisablePolicyTestSuite;=0D
+=0D
+ Framework =3D NULL;=0D
+ GettingStartedTestSuite =3D NULL;=0D
+ NoLockPoliciesTestSuite =3D NULL;=0D
+ LockNowPoliciesTestSuite =3D NULL;=0D
+ LockOnCreatePoliciesTestSuite =3D NULL;=0D
+ LockOnVarStatePoliciesTestSuite =3D NULL;=0D
+ InvalidPoliciesTestSuite =3D NULL;=0D
+ DumpPolicyTestSuite =3D NULL;=0D
+ PolicyVersionTestSuite =3D NULL; =0D
+ LockPolicyTestSuite =3D NULL;=0D
+ DisablePolicyTestSuite =3D NULL;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO=
N));=0D
+=0D
+ //=0D
+ // Start setting up the test framework for running the tests.=0D
+ //=0D
+ Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa=
llerBaseName, UNIT_TEST_APP_VERSION);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n=
", Status));=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ //=0D
+ // Test suite 1: Getting Started. Get VP protocol, check state, log revi=
sion=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&GettingStartedTestSuite, Framework, "Ge=
tting Started", "Common.VP.GettingStarted", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Getting St=
arted Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (GettingStartedTestSuite, "Confirm VP is enabled", "Common.V=
P.GettingStarted.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq, NU=
LL, NULL);=0D
+ AddTestCase (GettingStartedTestSuite, "Check VP revision", "Common.VP.Ge=
ttingStarted.CheckVpRevision", CheckVpRevision, LocateVarPolicyPreReq, NULL=
, NULL);=0D
+=0D
+ //=0D
+ // Test suite 2: Test NoLock Policies=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&NoLockPoliciesTestSuite, Framework, "Ex=
ercise NoLock Policies", "Common.VP.NoLockPolicies", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the NoLock Pol=
icies Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Min Size enforcement in NoLo=
ck policy", "Common.VP.NoLockPolicies.TestMinSizeNoLock", TestMinSizeNoLock=
, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo=
ck policy", "Common.VP.NoLockPolicies.TestMaxSizeNoLock", TestMaxSizeNoLock=
, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem=
ent in NoLock policy", "Common.VP.NoLockPolicies.TestMustHaveAttrNoLock", T=
estMustHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Can't Have Attribute enforce=
ment in NoLock policy", "Common.VP.NoLockPolicies.TestCantHaveAttrNoLock", =
TestCantHaveAttrNoLock, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Max Size enforcement in NoLo=
ck policy for entire namespace", "Common.VP.NoLockPolicies.TestMaxSizeNames=
paceNoLock", TestMaxSizeNamespaceNoLock, LocateVarPolicyPreReq, NULL, NULL)=
;=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test Must Have Attribute enforcem=
ent in NoLock policy with wildcards", "Common.VP.NoLockPolicies.TestMustHav=
eAttrWildcardNoLock", TestMustHaveAttrWildcardNoLock, LocateVarPolicyPreReq=
, NULL, NULL);=0D
+ AddTestCase (NoLockPoliciesTestSuite, "Test policy prioritization betwee=
n namespace-wide, wildcard, and var-specific policies", "Common.VP.NoLockPo=
licies.TestPolicyprioritizationNoLock", TestPolicyprioritizationNoLock, Loc=
ateVarPolicyPreReq, NULL, NULL);=0D
+=0D
+ //=0D
+ // Test suite 3: Test LockNow policies=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&LockNowPoliciesTestSuite, Framework, "E=
xercise LockNow Policies", "Common.VP.LockNowPolicies", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockNow Po=
licies Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a pre-ex=
isting variable", "Common.VP.LockNowPolicies.TestExistingVarLockNow", TestE=
xistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (LockNowPoliciesTestSuite, "Test LockNow policy for a nonexi=
stent variable", "Common.VP.LockNowPolicies.TestNonexistentVarLockNow", Tes=
tNonexistentVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D
+=0D
+ //=0D
+ // Test suite 4: Test LockOnCreate policies=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&LockOnCreatePoliciesTestSuite, Framewor=
k, "Exercise LockOnCreate Policies", "Common.VP.LockOnCreate", NULL, NULL);=
=0D
+ if (EFI_ERROR (Status))=0D
+ {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnCrea=
te Policies Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo=
r a pre-existing variable", "Common.VP.LockOnCreate.TestExistingVarLockOnCr=
eate", TestExistingVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (LockOnCreatePoliciesTestSuite, "Test LockOnCreate policy fo=
r a nonexistent variable", "Common.VP.LockOnCreate.TestNonexistentVarLockOn=
Create", TestNonexistentVarLockOnCreate, LocateVarPolicyPreReq, NULL, NULL)=
;=0D
+=0D
+ //=0D
+ // Test suite 5: Test LockOnVarState policies=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&LockOnVarStatePoliciesTestSuite, Framew=
ork, "Exercise LockOnVarState Policies", "Common.VP.LockOnVarState", NULL, =
NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the LockOnVarS=
tate Policies Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic=
y for a nonexistent variable", "Common.VP.LockOnVarState.TestLockOnVarState=
BeforeCreate", TestLockOnVarStateBeforeCreate, LocateVarPolicyPreReq, NULL,=
NULL);=0D
+ AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic=
y for a pre-existing variable", "Common.VP.LockOnVarState.TestLockOnVarStat=
eAfterCreate", TestLockOnVarStateAfterCreate, LocateVarPolicyPreReq, NULL, =
NULL);=0D
+ AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic=
y triggered by invalid-size variable", "Common.VP.LockOnVarState.TestLockOn=
VarStateInvalidLargeTrigger", TestLockOnVarStateInvalidLargeTrigger, Locate=
VarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (LockOnVarStatePoliciesTestSuite, "Test LockOnVarState polic=
y triggered by invalid-value variable", "Common.VP.LockOnVarState.TestLockO=
nVarStateWrongValueTrigger", TestLockOnVarStateWrongValueTrigger, LocateVar=
PolicyPreReq, NULL, NULL);=0D
+=0D
+ //=0D
+ // Test suite 6: Test registering invalid policies=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&InvalidPoliciesTestSuite, Framework, "A=
ttempt registering invalid policies", "Common.VP.InvalidPolicies", NULL, NU=
LL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Invalid Po=
licies Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid must-ha=
ve attributes", "Common.VP.InvalidPolicies.TestInvalidAttributesPolicy", Te=
stInvalidAttributesPolicy, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu=
tes", "Common.VP.InvalidPolicies.TestLargeMinSizePolicy", TestLargeMinSizeP=
olicy, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid attribu=
tes", "Common.VP.InvalidPolicies.TestZeroMaxSizePolicy", TestZeroMaxSizePol=
icy, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (InvalidPoliciesTestSuite, "Test policy with invalid type", =
"Common.VP.InvalidPolicies.TestInvalidPolicyTypePolicy", TestInvalidPolicyT=
ypePolicy, LocateVarPolicyPreReq, NULL, NULL);=0D
+=0D
+ //=0D
+ // Test suite 7: Test dumping the policy=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&DumpPolicyTestSuite, Framework, "Attemp=
t dumping policy", "Common.VP.DumpPolicy", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Dump Polic=
y Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (DumpPolicyTestSuite, "Test dumping policy", "Common.VP.Dump=
Policy.TestDumpPolicy", TestDumpPolicy, LocateVarPolicyPreReq, NULL, NULL);=
=0D
+=0D
+ //=0D
+ // Test suite 8: Test policy version=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&PolicyVersionTestSuite, Framework, "Use=
non-zero policy version", "Common.VP.PolicyVersion", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Policy Ver=
sion Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (PolicyVersionTestSuite, "Test policy version", "Common.VP.D=
umpPolicy.TestPolicyVersion", TestPolicyVersion, LocateVarPolicyPreReq, NUL=
L, NULL);=0D
+=0D
+ //=0D
+ // Test suite 9: Lock VPE and test implications=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&LockPolicyTestSuite, Framework, "Lock p=
olicy, test it", "Common.VP.LockPolicyTests", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Lock Polic=
y Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock=
PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP=
reReq, NULL, NULL);=0D
+ AddTestCase (LockPolicyTestSuite, "Test locking policy", "Common.VP.Lock=
PolicyTests.LockPolicyEngineTests", LockPolicyEngineTests, LocateVarPolicyP=
reReq, SaveContextAndReboot, NULL);=0D
+=0D
+ //=0D
+ // Test suite 10: Disable var policy and confirm expected behavior=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&DisablePolicyTestSuite, Framework, "Dis=
able policy, test it", "Common.VP.DisablePolicyTests", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for the Disable Po=
licy Test Suite\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+ AddTestCase (DisablePolicyTestSuite, "Confirm VP is enabled", "Common.VP=
.DisablePolicyTests.CheckVpEnabled", CheckVpEnabled, LocateVarPolicyPreReq,=
NULL, NULL);=0D
+ AddTestCase (DisablePolicyTestSuite, "Test LockNow policy for a pre-exis=
ting variable", "Common.VP.DisablePolicyTests.TestExistingVarLockNow", Test=
ExistingVarLockNow, LocateVarPolicyPreReq, NULL, NULL);=0D
+ AddTestCase (DisablePolicyTestSuite, "Test disabling policy", "Common.VP=
.DisablePolicyTests.DisablePolicyEngineTests", DisablePolicyEngineTests, Lo=
cateVarPolicyPreReq, FinalCleanup, NULL);=0D
+=0D
+ //=0D
+ // Execute the tests.=0D
+ //=0D
+ Status =3D RunAllTestSuites (Framework);=0D
+=0D
+EXIT:=0D
+ if (Framework !=3D NULL) {=0D
+ FreeUnitTestFramework (Framework);=0D
+ }=0D
+=0D
+ return Status;=0D
+} // UefiMain=0D
diff --git a/MdeModulePkg/MdeModulePkg.ci.yaml b/MdeModulePkg/MdeModulePkg.=
ci.yaml
index 1cfc1328390e..88a192d0e2a8 100644
--- a/MdeModulePkg/MdeModulePkg.ci.yaml
+++ b/MdeModulePkg/MdeModulePkg.ci.yaml
@@ -35,7 +35,9 @@
"UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D
],=0D
# For UEFI shell based apps=0D
- "AcceptableDependencies-UEFI_APPLICATION":[],=0D
+ "AcceptableDependencies-UEFI_APPLICATION":[=0D
+ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"=0D
+ ],=0D
"IgnoreInf": []=0D
},=0D
=0D
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index f0a75a3b337b..414a6c62dfdb 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -19,6 +19,8 @@ [Defines]
BUILD_TARGETS =3D DEBUG|RELEASE|NOOPT=0D
SKUID_IDENTIFIER =3D DEFAULT=0D
=0D
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc=0D
+=0D
[LibraryClasses]=0D
#=0D
# Entry point=0D
@@ -314,6 +316,10 @@ [Components]
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf=0D
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf=0D
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf=0D
+ MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc=
TestApp.inf {=0D
+ <LibraryClasses>=0D
+ UnitTestBootLib|UnitTestFrameworkPkg/Library/UnitTestBootLibNull/Uni=
tTestBootLibNull.inf=0D
+ }=0D
MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf=0D
MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf=0D
MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf=0D
diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.m=
d b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
new file mode 100644
index 000000000000..804ad4173a5f
--- /dev/null
+++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
@@ -0,0 +1,55 @@
+# variable Policy Unit Tests=0D
+=0D
+## &#x1F539; Copyright=0D
+Copyright (C) Microsoft Corporation. All rights reserved.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+## About This Test=0D
+This test verifies functionality of the Variable Policy Protocol by regist=
ering various variable policies and exercising them, as well as tests locki=
ng the policy, disabling it, and dumping the policy entries.=0D
+=0D
+Only policies that are created as a part of this test will be tested.=0D
+1. Try getting test context, if empty then get VP protocol, confirm that V=
P is not disabled by calling IsVariablePolicyEnabled. Log VP revision.=0D
+2. "No lock" policies:=0D
+ * check minsize enforcement=0D
+ * check maxsize enforcement=0D
+ * check musthave attr enforcement=0D
+ * check canthave attr enforcement=0D
+ * check one of the above with empty string policy i.e. name wildcard=0D
+ * check another one of the above with a "#" containing policy string=0D
+ * check policy prioritization by having a namespace-wide policy, a pol=
icy with a # wildcard, and a one-var specific policy and testing which one =
is enforced=0D
+3. "Lock now" policies (means if the var doesn't exist, it won't be create=
d; if one exists, it can't be updated):=0D
+ * test a policy for an already existing variable, verify we can't writ=
e into that variable=0D
+ * create a policy for a non-existing variable and attempt to register =
such var=0D
+4. "Lock on create" policies (means the var can still be created, but no u=
pdates later, existing vars can't be updated):=0D
+ * create a var, lock it with LockOnCreate, attempt to update its conte=
nts=0D
+ * create LockOnCreate VP, attempt to create var with invalid size, the=
n invalid attr, then create valid var, attempt to update its contents=0D
+5. "Lock on var state" policies (means the var protected by this policy ca=
n't be created or updated once the trigger is set)=0D
+ * create VP, trigger lock with a valid var, attempt to create a locked=
var, then modify the trigger var, create locked var=0D
+ * create VP, create targeted var, modify it, trigger lock, attempt to =
modify var=0D
+ * create VP, trigger lock with invalid (larger than one byte) var, see=
if VPE allows creation of the locked var (it should allow)=0D
+ * create VP, set locking var with wrong value, see if VPE allows creat=
ion of the locked var (should allow)=0D
+6. Attempt registering invalid policy entries=0D
+ * invalid required and banned attributes=0D
+ * large min size - let's say 2GB=0D
+ * max size equal to 0=0D
+ * invalid policy type=0D
+7. Exercise dumping policy. No need to check the validity of the dump blob=
.=0D
+8. Test registering a policy with a random version.=0D
+9. Lock VPE, make sure old policies are enforced, new ones can't be regist=
ered.=0D
+ * Register a LockOnCreate policy=0D
+ * Lock VPE=0D
+ * Test locking it again.=0D
+ * Verify one of the prior policies is enforced=0D
+ * Make sure we can create variables even if those are protected by Loc=
kOnCreate policy, after locking the VPE=0D
+ * Attempt to register new policies=0D
+ * Make sure can't disable VPE=0D
+ * Cleanup: save context and reboot=0D
+10. Disable variable policy and try some things=0D
+ * Locate Variable Policy Protocol=0D
+ * Make sure VP is enabled=0D
+ * Register a policy=0D
+ * Disable VPE=0D
+ * Call IsVariablePolicyEnabled to confirm it's disabled.=0D
+ * Make sure can't lock policy=0D
+ * Make sure the policy from a is no longer enforced=0D
+ * Final cleanup: delete vars that were created in some earlier test su=
ites=0D
diff --git a/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Variable=
PolicyFuncTestApp.inf b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestA=
pp/VariablePolicyFuncTestApp.inf
new file mode 100644
index 000000000000..9ad277a547c2
--- /dev/null
+++ b/MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyF=
uncTestApp.inf
@@ -0,0 +1,42 @@
+## @file=0D
+# Uefi Shell based Application that unit tests the Variable Policy Protoco=
l=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D VariablePolicyFuncTestApp=0D
+ FILE_GUID =3D B653C4C3-3FCC-4B6C-8051-5F692AEAECBA=
=0D
+ MODULE_TYPE =3D UEFI_APPLICATION=0D
+ VERSION_STRING =3D 1.0=0D
+ ENTRY_POINT =3D UefiMain=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+ VariablePolicyFuncTestApp.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ UefiApplicationEntryPoint=0D
+ BaseLib=0D
+ UnitTestLib=0D
+ UnitTestBootLib=0D
+ PrintLib=0D
+ UefiBootServicesTableLib=0D
+ UefiRuntimeServicesTableLib=0D
+ MemoryAllocationLib=0D
+ VariablePolicyHelperLib=0D
+=0D
+[Protocols]=0D
+ gEdkiiVariablePolicyProtocolGuid=0D
--=20
2.26.2.windows.1.8.g01c50adf56.20200515075929

Join devel@edk2.groups.io to automatically receive all group messages.