[PATCH v3 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests
Kun Qin
From: kuqin <kuqin@...>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911
This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.
The unit test covers all implemented interfaces and certain corner cases.
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Min Xu <min.m.xu@...>
Signed-off-by: Kun Qin <kun.qin@...>
Reviewed-by: Jiewen Yao <Jiewen.yao@...>
Acked-by: Michael Kubacki <michael.kubacki@...>
---
Notes:
v3:
- Added reviewed-by tag [Jiewen]
- Added acked-by tag [Michael Kubacki]
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.c | 36 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c =
| 201 ++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.c | 13 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.c | 2037 ++++++++++++++++++++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.inf | 33 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf =
| 45 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.inf | 25 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.inf | 36 +
SecurityPkg/SecurityPkg.ci.yaml =
| 11 +
SecurityPkg/Test/SecurityPkgHostTest.dsc =
| 38 +
10 files changed, 2475 insertions(+)
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/Moc=
kPlatformPKProtectionLib.c
new file mode 100644
index 000000000000..a8644d272df6
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.c
@@ -0,0 +1,36 @@
+/** @file=0D
+ Provides a mocked interface for configuring PK related variable protecti=
on.=0D
+=0D
+ Copyright (c) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+#include <stdio.h>=0D
+#include <string.h>=0D
+#include <stdarg.h>=0D
+#include <stddef.h>=0D
+#include <setjmp.h>=0D
+#include <cmocka.h>=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+/**=0D
+ Disable any applicable protection against variable 'PK'. The implementat=
ion=0D
+ of this interface is platform specific, depending on the protection tech=
niques=0D
+ used per platform.=0D
+=0D
+ Note: It is the platform's responsibility to conduct cautious operation =
after=0D
+ disabling this protection.=0D
+=0D
+ @retval EFI_SUCCESS State has been successfully updated.=
=0D
+ @retval Others Error returned from implementation s=
pecific=0D
+ underying APIs.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+DisablePKProtection (=0D
+ VOID=0D
+ )=0D
+{=0D
+ return (EFI_STATUS)mock ();=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index 000000000000..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file=0D
+ The UEFI Library provides functions and macros that simplify the develop=
ment of=0D
+ UEFI Drivers and UEFI Applications. These functions and macros help man=
age EFI=0D
+ events, build simple locks utilizing EFI Task Priority Levels (TPLs), in=
stall=0D
+ EFI Driver Model related protocols, manage Unicode string tables for UEF=
I Drivers,=0D
+ and print messages on the console output and standard error devices.=0D
+=0D
+ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+#include <Library/UefiRuntimeServicesTableLib.h>=0D
+=0D
+/**=0D
+ Returns the status whether get the variable success. The function retrie=
ves=0D
+ variable through the UEFI Runtime Service GetVariable(). The=0D
+ returned buffer is allocated using AllocatePool(). The caller is respon=
sible=0D
+ for freeing this buffer with FreePool().=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Guid is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[in] Guid The pointer to an EFI_GUID structure=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+=0D
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @return EFI_SUCCESS Find the specified variable.=0D
+ @return Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetVariable2 (=0D
+ IN CONST CHAR16 *Name,=0D
+ IN CONST EFI_GUID *Guid,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN BufferSize;=0D
+=0D
+ ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);=0D
+=0D
+ //=0D
+ // Try to get the variable size.=0D
+ //=0D
+ BufferSize =3D 0;=0D
+ *Value =3D NULL;=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D 0;=0D
+ }=0D
+=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);=0D
+ if (Status !=3D EFI_BUFFER_TOO_SMALL) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Allocate buffer to get the variable.=0D
+ //=0D
+ *Value =3D AllocatePool (BufferSize);=0D
+ ASSERT (*Value !=3D NULL);=0D
+ if (*Value =3D=3D NULL) {=0D
+ return EFI_OUT_OF_RESOURCES;=0D
+ }=0D
+=0D
+ //=0D
+ // Get the variable data.=0D
+ //=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);=0D
+ if (EFI_ERROR (Status)) {=0D
+ FreePool (*Value);=0D
+ *Value =3D NULL;=0D
+ }=0D
+=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D BufferSize;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/** Return the attributes of the variable.=0D
+=0D
+ Returns the status whether get the variable success. The function retrie=
ves=0D
+ variable through the UEFI Runtime Service GetVariable(). The=0D
+ returned buffer is allocated using AllocatePool(). The caller is respon=
sible=0D
+ for freeing this buffer with FreePool(). The attributes are returned if=
=0D
+ the caller provides a valid Attribute parameter.=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Guid is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[in] Guid The pointer to an EFI_GUID structure=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+ @param[out] Attr The pointer to the variable attributes as found in var=
store=0D
+=0D
+ @retval EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @retval EFI_SUCCESS Find the specified variable.=0D
+ @retval Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetVariable3 (=0D
+ IN CONST CHAR16 *Name,=0D
+ IN CONST EFI_GUID *Guid,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL,=0D
+ OUT UINT32 *Attr OPTIONAL=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN BufferSize;=0D
+=0D
+ ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);=0D
+=0D
+ //=0D
+ // Try to get the variable size.=0D
+ //=0D
+ BufferSize =3D 0;=0D
+ *Value =3D NULL;=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D 0;=0D
+ }=0D
+=0D
+ if (Attr !=3D NULL) {=0D
+ *Attr =3D 0;=0D
+ }=0D
+=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);=0D
+ if (Status !=3D EFI_BUFFER_TOO_SMALL) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Allocate buffer to get the variable.=0D
+ //=0D
+ *Value =3D AllocatePool (BufferSize);=0D
+ ASSERT (*Value !=3D NULL);=0D
+ if (*Value =3D=3D NULL) {=0D
+ return EFI_OUT_OF_RESOURCES;=0D
+ }=0D
+=0D
+ //=0D
+ // Get the variable data.=0D
+ //=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);=0D
+ if (EFI_ERROR (Status)) {=0D
+ FreePool (*Value);=0D
+ *Value =3D NULL;=0D
+ }=0D
+=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D BufferSize;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Returns a pointer to an allocated buffer that contains the contents of a=
=0D
+ variable retrieved through the UEFI Runtime Service GetVariable(). This=
=0D
+ function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables.=
=0D
+ The returned buffer is allocated using AllocatePool(). The caller is=0D
+ responsible for freeing this buffer with FreePool().=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+=0D
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @return EFI_SUCCESS Find the specified variable.=0D
+ @return Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetEfiGlobalVariable2 (=0D
+ IN CONST CHAR16 *Name,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL=0D
+ )=0D
+{=0D
+ return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size);=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiRuntimeServicesTableLib.c
new file mode 100644
index 000000000000..e86192a05f32
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.c
@@ -0,0 +1,13 @@
+/** @file=0D
+ Mock implementation of the UEFI Runtime Services Table Library.=0D
+=0D
+ Copyright (C) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+extern EFI_RUNTIME_SERVICES gMockRuntime;=0D
+=0D
+EFI_RUNTIME_SERVICES *gRT =3D &gMockRuntime;=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/S=
ecureBootVariableLibUnitTest.c
new file mode 100644
index 000000000000..a23135dfb016
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.c
@@ -0,0 +1,2037 @@
+/** @file=0D
+ Unit tests of the implementation of SecureBootVariableLib.=0D
+=0D
+ Copyright (C) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <stdio.h>=0D
+#include <string.h>=0D
+#include <stdarg.h>=0D
+#include <stddef.h>=0D
+#include <setjmp.h>=0D
+#include <cmocka.h>=0D
+=0D
+#include <Uefi.h>=0D
+#include <UefiSecureBoot.h>=0D
+#include <Guid/GlobalVariable.h>=0D
+#include <Guid/AuthenticatedVariableFormat.h>=0D
+#include <Guid/ImageAuthentication.h>=0D
+=0D
+#include <Library/BaseLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+=0D
+#include <Library/UnitTestLib.h>=0D
+#include <Library/SecureBootVariableLib.h>=0D
+=0D
+#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests"=0D
+#define UNIT_TEST_APP_VERSION "1.0"=0D
+#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, A=
uthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)=0D
+=0D
+extern EFI_TIME mMaxTimestamp;=0D
+extern EFI_TIME mDefaultPayloadTimestamp;=0D
+=0D
+/**=0D
+ Sets the value of a variable.=0D
+=0D
+ @param[in] VariableName A Null-terminated string that is the name=
of the vendor's variable.=0D
+ Each VariableName is unique for each Vend=
orGuid. VariableName must=0D
+ contain 1 or more characters. If Variable=
Name is an empty string,=0D
+ then EFI_INVALID_PARAMETER is returned.=0D
+ @param[in] VendorGuid A unique identifier for the vendor.=0D
+ @param[in] Attributes Attributes bitmask to set for the variabl=
e.=0D
+ @param[in] DataSize The size in bytes of the Data buffer. Unl=
ess the EFI_VARIABLE_APPEND_WRITE or=0D
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI=
TE_ACCESS attribute is set, a size of zero=0D
+ causes the variable to be deleted. When t=
he EFI_VARIABLE_APPEND_WRITE attribute is=0D
+ set, then a SetVariable() call with a Dat=
aSize of zero will not cause any change to=0D
+ the variable value (the timestamp associa=
ted with the variable may be updated however=0D
+ even if no new data value is provided,see=
the description of the=0D
+ EFI_VARIABLE_AUTHENTICATION_2 descriptor =
below. In this case the DataSize will not=0D
+ be zero since the EFI_VARIABLE_AUTHENTICA=
TION_2 descriptor will be populated).=0D
+ @param[in] Data The contents for the variable.=0D
+=0D
+ @retval EFI_SUCCESS The firmware has successfully stored the =
variable and its data as=0D
+ defined by the Attributes.=0D
+ @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits,=
name, and GUID was supplied, or the=0D
+ DataSize exceeds the maximum allowed.=0D
+ @retval EFI_INVALID_PARAMETER VariableName is an empty string.=0D
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t=
he variable and its data.=0D
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due t=
o a hardware error.=0D
+ @retval EFI_WRITE_PROTECTED The variable in question is read-only.=0D
+ @retval EFI_WRITE_PROTECTED The variable in question cannot be delete=
d.=0D
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to =
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,=0D
+ but the AuthInfo does NOT pass the valida=
tion check carried out by the firmware.=0D
+=0D
+ @retval EFI_NOT_FOUND The variable trying to be updated or dele=
ted was not found.=0D
+=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MockSetVariable (=0D
+ IN CHAR16 *VariableName,=0D
+ IN EFI_GUID *VendorGuid,=0D
+ IN UINT32 Attributes,=0D
+ IN UINTN DataSize,=0D
+ IN VOID *Data=0D
+ )=0D
+{=0D
+ DEBUG ((=0D
+ DEBUG_INFO,=0D
+ "%a %s %g %x %x %p\n",=0D
+ __FUNCTION__,=0D
+ VariableName,=0D
+ VendorGuid,=0D
+ Attributes,=0D
+ DataSize,=0D
+ Data=0D
+ ));=0D
+ check_expected_ptr (VariableName);=0D
+ check_expected_ptr (VendorGuid);=0D
+ check_expected_ptr (Attributes);=0D
+ check_expected (DataSize);=0D
+ check_expected (Data);=0D
+=0D
+ return (EFI_STATUS)mock ();=0D
+}=0D
+=0D
+/**=0D
+ Returns the value of a variable.=0D
+=0D
+ @param[in] VariableName A Null-terminated string that is the name=
of the vendor's=0D
+ variable.=0D
+ @param[in] VendorGuid A unique identifier for the vendor.=0D
+ @param[out] Attributes If not NULL, a pointer to the memory loca=
tion to return the=0D
+ attributes bitmask for the variable.=0D
+ @param[in, out] DataSize On input, the size in bytes of the return=
Data buffer.=0D
+ On output the size of data returned in Da=
ta.=0D
+ @param[out] Data The buffer to return the contents of the =
variable. May be NULL=0D
+ with a zero DataSize in order to determin=
e the size buffer needed.=0D
+=0D
+ @retval EFI_SUCCESS The function completed successfully.=0D
+ @retval EFI_NOT_FOUND The variable was not found.=0D
+ @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.=
=0D
+ @retval EFI_INVALID_PARAMETER VariableName is NULL.=0D
+ @retval EFI_INVALID_PARAMETER VendorGuid is NULL.=0D
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.=0D
+ @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is=
NULL.=0D
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due t=
o a hardware error.=0D
+ @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due t=
o an authentication failure.=0D
+=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MockGetVariable (=0D
+ IN CHAR16 *VariableName,=0D
+ IN EFI_GUID *VendorGuid,=0D
+ OUT UINT32 *Attributes OPTIONAL,=0D
+ IN OUT UINTN *DataSize,=0D
+ OUT VOID *Data OPTIONAL=0D
+ )=0D
+{=0D
+ UINTN TargetSize;=0D
+ BOOLEAN Exist;=0D
+=0D
+ DEBUG ((=0D
+ DEBUG_INFO,=0D
+ "%a %s %g %p %x %p\n",=0D
+ __FUNCTION__,=0D
+ VariableName,=0D
+ VendorGuid,=0D
+ Attributes,=0D
+ *DataSize,=0D
+ Data=0D
+ ));=0D
+ assert_non_null (DataSize);=0D
+ check_expected_ptr (VariableName);=0D
+ check_expected_ptr (VendorGuid);=0D
+ check_expected (*DataSize);=0D
+=0D
+ Exist =3D (BOOLEAN)mock ();=0D
+=0D
+ if (!Exist) {=0D
+ return EFI_NOT_FOUND;=0D
+ }=0D
+=0D
+ TargetSize =3D (UINTN)mock ();=0D
+ if (TargetSize > *DataSize) {=0D
+ *DataSize =3D TargetSize;=0D
+ return EFI_BUFFER_TOO_SMALL;=0D
+ } else {=0D
+ assert_non_null (Data);=0D
+ CopyMem (Data, (VOID *)mock (), TargetSize);=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+///=0D
+/// Mock version of the UEFI Runtime Services Table=0D
+///=0D
+EFI_RUNTIME_SERVICES gMockRuntime =3D {=0D
+ {=0D
+ EFI_RUNTIME_SERVICES_SIGNATURE, // Signature=0D
+ EFI_RUNTIME_SERVICES_REVISION, // Revision=0D
+ sizeof (EFI_RUNTIME_SERVICES), // HeaderSize=0D
+ 0, // CRC32=0D
+ 0 // Reserved=0D
+ },=0D
+ NULL, // GetTime=0D
+ NULL, // SetTime=0D
+ NULL, // GetWakeupTime=0D
+ NULL, // SetWakeupTime=0D
+ NULL, // SetVirtualAddressMap=0D
+ NULL, // ConvertPointer=0D
+ MockGetVariable, // GetVariable=0D
+ NULL, // GetNextVariableName=0D
+ MockSetVariable, // SetVariable=0D
+ NULL, // GetNextHighMonotonicCount=0D
+ NULL, // ResetSystem=0D
+ NULL, // UpdateCapsule=0D
+ NULL, // QueryCapsuleCapabilities=0D
+ NULL // QueryVariableInfo=0D
+};=0D
+=0D
+/**=0D
+ Unit test for SetSecureBootMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootModeShouldSetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINT8 SecureBootMode;=0D
+ EFI_STATUS Status;=0D
+=0D
+ SecureBootMode =3D 0xAB; // Any random magic number...=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode));=0D
+ expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBoo=
tMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootMode (SecureBootMode);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+GetSetupModeShouldGetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 TargetMode;=0D
+ UINT8 SetupMode;=0D
+=0D
+ TargetMode =3D 0xAB; // Any random magic number...=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeo=
f (EFI_SETUP_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (SetupMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (SetupMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Status =3D GetSetupMode (&SetupMode);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (SetupMode, TargetMode);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+IsSecureBootEnableShouldGetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ BOOLEAN Enabled;=0D
+ UINT8 TargetMode;=0D
+=0D
+ TargetMode =3D SECURE_BOOT_MODE_ENABLE;=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Enabled =3D IsSecureBootEnabled ();=0D
+=0D
+ UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputSimple (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ EFI_SIGNATURE_DATA *SigData =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ EFI_STATUS Status;=0D
+ UINT8 TestData[] =3D { 0 };=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo =3D {=0D
+ .Data =3D TestData,=0D
+ .DataSize =3D sizeof (TestData)=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ UT_ASSERT_NOT_NULL (SigList);=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)=
);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1=
+ sizeof (TestData));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST)=
+ sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize);=0D
+=0D
+ SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATUR=
E_LIST));=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariab=
leGuid));=0D
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)=
);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputNull (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ EFI_STATUS Status;=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo =3D {=0D
+ .Data =3D NULL,=0D
+ .DataSize =3D 0=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NUL=
L);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputMultiple (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ EFI_SIGNATURE_DATA *SigData =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ UINTN TotalSize =3D 0;=0D
+ UINTN Index =3D 0;=0D
+ UINT8 TestData1[] =3D { 0 };=0D
+ UINT8 TestData2[] =3D { 1, 2 };=0D
+ EFI_STATUS Status;=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2] =3D {=0D
+ {=0D
+ .Data =3D TestData1,=0D
+ .DataSize =3D sizeof (TestData1)=0D
+ },=0D
+ {=0D
+ .Data =3D TestData2,=0D
+ .DataSize =3D sizeof (TestData2)=0D
+ }=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, Key=
Info);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ UT_ASSERT_NOT_NULL (SigList);=0D
+=0D
+ for (Index =3D 0; Index < 2; Index++) {=0D
+ UT_ASSERT_TRUE (SigListSize > TotalSize);=0D
+=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Gui=
d));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) -=
1 + KeyInfo[Index].DataSize);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIS=
T) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);=0D
+=0D
+ SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNAT=
URE_LIST));=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVari=
ableGuid));=0D
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyI=
nfo[Index].DataSize);=0D
+ TotalSize =3D TotalSize + SigList->SignatureListSize;=0D
+ SigList =3D (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->Signatu=
reListSize);=0D
+ }=0D
+=0D
+ UT_ASSERT_EQUAL (SigListSize, TotalSize);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib=
.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CreateTimeBasedPayloadShouldPopulateDescriptor (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINT8 Data[] =3D { 2 };=0D
+ UINTN DataSize =3D sizeof (Data);=0D
+ UINT8 *CheckData;=0D
+ EFI_VARIABLE_AUTHENTICATION_2 *VarAuth;=0D
+ EFI_STATUS Status;=0D
+ EFI_TIME Time =3D {=0D
+ .Year =3D 2012,=0D
+ .Month =3D 3,=0D
+ .Day =3D 4,=0D
+ .Hour =3D 5,=0D
+ .Minute =3D 6,=0D
+ .Second =3D 7,=0D
+ .Pad1 =3D 0,=0D
+ .Nanosecond =3D 8910,=0D
+ .TimeZone =3D 1112,=0D
+ .Pad2 =3D 0=0D
+ };=0D
+=0D
+ CheckData =3D AllocateCopyPool (DataSize, Data);=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, &CheckData, &Time);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ // This is result that we did not pack this structure...=0D
+ // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1,=0D
+ // because the structure is not at the end of this structure, but partia=
lly=0D
+ // inside it...=0D
+ UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data));=0D
+ UT_ASSERT_NOT_NULL (CheckData);=0D
+=0D
+ VarAuth =3D (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData;=0D
+ UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME));=0D
+=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFIC=
ATE_UEFI_GUID, CertData));=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200);=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_E=
FI_GUID);=0D
+ UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7=
Guid));=0D
+=0D
+ UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data));=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib=
.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CreateTimeBasedPayloadShouldCheckInput (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINTN DataSize =3D 0;=0D
+ UINT8 *Data =3D NULL;=0D
+ EFI_TIME Time;=0D
+ EFI_STATUS Status;=0D
+=0D
+ Status =3D CreateTimeBasedPayload (NULL, &Data, &Time);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, NULL, &Time);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, &Data, NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDb () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDb ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDbx () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbxShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDbx ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDbt () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbtShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDbt ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteKEK () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteKEKShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteKEK ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeletePlatformKey () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeletePKShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeletePlatformKey ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (DisablePKProtection, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldCheckProtection (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ will_return (DisablePKProtection, EFI_SECURITY_VIOLATION);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldProceedWithNotFound (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ will_return (DisablePKProtection, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+EnrollFromInputShouldComplete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (Dummy);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (Dummy), &Dummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Du=
mmy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (Dummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGu=
id, sizeof (Dummy), &Dummy);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldComplete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopWhenSecure (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 TargetMode =3D SECURE_BOOT_MODE_ENABLE;=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDBX (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbxDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .SecureBootKeyName =3D L"Fail DBX"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDB (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .SecureBootKeyName =3D L"Fail DB"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDBT (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .SecureBootKeyName =3D L"Fail DBT"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_ACCESS_DENIED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailKEK (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_DEVICE_ERROR);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailPK (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesDBTOptional (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D NULL,=0D
+ .DbtSize =3D 0,=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Initialze the unit test framework, suite, and unit tests for the=0D
+ SecureBootVariableLib and run the SecureBootVariableLib unit test.=0D
+=0D
+ @retval EFI_SUCCESS All test cases were dispatched.=0D
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available =
to=0D
+ initialize the unit tests.=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+UnitTestingEntry (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UNIT_TEST_FRAMEWORK_HANDLE Framework;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests;=0D
+=0D
+ Framework =3D NULL;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO=
N));=0D
+=0D
+ //=0D
+ // Start setting up the test framework for running the tests.=0D
+ //=0D
+ Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa=
llerBaseName, UNIT_TEST_APP_VERSION);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n=
", Status));=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ //=0D
+ // Populate the SecureBootVariableLib Unit Test Suite.=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "Sec=
ureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneo=
us", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "S=
ecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NUL=
L, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "S=
ecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment",=
NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ //=0D
+ // --------------Suite-----------Description--------------Name----------=
Function--------Pre---Post-------------------Context-----------=0D
+ //=0D
+ AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate=
to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL=
, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to g=
et variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL);=
=0D
+ AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propaga=
te to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar,=
NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreat=
eDataFromInputSimple, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateD=
ataFromInputNull, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootC=
reateDataFromInputMultiple, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should popu=
late descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayl=
oadShouldPopulateDescriptor, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail=
on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShou=
ldCheckInput, NULL, NULL, NULL);=0D
+=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with a=
uth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with=
auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with=
auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with=
auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete =
PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, =
NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVari=
ablesShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
fail if protection disable fails", "DeleteSecureBootVariables Fail", Delet=
eSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
continue if any variable is not found", "DeleteSecureBootVariables Proceed=
", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL);=0D
+=0D
+ AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply wi=
th authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldC=
omplete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVa=
riablesShouldComplete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when already enabled", "SetSecureBootVariablesToDefault Already=
Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", Se=
tSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", =
SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", =
SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", =
SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", Se=
tSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should only be optional", "SetSecureBootVariablesToDefault DBT Optional", S=
etSecureBootVariablesDBTOptional, NULL, NULL, NULL);=0D
+=0D
+ //=0D
+ // Execute the tests.=0D
+ //=0D
+ Status =3D RunAllTestSuites (Framework);=0D
+=0D
+EXIT:=0D
+ if (Framework) {=0D
+ FreeUnitTestFramework (Framework);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Standard POSIX C entry point for host based unit test execution.=0D
+**/=0D
+int=0D
+main (=0D
+ int argc,=0D
+ char *argv[]=0D
+ )=0D
+{=0D
+ return UnitTestingEntry ();=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/M=
ockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..1e19033c5a91
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.inf
@@ -0,0 +1,33 @@
+## @file=0D
+# Provides an abstracted interface for configuring PK related variable pr=
otection.=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockPlatformPKProtectionLib=0D
+ FILE_GUID =3D 5FCD74D3-3965-4D56-AB83-000B9B4806A0=
=0D
+ MODULE_TYPE =3D DXE_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D PlatformPKProtectionLib|HOST_APPLICAT=
ION=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+ MockPlatformPKProtectionLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ UnitTestLib=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
new file mode 100644
index 000000000000..a84242ac7205
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -0,0 +1,45 @@
+## @file=0D
+# Instance of UEFI Library.=0D
+#=0D
+# The UEFI Library provides functions and macros that simplify the develop=
ment of=0D
+# UEFI Drivers and UEFI Applications. These functions and macros help ma=
nage EFI=0D
+# events, build simple locks utilizing EFI Task Priority Levels (TPLs), i=
nstall=0D
+# EFI Driver Model related protocols, manage Unicode string tables for UE=
FI Drivers,=0D
+# and print messages on the console output and standard error devices.=0D
+#=0D
+# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockUefiLib=0D
+ FILE_GUID =3D E3B7AEF9-4E55-49AF-B035-ED776C928EC6=
=0D
+ MODULE_TYPE =3D UEFI_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D UefiLib|HOST_APPLICATION=0D
+=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ MockUefiLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ PrintLib=0D
+ PcdLib=0D
+ MemoryAllocationLib=0D
+ DebugLib=0D
+ BaseMemoryLib=0D
+ BaseLib=0D
+ UefiRuntimeServicesTableLib=0D
+=0D
+[Guids]=0D
+ gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## =
Variable=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTe=
st/MockUefiRuntimeServicesTableLib.inf
new file mode 100644
index 000000000000..f832a93e2254
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.inf
@@ -0,0 +1,25 @@
+## @file=0D
+# Mock implementation of the UEFI Runtime Services Table Library.=0D
+#=0D
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockUefiRuntimeServicesTableLib=0D
+ FILE_GUID =3D 84CE0021-ABEE-403C-9A1B-763CCF2D40F1=
=0D
+ MODULE_TYPE =3D UEFI_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D UefiRuntimeServicesTableLib|HOST_APPL=
ICATION=0D
+=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ MockUefiRuntimeServicesTableLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/SecureBootVariableLibUnitTest.inf
new file mode 100644
index 000000000000..f99fb09be52e
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.inf
@@ -0,0 +1,36 @@
+## @file=0D
+# Unit tests of the implementation of SecureBootVariableLib.=0D
+#=0D
+# Copyright (C) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010006=0D
+ BASE_NAME =3D SecureBootVariableLibUnitTest=0D
+ FILE_GUID =3D 71C5359E-08FB-450E-9766-BC70482DF66B=
=0D
+ MODULE_TYPE =3D HOST_APPLICATION=0D
+ VERSION_STRING =3D 1.0=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64=0D
+#=0D
+=0D
+[Sources]=0D
+ SecureBootVariableLibUnitTest.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ SecureBootVariableLib=0D
+ BaseLib=0D
+ BaseMemoryLib=0D
+ DebugLib=0D
+ UefiLib=0D
+ UnitTestLib=0D
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.y=
aml
index 791214239899..2138b0a5e21b 100644
--- a/SecurityPkg/SecurityPkg.ci.yaml
+++ b/SecurityPkg/SecurityPkg.ci.yaml
@@ -15,6 +15,7 @@
## "<ErrorID>", "<KeyWord>"=0D
## ]=0D
"ExceptionList": [=0D
+ "8005", "gRT",=0D
],=0D
## Both file path and directory path are accepted.=0D
"IgnoreFiles": [=0D
@@ -26,6 +27,10 @@
"CompilerPlugin": {=0D
"DscPath": "SecurityPkg.dsc"=0D
},=0D
+ ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin=0D
+ "HostUnitTestCompilerPlugin": {=0D
+ "DscPath": "Test/SecurityPkgHostTest.dsc"=0D
+ },=0D
"CharEncodingCheck": {=0D
"IgnoreFiles": []=0D
},=0D
@@ -33,6 +38,7 @@
"AcceptableDependencies": [=0D
"MdePkg/MdePkg.dec",=0D
"MdeModulePkg/MdeModulePkg.dec",=0D
+ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",=0D
"SecurityPkg/SecurityPkg.dec",=0D
"StandaloneMmPkg/StandaloneMmPkg.dec",=0D
"CryptoPkg/CryptoPkg.dec"=0D
@@ -47,6 +53,11 @@
"DscPath": "SecurityPkg.dsc",=0D
"IgnoreInf": []=0D
},=0D
+ ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck=0D
+ "HostUnitTestDscCompleteCheck": {=0D
+ "IgnoreInf": [""],=0D
+ "DscPath": "Test/SecurityPkgHostTest.dsc"=0D
+ },=0D
"GuidCheck": {=0D
"IgnoreGuidName": [],=0D
"IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],=0D
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/Se=
curityPkgHostTest.dsc
new file mode 100644
index 000000000000..c4df01fe1b73
--- /dev/null
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -0,0 +1,38 @@
+## @file=0D
+# SecurityPkg DSC file used to build host-based unit tests.=0D
+#=0D
+# Copyright (C) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ PLATFORM_NAME =3D SecurityPkgHostTest=0D
+ PLATFORM_GUID =3D 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0=0D
+ PLATFORM_VERSION =3D 0.1=0D
+ DSC_SPECIFICATION =3D 0x00010005=0D
+ OUTPUT_DIRECTORY =3D Build/SecurityPkg/HostTest=0D
+ SUPPORTED_ARCHITECTURES =3D IA32|X64=0D
+ BUILD_TARGETS =3D NOOPT=0D
+ SKUID_IDENTIFIER =3D DEFAULT=0D
+=0D
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc=0D
+=0D
+[LibraryClasses]=0D
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf=0D
+=0D
+[Components]=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServic=
esTableLib.inf=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtect=
ionLib.inf=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf=0D
+=0D
+ #=0D
+ # Build SecurityPkg HOST_APPLICATION Tests=0D
+ #=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLib=
UnitTest.inf {=0D
+ <LibraryClasses>=0D
+ SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/Secu=
reBootVariableLib.inf=0D
+ UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLi=
b/UnitTest/MockUefiRuntimeServicesTableLib.inf=0D
+ PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/Un=
itTest/MockPlatformPKProtectionLib.inf=0D
+ UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiL=
ib.inf=0D
+ }=0D
--=20
2.36.0.windows.1
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911
This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.
The unit test covers all implemented interfaces and certain corner cases.
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Min Xu <min.m.xu@...>
Signed-off-by: Kun Qin <kun.qin@...>
Reviewed-by: Jiewen Yao <Jiewen.yao@...>
Acked-by: Michael Kubacki <michael.kubacki@...>
---
Notes:
v3:
- Added reviewed-by tag [Jiewen]
- Added acked-by tag [Michael Kubacki]
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.c | 36 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c =
| 201 ++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.c | 13 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.c | 2037 ++++++++++++++++++++
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.inf | 33 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf =
| 45 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.inf | 25 +
SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.inf | 36 +
SecurityPkg/SecurityPkg.ci.yaml =
| 11 +
SecurityPkg/Test/SecurityPkgHostTest.dsc =
| 38 +
10 files changed, 2475 insertions(+)
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/Moc=
kPlatformPKProtectionLib.c
new file mode 100644
index 000000000000..a8644d272df6
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.c
@@ -0,0 +1,36 @@
+/** @file=0D
+ Provides a mocked interface for configuring PK related variable protecti=
on.=0D
+=0D
+ Copyright (c) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+#include <stdio.h>=0D
+#include <string.h>=0D
+#include <stdarg.h>=0D
+#include <stddef.h>=0D
+#include <setjmp.h>=0D
+#include <cmocka.h>=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+/**=0D
+ Disable any applicable protection against variable 'PK'. The implementat=
ion=0D
+ of this interface is platform specific, depending on the protection tech=
niques=0D
+ used per platform.=0D
+=0D
+ Note: It is the platform's responsibility to conduct cautious operation =
after=0D
+ disabling this protection.=0D
+=0D
+ @retval EFI_SUCCESS State has been successfully updated.=
=0D
+ @retval Others Error returned from implementation s=
pecific=0D
+ underying APIs.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+DisablePKProtection (=0D
+ VOID=0D
+ )=0D
+{=0D
+ return (EFI_STATUS)mock ();=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index 000000000000..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file=0D
+ The UEFI Library provides functions and macros that simplify the develop=
ment of=0D
+ UEFI Drivers and UEFI Applications. These functions and macros help man=
age EFI=0D
+ events, build simple locks utilizing EFI Task Priority Levels (TPLs), in=
stall=0D
+ EFI Driver Model related protocols, manage Unicode string tables for UEF=
I Drivers,=0D
+ and print messages on the console output and standard error devices.=0D
+=0D
+ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+#include <Library/UefiRuntimeServicesTableLib.h>=0D
+=0D
+/**=0D
+ Returns the status whether get the variable success. The function retrie=
ves=0D
+ variable through the UEFI Runtime Service GetVariable(). The=0D
+ returned buffer is allocated using AllocatePool(). The caller is respon=
sible=0D
+ for freeing this buffer with FreePool().=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Guid is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[in] Guid The pointer to an EFI_GUID structure=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+=0D
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @return EFI_SUCCESS Find the specified variable.=0D
+ @return Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetVariable2 (=0D
+ IN CONST CHAR16 *Name,=0D
+ IN CONST EFI_GUID *Guid,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN BufferSize;=0D
+=0D
+ ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);=0D
+=0D
+ //=0D
+ // Try to get the variable size.=0D
+ //=0D
+ BufferSize =3D 0;=0D
+ *Value =3D NULL;=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D 0;=0D
+ }=0D
+=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);=0D
+ if (Status !=3D EFI_BUFFER_TOO_SMALL) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Allocate buffer to get the variable.=0D
+ //=0D
+ *Value =3D AllocatePool (BufferSize);=0D
+ ASSERT (*Value !=3D NULL);=0D
+ if (*Value =3D=3D NULL) {=0D
+ return EFI_OUT_OF_RESOURCES;=0D
+ }=0D
+=0D
+ //=0D
+ // Get the variable data.=0D
+ //=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);=0D
+ if (EFI_ERROR (Status)) {=0D
+ FreePool (*Value);=0D
+ *Value =3D NULL;=0D
+ }=0D
+=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D BufferSize;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/** Return the attributes of the variable.=0D
+=0D
+ Returns the status whether get the variable success. The function retrie=
ves=0D
+ variable through the UEFI Runtime Service GetVariable(). The=0D
+ returned buffer is allocated using AllocatePool(). The caller is respon=
sible=0D
+ for freeing this buffer with FreePool(). The attributes are returned if=
=0D
+ the caller provides a valid Attribute parameter.=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Guid is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[in] Guid The pointer to an EFI_GUID structure=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+ @param[out] Attr The pointer to the variable attributes as found in var=
store=0D
+=0D
+ @retval EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @retval EFI_SUCCESS Find the specified variable.=0D
+ @retval Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetVariable3 (=0D
+ IN CONST CHAR16 *Name,=0D
+ IN CONST EFI_GUID *Guid,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL,=0D
+ OUT UINT32 *Attr OPTIONAL=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN BufferSize;=0D
+=0D
+ ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);=0D
+=0D
+ //=0D
+ // Try to get the variable size.=0D
+ //=0D
+ BufferSize =3D 0;=0D
+ *Value =3D NULL;=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D 0;=0D
+ }=0D
+=0D
+ if (Attr !=3D NULL) {=0D
+ *Attr =3D 0;=0D
+ }=0D
+=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);=0D
+ if (Status !=3D EFI_BUFFER_TOO_SMALL) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Allocate buffer to get the variable.=0D
+ //=0D
+ *Value =3D AllocatePool (BufferSize);=0D
+ ASSERT (*Value !=3D NULL);=0D
+ if (*Value =3D=3D NULL) {=0D
+ return EFI_OUT_OF_RESOURCES;=0D
+ }=0D
+=0D
+ //=0D
+ // Get the variable data.=0D
+ //=0D
+ Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);=0D
+ if (EFI_ERROR (Status)) {=0D
+ FreePool (*Value);=0D
+ *Value =3D NULL;=0D
+ }=0D
+=0D
+ if (Size !=3D NULL) {=0D
+ *Size =3D BufferSize;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Returns a pointer to an allocated buffer that contains the contents of a=
=0D
+ variable retrieved through the UEFI Runtime Service GetVariable(). This=
=0D
+ function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables.=
=0D
+ The returned buffer is allocated using AllocatePool(). The caller is=0D
+ responsible for freeing this buffer with FreePool().=0D
+=0D
+ If Name is NULL, then ASSERT().=0D
+ If Value is NULL, then ASSERT().=0D
+=0D
+ @param[in] Name The pointer to a Null-terminated Unicode string.=0D
+ @param[out] Value The buffer point saved the variable info.=0D
+ @param[out] Size The buffer size of the variable.=0D
+=0D
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.=0D
+ @return EFI_SUCCESS Find the specified variable.=0D
+ @return Others Errors Return errors from call to gRT->GetVar=
iable.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+GetEfiGlobalVariable2 (=0D
+ IN CONST CHAR16 *Name,=0D
+ OUT VOID **Value,=0D
+ OUT UINTN *Size OPTIONAL=0D
+ )=0D
+{=0D
+ return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size);=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiRuntimeServicesTableLib.c
new file mode 100644
index 000000000000..e86192a05f32
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.c
@@ -0,0 +1,13 @@
+/** @file=0D
+ Mock implementation of the UEFI Runtime Services Table Library.=0D
+=0D
+ Copyright (C) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+extern EFI_RUNTIME_SERVICES gMockRuntime;=0D
+=0D
+EFI_RUNTIME_SERVICES *gRT =3D &gMockRuntime;=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/S=
ecureBootVariableLibUnitTest.c
new file mode 100644
index 000000000000..a23135dfb016
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.c
@@ -0,0 +1,2037 @@
+/** @file=0D
+ Unit tests of the implementation of SecureBootVariableLib.=0D
+=0D
+ Copyright (C) Microsoft Corporation.=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <stdio.h>=0D
+#include <string.h>=0D
+#include <stdarg.h>=0D
+#include <stddef.h>=0D
+#include <setjmp.h>=0D
+#include <cmocka.h>=0D
+=0D
+#include <Uefi.h>=0D
+#include <UefiSecureBoot.h>=0D
+#include <Guid/GlobalVariable.h>=0D
+#include <Guid/AuthenticatedVariableFormat.h>=0D
+#include <Guid/ImageAuthentication.h>=0D
+=0D
+#include <Library/BaseLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+=0D
+#include <Library/UnitTestLib.h>=0D
+#include <Library/SecureBootVariableLib.h>=0D
+=0D
+#define UNIT_TEST_APP_NAME "SecureBootVariableLib Unit Tests"=0D
+#define UNIT_TEST_APP_VERSION "1.0"=0D
+#define VAR_AUTH_DESC_SIZE OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, A=
uthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)=0D
+=0D
+extern EFI_TIME mMaxTimestamp;=0D
+extern EFI_TIME mDefaultPayloadTimestamp;=0D
+=0D
+/**=0D
+ Sets the value of a variable.=0D
+=0D
+ @param[in] VariableName A Null-terminated string that is the name=
of the vendor's variable.=0D
+ Each VariableName is unique for each Vend=
orGuid. VariableName must=0D
+ contain 1 or more characters. If Variable=
Name is an empty string,=0D
+ then EFI_INVALID_PARAMETER is returned.=0D
+ @param[in] VendorGuid A unique identifier for the vendor.=0D
+ @param[in] Attributes Attributes bitmask to set for the variabl=
e.=0D
+ @param[in] DataSize The size in bytes of the Data buffer. Unl=
ess the EFI_VARIABLE_APPEND_WRITE or=0D
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI=
TE_ACCESS attribute is set, a size of zero=0D
+ causes the variable to be deleted. When t=
he EFI_VARIABLE_APPEND_WRITE attribute is=0D
+ set, then a SetVariable() call with a Dat=
aSize of zero will not cause any change to=0D
+ the variable value (the timestamp associa=
ted with the variable may be updated however=0D
+ even if no new data value is provided,see=
the description of the=0D
+ EFI_VARIABLE_AUTHENTICATION_2 descriptor =
below. In this case the DataSize will not=0D
+ be zero since the EFI_VARIABLE_AUTHENTICA=
TION_2 descriptor will be populated).=0D
+ @param[in] Data The contents for the variable.=0D
+=0D
+ @retval EFI_SUCCESS The firmware has successfully stored the =
variable and its data as=0D
+ defined by the Attributes.=0D
+ @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits,=
name, and GUID was supplied, or the=0D
+ DataSize exceeds the maximum allowed.=0D
+ @retval EFI_INVALID_PARAMETER VariableName is an empty string.=0D
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t=
he variable and its data.=0D
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due t=
o a hardware error.=0D
+ @retval EFI_WRITE_PROTECTED The variable in question is read-only.=0D
+ @retval EFI_WRITE_PROTECTED The variable in question cannot be delete=
d.=0D
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to =
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,=0D
+ but the AuthInfo does NOT pass the valida=
tion check carried out by the firmware.=0D
+=0D
+ @retval EFI_NOT_FOUND The variable trying to be updated or dele=
ted was not found.=0D
+=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MockSetVariable (=0D
+ IN CHAR16 *VariableName,=0D
+ IN EFI_GUID *VendorGuid,=0D
+ IN UINT32 Attributes,=0D
+ IN UINTN DataSize,=0D
+ IN VOID *Data=0D
+ )=0D
+{=0D
+ DEBUG ((=0D
+ DEBUG_INFO,=0D
+ "%a %s %g %x %x %p\n",=0D
+ __FUNCTION__,=0D
+ VariableName,=0D
+ VendorGuid,=0D
+ Attributes,=0D
+ DataSize,=0D
+ Data=0D
+ ));=0D
+ check_expected_ptr (VariableName);=0D
+ check_expected_ptr (VendorGuid);=0D
+ check_expected_ptr (Attributes);=0D
+ check_expected (DataSize);=0D
+ check_expected (Data);=0D
+=0D
+ return (EFI_STATUS)mock ();=0D
+}=0D
+=0D
+/**=0D
+ Returns the value of a variable.=0D
+=0D
+ @param[in] VariableName A Null-terminated string that is the name=
of the vendor's=0D
+ variable.=0D
+ @param[in] VendorGuid A unique identifier for the vendor.=0D
+ @param[out] Attributes If not NULL, a pointer to the memory loca=
tion to return the=0D
+ attributes bitmask for the variable.=0D
+ @param[in, out] DataSize On input, the size in bytes of the return=
Data buffer.=0D
+ On output the size of data returned in Da=
ta.=0D
+ @param[out] Data The buffer to return the contents of the =
variable. May be NULL=0D
+ with a zero DataSize in order to determin=
e the size buffer needed.=0D
+=0D
+ @retval EFI_SUCCESS The function completed successfully.=0D
+ @retval EFI_NOT_FOUND The variable was not found.=0D
+ @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.=
=0D
+ @retval EFI_INVALID_PARAMETER VariableName is NULL.=0D
+ @retval EFI_INVALID_PARAMETER VendorGuid is NULL.=0D
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.=0D
+ @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is=
NULL.=0D
+ @retval EFI_DEVICE_ERROR The variable could not be retrieved due t=
o a hardware error.=0D
+ @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due t=
o an authentication failure.=0D
+=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MockGetVariable (=0D
+ IN CHAR16 *VariableName,=0D
+ IN EFI_GUID *VendorGuid,=0D
+ OUT UINT32 *Attributes OPTIONAL,=0D
+ IN OUT UINTN *DataSize,=0D
+ OUT VOID *Data OPTIONAL=0D
+ )=0D
+{=0D
+ UINTN TargetSize;=0D
+ BOOLEAN Exist;=0D
+=0D
+ DEBUG ((=0D
+ DEBUG_INFO,=0D
+ "%a %s %g %p %x %p\n",=0D
+ __FUNCTION__,=0D
+ VariableName,=0D
+ VendorGuid,=0D
+ Attributes,=0D
+ *DataSize,=0D
+ Data=0D
+ ));=0D
+ assert_non_null (DataSize);=0D
+ check_expected_ptr (VariableName);=0D
+ check_expected_ptr (VendorGuid);=0D
+ check_expected (*DataSize);=0D
+=0D
+ Exist =3D (BOOLEAN)mock ();=0D
+=0D
+ if (!Exist) {=0D
+ return EFI_NOT_FOUND;=0D
+ }=0D
+=0D
+ TargetSize =3D (UINTN)mock ();=0D
+ if (TargetSize > *DataSize) {=0D
+ *DataSize =3D TargetSize;=0D
+ return EFI_BUFFER_TOO_SMALL;=0D
+ } else {=0D
+ assert_non_null (Data);=0D
+ CopyMem (Data, (VOID *)mock (), TargetSize);=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+///=0D
+/// Mock version of the UEFI Runtime Services Table=0D
+///=0D
+EFI_RUNTIME_SERVICES gMockRuntime =3D {=0D
+ {=0D
+ EFI_RUNTIME_SERVICES_SIGNATURE, // Signature=0D
+ EFI_RUNTIME_SERVICES_REVISION, // Revision=0D
+ sizeof (EFI_RUNTIME_SERVICES), // HeaderSize=0D
+ 0, // CRC32=0D
+ 0 // Reserved=0D
+ },=0D
+ NULL, // GetTime=0D
+ NULL, // SetTime=0D
+ NULL, // GetWakeupTime=0D
+ NULL, // SetWakeupTime=0D
+ NULL, // SetVirtualAddressMap=0D
+ NULL, // ConvertPointer=0D
+ MockGetVariable, // GetVariable=0D
+ NULL, // GetNextVariableName=0D
+ MockSetVariable, // SetVariable=0D
+ NULL, // GetNextHighMonotonicCount=0D
+ NULL, // ResetSystem=0D
+ NULL, // UpdateCapsule=0D
+ NULL, // QueryCapsuleCapabilities=0D
+ NULL // QueryVariableInfo=0D
+};=0D
+=0D
+/**=0D
+ Unit test for SetSecureBootMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootModeShouldSetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINT8 SecureBootMode;=0D
+ EFI_STATUS Status;=0D
+=0D
+ SecureBootMode =3D 0xAB; // Any random magic number...=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode));=0D
+ expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBoo=
tMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootMode (SecureBootMode);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+GetSetupModeShouldGetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 TargetMode;=0D
+ UINT8 SetupMode;=0D
+=0D
+ TargetMode =3D 0xAB; // Any random magic number...=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeo=
f (EFI_SETUP_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (SetupMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (SetupMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Status =3D GetSetupMode (&SetupMode);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (SetupMode, TargetMode);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for GetSetupMode () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+IsSecureBootEnableShouldGetVar (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ BOOLEAN Enabled;=0D
+ UINT8 TargetMode;=0D
+=0D
+ TargetMode =3D SECURE_BOOT_MODE_ENABLE;=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Enabled =3D IsSecureBootEnabled ();=0D
+=0D
+ UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputSimple (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ EFI_SIGNATURE_DATA *SigData =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ EFI_STATUS Status;=0D
+ UINT8 TestData[] =3D { 0 };=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo =3D {=0D
+ .Data =3D TestData,=0D
+ .DataSize =3D sizeof (TestData)=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);=0D
+=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ UT_ASSERT_NOT_NULL (SigList);=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)=
);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1=
+ sizeof (TestData));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST)=
+ sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize);=0D
+=0D
+ SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATUR=
E_LIST));=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariab=
leGuid));=0D
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)=
);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputNull (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ EFI_STATUS Status;=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo =3D {=0D
+ .Data =3D NULL,=0D
+ .DataSize =3D 0=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NUL=
L);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SecureBootCreateDataFromInputMultiple (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_SIGNATURE_LIST *SigList =3D NULL;=0D
+ EFI_SIGNATURE_DATA *SigData =3D NULL;=0D
+ UINTN SigListSize =3D 0;=0D
+ UINTN TotalSize =3D 0;=0D
+ UINTN Index =3D 0;=0D
+ UINT8 TestData1[] =3D { 0 };=0D
+ UINT8 TestData2[] =3D { 1, 2 };=0D
+ EFI_STATUS Status;=0D
+ SECURE_BOOT_CERTIFICATE_INFO KeyInfo[2] =3D {=0D
+ {=0D
+ .Data =3D TestData1,=0D
+ .DataSize =3D sizeof (TestData1)=0D
+ },=0D
+ {=0D
+ .Data =3D TestData2,=0D
+ .DataSize =3D sizeof (TestData2)=0D
+ }=0D
+ };=0D
+=0D
+ Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, Key=
Info);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ UT_ASSERT_NOT_NULL (SigList);=0D
+=0D
+ for (Index =3D 0; Index < 2; Index++) {=0D
+ UT_ASSERT_TRUE (SigListSize > TotalSize);=0D
+=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Gui=
d));=0D
+ UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) -=
1 + KeyInfo[Index].DataSize);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);=0D
+ UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIS=
T) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);=0D
+=0D
+ SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNAT=
URE_LIST));=0D
+ UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVari=
ableGuid));=0D
+ UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyI=
nfo[Index].DataSize);=0D
+ TotalSize =3D TotalSize + SigList->SignatureListSize;=0D
+ SigList =3D (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->Signatu=
reListSize);=0D
+ }=0D
+=0D
+ UT_ASSERT_EQUAL (SigListSize, TotalSize);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib=
.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CreateTimeBasedPayloadShouldPopulateDescriptor (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINT8 Data[] =3D { 2 };=0D
+ UINTN DataSize =3D sizeof (Data);=0D
+ UINT8 *CheckData;=0D
+ EFI_VARIABLE_AUTHENTICATION_2 *VarAuth;=0D
+ EFI_STATUS Status;=0D
+ EFI_TIME Time =3D {=0D
+ .Year =3D 2012,=0D
+ .Month =3D 3,=0D
+ .Day =3D 4,=0D
+ .Hour =3D 5,=0D
+ .Minute =3D 6,=0D
+ .Second =3D 7,=0D
+ .Pad1 =3D 0,=0D
+ .Nanosecond =3D 8910,=0D
+ .TimeZone =3D 1112,=0D
+ .Pad2 =3D 0=0D
+ };=0D
+=0D
+ CheckData =3D AllocateCopyPool (DataSize, Data);=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, &CheckData, &Time);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ // This is result that we did not pack this structure...=0D
+ // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1,=0D
+ // because the structure is not at the end of this structure, but partia=
lly=0D
+ // inside it...=0D
+ UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data));=0D
+ UT_ASSERT_NOT_NULL (CheckData);=0D
+=0D
+ VarAuth =3D (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData;=0D
+ UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME));=0D
+=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFIC=
ATE_UEFI_GUID, CertData));=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200);=0D
+ UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_E=
FI_GUID);=0D
+ UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7=
Guid));=0D
+=0D
+ UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data));=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib=
.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+CreateTimeBasedPayloadShouldCheckInput (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ UINTN DataSize =3D 0;=0D
+ UINT8 *Data =3D NULL;=0D
+ EFI_TIME Time;=0D
+ EFI_STATUS Status;=0D
+=0D
+ Status =3D CreateTimeBasedPayload (NULL, &Data, &Time);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, NULL, &Time);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&DataSize, &Data, NULL);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDb () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDb ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDbx () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbxShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDbx ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteDbt () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteDbtShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteDbt ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteKEK () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteKEKShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteKEK ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeletePlatformKey () API of the SecureBootVariableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeletePKShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeletePlatformKey ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldDelete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D 0;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (DisablePKProtection, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (Dummy));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (Dummy));=0D
+ will_return (MockGetVariable, &Dummy);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldCheckProtection (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ will_return (DisablePKProtection, EFI_SECURITY_VIOLATION);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+DeleteSecureBootVariablesShouldProceedWithNotFound (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 BootMode =3D CUSTOM_SECURE_BOOT_MODE;=0D
+=0D
+ will_return (DisablePKProtection, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, sizeof (BootMode));=0D
+ expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Status =3D DeleteSecureBootVariables ();=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+EnrollFromInputShouldComplete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 Dummy =3D 3;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (Dummy);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (Dummy), &Dummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Du=
mmy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (Dummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGu=
id, sizeof (Dummy), &Dummy);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldComplete (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopWhenSecure (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 TargetMode =3D SECURE_BOOT_MODE_ENABLE;=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo;=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));=0D
+=0D
+ will_return (MockGetVariable, TRUE);=0D
+ will_return (MockGetVariable, sizeof (TargetMode));=0D
+ will_return (MockGetVariable, &TargetMode);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDBX (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbxDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .SecureBootKeyName =3D L"Fail DBX"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDB (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .SecureBootKeyName =3D L"Fail DB"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_WRITE_PROTECTED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailDBT (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .SecureBootKeyName =3D L"Fail DBT"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_ACCESS_DENIED);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailKEK (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_DEVICE_ERROR);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesShouldStopFailPK (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbtDummy =3D 0xAD;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D &DbtDummy,=0D
+ .DbtSize =3D sizeof (DbtDummy),=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));=0D
+ PayloadSize =3D sizeof (DbtDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_INVALID_PARAMETER);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.=0D
+=0D
+ @param[in] Context [Optional] An optional parameter that enables:=0D
+ 1) test-case reuse with varied parameters and=0D
+ 2) test-case re-entry for Target tests that need =
a=0D
+ reboot. This parameter is a VOID* and it is the=
=0D
+ responsibility of the test author to ensure that =
the=0D
+ contents are well understood by all test cases th=
at may=0D
+ consume it.=0D
+=0D
+ @retval UNIT_TEST_PASSED The Unit test has completed and th=
e test=0D
+ case was successful.=0D
+ @retval UNIT_TEST_ERROR_TEST_FAILED A test case assertion has failed.=
=0D
+**/=0D
+UNIT_TEST_STATUS=0D
+EFIAPI=0D
+SetSecureBootVariablesDBTOptional (=0D
+ IN UNIT_TEST_CONTEXT Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINT8 DbDummy =3D 0xDE;=0D
+ UINT8 DbxDummy =3D 0xBE;=0D
+ UINT8 KekDummy =3D 0xEF;=0D
+ UINT8 PkDummy =3D 0xFE;=0D
+ UINT8 *Payload =3D NULL;=0D
+ UINTN PayloadSize =3D sizeof (DbDummy);=0D
+ SECURE_BOOT_PAYLOAD_INFO PayloadInfo =3D {=0D
+ .DbPtr =3D &DbDummy,=0D
+ .DbSize =3D sizeof (DbDummy),=0D
+ .DbxPtr =3D &DbxDummy,=0D
+ .DbxSize =3D sizeof (DbxDummy),=0D
+ .DbtPtr =3D NULL,=0D
+ .DbtSize =3D 0,=0D
+ .KekPtr =3D &KekDummy,=0D
+ .KekSize =3D sizeof (KekDummy),=0D
+ .PkPtr =3D &PkDummy,=0D
+ .PkSize =3D sizeof (PkDummy),=0D
+ .SecureBootKeyName =3D L"Food"=0D
+ };=0D
+=0D
+ expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
sizeof (EFI_SECURE_BOOT_MODE_NAME));=0D
+ expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockGetVariable, *DataSize, 0);=0D
+=0D
+ will_return (MockGetVariable, FALSE);=0D
+=0D
+ Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &DbDummy, sizeof (DbDummy));=0D
+ PayloadSize =3D sizeof (DbDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &KekDummy, sizeof (KekDummy));=0D
+ PayloadSize =3D sizeof (KekDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
sizeof (EFI_KEY_EXCHANGE_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ CopyMem (Payload, &PkDummy, sizeof (PkDummy));=0D
+ PayloadSize =3D sizeof (PkDummy);=0D
+ Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+ UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));=0D
+=0D
+ expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));=0D
+ expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);=0D
+ expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);=0D
+ expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));=0D
+ expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));=0D
+=0D
+ will_return (MockSetVariable, EFI_SUCCESS);=0D
+=0D
+ Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);=0D
+ UT_ASSERT_NOT_EFI_ERROR (Status);=0D
+=0D
+ return UNIT_TEST_PASSED;=0D
+}=0D
+=0D
+/**=0D
+ Initialze the unit test framework, suite, and unit tests for the=0D
+ SecureBootVariableLib and run the SecureBootVariableLib unit test.=0D
+=0D
+ @retval EFI_SUCCESS All test cases were dispatched.=0D
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available =
to=0D
+ initialize the unit tests.=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+UnitTestingEntry (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UNIT_TEST_FRAMEWORK_HANDLE Framework;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarMiscTests;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarDeleteTests;=0D
+ UNIT_TEST_SUITE_HANDLE SecureBootVarEnrollTests;=0D
+=0D
+ Framework =3D NULL;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO=
N));=0D
+=0D
+ //=0D
+ // Start setting up the test framework for running the tests.=0D
+ //=0D
+ Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa=
llerBaseName, UNIT_TEST_APP_VERSION);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n=
", Status));=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ //=0D
+ // Populate the SecureBootVariableLib Unit Test Suite.=0D
+ //=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "Sec=
ureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneo=
us", NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "S=
ecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NUL=
L, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ Status =3D CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "S=
ecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment",=
NULL, NULL);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));=0D
+ Status =3D EFI_OUT_OF_RESOURCES;=0D
+ goto EXIT;=0D
+ }=0D
+=0D
+ //=0D
+ // --------------Suite-----------Description--------------Name----------=
Function--------Pre---Post-------------------Context-----------=0D
+ //=0D
+ AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate=
to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL=
, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to g=
et variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL);=
=0D
+ AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propaga=
te to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar,=
NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreat=
eDataFromInputSimple, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateD=
ataFromInputNull, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootC=
reateDataFromInputMultiple, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should popu=
late descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayl=
oadShouldPopulateDescriptor, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail=
on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShou=
ldCheckInput, NULL, NULL, NULL);=0D
+=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with a=
uth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with=
auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with=
auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with=
auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete =
PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, =
NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVari=
ablesShouldDelete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
fail if protection disable fails", "DeleteSecureBootVariables Fail", Delet=
eSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
continue if any variable is not found", "DeleteSecureBootVariables Proceed=
", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL);=0D
+=0D
+ AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply wi=
th authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldC=
omplete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVa=
riablesShouldComplete, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when already enabled", "SetSecureBootVariablesToDefault Already=
Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", Se=
tSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", =
SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", =
SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", =
SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", Se=
tSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL);=0D
+ AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should only be optional", "SetSecureBootVariablesToDefault DBT Optional", S=
etSecureBootVariablesDBTOptional, NULL, NULL, NULL);=0D
+=0D
+ //=0D
+ // Execute the tests.=0D
+ //=0D
+ Status =3D RunAllTestSuites (Framework);=0D
+=0D
+EXIT:=0D
+ if (Framework) {=0D
+ FreeUnitTestFramework (Framework);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Standard POSIX C entry point for host based unit test execution.=0D
+**/=0D
+int=0D
+main (=0D
+ int argc,=0D
+ char *argv[]=0D
+ )=0D
+{=0D
+ return UnitTestingEntry ();=0D
+}=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/M=
ockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..1e19033c5a91
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.inf
@@ -0,0 +1,33 @@
+## @file=0D
+# Provides an abstracted interface for configuring PK related variable pr=
otection.=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockPlatformPKProtectionLib=0D
+ FILE_GUID =3D 5FCD74D3-3965-4D56-AB83-000B9B4806A0=
=0D
+ MODULE_TYPE =3D DXE_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D PlatformPKProtectionLib|HOST_APPLICAT=
ION=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+ MockPlatformPKProtectionLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ UnitTestLib=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
new file mode 100644
index 000000000000..a84242ac7205
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -0,0 +1,45 @@
+## @file=0D
+# Instance of UEFI Library.=0D
+#=0D
+# The UEFI Library provides functions and macros that simplify the develop=
ment of=0D
+# UEFI Drivers and UEFI Applications. These functions and macros help ma=
nage EFI=0D
+# events, build simple locks utilizing EFI Task Priority Levels (TPLs), i=
nstall=0D
+# EFI Driver Model related protocols, manage Unicode string tables for UE=
FI Drivers,=0D
+# and print messages on the console output and standard error devices.=0D
+#=0D
+# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockUefiLib=0D
+ FILE_GUID =3D E3B7AEF9-4E55-49AF-B035-ED776C928EC6=
=0D
+ MODULE_TYPE =3D UEFI_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D UefiLib|HOST_APPLICATION=0D
+=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ MockUefiLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ PrintLib=0D
+ PcdLib=0D
+ MemoryAllocationLib=0D
+ DebugLib=0D
+ BaseMemoryLib=0D
+ BaseLib=0D
+ UefiRuntimeServicesTableLib=0D
+=0D
+[Guids]=0D
+ gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## =
Variable=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTe=
st/MockUefiRuntimeServicesTableLib.inf
new file mode 100644
index 000000000000..f832a93e2254
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.inf
@@ -0,0 +1,25 @@
+## @file=0D
+# Mock implementation of the UEFI Runtime Services Table Library.=0D
+#=0D
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D MockUefiRuntimeServicesTableLib=0D
+ FILE_GUID =3D 84CE0021-ABEE-403C-9A1B-763CCF2D40F1=
=0D
+ MODULE_TYPE =3D UEFI_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D UefiRuntimeServicesTableLib|HOST_APPL=
ICATION=0D
+=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ MockUefiRuntimeServicesTableLib.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/SecureBootVariableLibUnitTest.inf
new file mode 100644
index 000000000000..f99fb09be52e
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.inf
@@ -0,0 +1,36 @@
+## @file=0D
+# Unit tests of the implementation of SecureBootVariableLib.=0D
+#=0D
+# Copyright (C) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010006=0D
+ BASE_NAME =3D SecureBootVariableLibUnitTest=0D
+ FILE_GUID =3D 71C5359E-08FB-450E-9766-BC70482DF66B=
=0D
+ MODULE_TYPE =3D HOST_APPLICATION=0D
+ VERSION_STRING =3D 1.0=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64=0D
+#=0D
+=0D
+[Sources]=0D
+ SecureBootVariableLibUnitTest.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ SecureBootVariableLib=0D
+ BaseLib=0D
+ BaseMemoryLib=0D
+ DebugLib=0D
+ UefiLib=0D
+ UnitTestLib=0D
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.y=
aml
index 791214239899..2138b0a5e21b 100644
--- a/SecurityPkg/SecurityPkg.ci.yaml
+++ b/SecurityPkg/SecurityPkg.ci.yaml
@@ -15,6 +15,7 @@
## "<ErrorID>", "<KeyWord>"=0D
## ]=0D
"ExceptionList": [=0D
+ "8005", "gRT",=0D
],=0D
## Both file path and directory path are accepted.=0D
"IgnoreFiles": [=0D
@@ -26,6 +27,10 @@
"CompilerPlugin": {=0D
"DscPath": "SecurityPkg.dsc"=0D
},=0D
+ ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin=0D
+ "HostUnitTestCompilerPlugin": {=0D
+ "DscPath": "Test/SecurityPkgHostTest.dsc"=0D
+ },=0D
"CharEncodingCheck": {=0D
"IgnoreFiles": []=0D
},=0D
@@ -33,6 +38,7 @@
"AcceptableDependencies": [=0D
"MdePkg/MdePkg.dec",=0D
"MdeModulePkg/MdeModulePkg.dec",=0D
+ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",=0D
"SecurityPkg/SecurityPkg.dec",=0D
"StandaloneMmPkg/StandaloneMmPkg.dec",=0D
"CryptoPkg/CryptoPkg.dec"=0D
@@ -47,6 +53,11 @@
"DscPath": "SecurityPkg.dsc",=0D
"IgnoreInf": []=0D
},=0D
+ ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck=0D
+ "HostUnitTestDscCompleteCheck": {=0D
+ "IgnoreInf": [""],=0D
+ "DscPath": "Test/SecurityPkgHostTest.dsc"=0D
+ },=0D
"GuidCheck": {=0D
"IgnoreGuidName": [],=0D
"IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],=0D
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/Se=
curityPkgHostTest.dsc
new file mode 100644
index 000000000000..c4df01fe1b73
--- /dev/null
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -0,0 +1,38 @@
+## @file=0D
+# SecurityPkg DSC file used to build host-based unit tests.=0D
+#=0D
+# Copyright (C) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ PLATFORM_NAME =3D SecurityPkgHostTest=0D
+ PLATFORM_GUID =3D 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0=0D
+ PLATFORM_VERSION =3D 0.1=0D
+ DSC_SPECIFICATION =3D 0x00010005=0D
+ OUTPUT_DIRECTORY =3D Build/SecurityPkg/HostTest=0D
+ SUPPORTED_ARCHITECTURES =3D IA32|X64=0D
+ BUILD_TARGETS =3D NOOPT=0D
+ SKUID_IDENTIFIER =3D DEFAULT=0D
+=0D
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc=0D
+=0D
+[LibraryClasses]=0D
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf=0D
+=0D
+[Components]=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServic=
esTableLib.inf=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtect=
ionLib.inf=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf=0D
+=0D
+ #=0D
+ # Build SecurityPkg HOST_APPLICATION Tests=0D
+ #=0D
+ SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLib=
UnitTest.inf {=0D
+ <LibraryClasses>=0D
+ SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/Secu=
reBootVariableLib.inf=0D
+ UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLi=
b/UnitTest/MockUefiRuntimeServicesTableLib.inf=0D
+ PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/Un=
itTest/MockPlatformPKProtectionLib.inf=0D
+ UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiL=
ib.inf=0D
+ }=0D
--=20
2.36.0.windows.1