| Message ID | 1517823358-943-1-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] uefirtvariable: modify both authenticated attributes setting test | expand |
On 05/02/18 09:35, Ivan Hu wrote: > UEFI spec 2.7 introduces new attribute > EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for > EFI_VARIABLE_AUTHENTICATION_3 and the attribute > EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated > > And specify > If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the > EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a > SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/lib/include/fwts_uefi.h | 3 ++- > src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++----- > 2 files changed, 7 insertions(+), 6 deletions(-) > > diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h > index bf93613..e90d115 100644 > --- a/src/lib/include/fwts_uefi.h > +++ b/src/lib/include/fwts_uefi.h > @@ -43,7 +43,8 @@ enum { > FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008, > FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010, > FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020, > - FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040 > + FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040, > + FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS = 0x00000080 > }; > > enum { > diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c > index f5c79a0..b038216 100644 > --- a/src/uefi/uefirtvariable/uefirtvariable.c > +++ b/src/uefi/uefirtvariable/uefirtvariable.c > @@ -885,7 +885,7 @@ static int setvariable_insertvariable( > > if (ioret == -1) { > if ((status == EFI_INVALID_PARAMETER) && > - ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) || > + ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) || > (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) || > (attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) { > fwts_uefi_print_status_info(fw, status); > @@ -1045,7 +1045,7 @@ static int setvariable_invalidattr( > ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable); > > if ((status == EFI_SUCCESS) && (ioret != -1)) { > - if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) && > + if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) && > (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) && > (status != EFI_INVALID_PARAMETER)) { > fwts_warning(fw, > @@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw) > uint8_t datadiff = 0; > uint32_t attr; > > - attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > + attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff); > if (ret == FWTS_ERROR) { > fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable", > - "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " > + "Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " > "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail."); > setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff); > return FWTS_ERROR; > @@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw) > >estguid1) == FWTS_ERROR) { > fwts_log_info(fw, > "Get the variable which is set by SetVariable with both " > - "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " > + "authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " > "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) " > "attributes are set %" PRIu32 " , test failed.", attr); > setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff); > Acked-by: Colin Ian King <colin.king@canonical.com>
On 2018-02-05 01:35 AM, Ivan Hu wrote: > UEFI spec 2.7 introduces new attribute > EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for > EFI_VARIABLE_AUTHENTICATION_3 and the attribute > EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated > > And specify > If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the > EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a > SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/lib/include/fwts_uefi.h | 3 ++- > src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++----- > 2 files changed, 7 insertions(+), 6 deletions(-) > > diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h > index bf93613..e90d115 100644 > --- a/src/lib/include/fwts_uefi.h > +++ b/src/lib/include/fwts_uefi.h > @@ -43,7 +43,8 @@ enum { > FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008, > FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010, > FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020, > - FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040 > + FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040, > + FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS = 0x00000080 > }; > > enum { > diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c > index f5c79a0..b038216 100644 > --- a/src/uefi/uefirtvariable/uefirtvariable.c > +++ b/src/uefi/uefirtvariable/uefirtvariable.c > @@ -885,7 +885,7 @@ static int setvariable_insertvariable( > > if (ioret == -1) { > if ((status == EFI_INVALID_PARAMETER) && > - ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) || > + ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) || > (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) || > (attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) { > fwts_uefi_print_status_info(fw, status); > @@ -1045,7 +1045,7 @@ static int setvariable_invalidattr( > ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable); > > if ((status == EFI_SUCCESS) && (ioret != -1)) { > - if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) && > + if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) && > (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) && > (status != EFI_INVALID_PARAMETER)) { > fwts_warning(fw, > @@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw) > uint8_t datadiff = 0; > uint32_t attr; > > - attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > + attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff); > if (ret == FWTS_ERROR) { > fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable", > - "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " > + "Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " > "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail."); > setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff); > return FWTS_ERROR; > @@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw) > >estguid1) == FWTS_ERROR) { > fwts_log_info(fw, > "Get the variable which is set by SetVariable with both " > - "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " > + "authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " > "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) " > "attributes are set %" PRIu32 " , test failed.", attr); > setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff); > Acked-by: Alex Hung <alex.hung@canonical.com>
diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h index bf93613..e90d115 100644 --- a/src/lib/include/fwts_uefi.h +++ b/src/lib/include/fwts_uefi.h @@ -43,7 +43,8 @@ enum { FWTS_UEFI_VARIABLE_HARDWARE_ERROR_RECORD = 0x00000008, FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS = 0x00000010, FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020, - FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040 + FWTS_UEFI_VARIABLE_APPEND_WRITE = 0x00000040, + FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS = 0x00000080 }; enum { diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c index f5c79a0..b038216 100644 --- a/src/uefi/uefirtvariable/uefirtvariable.c +++ b/src/uefi/uefirtvariable/uefirtvariable.c @@ -885,7 +885,7 @@ static int setvariable_insertvariable( if (ioret == -1) { if ((status == EFI_INVALID_PARAMETER) && - ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) || + ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) || (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) || (attributes & FWTS_UEFI_VARIABLE_APPEND_WRITE))) { fwts_uefi_print_status_info(fw, status); @@ -1045,7 +1045,7 @@ static int setvariable_invalidattr( ioret = ioctl(fd, EFI_RUNTIME_SET_VARIABLE, &setvariable); if ((status == EFI_SUCCESS) && (ioret != -1)) { - if ((attributes & FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) && + if ((attributes & FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS) && (attributes & FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) && (status != EFI_INVALID_PARAMETER)) { fwts_warning(fw, @@ -1344,11 +1344,11 @@ static int setvariable_test7(fwts_framework *fw) uint8_t datadiff = 0; uint32_t attr; - attr = attributes | FWTS_UEFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + attr = attributes | FWTS_UEFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS | FWTS_UEFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; ret = setvariable_invalidattr(fw, attr, datasize, variablenametest, >estguid1, datadiff); if (ret == FWTS_ERROR) { fwts_failed(fw, LOG_LEVEL_MEDIUM, "UEFIRuntimeSetVariable", - "Successfully set variable with both authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " + "Successfully set variable with both authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) attributes are set, expected fail."); setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff); return FWTS_ERROR; @@ -1358,7 +1358,7 @@ static int setvariable_test7(fwts_framework *fw) >estguid1) == FWTS_ERROR) { fwts_log_info(fw, "Get the variable which is set by SetVariable with both " - "authenticated (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS " + "authenticated (EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS " "EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) " "attributes are set %" PRIu32 " , test failed.", attr); setvariable_insertvariable(fw, 0, datasize, variablenametest, >estguid1, datadiff);
UEFI spec 2.7 introduces new attribute EFI_VARIABLE_ENHANCED_AUTHENTICATED_WRITE_ACCESS for EFI_VARIABLE_AUTHENTICATION_3 and the attribute EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated And specify If both the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS and the EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS attribute are set in a SetVariable() call, then the firmware must return EFI_INVALID_PARAMETER. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/lib/include/fwts_uefi.h | 3 ++- src/uefi/uefirtvariable/uefirtvariable.c | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-)