/** @file
|
|
Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
**/
|
|
#include <Uefi.h>
|
#include <PiDxe.h>
|
#include <Library/TestPointCheckLib.h>
|
#include <Library/TestPointLib.h>
|
#include <Library/DebugLib.h>
|
#include <Library/UefiLib.h>
|
#include <Library/PrintLib.h>
|
#include <Library/MemoryAllocationLib.h>
|
#include <Guid/GlobalVariable.h>
|
#include <Guid/ImageAuthentication.h>
|
|
typedef struct {
|
CHAR16 *Name;
|
EFI_GUID *Guid;
|
UINT8 ExpectedSize;
|
UINT8 ExpectedData;
|
} VARIABLE_LIST;
|
|
VARIABLE_LIST mUefiSecureBootVariable[] = {
|
{EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid},
|
{EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},
|
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
|
{EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
|
};
|
|
VARIABLE_LIST mUefiSecureBootModeVariable[] = {
|
{EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, sizeof(UINT8), 1},
|
{EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, sizeof(UINT8), 0},
|
};
|
|
EFI_STATUS
|
EFIAPI
|
TestPointCheckUefiSecureBoot (
|
VOID
|
)
|
{
|
VOID *Variable;
|
UINTN Size;
|
UINTN Index;
|
EFI_STATUS Status;
|
EFI_STATUS ReturnStatus;
|
|
DEBUG ((DEBUG_INFO, "==== TestPointCheckUefiSecureBoot - Enter\n"));
|
|
ReturnStatus = EFI_SUCCESS;
|
for (Index = 0; Index < sizeof(mUefiSecureBootVariable)/sizeof(mUefiSecureBootVariable[0]); Index++) {
|
Status = GetVariable2 (mUefiSecureBootVariable[Index].Name, mUefiSecureBootVariable[Index].Guid, &Variable, &Size);
|
if(Variable == NULL) {
|
return EFI_NOT_FOUND;
|
}
|
if (EFI_ERROR(Status)) {
|
DEBUG ((DEBUG_ERROR, "Variable - %S not found\n", mUefiSecureBootVariable[Index].Name));
|
ReturnStatus = Status;
|
TestPointLibAppendErrorString (
|
PLATFORM_TEST_POINT_ROLE_PLATFORM_IBV,
|
NULL,
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_CODE \
|
TEST_POINT_READY_TO_BOOT \
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_STRING
|
);
|
} else {
|
FreePool (Variable);
|
}
|
}
|
|
for (Index = 0; Index < sizeof(mUefiSecureBootModeVariable)/sizeof(mUefiSecureBootModeVariable[0]); Index++) {
|
Status = GetVariable2 (mUefiSecureBootModeVariable[Index].Name, mUefiSecureBootModeVariable[Index].Guid, &Variable, &Size);
|
if(Variable == NULL) {
|
return EFI_NOT_FOUND;
|
}
|
if (EFI_ERROR(Status)) {
|
DEBUG ((DEBUG_ERROR, "Variable - %S not found\n", mUefiSecureBootModeVariable[Index].Name));
|
ReturnStatus = Status;
|
TestPointLibAppendErrorString (
|
PLATFORM_TEST_POINT_ROLE_PLATFORM_IBV,
|
NULL,
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_CODE \
|
TEST_POINT_READY_TO_BOOT \
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_STRING
|
);
|
} else {
|
if ((Size != mUefiSecureBootModeVariable[Index].ExpectedSize) ||
|
(*(UINT8 *)Variable != mUefiSecureBootModeVariable[Index].ExpectedData)) {
|
DEBUG ((DEBUG_ERROR, "Variable - %S is not expected (0x%x)\n", mUefiSecureBootModeVariable[Index].Name, *(UINT8 *)Variable));
|
ReturnStatus = EFI_SECURITY_VIOLATION;
|
TestPointLibAppendErrorString (
|
PLATFORM_TEST_POINT_ROLE_PLATFORM_IBV,
|
NULL,
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_CODE \
|
TEST_POINT_READY_TO_BOOT \
|
TEST_POINT_BYTE5_READY_TO_BOOT_UEFI_SECURE_BOOT_ENABLED_ERROR_STRING
|
);
|
}
|
FreePool (Variable);
|
}
|
}
|
|
DEBUG ((DEBUG_INFO, "==== TestPointCheckUefiSecureBoot - Exit\n"));
|
return ReturnStatus;
|
}
|
