From c28c16e7c447f3f684ab14644dfb201be8c37aa3 Mon Sep 17 00:00:00 2001 From: Chris Johnson Date: Fri, 24 Mar 2023 16:12:17 -0700 Subject: SecurityPkg: Add gmock example REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Chris Johnson Acked-by: Jiewen Yao Reviewed-by: Oliver Smith-Denny Reviewed-by: Michael D Kinney --- .../GoogleTest/SecureBootVariableLibGoogleTest.cpp | 174 +++++++++++++++++++++ .../GoogleTest/SecureBootVariableLibGoogleTest.inf | 32 ++++ .../UnitTest/MockPlatformPKProtectionLib.inf | 4 +- .../SecureBootVariableLib/UnitTest/MockUefiLib.inf | 4 +- .../UnitTest/MockUefiRuntimeServicesTableLib.inf | 4 +- .../UnitTest/SecureBootVariableLibUnitTest.c | 2 +- SecurityPkg/SecurityPkg.dec | 1 + .../Library/MockPlatformPKProtectionLib.h | 28 ++++ .../MockPlatformPKProtectionLib.cpp | 11 ++ .../MockPlatformPKProtectionLib.inf | 34 ++++ SecurityPkg/Test/SecurityPkgHostTest.dsc | 8 + 11 files changed, 295 insertions(+), 7 deletions(-) create mode 100644 SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp create mode 100644 SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf create mode 100644 SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h create mode 100644 SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp create mode 100644 SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf (limited to 'SecurityPkg') diff --git a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp new file mode 100644 index 0000000000..c9190c8ffd --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp @@ -0,0 +1,174 @@ +/** @file + Unit tests for the implementation of SecureBootVariableLib. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +extern "C" { + #include + #include + #include + #include + #include + #include +} + +using namespace testing; + +////////////////////////////////////////////////////////////////////////////// +class SetSecureBootModeTest : public Test { + protected: + MockUefiRuntimeServicesTableLib RtServicesMock; + UINT8 SecureBootMode; + EFI_STATUS Status; + + void SetUp() override { + // Any random magic number can be used for these tests + SecureBootMode = 0xAB; + } +}; + +// Test SetSecureBootMode() API from SecureBootVariableLib to verify the +// expected error is returned when the call to gRT->SetVariable() fails. +TEST_F(SetSecureBootModeTest, SetVarError) { + EXPECT_CALL(RtServicesMock, gRT_SetVariable) + .WillOnce(Return(EFI_INVALID_PARAMETER)); + + Status = SetSecureBootMode(SecureBootMode); + EXPECT_EQ(Status, EFI_INVALID_PARAMETER); +} + +// Test SetSecureBootMode() API from SecureBootVariableLib to verify the +// expected secure boot mode is written to the correct variable in the call +// to gRT->SetVariable(). +TEST_F(SetSecureBootModeTest, PropogateModeToSetVar) { + EXPECT_CALL(RtServicesMock, + gRT_SetVariable( + Char16StrEq(EFI_CUSTOM_MODE_NAME), + BufferEq(&gEfiCustomModeEnableGuid, sizeof(EFI_GUID)), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(SecureBootMode), + BufferEq(&SecureBootMode, sizeof(SecureBootMode)))) + .WillOnce(Return(EFI_SUCCESS)); + + Status = SetSecureBootMode(SecureBootMode); + EXPECT_EQ(Status, EFI_SUCCESS); +} + +////////////////////////////////////////////////////////////////////////////// +class GetSetupModeTest : public Test { + protected: + MockUefiRuntimeServicesTableLib RtServicesMock; + UINT8 SetupMode; + EFI_STATUS Status; + UINT8 ExpSetupMode; + + void SetUp() override { + // Any random magic number can be used for these tests + ExpSetupMode = 0xAB; + } +}; + +// Test GetSetupMode() API from SecureBootVariableLib to verify the expected +// error is returned when the call to gRT->GetVariable() fails. +TEST_F(GetSetupModeTest, GetVarError) { + EXPECT_CALL(RtServicesMock, gRT_GetVariable) + .WillOnce(Return(EFI_INVALID_PARAMETER)); + + Status = GetSetupMode (&SetupMode); + EXPECT_EQ(Status, EFI_INVALID_PARAMETER); +} + +// Test GetSetupMode() API from SecureBootVariableLib to verify the expected +// setup mode is returned (and with a success return code) when the mode is +// successfully read from the call to gRT->GetVariable(). +TEST_F(GetSetupModeTest, FetchModeFromGetVar) { + EXPECT_CALL(RtServicesMock, + gRT_GetVariable( + Char16StrEq(EFI_SETUP_MODE_NAME), + BufferEq(&gEfiGlobalVariableGuid, sizeof(EFI_GUID)), + _, + Pointee(Eq(sizeof(SetupMode))), + NotNull())) + .WillOnce(DoAll( + SetArgPointee<3>(sizeof(ExpSetupMode)), + SetArgBuffer<4>(&ExpSetupMode, sizeof(ExpSetupMode)), + Return(EFI_SUCCESS))); + + Status = GetSetupMode (&SetupMode); + ASSERT_EQ(Status, EFI_SUCCESS); + EXPECT_EQ(SetupMode, ExpSetupMode); +} + +////////////////////////////////////////////////////////////////////////////// +class IsSecureBootEnabledTest : public Test { + protected: + MockUefiLib UefiLibMock; + BOOLEAN Enabled; +}; + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE +// is returned when the call to GetEfiGlobalVariable2() fails. +TEST_F(IsSecureBootEnabledTest, GetVarError) { + EXPECT_CALL(UefiLibMock, GetEfiGlobalVariable2) + .WillOnce(Return(EFI_ABORTED)); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, FALSE); +} + +////////////////////////////////////////////////////////////////////////////// +class IsSecureBootEnabledAllocTest : public IsSecureBootEnabledTest { + protected: + UINT8 *BootEnabledBuffer; + + void SetUp() override { + BootEnabledBuffer = (UINT8*) AllocatePool(1); + ASSERT_NE(BootEnabledBuffer, nullptr); + } +}; + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify TRUE +// is returned when the call to GetEfiGlobalVariable2() is successful and +// returns SECURE_BOOT_MODE_ENABLE. +TEST_F(IsSecureBootEnabledAllocTest, IsEnabled) { + *BootEnabledBuffer = SECURE_BOOT_MODE_ENABLE; + EXPECT_CALL(UefiLibMock, + GetEfiGlobalVariable2( + Char16StrEq(EFI_SECURE_BOOT_MODE_NAME), + NotNull(), + _)) + .WillOnce(DoAll( + SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)), + Return(EFI_SUCCESS))); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, TRUE); +} + +// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE +// is returned when the call to GetEfiGlobalVariable2() is successful and +// returns SECURE_BOOT_MODE_DISABLE. +TEST_F(IsSecureBootEnabledAllocTest, IsDisabled) { + *BootEnabledBuffer = SECURE_BOOT_MODE_DISABLE; + EXPECT_CALL(UefiLibMock, + GetEfiGlobalVariable2( + Char16StrEq(EFI_SECURE_BOOT_MODE_NAME), + NotNull(), + _)) + .WillOnce(DoAll( + SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)), + Return(EFI_SUCCESS))); + + Enabled = IsSecureBootEnabled (); + EXPECT_EQ(Enabled, FALSE); +} + +int main(int argc, char* argv[]) { + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf new file mode 100644 index 0000000000..5503dcfa32 --- /dev/null +++ b/SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf @@ -0,0 +1,32 @@ +## @file +# Unit test suite for the SecureBootVariableLib using Google Test +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = SecureBootVariableLibGoogleTest + FILE_GUID = C88372AB-726B-4344-A250-6C7F826C874E + VERSION_STRING = 1.0 + MODULE_TYPE = HOST_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SecureBootVariableLibGoogleTest.cpp + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + GoogleTestLib + SecureBootVariableLib diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf index 1e19033c5a..c927ef7099 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf @@ -10,9 +10,9 @@ INF_VERSION = 0x00010005 BASE_NAME = MockPlatformPKProtectionLib FILE_GUID = 5FCD74D3-3965-4D56-AB83-000B9B4806A0 - MODULE_TYPE = DXE_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = PlatformPKProtectionLib|HOST_APPLICATION + LIBRARY_CLASS = PlatformPKProtectionLib # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf index a84242ac72..fecf468411 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf @@ -18,9 +18,9 @@ INF_VERSION = 0x00010005 BASE_NAME = MockUefiLib FILE_GUID = E3B7AEF9-4E55-49AF-B035-ED776C928EC6 - MODULE_TYPE = UEFI_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = UefiLib|HOST_APPLICATION + LIBRARY_CLASS = UefiLib # # VALID_ARCHITECTURES = IA32 X64 EBC diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf index f832a93e22..6fe0418960 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf @@ -10,9 +10,9 @@ INF_VERSION = 0x00010005 BASE_NAME = MockUefiRuntimeServicesTableLib FILE_GUID = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1 - MODULE_TYPE = UEFI_DRIVER + MODULE_TYPE = HOST_APPLICATION VERSION_STRING = 1.0 - LIBRARY_CLASS = UefiRuntimeServicesTableLib|HOST_APPLICATION + LIBRARY_CLASS = UefiRuntimeServicesTableLib # # VALID_ARCHITECTURES = IA32 X64 EBC diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c index a23135dfb0..3a92d5d834 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c +++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c @@ -163,7 +163,7 @@ MockGetVariable ( return EFI_BUFFER_TOO_SMALL; } else { assert_non_null (Data); - CopyMem (Data, (VOID *)mock (), TargetSize); + CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize); } return EFI_SUCCESS; diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0382090f4e..0a8042d63f 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -21,6 +21,7 @@ [Includes] Include + Test/Mock/Include [LibraryClasses] ## @libraryclass Provides hash interfaces from different implementations. diff --git a/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h new file mode 100644 index 0000000000..8024f4be29 --- /dev/null +++ b/SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h @@ -0,0 +1,28 @@ +/** @file + Google Test mocks for PlatformPKProtectionLib + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef MOCK_PLATFORM_PK_PROTECTION_LIB_H_ +#define MOCK_PLATFORM_PK_PROTECTION_LIB_H_ + +#include +#include +extern "C" { +#include +#include +} + +struct MockPlatformPKProtectionLib { + MOCK_INTERFACE_DECLARATION (MockPlatformPKProtectionLib); + + MOCK_FUNCTION_DECLARATION ( + EFI_STATUS, + DisablePKProtection, + () + ); +}; + +#endif diff --git a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp new file mode 100644 index 0000000000..5ea030f6df --- /dev/null +++ b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp @@ -0,0 +1,11 @@ +/** @file + Google Test mocks for PlatformPKProtectionLib + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include + +MOCK_INTERFACE_DEFINITION(MockPlatformPKProtectionLib); + +MOCK_FUNCTION_DEFINITION(MockPlatformPKProtectionLib, DisablePKProtection, 0, EFIAPI); diff --git a/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf new file mode 100644 index 0000000000..3ed638eaf7 --- /dev/null +++ b/SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf @@ -0,0 +1,34 @@ +## @file +# Google Test mocks for PlatformPKProtectionLib +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MockPlatformPKProtectionLib + FILE_GUID = C1383D85-E0ED-44E0-A0A6-125F1D78B6E9 + MODULE_TYPE = HOST_APPLICATION + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformPKProtectionLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + MockPlatformPKProtectionLib.cpp + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + GoogleTestLib + +[BuildOptions] + MSFT:*_*_*_CC_FLAGS = /EHsc diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc index c4df01fe1b..ad5b4fc350 100644 --- a/SecurityPkg/Test/SecurityPkgHostTest.dsc +++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc @@ -25,6 +25,7 @@ SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf + SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf # # Build SecurityPkg HOST_APPLICATION Tests @@ -36,3 +37,10 @@ PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf } + SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf { + + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf + PlatformPKProtectionLib|SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf + UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf + } -- cgit v1.2.3