diff options
25 files changed, 737 insertions, 90 deletions
diff --git a/.azurepipelines/templates/defaults.yml b/.azurepipelines/templates/defaults.yml index e6d02cd..c748459 100644 --- a/.azurepipelines/templates/defaults.yml +++ b/.azurepipelines/templates/defaults.yml @@ -9,4 +9,4 @@ variables:
default_python_version: "3.12"
- default_linux_image: "ghcr.io/tianocore/containers/fedora-40-test:c98ff99"
+ default_linux_image: "ghcr.io/tianocore/containers/fedora-41-test:4dbfa9e"
diff --git a/.mergify/config.yml b/.mergify/config.yml index 000277c..7d6834e 100644 --- a/.mergify/config.yml +++ b/.mergify/config.yml @@ -24,6 +24,9 @@ #
##
+merge_queue:
+ max_parallel_checks: 1
+
queue_rules:
- name: default
queue_conditions:
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c index 3aa76e0..e83d190 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c @@ -14,10 +14,23 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Library/DebugLib.h>
/* Convert character to lowercase */
+#ifdef _MSC_VER
+//
+// Workaround for building NOOPT on Windows systems. Due to disabled
+// optimization, the MSVC compiler cannot hide this function
+// implementation from the linker.
+//
+int
+tolower_noos (
+ int c
+ )
+ #pragma comment(linker, "/alternatename:tolower=tolower_noos")
+#else
int
tolower (
int c
)
+#endif
{
if (('A' <= (c)) && ((c) <= 'Z')) {
return (c - ('A' - 'a'));
diff --git a/Maintainers.txt b/Maintainers.txt index 579a70b..6beda4c 100644 --- a/Maintainers.txt +++ b/Maintainers.txt @@ -176,6 +176,7 @@ M: Rebecca Cran <rebecca@bsdio.com> [bexcran] M: Liming Gao <gaoliming@byosoft.com.cn> [lgao4]
M: Guillermo Antonio Palomino Sosa <guillermo.a.palomino.sosa@intel.com> [gapalomi]
R: Yuwei Chen <yuwei.chen@intel.com> [YuweiChen1110]
+R: Poncho Figueroa <poncho.figueroa.esqueda@intel.com> [ponchofigueroa]
BaseTools: Plugins
F: BaseTools/Plugin/
diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 3343e60..22ab4d7 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -1404,7 +1404,7 @@ BmDestroyRamDisk ( Status = mRamDisk->Unregister (RamDiskDevicePath);
ASSERT_EFI_ERROR (Status);
- FreePages (RamDiskBuffer, RamDiskSizeInPages);
+ FreeAlignedPages (RamDiskBuffer, RamDiskSizeInPages);
}
/**
@@ -1454,8 +1454,12 @@ BmExpandLoadFile ( //
// The load option resides in a RAM disk.
+ // Use a reasonable default of 2MB for alignment as the ramdisk device is
+ // implemented as an NVDIMM persistent memory and operating systems may
+ // wish to map this with huge page support.
//
- FileBuffer = AllocateReservedPages (EFI_SIZE_TO_PAGES (BufferSize));
+
+ FileBuffer = AllocateAlignedReservedPages (EFI_SIZE_TO_PAGES (BufferSize), SIZE_2MB);
if (FileBuffer == NULL) {
DEBUG_CODE_BEGIN ();
EFI_DEVICE_PATH *LoadFilePath;
@@ -1496,7 +1500,7 @@ BmExpandLoadFile ( Status = LoadFile->LoadFile (LoadFile, FilePath, TRUE, &BufferSize, FileBuffer);
if (EFI_ERROR (Status)) {
- FreePages (FileBuffer, EFI_SIZE_TO_PAGES (BufferSize));
+ FreeAlignedPages (FileBuffer, EFI_SIZE_TO_PAGES (BufferSize));
return NULL;
}
diff --git a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc b/MdeModulePkg/Test/MdeModulePkgHostTest.dsc index 0643e38..2361374 100644 --- a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc +++ b/MdeModulePkg/Test/MdeModulePkgHostTest.dsc @@ -71,3 +71,4 @@ MdeModulePkg/Test/Mock/Library/GoogleTest/MockHiiLib/MockHiiLib.inf
MdeModulePkg/Test/Mock/Library/GoogleTest/MockPciHostBridgeLib/MockPciHostBridgeLib.inf
MdeModulePkg/Test/Mock/Library/GoogleTest/MockVariablePolicyHelperLib/MockVariablePolicyHelperLib.inf
+ MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.inf
diff --git a/MdeModulePkg/Test/Mock/Include/GoogleTest/Library/MockSecurityManagementLib.h b/MdeModulePkg/Test/Mock/Include/GoogleTest/Library/MockSecurityManagementLib.h new file mode 100644 index 0000000..59ec205 --- /dev/null +++ b/MdeModulePkg/Test/Mock/Include/GoogleTest/Library/MockSecurityManagementLib.h @@ -0,0 +1,54 @@ +/** @file
+ Google Test mocks for DevicePathLib
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_SECURITY_MANAGEMENT_LIB_H_
+#define MOCK_SECURITY_MANAGEMENT_LIB_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+ #include <Uefi.h>
+ #include <Library/SecurityManagementLib.h>
+}
+
+struct MockSecurityManagementLib {
+ MOCK_INTERFACE_DECLARATION (MockSecurityManagementLib);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ RegisterSecurityHandler,
+ (IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler,
+ IN UINT32 AuthenticationOperation)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ ExecuteSecurityHandlers,
+ (IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ RegisterSecurity2Handler,
+ (IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler,
+ IN UINT32 AuthenticationOperation)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ ExecuteSecurity2Handlers,
+ (IN UINT32 AuthenticationOperation,
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy)
+ );
+};
+
+#endif // MOCK_SECURITY_MANAGEMENT_LIB_H_
diff --git a/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.cpp b/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.cpp new file mode 100644 index 0000000..fa3b24b --- /dev/null +++ b/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.cpp @@ -0,0 +1,15 @@ +/** @file
+ Google Test mocks for SecurityManagementLib
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Library/MockSecurityManagementLib.h>
+
+MOCK_INTERFACE_DEFINITION (MockSecurityManagementLib);
+
+MOCK_FUNCTION_DEFINITION (MockSecurityManagementLib, RegisterSecurityHandler, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockSecurityManagementLib, ExecuteSecurityHandlers, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockSecurityManagementLib, RegisterSecurity2Handler, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockSecurityManagementLib, ExecuteSecurity2Handlers, 6, EFIAPI);
diff --git a/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.inf b/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.inf new file mode 100644 index 0000000..d64e28c --- /dev/null +++ b/MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.inf @@ -0,0 +1,34 @@ +## @file
+# Google Test mocks for SecurityManagementLib
+#
+# Copyright (c) 2025, Yandex. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockSecurityManagementLib
+ FILE_GUID = 22FF8498-3FE9-495B-81B7-6595145F5832
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = SecurityManagementLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ MockSecurityManagementLib.cpp
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ GoogleTestLib
+
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf b/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf index eb85a54..2d571b5 100644 --- a/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf +++ b/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf @@ -17,7 +17,7 @@ FILE_GUID = 91c1677a-e57f-4191-8b8e-eb7711a716e0
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = DevicePathLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER SMM_CORE MM_STANDALONE
+ LIBRARY_CLASS = DevicePathLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER SMM_CORE
#
diff --git a/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf b/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf deleted file mode 100644 index 97db485..0000000 --- a/MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf +++ /dev/null @@ -1,78 +0,0 @@ -## @file
-# Instance of Device Path Library based on Memory Allocation Library.
-#
-# Device Path Library that layers on top of the Memory Allocation Library.
-#
-# This library instances is deprecated and should no longer be used. Ue
-# MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibBase.inf instead.
-#
-# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
-# Copyright (c) Microsoft Corporation.
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = UefiDevicePathLibStandaloneMm
- MODULE_UNI_FILE = UefiDevicePathLib.uni
- FILE_GUID = 7B60A2BC-9259-48A8-8279-971412EECAB3
- MODULE_TYPE = BASE
- PI_SPECIFICATION_VERSION = 0x00010032
- VERSION_STRING = 1.0
- LIBRARY_CLASS = DevicePathLib
-
-
-#
-# VALID_ARCHITECTURES = IA32 X64 EBC
-#
-
-[Sources]
- DevicePathUtilities.c
- DevicePathUtilitiesBase.c
- DevicePathToText.c
- DevicePathFromText.c
- UefiDevicePathLib.c
- UefiDevicePathLib.h
-
-[Packages]
- MdePkg/MdePkg.dec
-
-[LibraryClasses]
- BaseLib
- MemoryAllocationLib
- DebugLib
- BaseMemoryLib
- PcdLib
- PrintLib
-
-[Guids]
- ## SOMETIMES_CONSUMES ## GUID
- gEfiVTUTF8Guid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiVT100Guid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiVT100PlusGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiPcAnsiGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiUartDevicePathGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiSasDevicePathGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiVirtualDiskGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiVirtualCdGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiPersistentVirtualDiskGuid
- ## SOMETIMES_CONSUMES ## GUID
- gEfiPersistentVirtualCdGuid
-
-[Protocols]
- gEfiDevicePathProtocolGuid ## SOMETIMES_CONSUMES
- gEfiDebugPortProtocolGuid ## UNDEFINED
-
-[Pcd]
- gEfiMdePkgTokenSpaceGuid.PcdMaximumDevicePathNodeCount ## SOMETIMES_CONSUMES
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index f8b3ff5..0509bb6 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -111,7 +111,6 @@ MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibBase.inf
- MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf
MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibOptionalDevicePathProtocol.inf
MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLibDevicePathProtocol.inf
MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc index 6616463..e6e1829 100644 --- a/MdePkg/Test/MdePkgHostTest.dsc +++ b/MdePkg/Test/MdePkgHostTest.dsc @@ -53,5 +53,6 @@ MdePkg/Test/Mock/Library/GoogleTest/MockPciSegmentLib/MockPciSegmentLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockReportStatusCodeLib/MockReportStatusCodeLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockSafeIntLib/MockSafeIntLib.inf
+ MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.inf
MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockDevicePathLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockDevicePathLib.h new file mode 100644 index 0000000..1a6a080 --- /dev/null +++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockDevicePathLib.h @@ -0,0 +1,179 @@ +/** @file
+ Google Test mocks for DevicePathLib
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_DEVICE_PATH_LIB_LIB_H_
+#define MOCK_DEVICE_PATH_LIB_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+ #include <Uefi.h>
+ #include <Library/DevicePathLib.h>
+}
+
+struct MockDevicePathLib {
+ MOCK_INTERFACE_DECLARATION (MockDevicePathLib);
+
+ MOCK_FUNCTION_DECLARATION (
+ BOOLEAN,
+ IsDevicePathValid,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
+ IN UINTN MaxSize)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ UINT8,
+ DevicePathType,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ UINT8,
+ DevicePathSubType,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ UINTN,
+ DevicePathNodeLength,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ NextDevicePathNode,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ BOOLEAN,
+ IsDevicePathEndType,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ BOOLEAN,
+ IsDevicePathEnd,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ BOOLEAN,
+ IsDevicePathEndInstance,
+ (IN CONST VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ UINT16,
+ SetDevicePathNodeLength,
+ (IN OUT VOID *Node,
+ IN UINTN Length)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ VOID,
+ SetDevicePathEndNode,
+ (OUT VOID *Node)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ UINTN,
+ GetDevicePathSize,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ DuplicateDevicePath,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ AppendDevicePath,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *FirstDevicePath OPTIONAL,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *SecondDevicePath OPTIONAL)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ AppendDevicePathNode,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath OPTIONAL,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePathNode OPTIONAL)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ AppendDevicePathInstance,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath OPTIONAL,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePathInstance OPTIONAL)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ GetNextDevicePathInstance,
+ (IN OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath,
+ OUT UINTN *Size)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ CreateDeviceNode,
+ (IN UINT8 NodeType,
+ IN UINT8 NodeSubType,
+ IN UINT16 NodeLength)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ BOOLEAN,
+ IsDevicePathMultiInstance,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ DevicePathFromHandle,
+ (IN EFI_HANDLE Handle)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ FileDevicePath,
+ (IN EFI_HANDLE Device OPTIONAL,
+ IN CONST CHAR16 *FileName)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ CHAR16 *,
+ ConvertDevicePathToText,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
+ IN BOOLEAN DisplayOnly,
+ IN BOOLEAN AllowShortcuts)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ CHAR16 *,
+ ConvertDeviceNodeToText,
+ (IN CONST EFI_DEVICE_PATH_PROTOCOL *DeviceNode,
+ IN BOOLEAN DisplayOnly,
+ IN BOOLEAN AllowShortcuts)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ ConvertTextToDeviceNode,
+ (IN CONST CHAR16 *TextDeviceNode)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_DEVICE_PATH_PROTOCOL *,
+ ConvertTextToDevicePath,
+ (IN CONST CHAR16 *TextDevicePath)
+ );
+};
+
+#endif // MOCK_DEVICE_PATH_LIB_H_
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h index d72b941..7f60da3 100644 --- a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h +++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h @@ -73,6 +73,34 @@ struct MockUefiBootServicesTableLib { IN CONST EFI_GUID *EventGroup OPTIONAL,
OUT EFI_EVENT *Event)
);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_LocateDevicePath,
+ (IN EFI_GUID *Protocol,
+ IN OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath,
+ OUT EFI_HANDLE *Device)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_OpenProtocol,
+ (IN EFI_HANDLE UserHandle,
+ IN EFI_GUID *Protocol,
+ OUT VOID **Interface OPTIONAL,
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_HANDLE ControllerHandle,
+ IN UINT32 Attributes)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CloseProtocol,
+ (IN EFI_HANDLE UserHandle,
+ IN EFI_GUID *Protocol,
+ IN EFI_HANDLE AgentHandle,
+ IN EFI_HANDLE ControllerHandle)
+ );
};
#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.cpp b/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.cpp new file mode 100644 index 0000000..8f07d30 --- /dev/null +++ b/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.cpp @@ -0,0 +1,35 @@ +/** @file
+ Google Test mocks for DevicePathLib
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Library/MockDevicePathLib.h>
+
+MOCK_INTERFACE_DEFINITION (MockDevicePathLib);
+
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, IsDevicePathValid, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, DevicePathType, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, DevicePathSubType, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, DevicePathNodeLength, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, NextDevicePathNode, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, IsDevicePathEndType, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, IsDevicePathEnd, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, IsDevicePathEndInstance, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, SetDevicePathNodeLength, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, SetDevicePathEndNode, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, GetDevicePathSize, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, DuplicateDevicePath, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, AppendDevicePath, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, AppendDevicePathNode, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, AppendDevicePathInstance, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, GetNextDevicePathInstance, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, CreateDeviceNode, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, IsDevicePathMultiInstance, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, DevicePathFromHandle, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, FileDevicePath, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, ConvertDevicePathToText, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, ConvertDeviceNodeToText, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, ConvertTextToDeviceNode, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockDevicePathLib, ConvertTextToDevicePath, 1, EFIAPI);
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.inf b/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.inf new file mode 100644 index 0000000..542a252 --- /dev/null +++ b/MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.inf @@ -0,0 +1,33 @@ +## @file
+# Google Test mocks for DevicePathLib
+#
+# Copyright (c) 2025, Yandex. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockDevicePathLib
+ FILE_GUID = 56A63D54-644B-4769-88BC-AB2DCDADE351
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = DevicePathLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ MockDevicePathLib.cpp
+
+[Packages]
+ MdePkg/MdePkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+ GoogleTestLib
+
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp index ced6255..64df07e 100644 --- a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp +++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp @@ -13,6 +13,9 @@ MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CloseEvent, 1, EFIAP MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_HandleProtocol, 3, EFIAPI);
MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_LocateProtocol, 3, EFIAPI);
MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEventEx, 6, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_LocateDevicePath, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_OpenProtocol, 6, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CloseProtocol, 4, EFIAPI);
static EFI_BOOT_SERVICES LocalBs = {
{ 0, 0, 0, 0, 0 }, // EFI_TABLE_HEADER
@@ -36,7 +39,7 @@ static EFI_BOOT_SERVICES LocalBs = { NULL, // VOID
NULL, // EFI_REGISTER_PROTOCOL_NOTIFY
NULL, // EFI_LOCATE_HANDLE
- NULL, // EFI_LOCATE_DEVICE_PATH
+ gBS_LocateDevicePath, // EFI_LOCATE_DEVICE_PATH
NULL, // EFI_INSTALL_CONFIGURATION_TABLE
NULL, // EFI_IMAGE_LOAD
NULL, // EFI_IMAGE_START
@@ -48,8 +51,8 @@ static EFI_BOOT_SERVICES LocalBs = { NULL, // EFI_SET_WATCHDOG_TIMER
NULL, // EFI_CONNECT_CONTROLLER
NULL, // EFI_DISCONNECT_CONTROLLER
- NULL, // EFI_OPEN_PROTOCOL
- NULL, // EFI_CLOSE_PROTOCOL
+ gBS_OpenProtocol, // EFI_OPEN_PROTOCOL
+ gBS_CloseProtocol, // EFI_CLOSE_PROTOCOL
NULL, // EFI_OPEN_PROTOCOL_INFORMATION
NULL, // EFI_PROTOCOLS_PER_HANDLE
NULL, // EFI_LOCATE_HANDLE_BUFFER
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index ace2dfc..f859db6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -530,7 +530,7 @@ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/StandaloneMmReportStatusCodeLib.inf
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
- DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibBase.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
[LibraryClasses.common.MM_CORE_STANDALONE]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 23e25a4..5ac6dda 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1705,6 +1705,13 @@ DxeImageVerificationHandler ( IsFoundInDatabase = FALSE;
//
+ // Sanity check
+ //
+ if (File == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
// Check the image type and get policy setting.
//
switch (GetImageType (File)) {
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.cpp b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.cpp new file mode 100644 index 0000000..325c3f5 --- /dev/null +++ b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.cpp @@ -0,0 +1,137 @@ +/** @file
+ Unit tests for the implementation of DxeImageVerificationLib.
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/GoogleTestLib.h>
+#include <GoogleTest/Library/MockUefiLib.h>
+#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>
+#include <GoogleTest/Library/MockDevicePathLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <Library/BaseLib.h>
+ #include <Library/DebugLib.h>
+
+ #include "DxeImageVerificationLibGoogleTest.h"
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class CheckImageTypeResult : public ::testing::Test {
+public:
+ EFI_DEVICE_PATH_PROTOCOL File;
+
+protected:
+ MockUefiRuntimeServicesTableLib RtServicesMock;
+ MockUefiBootServicesTableLib BsMock;
+ MockDevicePathLib DevicePathMock;
+
+ EFI_STATUS Status;
+
+ UINT32 AuthenticationStatus;
+ VOID *FileBuffer;
+ UINTN FileSize;
+ BOOLEAN BootPolicy;
+
+ virtual void
+ SetUp (
+ )
+ {
+ AuthenticationStatus = 0;
+ FileBuffer = NULL;
+ FileSize = 0;
+ BootPolicy = FALSE;
+ }
+};
+
+TEST_F (CheckImageTypeResult, ImageTypeVerifySanity) {
+ // Sanity check
+ Status = DxeImageVerificationHandler (AuthenticationStatus, NULL, FileBuffer, FileSize, BootPolicy);
+ EXPECT_EQ (Status, EFI_INVALID_PARAMETER);
+}
+
+TEST_F (CheckImageTypeResult, ImageTypeVerifyImageFromFv) {
+ EXPECT_CALL (BsMock, gBS_LocateDevicePath)
+ .WillRepeatedly (testing::Return (EFI_SUCCESS));
+ EXPECT_CALL (BsMock, gBS_OpenProtocol)
+ .WillRepeatedly (testing::Return (EFI_SUCCESS));
+
+ Status = DxeImageVerificationHandler (AuthenticationStatus, &File, FileBuffer, FileSize, BootPolicy);
+ EXPECT_EQ (Status, EFI_SUCCESS);
+}
+
+TEST_F (CheckImageTypeResult, ImageTypeVerifyImageFromOptionRom) {
+ auto TestFunc = [&](EFI_STATUS ExpectedStatus) {
+ EXPECT_CALL (BsMock, gBS_LocateDevicePath)
+ .Times (3)
+ .WillRepeatedly (testing::Return (EFI_NOT_FOUND));
+ EXPECT_CALL (BsMock, gBS_OpenProtocol)
+ .WillRepeatedly (testing::Return (EFI_NOT_FOUND));
+ EXPECT_CALL (DevicePathMock, IsDevicePathEndType)
+ .WillOnce (testing::Return ((BOOLEAN)FALSE));
+ EXPECT_CALL (DevicePathMock, DevicePathType)
+ .WillOnce (testing::Return ((UINT8)MEDIA_DEVICE_PATH));
+ EXPECT_CALL (DevicePathMock, DevicePathSubType)
+ .WillOnce (testing::Return ((UINT8)MEDIA_RELATIVE_OFFSET_RANGE_DP));
+
+ Status = DxeImageVerificationHandler (AuthenticationStatus, &File, FileBuffer, FileSize, BootPolicy);
+ EXPECT_EQ (Status, ExpectedStatus);
+ };
+
+ PatchPcdSet32 (PcdOptionRomImageVerificationPolicy, ALWAYS_EXECUTE);
+ TestFunc (EFI_SUCCESS);
+ PatchPcdSet32 (PcdOptionRomImageVerificationPolicy, NEVER_EXECUTE);
+ TestFunc (EFI_ACCESS_DENIED);
+}
+
+TEST_F (CheckImageTypeResult, ImageTypeVerifyImageFromRemovableMedia) {
+ auto TestFunc = [&](EFI_STATUS ExpectedStatus) {
+ EXPECT_CALL (BsMock, gBS_LocateDevicePath)
+ .Times (3)
+ .WillRepeatedly (testing::Return (EFI_NOT_FOUND));
+ EXPECT_CALL (DevicePathMock, IsDevicePathEndType)
+ .WillOnce (testing::Return ((BOOLEAN)FALSE));
+ EXPECT_CALL (DevicePathMock, DevicePathType)
+ .WillOnce (testing::Return ((UINT8)MESSAGING_DEVICE_PATH));
+ EXPECT_CALL (DevicePathMock, DevicePathSubType)
+ .WillOnce (testing::Return ((UINT8)MSG_MAC_ADDR_DP));
+
+ Status = DxeImageVerificationHandler (AuthenticationStatus, &File, FileBuffer, FileSize, BootPolicy);
+ EXPECT_EQ (Status, ExpectedStatus);
+ };
+
+ PatchPcdSet32 (PcdRemovableMediaImageVerificationPolicy, ALWAYS_EXECUTE);
+ TestFunc (EFI_SUCCESS);
+ PatchPcdSet32 (PcdRemovableMediaImageVerificationPolicy, NEVER_EXECUTE);
+ TestFunc (EFI_ACCESS_DENIED);
+}
+
+TEST_F (CheckImageTypeResult, ImageTypeVerifyImageFromFixedMedia) {
+ auto TestFunc = [&](EFI_STATUS ExpectedStatus) {
+ EXPECT_CALL (BsMock, gBS_LocateDevicePath)
+ .WillOnce (testing::Return (EFI_NOT_FOUND))
+ .WillOnce (testing::Return (EFI_NOT_FOUND))
+ .WillOnce (testing::Return (EFI_SUCCESS));
+
+ Status = DxeImageVerificationHandler (AuthenticationStatus, &File, FileBuffer, FileSize, BootPolicy);
+ EXPECT_EQ (Status, ExpectedStatus);
+ };
+
+ PatchPcdSet32 (PcdFixedMediaImageVerificationPolicy, ALWAYS_EXECUTE);
+ TestFunc (EFI_SUCCESS);
+ PatchPcdSet32 (PcdFixedMediaImageVerificationPolicy, NEVER_EXECUTE);
+ TestFunc (EFI_ACCESS_DENIED);
+}
+
+int
+main (
+ int argc,
+ char *argv[]
+ )
+{
+ testing::InitGoogleTest (&argc, argv);
+ return RUN_ALL_TESTS ();
+}
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.h b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.h new file mode 100644 index 0000000..fcaa059 --- /dev/null +++ b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.h @@ -0,0 +1,79 @@ +/** @file
+ Unit tests for the implementation of DxeImageVerificationLib.
+
+ Copyright (c) 2025, Yandex. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
+#define DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
+
+/**
+ Provide verification service for signed images, which include both signature validation
+ and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
+ MSFT Authenticode type signatures are supported.
+
+ In this implementation, only verify external executables when in USER MODE.
+ Executables from FV is bypass, so pass in AuthenticationStatus is ignored.
+
+ The image verification policy is:
+ If the image is signed,
+ At least one valid signature or at least one hash value of the image must match a record
+ in the security database "db", and no valid signature nor any hash value of the image may
+ be reflected in the security database "dbx".
+ Otherwise, the image is not signed,
+ The hash value of the image must match a record in the security database "db", and
+ not be reflected in the security data base "dbx".
+
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this function will validate its data structure
+ within this image buffer before use.
+
+ @param[in] AuthenticationStatus
+ This is the authentication status returned from the security
+ measurement services for the input file.
+ @param[in] File This is a pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+ @param[in] FileBuffer File buffer matches the input file device path.
+ @param[in] FileSize Size of File buffer matches the input file device path.
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
+ FileBuffer did authenticate, and the platform policy dictates
+ that the DXE Foundation may use the file.
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
+ and non-NULL FileBuffer did authenticate, and the platform
+ policy dictates that the DXE Foundation may execute the image in
+ FileBuffer.
+ @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
+ the platform policy dictates that File should be placed
+ in the untrusted state. The image has been added to the file
+ execution table.
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
+ authenticate, and the platform policy dictates that the DXE
+ Foundation may not use File. The image has
+ been added to the file execution table.
+
+**/
+EFI_STATUS
+EFIAPI
+DxeImageVerificationHandler (
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy
+ );
+
+//
+// The DxeImageVerificationLib.h file has dependencies on Pi/PiFirmwareVolume.h and Pi/PiFirmwareFile.h.
+// These macros are copied from the header file to prevent PiPei.h from being included in HOST_APPLICATION.
+//
+
+//
+// Authorization policy bit definition
+//
+#define ALWAYS_EXECUTE 0x00000000
+#define NEVER_EXECUTE 0x00000001
+
+#endif // DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.inf b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.inf new file mode 100644 index 0000000..78314b5 --- /dev/null +++ b/SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.inf @@ -0,0 +1,79 @@ +## @file
+# Unit test suite for the DxeImageVerificationLib using Google Test
+#
+# Copyright (c) 2025, Yandex. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeImageVerificationLibGoogleTest
+ FILE_GUID = 18723239-55AA-4814-9B7A-874BAF719A65
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ DxeImageVerificationLibGoogleTest.cpp
+ ../../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ DxeImageVerificationLib
+ GoogleTestLib
+ BaseCryptLib
+ DebugLib
+
+[Guids]
+ ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
+ gEfiGlobalVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ ## PRODUCES ## SystemTable
+ ## CONSUMES ## SystemTable
+ gEfiImageSecurityDatabaseGuid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha1Guid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha256Guid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha384Guid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha512Guid
+
+ gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.
+
+[Protocols]
+ gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/SecurityPkgHostTest.dsc index 1655e57..7159b20 100644 --- a/SecurityPkg/Test/SecurityPkgHostTest.dsc +++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc @@ -46,3 +46,23 @@ PlatformPKProtectionLib|SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
}
+ SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.inf {
+ <LibraryClasses>
+ UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+ UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
+ DxeImageVerificationLib|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
+ DevicePathLib|MdePkg/Test/Mock/Library/GoogleTest/MockDevicePathLib/MockDevicePathLib.inf
+ SecurityManagementLib|MdeModulePkg/Test/Mock/Library/GoogleTest/MockSecurityManagementLib/MockSecurityManagementLib.inf
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+ PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ }
+
+[PcdsPatchableInModule]
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04
diff --git a/StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.c b/StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.c index eda47b9..38837b9 100644 --- a/StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.c +++ b/StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.c @@ -1,7 +1,7 @@ /** @file
MM IPL that load the MM Core into MMRAM at PEI stage
- Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2024 - 2025, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -795,7 +795,7 @@ ExecuteMmCoreFromMmram ( MmFvSize,
&MmCoreFileName,
ImageContext.ImageAddress,
- ImageContext.ImageSize,
+ EFI_PAGES_TO_SIZE (PageCount),
ImageContext.EntryPoint,
Block
);
|