04e52c4405
## Description BootAuditTestApp tests the variable policy for the SysPrep####, PlatformRecovery####, and Driver#### variables by attempting to get and set the variables. When calling SetVariable with one of these three variables, VarCheckLib will sanity check the variable data and return EFI_INVALID_PARAMETER if the data is not a valid load option. Because we want to check if the variables are writable, we need to create properly formatted data before calling SetVariable. This PR uses the DevicePath of the running EFI application to create a load option to properly test the writability of the boot option variables securely. Fixes Issue https://github.com/microsoft/mu_plus/issues/252 - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [x] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested on Q35 ## Integration Instructions N/A |
||
|---|---|---|
| .. | ||
| AuditTests | ||
| FunctionalSystemTests | ||
| Include | ||
| Library/PlatformSmmProtectionsTestLibNull | ||
| PerfTests/BlockIoPerfTest | ||
| Readme.md | ||
| UefiTestingPkg.ci.yaml | ||
| UefiTestingPkg.dec | ||
| UefiTestingPkg.dsc | ||
Readme.md
UEFI Testing Package
About
This package adds tests.
System Functional tests
Tests that invoke system functions and query system state for verification.
MemmapAndMatTestApp
This test compares the UEFI memory map and Memory Attributes Table against known requirements. The MAT has strict requirements to allow OS usage and page protections.
MorLockTestApp
This test verifies the UEFI variable store handling of MorLock v1 and v2 behavior.
SmmPagingProtections
This test verifies the SMM paging attributes by invoking operations that should cause cpu exceptions if the memory protections
are in place. The SMM cpu exception handler needs to be configured to force reset on trap to allow automated testing.
See UefiCpuPkg/Include/Protocol/SmmExceptionTestProtocol.h, gUefiCpuPkgTokenSpaceGuid.PcdSmmExceptionRebootInsteadOfHaltDefault,
and gUefiCpuPkgTokenSpaceGuid.PcdSmmExceptionTestModeSupport.
System Audit tests
UEFI applications that collect data from the system and then that data can be used to compare against known good values.
UefiVarLockAudit
Audit collection tool that gathers information about UEFI variables. This allows auditing the variables within a system, checking attributes, and confirming read/write status. This information is put into an XML file that allows for easy comparison and programmatic auditing.
UEFI
UEFI shell application that gets the current variable information from the UEFI shell and creates an XML file.
Windows (UEFI)
Python script that can be run from the Windows OS. It takes the UEFI created XML file as input and then queries all listed variables and updates the XML with access and status codes. This gives additional verification for variables that may employ late locking or other protections from OS access.
TpmEventLogAudit
Audit tool to collect the TPM Event Log from the system in standard format. It can then be programmatically compared against a known event log for the given system. Easy this that can be tested are the number of events in some PCRs, confirm that all PCRs should be capped, etc.
SMMPagingAudit
Audit tool creates a human readable description of the SMM page tables and memory environment.
App
UEFI shell application collects information from SMM and writes it to files.
SMM
SMM Library linked into SMM driver used to collect information about SMM environment. Activated by the shell app collects IDT, GDT, page tables, and loaded images.
Windows (SMM)
Python scripts that process the files generated by the UEFI app and output a report for verification and analysis.
Copyright
Copyright (C) Microsoft Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent