-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathtest-get-cmdline.c
170 lines (154 loc) · 4.33 KB
/
test-get-cmdline.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#include "stubby_efi.h"
#include "kcmdline.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdbool.h>
typedef struct {
EFI_STATUS expstatus;
BOOLEAN secure;
char *builtin;
char *runtime;
char *expected;
} TestData;
#define ResultNotChecked "Result should not be checked"
TestData tests[] = {
// all good secure
{EFI_SUCCESS, true,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0",
"root=atomix console=ttyS0 more"},
// builtin, not runtime, no token
{EFI_SUCCESS, true,
"root=atomix console=ttyS0 verbose",
"",
"root=atomix console=ttyS0 verbose"},
// no builtin, use runtime.
{EFI_INVALID_PARAMETER, true,
"",
"root=atomix verbose",
ResultNotChecked},
// no builtin no runtime means empty, do not boot
{EFI_SECURITY_VIOLATION, true,
"",
"",
ResultNotChecked},
// insecure, built-in marker, bad runtime arg, inscure boots
{EFI_SECURITY_VIOLATION, false,
"STUBBY_RT_CLI1",
"root=atomix verbose rootkit=yes",
"root=atomix verbose rootkit=yes"},
// all good secure marker at beginning
{EFI_SUCCESS, true,
"STUBBY_RT_CLI1 root=atomix more",
"console=ttyS0",
"console=ttyS0 root=atomix more"},
// all good secure marker at end
{EFI_SUCCESS, true,
"root=atomix more STUBBY_RT_CLI1",
"console=ttyS0",
"root=atomix more console=ttyS0"},
// all good insecure
{EFI_SUCCESS, false,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0",
"root=atomix console=ttyS0 more"},
// secure, good builtin but bad runtime token result is not important.
{EFI_SECURITY_VIOLATION, true,
"root=atomix STUBBY_RT_CLI1 more",
"console=ttyS0 more",
ResultNotChecked},
// insecure, good builtin but bad runtime token.
{EFI_SECURITY_VIOLATION, true,
"root=atomix STUBBY_RT_CLI1 more2",
"console=ttyS0 more1",
ResultNotChecked},
// marker not a full token
{EFI_INVALID_PARAMETER, false,
"root=atomix STUBBY_RT_CLI1=abcd more",
"console=ttyS0",
ResultNotChecked},
// no marker in secureboot input
{EFI_INVALID_PARAMETER, true,
"root=atomix",
"console=ttyS0",
ResultNotChecked},
// no marker in insecure - runtime args requires marker even insecure
{EFI_INVALID_PARAMETER, false,
"root=atomix",
"console=ttyS0",
""},
// namespace for marker found twice in builtin secure
{EFI_INVALID_PARAMETER, true,
"root=atomix STUBBY_RT debug STUBBY_RT_CLI1 ",
"console=ttyS0",
ResultNotChecked},
// namespace for marker found twice in builtin insecure
{EFI_INVALID_PARAMETER, false,
"root=atomix STUBBY_RT debug STUBBY_RT_CLI1 ",
"console=ttyS0",
ResultNotChecked},
// namespace appears in runtime
{EFI_INVALID_PARAMETER, false,
"root=atomix debug STUBBY_RT_CLI1",
"console=ttyS0 STUBBY_RT",
ResultNotChecked},
};
BOOLEAN do_get_cmdline(int testnum, TestData td) {
EFI_STATUS status;
CHAR16 *errmsg;
CHAR8 *found;
UINTN found_len;
CHAR16 status_found[64];
CHAR16 status_exp[64];
// Print(L"builtin [%d] = '%a'\nruntime [%d] = '%a'\n", td.builtin, strlen(td.builtin), td.runtime, strlen(td.runtime));
status = get_cmdline(
td.secure,
(CHAR8 *)td.builtin, strlen(td.builtin),
(CHAR8 *)td.runtime, strlen(td.runtime),
&found, &found_len,
&errmsg);
StatusToString(status_found, status);
StatusToString(status_exp, td.expstatus);
if (status != td.expstatus) {
Print(L"test %d: expected status '%ls' found '%ls'\n", testnum, status_found, status_exp);
Print(L"errmsg = %ls\n", errmsg);
return false;
}
// only care to check further for EFI_SUCCESS or EFI_SECURITY_VIOLATION
if ((status == EFI_SECURITY_VIOLATION && td.secure) ||
(status != EFI_SUCCESS && status != EFI_SECURITY_VIOLATION)) {
if (errmsg) {
free(errmsg);
}
return true;
}
// Print(L"%d/%d strcmp(%a, found)=%d\n", strlen(td.expected), found_len, td.expected, strcmp(td.expected, found));
if (strlen(td.expected) != found_len || strcmp(td.expected, (char *)found) != 0) {
Print(L"expected(%d): %a|\nfound (%d): %a|\nerrmsg: %ls\n",
strlen(td.expected), td.expected, found_len, found, errmsg);
if (errmsg) {
free(errmsg);
}
return false;
}
return true;
}
int main()
{
int num = sizeof(tests) / sizeof(tests[0]);
int passes = 0, fails = 0;
for (int i=0; i<num; i++) {
if (do_get_cmdline(i, tests[i])) {
passes++;
} else {
fails++;
Print(L"test %d: FAIL\n", i);
}
}
if (fails != 0) {
return 1;
}
Print(L"passed: %d. failed: %d\n", passes, fails);
return 0;
}