From c83c2f3466fd72086e4d4b443025441cb9fda6c0 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Wed, 12 Oct 2022 22:11:28 -0400 Subject: [PATCH] Fix Line Endings in Repo (LF -> CRLF) (#67) (#68) Converts line endings in the following packages: * AdvLoggerPkg: Fix line endings (LF to CRLF) * DfciPkg: Fix line endings (LF to CRLF) * HidPkg: Fix line endings (LF to CRLF) * MfciPkg: Fix line endings (LF to CRLF) * MsCorePkg: Fix line endings (LF to CRLF) * MsGraphicsPkg: Fix line endings (LF to CRLF) * MsWheaPkg: Fix line endings (LF to CRLF) * PcBdsPkg: Fix line endings (LF to CRLF) * UefiTestingPkg: Fix line endings (LF to CRLF) * XmlSupportPkg: Fix line endings (LF to CRLF) * ZeroTouchPkg: Fix line endings (LF to CRLF) (cherry picked from commit a6195ca in release/202202) Signed-off-by: Michael Kubacki --- .../Application/DfciMenu/DfciMenuStrings.uni | 250 +-- .../Application/EnrollInDfci/EnrollInDfci.inf | 108 +- DfciPkg/AuthManagerNull/AuthManagerNull.inf | 72 +- DfciPkg/AuthManagerNull/README.md | 30 +- .../IdentityAndAuthManagerDxe.inf | 178 +-- .../DfciDeviceIdSupportLibNull.inf | 84 +- .../DfciRecoveryLib/DfciRecoveryLib.inf | 108 +- DfciPkg/Library/DfciSampleProvider/readme.md | 26 +- .../DfciSettingPermissionLib.inf | 154 +- .../PermissionsPacket_Example.xml | 36 +- .../DfciUiSupportLibNull.inf | 96 +- .../DfciXmlDeviceIdSchemaSupportLib.inf | 80 +- .../DfciXmlIdentitySchemaSupportLib.inf | 80 +- .../DfciXmlPermissionSchemaSupportLib.inf | 82 +- .../AllSettings.xml | 168 +- .../DfciXmlSettingSchemaSupportLib.inf | 82 +- .../ResultsPacket_Example.xml | 32 +- .../SettingsPacket_Example.xml | 60 +- .../UefiSettings.xsd | 268 ++-- .../SettingsManager/SettingsManagerDxe.inf | 154 +- DfciPkg/UnitTests/DeviceIdTest/readme.md | 50 +- .../DfciTests/Certs/MakeChainingCerts.bat | 140 +- .../DeviceUnderTest/PyRobotServer.xml | Bin 3842 -> 1923 bytes .../Support/Python/CertSupportLib.py | 160 +- .../Support/Python/DFCI_SupportLib.py | 1370 ++++++++--------- .../Python/Data/CertProvisioningVariable.py | 628 ++++---- .../Python/Data/PermissionPacketVariable.py | 666 ++++---- .../Python/Data/SecureSettingVariable.py | 728 ++++----- .../DfciTests/Support/Python/DependencyLib.py | 62 +- .../Python/GenerateCertProvisionData.py | 1020 ++++++------ .../Python/GeneratePermissionPacketData.py | 678 ++++---- .../Python/GenerateSettingsPacketData.py | 680 ++++---- .../Support/Python/InsertCertIntoXML.py | 142 +- .../Support/Python/PermissionsXMLLib.py | 224 +-- .../DfciTests/Support/Python/PyRobotRemote.py | 206 +-- .../Support/Python/SettingsXMLLib.py | 148 +- .../Support/Python/UefiVariablesSupportLib.py | 216 +-- .../Support/Python/UtilityFunctions.py | 350 ++--- .../DfciTests/Support/Robot/CertSupport.robot | 136 +- .../Support/Robot/DFCI_Shared_Keywords.robot | 958 ++++++------ .../Support/Robot/DFCI_Shared_Paths.robot | 160 +- .../Robot/DFCI_VariableTransport.robot | 208 +-- .../DFCI_CertChainingTest/DfciPermission.xml | 118 +- .../TestCases/DFCI_CertChainingTest/run.robot | 544 +++---- .../DFCI_InTuneBadUpdate/DfciSettings2.xml | 76 +- .../TestCases/DFCI_InTuneBadUpdate/run.robot | 310 ++-- .../DFCI_InTuneEnroll/BuildSettings.bat | 20 +- .../DFCI_InTuneEnroll/DfciPermission.xml | 152 +- .../DFCI_InTuneEnroll/DfciPermission2.xml | 102 +- .../DFCI_InTuneEnroll/DfciSettings2.xml | 100 +- .../DFCI_InTuneEnroll/DfciSettingsPattern.xml | 144 +- .../TestCases/DFCI_InTuneEnroll/run.robot | 522 +++---- .../DFCI_InTunePermissions/run.robot | 526 +++---- .../TestCases/DFCI_InTuneRollCerts/run.robot | 342 ++-- .../TestCases/DFCI_InTuneSettings/run.robot | 770 ++++----- .../DFCI_InTuneUnenroll/DfciSettings2.xml | 84 +- .../TestCases/DFCI_InTuneUnenroll/run.robot | 434 +++--- .../TestCases/DFCI_InitialState/run.robot | 354 ++--- .../DFCI_TPM_DisableEnable/run.robot | 576 +++---- .../SampleUnsignedPermissions.xml | 146 +- .../TestCases/DFCI_UnsignedSettings/run.robot | 616 ++++---- .../UEFI/DfciVarLockAuditTestApp.inf | 126 +- ZeroTouchPkg/ZeroTouchPkg.ci.yaml | 118 +- ZeroTouchPkg/ZeroTouchPkg.dec | 112 +- ZeroTouchPkg/ZeroTouchPkg.dsc | 116 +- ZeroTouchPkg/ZeroTouchPkg.uni | 30 +- ZeroTouchPkg/ZeroTouchPkgExtra.uni | 22 +- 67 files changed, 8769 insertions(+), 8769 deletions(-) diff --git a/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni b/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni index 7fa25d75..34a96989 100644 --- a/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni +++ b/DfciPkg/Application/DfciMenu/DfciMenuStrings.uni @@ -1,126 +1,126 @@ -/** @file -DfciMenuStrings.uni - -This file maintains the text strings used by the Device Firmware Configuration Interface Menu. - -Copyright (C) Microsoft Corporation. All rights reserved. -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#langdef en-US " English " -#langdef en " Standard English " - -// Common Form strings - -#string STR_NULL_STRING #language en-US "" - -//*---------------------------------------------------------------------* -// Form 1 - Dfci Main form -// -//*---------------------------------------------------------------------* -#string STR_DFCI_MENU_TITLE #language en-US "Management" - -#string STR_DFCI_MANAGEMENT_HEADER #language en-US "\fh!48!Management" - -#string STR_DFCI_OPT_IN_CHANGED #language en-US "\fc!Red!The opt in state has been changed. Restart the system to apply the setting." - -#string STR_DFCI_ZUM_STATUS_READY #language en-US "Zero-touch UEFI Management: Ready" - -#string STR_DFCI_ZUM_OPT_OUT #language en-US "Opt Out" - -#string STR_DFCI_ZUM_STATUS_NOT_READY #language en-US "Zero-touch UEFI Management: Not Ready" - -#string STR_DFCI_ZUM_OPT_IN #language en-US "Opt In" - -#string STR_DFCI_USB_INSTALL #language en-US "If your settings manager has provided you with a configuration file on a USB drive, press Install from USB to apply the management file." - -#string STR_DFCI_USB_INSTALL_NOW #language en-US "Install from USB" - -#string STR_DFCI_MANAGED_BY #language en-US "Managed by:" - -#string STR_DFCI_MANAGED_BY_FIELD #language en-US "Managed by field missing" - -#string STR_DFCI_ON_BEHALF_OF #language en-US "On behalf of: " - -#string STR_DFCI_MDM_FRIENDLY_NAME #language en-US "MDM Friendly Name missing." - -#string STR_DFCI_MDM_TENANT_NAME #language en-US "MDM Tenant Name Missing" - -#string STR_DFCI_MENU_CONFIGURE #language en-US "Configure" - -#string STR_DETAILS #language en-US "\fh!36!Details" - -#string STR_DFCI_SUBJECT #language en-US "Subject:" - -#string STR_DFCI_THUMBPRINT #language en-US "Thumbprint:" - -#string STR_DFCI_USER2_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" - -#string STR_DFCI_USER2_THUMBPRINT_FIELD #language en-US "Thumbprint2 field missing from the certificate" - -#string STR_DFCI_USER1_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" - -#string STR_DFCI_USER1_THUMBPRINT_FIELD #language en-US "Thumbprint1 field missing from the certificate" - -#string STR_DFCI_USER_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" - -#string STR_DFCI_USER_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" - -#string STR_DFCI_OWNER_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" - -#string STR_DFCI_OWNER_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" - -#string STR_DFCI_ZTD_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" - -#string STR_DFCI_ZTD_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" - -//*---------------------------------------------------------------------* -// Form 2 - Dfci Configure form * -// * -//*---------------------------------------------------------------------* -#string STR_DFCI_CONFIGURATION_HEADER #language en-US "\fh!48!Management Configuration" - -#string STR_DFCI_HTTP_RECOVERY #language en-US "The settings manager has enabled network configuration. With a supported network adapter, pressing Refresh from Network will contact the settings provider to obtain the latest settings for this device." - -#string STR_DFCI_HTTP_UPDATE_NOW #language en-US "Refresh from Network" - -#string STR_DFCI_URL #language en-US "Server:" - -#string STR_DFCI_URL_FIELD #language en-US "Server field missing" - -#string STR_DFCI_USB_RECOVERY #language en-US "If your settings manager has provided you with a configuration file on a USB drive, press Refresh from USB to apply the management file." - -#string STR_DFCI_USB_UPDATE_NOW #language en-US "Refresh from USB" - -#string STR_DFCI_RESET_INFO #language en-US "The settings manager has enabled the Management Recovery feature of Management mode. To start the reset procedure, press Management Recovery." - -#string STR_DFCI_MENU_RECOVERY_NOW #language en-US "Management Recovery" - -#string STR_DFCI_RESET_PERMISSION_INFO #language en-US "The settings manager has not enabled the Management Recovery feature of Management mode on this system." - -//*---------------------------------------------------------------------* -// Form 3 - Dfci Recovery Info form * -// * -//*---------------------------------------------------------------------* -#string STR_DFCI_RECOVERY_INFO #language en-US "You should only access this menu under the direction of the management owner. The management owner will have to work with you using the following menus. Press Continue to start the management recovery process." - -#string STR_DFCI_MENU_CONTINUE_NOW #language en-US "Continue" - -//*---------------------------------------------------------------------* -// Internal dialog box messages -// -//*---------------------------------------------------------------------* -#string STR_DFCI_MB_TITLE #language en-US "Management refresh completed" - -#string STR_DFCI_MB_CAPTION #language en-US "Refresh settings request successful" - -#string STR_DFCI_MB_CAPTION_FAIL #language en-US "Refresh settings request failed" - -#string STR_DFCI_MB_NEW_SETTINGS #language en-US "Refresh settings requested new settings from\n%s" - -#string STR_DFCI_MB_NO_MEDIA #language en-US "Unable to detect network cable." - -#string STR_DFCI_MB_NOT_FOUND #language en-US "%s not found." - +/** @file +DfciMenuStrings.uni + +This file maintains the text strings used by the Device Firmware Configuration Interface Menu. + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#langdef en-US " English " +#langdef en " Standard English " + +// Common Form strings + +#string STR_NULL_STRING #language en-US "" + +//*---------------------------------------------------------------------* +// Form 1 - Dfci Main form +// +//*---------------------------------------------------------------------* +#string STR_DFCI_MENU_TITLE #language en-US "Management" + +#string STR_DFCI_MANAGEMENT_HEADER #language en-US "\fh!48!Management" + +#string STR_DFCI_OPT_IN_CHANGED #language en-US "\fc!Red!The opt in state has been changed. Restart the system to apply the setting." + +#string STR_DFCI_ZUM_STATUS_READY #language en-US "Zero-touch UEFI Management: Ready" + +#string STR_DFCI_ZUM_OPT_OUT #language en-US "Opt Out" + +#string STR_DFCI_ZUM_STATUS_NOT_READY #language en-US "Zero-touch UEFI Management: Not Ready" + +#string STR_DFCI_ZUM_OPT_IN #language en-US "Opt In" + +#string STR_DFCI_USB_INSTALL #language en-US "If your settings manager has provided you with a configuration file on a USB drive, press Install from USB to apply the management file." + +#string STR_DFCI_USB_INSTALL_NOW #language en-US "Install from USB" + +#string STR_DFCI_MANAGED_BY #language en-US "Managed by:" + +#string STR_DFCI_MANAGED_BY_FIELD #language en-US "Managed by field missing" + +#string STR_DFCI_ON_BEHALF_OF #language en-US "On behalf of: " + +#string STR_DFCI_MDM_FRIENDLY_NAME #language en-US "MDM Friendly Name missing." + +#string STR_DFCI_MDM_TENANT_NAME #language en-US "MDM Tenant Name Missing" + +#string STR_DFCI_MENU_CONFIGURE #language en-US "Configure" + +#string STR_DETAILS #language en-US "\fh!36!Details" + +#string STR_DFCI_SUBJECT #language en-US "Subject:" + +#string STR_DFCI_THUMBPRINT #language en-US "Thumbprint:" + +#string STR_DFCI_USER2_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" + +#string STR_DFCI_USER2_THUMBPRINT_FIELD #language en-US "Thumbprint2 field missing from the certificate" + +#string STR_DFCI_USER1_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" + +#string STR_DFCI_USER1_THUMBPRINT_FIELD #language en-US "Thumbprint1 field missing from the certificate" + +#string STR_DFCI_USER_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" + +#string STR_DFCI_USER_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" + +#string STR_DFCI_OWNER_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" + +#string STR_DFCI_OWNER_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" + +#string STR_DFCI_ZTD_SUBJECT_FIELD #language en-US "Subject field missing from the certificate" + +#string STR_DFCI_ZTD_THUMBPRINT_FIELD #language en-US "Thumbprint field missing from the certificate" + +//*---------------------------------------------------------------------* +// Form 2 - Dfci Configure form * +// * +//*---------------------------------------------------------------------* +#string STR_DFCI_CONFIGURATION_HEADER #language en-US "\fh!48!Management Configuration" + +#string STR_DFCI_HTTP_RECOVERY #language en-US "The settings manager has enabled network configuration. With a supported network adapter, pressing Refresh from Network will contact the settings provider to obtain the latest settings for this device." + +#string STR_DFCI_HTTP_UPDATE_NOW #language en-US "Refresh from Network" + +#string STR_DFCI_URL #language en-US "Server:" + +#string STR_DFCI_URL_FIELD #language en-US "Server field missing" + +#string STR_DFCI_USB_RECOVERY #language en-US "If your settings manager has provided you with a configuration file on a USB drive, press Refresh from USB to apply the management file." + +#string STR_DFCI_USB_UPDATE_NOW #language en-US "Refresh from USB" + +#string STR_DFCI_RESET_INFO #language en-US "The settings manager has enabled the Management Recovery feature of Management mode. To start the reset procedure, press Management Recovery." + +#string STR_DFCI_MENU_RECOVERY_NOW #language en-US "Management Recovery" + +#string STR_DFCI_RESET_PERMISSION_INFO #language en-US "The settings manager has not enabled the Management Recovery feature of Management mode on this system." + +//*---------------------------------------------------------------------* +// Form 3 - Dfci Recovery Info form * +// * +//*---------------------------------------------------------------------* +#string STR_DFCI_RECOVERY_INFO #language en-US "You should only access this menu under the direction of the management owner. The management owner will have to work with you using the following menus. Press Continue to start the management recovery process." + +#string STR_DFCI_MENU_CONTINUE_NOW #language en-US "Continue" + +//*---------------------------------------------------------------------* +// Internal dialog box messages +// +//*---------------------------------------------------------------------* +#string STR_DFCI_MB_TITLE #language en-US "Management refresh completed" + +#string STR_DFCI_MB_CAPTION #language en-US "Refresh settings request successful" + +#string STR_DFCI_MB_CAPTION_FAIL #language en-US "Refresh settings request failed" + +#string STR_DFCI_MB_NEW_SETTINGS #language en-US "Refresh settings requested new settings from\n%s" + +#string STR_DFCI_MB_NO_MEDIA #language en-US "Unable to detect network cable." + +#string STR_DFCI_MB_NOT_FOUND #language en-US "%s not found." + #string STR_DFCI_MB_OPT_CHANGE #language en-US "ZTD Opt In changed. Restart now to apply the change." \ No newline at end of file diff --git a/DfciPkg/Application/EnrollInDfci/EnrollInDfci.inf b/DfciPkg/Application/EnrollInDfci/EnrollInDfci.inf index ecc10a8f..23469747 100644 --- a/DfciPkg/Application/EnrollInDfci/EnrollInDfci.inf +++ b/DfciPkg/Application/EnrollInDfci/EnrollInDfci.inf @@ -1,54 +1,54 @@ - -## @file -# A simple UEFI Application to obtain new DFCI configuration data from server. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = EnrollInDfci - FILE_GUID = 48a294cd-540f-4240-9fbc-a8720095588c - MODULE_TYPE = UEFI_APPLICATION - VERSION_STRING = 1.0 - ENTRY_POINT = EnrollInDfciEntry - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 IPF EBC -# - -[Sources] - EnrollInDfci.c - Compress.h - Compress.c - -[Packages] - DfciPkg/DfciPkg.dec - ShellPkg/ShellPkg.dec - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - - -[LibraryClasses] - BaseLib - BaseMemoryLib - DebugLib - MemoryAllocationLib - ShellLib - UefiApplicationEntryPoint - UefiBootServicesTableLib - UefiLib - UefiRuntimeServicesTableLib - -[Protocols] - -[Guids] - gDfciSettingsGuid - gEfiCertX509Guid - -#[BuildOptions] -# DEBUG_*_*_CC_FLAGS = /Od + +## @file +# A simple UEFI Application to obtain new DFCI configuration data from server. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = EnrollInDfci + FILE_GUID = 48a294cd-540f-4240-9fbc-a8720095588c + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = EnrollInDfciEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + EnrollInDfci.c + Compress.h + Compress.c + +[Packages] + DfciPkg/DfciPkg.dec + ShellPkg/ShellPkg.dec + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + ShellLib + UefiApplicationEntryPoint + UefiBootServicesTableLib + UefiLib + UefiRuntimeServicesTableLib + +[Protocols] + +[Guids] + gDfciSettingsGuid + gEfiCertX509Guid + +#[BuildOptions] +# DEBUG_*_*_CC_FLAGS = /Od diff --git a/DfciPkg/AuthManagerNull/AuthManagerNull.inf b/DfciPkg/AuthManagerNull/AuthManagerNull.inf index c162ae57..2c2794e1 100644 --- a/DfciPkg/AuthManagerNull/AuthManagerNull.inf +++ b/DfciPkg/AuthManagerNull/AuthManagerNull.inf @@ -1,37 +1,37 @@ -## @file -# AuthManagerNull.inf -# -# Always provides the same token. -# Don't use in production! -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = NullAuthManager - FILE_GUID = 1DD0D079-406A-4B5B-AF39-62D8F110F835 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = Init - -[Sources] - AuthManagerNull.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - UefiDriverEntryPoint - DebugLib - UefiBootServicesTableLib - -[Protocols] - gDfciAuthenticationProtocolGuid #produces - -[Depex] +## @file +# AuthManagerNull.inf +# +# Always provides the same token. +# Don't use in production! +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = NullAuthManager + FILE_GUID = 1DD0D079-406A-4B5B-AF39-62D8F110F835 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Init + +[Sources] + AuthManagerNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + DebugLib + UefiBootServicesTableLib + +[Protocols] + gDfciAuthenticationProtocolGuid #produces + +[Depex] TRUE \ No newline at end of file diff --git a/DfciPkg/AuthManagerNull/README.md b/DfciPkg/AuthManagerNull/README.md index a1efe6d8..b6e4c77f 100644 --- a/DfciPkg/AuthManagerNull/README.md +++ b/DfciPkg/AuthManagerNull/README.md @@ -1,15 +1,15 @@ -# AuthManagerNull - -## Purposes - -Do not use in production! - -### FrontPage during device bringup - -This driver can be a stand in for IdentityAndAuthManager, which requires RngLib, to allow FrontPage development if -RngLib is not yet functional. - -### Unit Testing - -With further development, this "Null" driver could be an effective stub for IdentityAndAuthManager, allowing detailed -unit testing of DFCI. +# AuthManagerNull + +## Purposes + +Do not use in production! + +### FrontPage during device bringup + +This driver can be a stand in for IdentityAndAuthManager, which requires RngLib, to allow FrontPage development if +RngLib is not yet functional. + +### Unit Testing + +With further development, this "Null" driver could be an effective stub for IdentityAndAuthManager, allowing detailed +unit testing of DFCI. diff --git a/DfciPkg/IdentityAndAuthManager/IdentityAndAuthManagerDxe.inf b/DfciPkg/IdentityAndAuthManager/IdentityAndAuthManagerDxe.inf index e2e1c827..84d463ad 100644 --- a/DfciPkg/IdentityAndAuthManager/IdentityAndAuthManagerDxe.inf +++ b/DfciPkg/IdentityAndAuthManager/IdentityAndAuthManagerDxe.inf @@ -1,89 +1,89 @@ -## @file -# IdentityAndAuthManagerDxe.inf -# -# This module manages the Identity certificates, and processes the -# Dfci packets. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = IdentityAndAuthManagerDxe - FILE_GUID = F8126429-7B88-4AD2-98C4-402CBE26F9A8 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = Init - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - AuthManager.c - AuthManagerProvision.c - AuthManagerProvisionedData.c - IdentityAndAuthManager.h - IdentityAndAuthManagerDxe.c - IdentityManager.c - IdentityCurrentSettingsXml.c - RecoverySupport.c - CertSupport.c - UiSupport.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - MsCorePkg/MsCorePkg.dec - CryptoPkg/CryptoPkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - ZeroTouchPkg/ZeroTouchPkg.dec - -[LibraryClasses] - UefiDriverEntryPoint - DebugLib - BaseLib - UefiBootServicesTableLib - MemoryAllocationLib - BaseMemoryLib - PrintLib - UefiLib - BaseCryptLib - PasswordStoreLib - DfciDeviceIdSupportLib - DfciRecoveryLib - DfciUiSupportLib - DfciXmlIdentitySchemaSupportLib - ZeroTouchSettingsLib - PcdLib - -[Guids] - gEfiCertPkcs7Guid - gDfciAuthProvisionVarNamespace - gDfciInternalVariableGuid - -[Protocols] - gEfiRngProtocolGuid #SOMETIMES CONSUMES - gDfciApplyIdentityProtocolGuid - gDfciAuthenticationProtocolGuid #produces - gMuPKCS7ProtocolGuid #consumes - gDfciSettingPermissionsProtocolGuid #sometimes consumes - gDfciSettingAccessProtocolGuid #sometimes consumes - -[FeaturePcd] - gDfciPkgTokenSpaceGuid.PcdDfciEnabled - -[Pcd] - -[Depex] - gEfiVariableWriteArchProtocolGuid - AND gEfiVariableArchProtocolGuid - AND gEdkiiVariablePolicyProtocolGuid - AND gDfciSettingPermissionsProtocolGuid - AND gMuPKCS7ProtocolGuid - AND gEfiRngProtocolGuid +## @file +# IdentityAndAuthManagerDxe.inf +# +# This module manages the Identity certificates, and processes the +# Dfci packets. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = IdentityAndAuthManagerDxe + FILE_GUID = F8126429-7B88-4AD2-98C4-402CBE26F9A8 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Init + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + AuthManager.c + AuthManagerProvision.c + AuthManagerProvisionedData.c + IdentityAndAuthManager.h + IdentityAndAuthManagerDxe.c + IdentityManager.c + IdentityCurrentSettingsXml.c + RecoverySupport.c + CertSupport.c + UiSupport.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + MsCorePkg/MsCorePkg.dec + CryptoPkg/CryptoPkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + ZeroTouchPkg/ZeroTouchPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + DebugLib + BaseLib + UefiBootServicesTableLib + MemoryAllocationLib + BaseMemoryLib + PrintLib + UefiLib + BaseCryptLib + PasswordStoreLib + DfciDeviceIdSupportLib + DfciRecoveryLib + DfciUiSupportLib + DfciXmlIdentitySchemaSupportLib + ZeroTouchSettingsLib + PcdLib + +[Guids] + gEfiCertPkcs7Guid + gDfciAuthProvisionVarNamespace + gDfciInternalVariableGuid + +[Protocols] + gEfiRngProtocolGuid #SOMETIMES CONSUMES + gDfciApplyIdentityProtocolGuid + gDfciAuthenticationProtocolGuid #produces + gMuPKCS7ProtocolGuid #consumes + gDfciSettingPermissionsProtocolGuid #sometimes consumes + gDfciSettingAccessProtocolGuid #sometimes consumes + +[FeaturePcd] + gDfciPkgTokenSpaceGuid.PcdDfciEnabled + +[Pcd] + +[Depex] + gEfiVariableWriteArchProtocolGuid + AND gEfiVariableArchProtocolGuid + AND gEdkiiVariablePolicyProtocolGuid + AND gDfciSettingPermissionsProtocolGuid + AND gMuPKCS7ProtocolGuid + AND gEfiRngProtocolGuid diff --git a/DfciPkg/Library/DfciDeviceIdSupportLibNull/DfciDeviceIdSupportLibNull.inf b/DfciPkg/Library/DfciDeviceIdSupportLibNull/DfciDeviceIdSupportLibNull.inf index 08f54c3f..7624a848 100644 --- a/DfciPkg/Library/DfciDeviceIdSupportLibNull/DfciDeviceIdSupportLibNull.inf +++ b/DfciPkg/Library/DfciDeviceIdSupportLibNull/DfciDeviceIdSupportLibNull.inf @@ -1,42 +1,42 @@ -## @file -# DfciDeviceIdSupportLibNull.inf -# -# NULL Library for DfciDeviceIdSupportLib. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciDeviceIdSupportLib - FILE_GUID = 191d0ad4-469a-4d62-b526-29abe84d6af2 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciDeviceIdSupportLib|DXE_DRIVER UEFI_APPLICATION - - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciDeviceIdSupportLibNull.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - BaseLib - UefiLib - MemoryAllocationLib - -[Guids] - -[Depex] +## @file +# DfciDeviceIdSupportLibNull.inf +# +# NULL Library for DfciDeviceIdSupportLib. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciDeviceIdSupportLib + FILE_GUID = 191d0ad4-469a-4d62-b526-29abe84d6af2 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciDeviceIdSupportLib|DXE_DRIVER UEFI_APPLICATION + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciDeviceIdSupportLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + BaseLib + UefiLib + MemoryAllocationLib + +[Guids] + +[Depex] diff --git a/DfciPkg/Library/DfciRecoveryLib/DfciRecoveryLib.inf b/DfciPkg/Library/DfciRecoveryLib/DfciRecoveryLib.inf index d1ee6b62..b1f633bd 100644 --- a/DfciPkg/Library/DfciRecoveryLib/DfciRecoveryLib.inf +++ b/DfciPkg/Library/DfciRecoveryLib/DfciRecoveryLib.inf @@ -1,54 +1,54 @@ -## @file -# DfciRecoveryLib.inf -# -# This library contains crypto support functions for the DFCI recovery feature. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010017 - BASE_NAME = DfciRecoveryLib - FILE_GUID = E481DFFC-C539-45C0-ADFD-48C242F8A436 - VERSION_STRING = 1.0 - MODULE_TYPE = DXE_DRIVER - LIBRARY_CLASS = DfciRecoveryLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - - -[Sources] - DfciRecoveryLib.c - - -[Packages] - MdePkg/MdePkg.dec - CryptoPkg/CryptoPkg.dec - DfciPkg/DfciPkg.dec - - -[LibraryClasses] - DebugLib - BaseCryptLib ## Ultimately, try to remove this. - DfciDeviceIdSupportLib - - -[Protocols] - gEfiRngProtocolGuid - - -[Guids] - gEfiRngAlgorithmSp80090Ctr256Guid - gEfiRngAlgorithmSp80090Hmac256Guid - gEfiRngAlgorithmSp80090Hash256Guid - - -## Required for drivers. -#[Depex] -# TRUE ## JBB/Sean TODO: Should we depend on the RNG protocol, or just try to located it and fail otherwise? +## @file +# DfciRecoveryLib.inf +# +# This library contains crypto support functions for the DFCI recovery feature. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = DfciRecoveryLib + FILE_GUID = E481DFFC-C539-45C0-ADFD-48C242F8A436 + VERSION_STRING = 1.0 + MODULE_TYPE = DXE_DRIVER + LIBRARY_CLASS = DfciRecoveryLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + + +[Sources] + DfciRecoveryLib.c + + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + DfciPkg/DfciPkg.dec + + +[LibraryClasses] + DebugLib + BaseCryptLib ## Ultimately, try to remove this. + DfciDeviceIdSupportLib + + +[Protocols] + gEfiRngProtocolGuid + + +[Guids] + gEfiRngAlgorithmSp80090Ctr256Guid + gEfiRngAlgorithmSp80090Hmac256Guid + gEfiRngAlgorithmSp80090Hash256Guid + + +## Required for drivers. +#[Depex] +# TRUE ## JBB/Sean TODO: Should we depend on the RNG protocol, or just try to located it and fail otherwise? diff --git a/DfciPkg/Library/DfciSampleProvider/readme.md b/DfciPkg/Library/DfciSampleProvider/readme.md index 2db15a04..52d416a0 100644 --- a/DfciPkg/Library/DfciSampleProvider/readme.md +++ b/DfciPkg/Library/DfciSampleProvider/readme.md @@ -1,13 +1,13 @@ -# Dfci Sample Provider - -This is a DXE driver that publishes the gDfciSettingsProviderSupportProtocolGuid protocol, which is a settings provider -for DFCI. - -This is **not to be used in production** but is provided as a sample for reference when creating your own provider. - -For more information, please refer to the DFCI documentation [here]( https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/PlatformIntegration/DfciSettingProviders/) - -## Copyright - -Copyright (C) Microsoft Corporation. All rights reserved. -SPDX-License-Identifier: BSD-2-Clause-Patent +# Dfci Sample Provider + +This is a DXE driver that publishes the gDfciSettingsProviderSupportProtocolGuid protocol, which is a settings provider +for DFCI. + +This is **not to be used in production** but is provided as a sample for reference when creating your own provider. + +For more information, please refer to the DFCI documentation [here]( https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/PlatformIntegration/DfciSettingProviders/) + +## Copyright + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermissionLib.inf b/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermissionLib.inf index da8cbcf4..f0c3e644 100644 --- a/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermissionLib.inf +++ b/DfciPkg/Library/DfciSettingPermissionLib/DfciSettingPermissionLib.inf @@ -1,77 +1,77 @@ -## @file -# DfciSettingPermissionLib.inf -# -# This library provides all the logic for the SettingsManager to use for Permission Management. -# This library should not be linked in by other modules as it used only by the Settings Manager. -# If modules want to find out a permission value they should use the SettingAccessProtocol which will return -# flags indicating write access -# -# This library has a very small public interface but it has a lot of -# logic required to support Permissions, Provisioning Permissions from tool through variable interface, etc -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciSettingPermissionLib - FILE_GUID = 659801E4-4729-4461-86F6-19E0942CCA5C - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciSettingPermissionLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER - CONSTRUCTOR = DfciPermissionInit -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciSettingPermission.c - DfciSettingPermissionProvisioned.c #support loaded saved/already provisioned data into internal stores for usage - DfciSettingPermission.h - PermissionStoreSupport.c - DfciSettingPermissionProvisionXml.c #Support reading a Permission Packet in XML format and applying to Permission Store - DfciSettingPermissionCurrentPermissionXml.c #Support conversion of current permissions to XML format and - GroupSupport.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - XmlTreeLib - XmlTreeQueryLib - DfciXmlPermissionSchemaSupportLib - PrintLib - BaseLib - MemoryAllocationLib - UefiBootServicesTableLib - UefiRuntimeServicesTableLib - UefiLib - BaseMemoryLib - DfciDeviceIdSupportLib - DfciUiSupportLib - DfciV1SupportLib - DfciGroupLib - DxeServicesLib - PcdLib - -[Protocols] - gDfciApplyPermissionsProtocolGuid - gDfciAuthenticationProtocolGuid - -[Guids] - gDfciPermissionManagerVarNamespace - gDfciInternalVariableGuid - -[Pcd] - gDfciPkgTokenSpaceGuid.PcdUnsignedListFormatAllow - gDfciPkgTokenSpaceGuid.PcdUnsignedPermissionsFile - -[Depex] - TRUE +## @file +# DfciSettingPermissionLib.inf +# +# This library provides all the logic for the SettingsManager to use for Permission Management. +# This library should not be linked in by other modules as it used only by the Settings Manager. +# If modules want to find out a permission value they should use the SettingAccessProtocol which will return +# flags indicating write access +# +# This library has a very small public interface but it has a lot of +# logic required to support Permissions, Provisioning Permissions from tool through variable interface, etc +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciSettingPermissionLib + FILE_GUID = 659801E4-4729-4461-86F6-19E0942CCA5C + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciSettingPermissionLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DfciPermissionInit +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciSettingPermission.c + DfciSettingPermissionProvisioned.c #support loaded saved/already provisioned data into internal stores for usage + DfciSettingPermission.h + PermissionStoreSupport.c + DfciSettingPermissionProvisionXml.c #Support reading a Permission Packet in XML format and applying to Permission Store + DfciSettingPermissionCurrentPermissionXml.c #Support conversion of current permissions to XML format and + GroupSupport.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + XmlTreeLib + XmlTreeQueryLib + DfciXmlPermissionSchemaSupportLib + PrintLib + BaseLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiLib + BaseMemoryLib + DfciDeviceIdSupportLib + DfciUiSupportLib + DfciV1SupportLib + DfciGroupLib + DxeServicesLib + PcdLib + +[Protocols] + gDfciApplyPermissionsProtocolGuid + gDfciAuthenticationProtocolGuid + +[Guids] + gDfciPermissionManagerVarNamespace + gDfciInternalVariableGuid + +[Pcd] + gDfciPkgTokenSpaceGuid.PcdUnsignedListFormatAllow + gDfciPkgTokenSpaceGuid.PcdUnsignedPermissionsFile + +[Depex] + TRUE diff --git a/DfciPkg/Library/DfciSettingPermissionLib/PermissionsPacket_Example.xml b/DfciPkg/Library/DfciSettingPermissionLib/PermissionsPacket_Example.xml index 275a1bb2..8188b17d 100644 --- a/DfciPkg/Library/DfciSettingPermissionLib/PermissionsPacket_Example.xml +++ b/DfciPkg/Library/DfciSettingPermissionLib/PermissionsPacket_Example.xml @@ -1,18 +1,18 @@ - - - UserName - 2015-10-26 - 1 - 1 - - - 100 - 0xFF - - - 300 - 0x81 - - - - + + + UserName + 2015-10-26 + 1 + 1 + + + 100 + 0xFF + + + 300 + 0x81 + + + + diff --git a/DfciPkg/Library/DfciUiSupportLibNull/DfciUiSupportLibNull.inf b/DfciPkg/Library/DfciUiSupportLibNull/DfciUiSupportLibNull.inf index 6ead7bbe..386fe865 100644 --- a/DfciPkg/Library/DfciUiSupportLibNull/DfciUiSupportLibNull.inf +++ b/DfciPkg/Library/DfciUiSupportLibNull/DfciUiSupportLibNull.inf @@ -1,48 +1,48 @@ -## @file -# DfciUiSupportLibNull.inf -# -# This library contains NULL routines to support UI operations associated with DFCI. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010017 - BASE_NAME = DfciUiSupportLibNull - FILE_GUID = 59260ec4-b841-4c02-abb6-1b20ef7451eb - VERSION_STRING = 1.0 - MODULE_TYPE = DXE_DRIVER - LIBRARY_CLASS = DfciUiSupportLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - - -[Sources] - DfciUiSupportLibNull.c - - -[Packages] - MdePkg/MdePkg.dec - DfciPkg/DfciPkg.dec - - -[LibraryClasses] - DebugLib - - -[Protocols] - - -[Guids] - - -## Required for drivers. -#[Depex] -# TRUE - +## @file +# DfciUiSupportLibNull.inf +# +# This library contains NULL routines to support UI operations associated with DFCI. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = DfciUiSupportLibNull + FILE_GUID = 59260ec4-b841-4c02-abb6-1b20ef7451eb + VERSION_STRING = 1.0 + MODULE_TYPE = DXE_DRIVER + LIBRARY_CLASS = DfciUiSupportLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + + +[Sources] + DfciUiSupportLibNull.c + + +[Packages] + MdePkg/MdePkg.dec + DfciPkg/DfciPkg.dec + + +[LibraryClasses] + DebugLib + + +[Protocols] + + +[Guids] + + +## Required for drivers. +#[Depex] +# TRUE + diff --git a/DfciPkg/Library/DfciXmlDeviceIdSchemaSupportLib/DfciXmlDeviceIdSchemaSupportLib.inf b/DfciPkg/Library/DfciXmlDeviceIdSchemaSupportLib/DfciXmlDeviceIdSchemaSupportLib.inf index 8cc99fa9..c053056c 100644 --- a/DfciPkg/Library/DfciXmlDeviceIdSchemaSupportLib/DfciXmlDeviceIdSchemaSupportLib.inf +++ b/DfciPkg/Library/DfciXmlDeviceIdSchemaSupportLib/DfciXmlDeviceIdSchemaSupportLib.inf @@ -1,40 +1,40 @@ -## @file -# DfciXmlDeviceIdSchemaSupportLib.inf -# -# This library supports the schema used for the UEFI Device Id XML content. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciXmlDeviceIdSchemaSupportLib - FILE_GUID = 34ab461a-837e-48c3-8f66-b89e88abd570 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciXmlDeviceIdSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER -# CONSTRUCTOR = NONE -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciXmlDeviceIdSchemaSupportLib.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - XmlTreeLib - XmlTreeQueryLib - PrintLib - BaseLib - +## @file +# DfciXmlDeviceIdSchemaSupportLib.inf +# +# This library supports the schema used for the UEFI Device Id XML content. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciXmlDeviceIdSchemaSupportLib + FILE_GUID = 34ab461a-837e-48c3-8f66-b89e88abd570 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciXmlDeviceIdSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER +# CONSTRUCTOR = NONE +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciXmlDeviceIdSchemaSupportLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + XmlTreeLib + XmlTreeQueryLib + PrintLib + BaseLib + diff --git a/DfciPkg/Library/DfciXmlIdentitySchemaSupportLib/DfciXmlIdentitySchemaSupportLib.inf b/DfciPkg/Library/DfciXmlIdentitySchemaSupportLib/DfciXmlIdentitySchemaSupportLib.inf index 53db0cbe..db23e3ad 100644 --- a/DfciPkg/Library/DfciXmlIdentitySchemaSupportLib/DfciXmlIdentitySchemaSupportLib.inf +++ b/DfciPkg/Library/DfciXmlIdentitySchemaSupportLib/DfciXmlIdentitySchemaSupportLib.inf @@ -1,40 +1,40 @@ -## @file -# DfciXmlIdentitySchemaSupportLib.inf -# -# This library supports the schema used for the UEFI Identity XML content. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciXmlIdentitySchemaSupportLib - FILE_GUID = f2c88f77-4f5e-4667-9dc2-bc1eedbc2a8f - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciXmlIdentitySchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER -# CONSTRUCTOR = NONE -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciXmlIdentitySchemaSupportLib.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - XmlTreeLib - XmlTreeQueryLib - PrintLib - BaseLib - +## @file +# DfciXmlIdentitySchemaSupportLib.inf +# +# This library supports the schema used for the UEFI Identity XML content. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciXmlIdentitySchemaSupportLib + FILE_GUID = f2c88f77-4f5e-4667-9dc2-bc1eedbc2a8f + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciXmlIdentitySchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER +# CONSTRUCTOR = NONE +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciXmlIdentitySchemaSupportLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + XmlTreeLib + XmlTreeQueryLib + PrintLib + BaseLib + diff --git a/DfciPkg/Library/DfciXmlPermissionSchemaSupportLib/DfciXmlPermissionSchemaSupportLib.inf b/DfciPkg/Library/DfciXmlPermissionSchemaSupportLib/DfciXmlPermissionSchemaSupportLib.inf index 17f96d57..5f61fde6 100644 --- a/DfciPkg/Library/DfciXmlPermissionSchemaSupportLib/DfciXmlPermissionSchemaSupportLib.inf +++ b/DfciPkg/Library/DfciXmlPermissionSchemaSupportLib/DfciXmlPermissionSchemaSupportLib.inf @@ -1,41 +1,41 @@ -## @file -# DfciXmlPermissionSchemaSupportLib.inf -# -# This library supports the schema used for the Permission Input XML files. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciXmlPermissionSchemaSupportLib - FILE_GUID = 82EF6134-3BF2-4CAF-BFC5-79CFAC5768C7 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciXmlPermissionSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER -# CONSTRUCTOR = NONE -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciXmlPermissionSchemaSupport.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - XmlTreeLib - XmlTreeQueryLib - PrintLib - BaseLib - DfciV1SupportLib - +## @file +# DfciXmlPermissionSchemaSupportLib.inf +# +# This library supports the schema used for the Permission Input XML files. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciXmlPermissionSchemaSupportLib + FILE_GUID = 82EF6134-3BF2-4CAF-BFC5-79CFAC5768C7 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciXmlPermissionSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER +# CONSTRUCTOR = NONE +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciXmlPermissionSchemaSupport.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + XmlTreeLib + XmlTreeQueryLib + PrintLib + BaseLib + DfciV1SupportLib + diff --git a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/AllSettings.xml b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/AllSettings.xml index 1fe6d376..fa2cd871 100644 --- a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/AllSettings.xml +++ b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/AllSettings.xml @@ -1,84 +1,84 @@ - - - - 1 - 2015-10-06 - - - 100 - Asset Tag - Holds a IT/Admin defined asset tag value - - - 200 - Secure Boot Keys - Controls the state of UEFI Secure Boot and which keys to use. Changing this can cause your system to fail to boot - - - 300 - Trusted Platform Module (TPM) - TPM device enabled or disabled - - - 301 - Docking Usb Port - Docking USB Port enabled or disabled - - - 302 - Front Camera - Front Camera enabled or disabled - - - 303 - Bluetooth - Bluetooth radio enabled or disabled - - - - - - - - - - + + + + 1 + 2015-10-06 + + + 100 + Asset Tag + Holds a IT/Admin defined asset tag value + + + 200 + Secure Boot Keys + Controls the state of UEFI Secure Boot and which keys to use. Changing this can cause your system to fail to boot + + + 300 + Trusted Platform Module (TPM) + TPM device enabled or disabled + + + 301 + Docking Usb Port + Docking USB Port enabled or disabled + + + 302 + Front Camera + Front Camera enabled or disabled + + + 303 + Bluetooth + Bluetooth radio enabled or disabled + + + + + + + + + + diff --git a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/DfciXmlSettingSchemaSupportLib.inf b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/DfciXmlSettingSchemaSupportLib.inf index 8569c094..1eac29b4 100644 --- a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/DfciXmlSettingSchemaSupportLib.inf +++ b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/DfciXmlSettingSchemaSupportLib.inf @@ -1,41 +1,41 @@ -## @file -# DfciXmlSettingSchemaSupportLib.inf -# -# This library supports the schema used for the Settings Input and Result XML files. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciXmlSettingSchemaSupportV1Lib - FILE_GUID = D7B69EDA-E1A4-4333-A9DD-0EB4FD04F17A - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - LIBRARY_CLASS = DfciXmlSettingSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER -# CONSTRUCTOR = NONE -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciXmlSettingSchemaSupport.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - DfciPkg/DfciPkg.dec - -[LibraryClasses] - DebugLib - XmlTreeLib - XmlTreeQueryLib - PrintLib - BaseLib - DfciV1SupportLib - +## @file +# DfciXmlSettingSchemaSupportLib.inf +# +# This library supports the schema used for the Settings Input and Result XML files. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciXmlSettingSchemaSupportV1Lib + FILE_GUID = D7B69EDA-E1A4-4333-A9DD-0EB4FD04F17A + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = DfciXmlSettingSchemaSupportLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER +# CONSTRUCTOR = NONE +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciXmlSettingSchemaSupport.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + DfciPkg/DfciPkg.dec + +[LibraryClasses] + DebugLib + XmlTreeLib + XmlTreeQueryLib + PrintLib + BaseLib + DfciV1SupportLib + diff --git a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/ResultsPacket_Example.xml b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/ResultsPacket_Example.xml index a9b717f9..a01cea9f 100644 --- a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/ResultsPacket_Example.xml +++ b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/ResultsPacket_Example.xml @@ -1,17 +1,17 @@ - - - %Date% - - - - 100 - 0x8000000000000001 - - - - 300 - 0x0000000000000001 - 0x0 - - + + + %Date% + + + + 100 + 0x8000000000000001 + + + + 300 + 0x0000000000000001 + 0x0 + + \ No newline at end of file diff --git a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/SettingsPacket_Example.xml b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/SettingsPacket_Example.xml index b8954738..4b5d4f2d 100644 --- a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/SettingsPacket_Example.xml +++ b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/SettingsPacket_Example.xml @@ -1,30 +1,30 @@ - - - UserName - 2015-10-26 - 1 - 1 - - - - 100 - 7897897890 - - - - 200 - MsOnly - - - - 300 - Enabled - - - - 301 - Enabled - - - - + + + UserName + 2015-10-26 + 1 + 1 + + + + 100 + 7897897890 + + + + 200 + MsOnly + + + + 300 + Enabled + + + + 301 + Enabled + + + + diff --git a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/UefiSettings.xsd b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/UefiSettings.xsd index e5ed991f..221c16d3 100644 --- a/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/UefiSettings.xsd +++ b/DfciPkg/Library/DfciXmlSettingSchemaSupportLib/UefiSettings.xsd @@ -1,134 +1,134 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DfciPkg/SettingsManager/SettingsManagerDxe.inf b/DfciPkg/SettingsManager/SettingsManagerDxe.inf index 23d96d9f..51e95dc5 100644 --- a/DfciPkg/SettingsManager/SettingsManagerDxe.inf +++ b/DfciPkg/SettingsManager/SettingsManagerDxe.inf @@ -1,77 +1,77 @@ -## @file -# SettingsManagerDxe.inf -# -# This is the Dfci Settings Manager - this application has all of the settings -# providers attached as NULL Libraries. -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = SettingsManagerDxe - FILE_GUID = 0CCF27CF-E68D-4279-96B0-8A4E1CDFF10C - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = Init - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - SettingsManagerProvider.c - SettingsManager.c - SettingsManager.h - SettingsManagerTransportXml.c - SettingsManagerDxe.c - SettingsManagerCurrentSettingXml.c - SettingsManagerProvisionedData.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DfciPkg/DfciPkg.dec - MsCorePkg/MsCorePkg.dec - XmlSupportPkg/XmlSupportPkg.dec - -[LibraryClasses] - UefiDriverEntryPoint - DebugLib - BaseLib - DfciSettingChangedNotificationLib - DfciXmlDeviceIdSchemaSupportLib - DfciXmlSettingSchemaSupportLib - DfciSettingPermissionLib - DfciV1SupportLib - PerformanceLib - XmlTreeLib - XmlTreeQueryLib - -[Guids] - gDfciStartOfBdsNotifyGuid - gDfciSettingsManagerVarNamespace - gDfciDeviceIdVarNamespace - gDfciInternalVariableGuid - gEfiEventReadyToBootGuid - -[Protocols] - gDfciApplySettingsProtocolGuid - gDfciSettingsProviderSupportProtocolGuid #produces - gDfciSettingAccessProtocolGuid #produces - gDfciSettingPermissionsProtocolGuid #produces - gDfciAuthenticationProtocolGuid #sometimes consumes - -[FeaturePcd] - gDfciPkgTokenSpaceGuid.PcdDfciEnabled - -[Pcd] - -[Depex] - gEfiVariableWriteArchProtocolGuid - AND gEfiVariableArchProtocolGuid - AND gEdkiiVariablePolicyProtocolGuid +## @file +# SettingsManagerDxe.inf +# +# This is the Dfci Settings Manager - this application has all of the settings +# providers attached as NULL Libraries. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SettingsManagerDxe + FILE_GUID = 0CCF27CF-E68D-4279-96B0-8A4E1CDFF10C + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Init + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SettingsManagerProvider.c + SettingsManager.c + SettingsManager.h + SettingsManagerTransportXml.c + SettingsManagerDxe.c + SettingsManagerCurrentSettingXml.c + SettingsManagerProvisionedData.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DfciPkg/DfciPkg.dec + MsCorePkg/MsCorePkg.dec + XmlSupportPkg/XmlSupportPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + DebugLib + BaseLib + DfciSettingChangedNotificationLib + DfciXmlDeviceIdSchemaSupportLib + DfciXmlSettingSchemaSupportLib + DfciSettingPermissionLib + DfciV1SupportLib + PerformanceLib + XmlTreeLib + XmlTreeQueryLib + +[Guids] + gDfciStartOfBdsNotifyGuid + gDfciSettingsManagerVarNamespace + gDfciDeviceIdVarNamespace + gDfciInternalVariableGuid + gEfiEventReadyToBootGuid + +[Protocols] + gDfciApplySettingsProtocolGuid + gDfciSettingsProviderSupportProtocolGuid #produces + gDfciSettingAccessProtocolGuid #produces + gDfciSettingPermissionsProtocolGuid #produces + gDfciAuthenticationProtocolGuid #sometimes consumes + +[FeaturePcd] + gDfciPkgTokenSpaceGuid.PcdDfciEnabled + +[Pcd] + +[Depex] + gEfiVariableWriteArchProtocolGuid + AND gEfiVariableArchProtocolGuid + AND gEdkiiVariablePolicyProtocolGuid diff --git a/DfciPkg/UnitTests/DeviceIdTest/readme.md b/DfciPkg/UnitTests/DeviceIdTest/readme.md index eb92ea99..7d829e48 100644 --- a/DfciPkg/UnitTests/DeviceIdTest/readme.md +++ b/DfciPkg/UnitTests/DeviceIdTest/readme.md @@ -1,25 +1,25 @@ -# Verify DfciDeviceIdLib library functionality - -The library DfciDeviceIdLib provided Dfci with platform information that Dfci needs. This include the manufacturer -name, product name, and serial number. Dfci has limit on the characters supported, and the length of the strings returned. - -Device Id Library rules: - -1. The following five characters are not allowed: `" ' < > &` -2. The maximum string length is 64 characters plus a terminating '\0' -3. '\0' is a required terminator. The interfaces return - the string and the size of the string (including the '\0'). -4. The string is a valid UTF-8 string (ie, no 8-bit ASCII) - -## About - -These tests verify that the DeviceIdLib Library functions properly. - -## DeviceIdIdTestApp - -This application consumes the DfciDeviceIdLib executed test cases for the verification of the Device Id Strings. - -## Copyright - -Copyright (C) Microsoft Corporation. All rights reserved. -SPDX-License-Identifier: BSD-2-Clause-Patent +# Verify DfciDeviceIdLib library functionality + +The library DfciDeviceIdLib provided Dfci with platform information that Dfci needs. This include the manufacturer +name, product name, and serial number. Dfci has limit on the characters supported, and the length of the strings returned. + +Device Id Library rules: + +1. The following five characters are not allowed: `" ' < > &` +2. The maximum string length is 64 characters plus a terminating '\0' +3. '\0' is a required terminator. The interfaces return + the string and the size of the string (including the '\0'). +4. The string is a valid UTF-8 string (ie, no 8-bit ASCII) + +## About + +These tests verify that the DeviceIdLib Library functions properly. + +## DeviceIdIdTestApp + +This application consumes the DfciDeviceIdLib executed test cases for the verification of the Device Id Strings. + +## Copyright + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/DfciPkg/UnitTests/DfciTests/Certs/MakeChainingCerts.bat b/DfciPkg/UnitTests/DfciTests/Certs/MakeChainingCerts.bat index b1003d73..511c5079 100644 --- a/DfciPkg/UnitTests/DfciTests/Certs/MakeChainingCerts.bat +++ b/DfciPkg/UnitTests/DfciTests/Certs/MakeChainingCerts.bat @@ -1,70 +1,70 @@ -@echo off -rem @file -rem -rem Script to create the full test certificate set for DFCI testing. -rem -rem Copyright (c), Microsoft Corporation -rem SPDX-License-Identifier: BSD-2-Clause-Patent -rem - -pushd . -cd %~dp0 - -REM Creating Certs requires the Win10 WDK. If you don't have the MakeCert tool you can try the 8.1 kit (just change the KIT=10 to KIT=8.1, and VER=bin) - -set KIT=10 -set VER=bin\10.0.17763.0 - -rem Certs for ZTD - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv ZTD_Root.pvk -pe -ss my -n "CN=ZTD_Root, O=Palindrome, C=US" ZTD_Root.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_Root.pvk -spc ZTD_Root.cer -pfx ZTD_Root.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic ZTD_Root.cer -iv ZTD_Root.pvk -sv ZTD_CA.pvk -pe -ss my -n "CN=ZTD_CA, O=Palindrome, C=US" ZTD_CA.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_CA.pvk -spc ZTD_CA.cer -pfx ZTD_CA.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 4096 -m 60 -a sha256 -ic ZTD_CA.cer -iv ZTD_CA.pvk -sv ZTD_Leaf.pvk -pe -ss my -sky exchange -n "CN=ZTD_Leaf, O=Palindrome, C=US" ZTD_Leaf.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_Leaf.pvk -spc ZTD_Leaf.cer -pfx ZTD_Leaf.pfx - -rem Certs for DDS - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv DDS_Root.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com Device Guard Root, O=OnMicrosoft.com, C=US" DDS_Root.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Root.pvk -spc DDS_Root.cer -pfx DDS_Root.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic DDS_Root.cer -iv DDS_Root.pvk -sv DDS_CA.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com CA, O=OnMicrosoft.com, C=US" DDS_CA.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_CA.pvk -spc DDS_CA.cer -pfx DDS_CA.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic DDS_CA.cer -iv DDS_CA.pvk -sv DDS_Leaf.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com, O=OnMicrosoft.com, C=US" DDS_Leaf.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Leaf.pvk -spc DDS_Leaf.cer -pfx DDS_Leaf.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic DDS_Root.cer -iv DDS_Root.pvk -sv DDS_CA2.pvk -pe -ss my -n "CN=DDS2.OnMicrosoft.com CA, O=OnMicrosoft.com, C=US" DDS_CA2.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_CA2.pvk -spc DDS_CA2.cer -pfx DDS_CA2.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic DDS_CA2.cer -iv DDS_CA2.pvk -sv DDS_Leaf2.pvk -pe -ss my -n "CN=DDS2.OnMicrosoft.com, O=OnMicrosoft.com, C=US" DDS_Leaf2.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Leaf2.pvk -spc DDS_Leaf2.cer -pfx DDS_Leaf2.pfx - -rem Certs for MDM - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv MDM_Root.pvk -pe -ss my -n "CN=Sample_MDM_Root, O=Corportaion, C=US" MDM_Root.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Root.pvk -spc MDM_Root.cer -pfx MDM_Root.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 2048 -m 61 -a sha256 -ic MDM_Root.cer -iv MDM_Root.pvk -sv MDM_CA.pvk -pe -ss my -n "CN=Sample_MDM_CA, O=Corportaion, C=US" MDM_CA.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_CA.pvk -spc MDM_CA.cer -pfx MDM_CA.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic MDM_CA.cer -iv MDM_CA.pvk -sv MDM_Leaf.pvk -pe -ss my -n "CN=Sample_MDM_Leaf, O=Corportaion, C=US" MDM_Leaf.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Leaf.pvk -spc MDM_Leaf.cer -pfx MDM_Leaf.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 2048 -m 61 -a sha256 -ic MDM_Root.cer -iv MDM_Root.pvk -sv MDM_CA2.pvk -pe -ss my -n "CN=Sample_MDM_CA2, O=Corporation, C=US" MDM_CA2.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_CA2.pvk -spc MDM_CA2.cer -pfx MDM_CA2.pfx - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic MDM_CA2.cer -iv MDM_CA2.pvk -sv MDM_Leaf2.pvk -pe -ss my -n "CN=Sample_MDM_Leaf2, O=Corporation, C=US" MDM_Leaf2.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Leaf2.pvk -spc MDM_Leaf2.cer -pfx MDM_Leaf2.pfx - -rem Cert for HTTPS - -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -eku 1.3.6.1.5.5.7.3.1 /n "CN=mikeytbds3.eastus.cloudapp.azure.com, O=Dfci Testing, C=US" /r /h 0 -sky signature /sv DFCI_HTTPS.pvk DFCI_HTTPS.cer -"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" /pvk DFCI_HTTPS.pvk /spc DFCI_HTTPS.cer /pfx DFCI_HTTPS.pfx - -:end - popd - +@echo off +rem @file +rem +rem Script to create the full test certificate set for DFCI testing. +rem +rem Copyright (c), Microsoft Corporation +rem SPDX-License-Identifier: BSD-2-Clause-Patent +rem + +pushd . +cd %~dp0 + +REM Creating Certs requires the Win10 WDK. If you don't have the MakeCert tool you can try the 8.1 kit (just change the KIT=10 to KIT=8.1, and VER=bin) + +set KIT=10 +set VER=bin\10.0.17763.0 + +rem Certs for ZTD + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv ZTD_Root.pvk -pe -ss my -n "CN=ZTD_Root, O=Palindrome, C=US" ZTD_Root.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_Root.pvk -spc ZTD_Root.cer -pfx ZTD_Root.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic ZTD_Root.cer -iv ZTD_Root.pvk -sv ZTD_CA.pvk -pe -ss my -n "CN=ZTD_CA, O=Palindrome, C=US" ZTD_CA.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_CA.pvk -spc ZTD_CA.cer -pfx ZTD_CA.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 4096 -m 60 -a sha256 -ic ZTD_CA.cer -iv ZTD_CA.pvk -sv ZTD_Leaf.pvk -pe -ss my -sky exchange -n "CN=ZTD_Leaf, O=Palindrome, C=US" ZTD_Leaf.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk ZTD_Leaf.pvk -spc ZTD_Leaf.cer -pfx ZTD_Leaf.pfx + +rem Certs for DDS + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv DDS_Root.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com Device Guard Root, O=OnMicrosoft.com, C=US" DDS_Root.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Root.pvk -spc DDS_Root.cer -pfx DDS_Root.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic DDS_Root.cer -iv DDS_Root.pvk -sv DDS_CA.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com CA, O=OnMicrosoft.com, C=US" DDS_CA.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_CA.pvk -spc DDS_CA.cer -pfx DDS_CA.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic DDS_CA.cer -iv DDS_CA.pvk -sv DDS_Leaf.pvk -pe -ss my -n "CN=DDS.OnMicrosoft.com, O=OnMicrosoft.com, C=US" DDS_Leaf.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Leaf.pvk -spc DDS_Leaf.cer -pfx DDS_Leaf.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 4096 -m 61 -a sha256 -ic DDS_Root.cer -iv DDS_Root.pvk -sv DDS_CA2.pvk -pe -ss my -n "CN=DDS2.OnMicrosoft.com CA, O=OnMicrosoft.com, C=US" DDS_CA2.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_CA2.pvk -spc DDS_CA2.cer -pfx DDS_CA2.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic DDS_CA2.cer -iv DDS_CA2.pvk -sv DDS_Leaf2.pvk -pe -ss my -n "CN=DDS2.OnMicrosoft.com, O=OnMicrosoft.com, C=US" DDS_Leaf2.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk DDS_Leaf2.pvk -spc DDS_Leaf2.cer -pfx DDS_Leaf2.pfx + +rem Certs for MDM + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -r -cy authority -len 4096 -m 120 -a sha256 -sv MDM_Root.pvk -pe -ss my -n "CN=Sample_MDM_Root, O=Corportaion, C=US" MDM_Root.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Root.pvk -spc MDM_Root.cer -pfx MDM_Root.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 2048 -m 61 -a sha256 -ic MDM_Root.cer -iv MDM_Root.pvk -sv MDM_CA.pvk -pe -ss my -n "CN=Sample_MDM_CA, O=Corportaion, C=US" MDM_CA.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_CA.pvk -spc MDM_CA.cer -pfx MDM_CA.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic MDM_CA.cer -iv MDM_CA.pvk -sv MDM_Leaf.pvk -pe -ss my -n "CN=Sample_MDM_Leaf, O=Corportaion, C=US" MDM_Leaf.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Leaf.pvk -spc MDM_Leaf.cer -pfx MDM_Leaf.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -cy authority -len 2048 -m 61 -a sha256 -ic MDM_Root.cer -iv MDM_Root.pvk -sv MDM_CA2.pvk -pe -ss my -n "CN=Sample_MDM_CA2, O=Corporation, C=US" MDM_CA2.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_CA2.pvk -spc MDM_CA2.cer -pfx MDM_CA2.pfx + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -len 2048 -m 60 -a sha256 -ic MDM_CA2.cer -iv MDM_CA2.pvk -sv MDM_Leaf2.pvk -pe -ss my -n "CN=Sample_MDM_Leaf2, O=Corporation, C=US" MDM_Leaf2.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" -pvk MDM_Leaf2.pvk -spc MDM_Leaf2.cer -pfx MDM_Leaf2.pfx + +rem Cert for HTTPS + +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\MakeCert.exe" -eku 1.3.6.1.5.5.7.3.1 /n "CN=mikeytbds3.eastus.cloudapp.azure.com, O=Dfci Testing, C=US" /r /h 0 -sky signature /sv DFCI_HTTPS.pvk DFCI_HTTPS.cer +"C:\Program Files (x86)\Windows Kits\%KIT%\%VER%\x64\Pvk2Pfx.exe" /pvk DFCI_HTTPS.pvk /spc DFCI_HTTPS.cer /pfx DFCI_HTTPS.pfx + +:end + popd + diff --git a/DfciPkg/UnitTests/DfciTests/DeviceUnderTest/PyRobotServer.xml b/DfciPkg/UnitTests/DfciTests/DeviceUnderTest/PyRobotServer.xml index 2649c527d36349e97b3cfb3f71b3257099848e3f..edd6b4928f8ec387c872e11cf6307ad17850ca3c 100644 GIT binary patch literal 1923 zcmah~&2rl|5WaiH?||ym&Xj^A+i|ObnJSW7b4HFdCOyu<7ld3&7?S`8fGqRbddMT? z6}linCW__sM(p4B?PBrq>%U*v`B;GdhLZf1ivpU@_Pnm|)MsU5&{&9kx?Pf7X~HvCgm7ZgEo8d_GGe)TB32P& zxwgco-9f1=46AzhUCFtsYArTfOMXp%`<>j1R4b!$OXf;fN^^^JTkv?j_!KNf3erFj zWgxA{1?VaH5HEsBFfaHH9cymU;~F4A;Mz$XmGAmK9}t{`G*^SIwbhhT$GYTZSa#6E zRF!luWTy6pPDZ11I-1Z@Sn9eOU`;~U9c+ZLExkzQst`hc*un?yeQN@b}Js` zEBS$2Y)XI$a~uhh{7Hnb5nEM7`9BJo9m#*g>vLxg{D$i+0bL5|_O89hBaR*psXlB$ z_LJJp9Qg_QP;Qx{yPok33k8 zm29CWkKB1%{aRK#$djAB%d*AAb8&roS$>kx&n|8_n`4_1QBPz#hasQRc3FZM_AU=HG& zGR#%k+~a)uxUNw`<=LN)RrA4U=W7`t(oAo5CH@mkh~Z9ZF{k;B_5UN(+digGd%$JK gDK3PD6g9c-vKf8l@y#}K@cQHX!4s+`{x-t@0M0LRP5=M^ literal 3842 zcmbuCTW=dj42Ahzp#MS5QwvnKoH$Kus7@6rZ4AV%;S1b{yr|Y%H7u=+UFG6G-}XC0 zk9TKRaugTBN+ZsYhdktPX8--CZ!hhW&245K`(T+BR@#*X z3O6I-8$8)s zml&llu1mhVc0fG(CoQq3{On=#75t2tf66l?-Z4?T#!Mf#JAm6r+%;iL}U{vz|DfQH|T}C~|+d+59 zZ_L$`J3l*k-KQQhSiVAYnXq?&P1S-|oYwmK(OvZW0cXcv5OJ{d>Ri)K^yagj8 zMpcnupj|>DA+R4vyg}2O|p>X4rm%HT4g#q5<+T676K?*mK>~ zs$15IcFa}oR?pXY>xV9@oh@#sD>yyG?^&3?37Hoo+KXd;)u&24STLjge;XK^GNby> z?024zfuk?Al14egdI{o;kGjZ7z*iSPpa=W`-YaGmg)*fcsTePVhIW*Ac$|&Y58-8U#6Sl4(=m=Lret~t=?0F&Z#}AxYPZ(nMR6Iv3ee=GN*erYqH7eW;!X3 z?*y?nqhiFR>SRe?RW;WepgzVz>Vr;I^|6zHysr9v=f=#*8*X)50t*fKQe&GAw zZzFZvO^(&?OZZu}vTj#Z9{qbbu09;M_mX@Vfu%FO9o=RcsXxtAVe=D1y;1i&_1GpK z>0FA~u8hb?)5=3DQ=98MhZs|K=2Wis;DFw66Kbj?V}8qP;{IQ2sc&cCWZV*R(EN5d z0l$6^_8z57=oXc;I_(sXvyggmPQ~av)Vb)qHltp(BDL|FcaRLvb;EMzPWhc9(~Vg7 z%O##4fzcyE)%s={DT<$#>NB#Z^U800ZF$ra()!(`o#gj|1>Bb54yci;;S=AwIX`ss z=-)?Co!ZrnMDGoAK5;(|xwF25gIg@?7MgQ+{RxTQMxsRiHuYjGmE{2pOyOGm%3Gb6 zZe1sfx{c#hZ)5d3_xB?qt+LZbJI7abcCSV40NoD6o8-zuiY?2Z*Qw)3Bi2L3q Version") - - if ((self.MfgOffset >= self.ProductOffset) or - (self.ProductOffset >= self.SerialOffset) or - (self.SerialOffset >= self.TrustedCertOffset)): - raise Exception("Invalid Offset Structure") - - Temp = fs.tell() - if Temp != self.MfgOffset: - raise Exception("Invalid Mfg Offset") - self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in Mfg") - - Temp = fs.tell() - if Temp != self.ProductOffset: - raise Exception("Invalid Product Offset") - self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in ProductName") - - Temp = fs.tell() - if Temp != self.SerialOffset: - raise Exception("Invalid SerialOffset Offset") - self.SerialNumber = fs.read(self.TrustedCertOffset - self.SerialOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in SerialNumber") - - if self.TrustedCertSize != 0: - Temp = fs.tell() - if Temp != self.TrustedCertOffset: - raise Exception("Invalid TrustedCertOffset Offset") - else: - raise Exception("Invalid header version") - - if((end - fs.tell()) < self.TrustedCertSize): - raise Exception("Invalid file stream size (Trusted Cert Size)") - - if(self.TrustedCertSize > 0): - self.TrustedCert = memoryview(fs.read(self.TrustedCertSize)) - - if((end - fs.tell()) > 0): - if(self.TrustedCertSize > 0): - self.TestSignature = WinCert.Factory(fs) - - if((end - fs.tell()) > 0): - self.Signature = WinCert.Factory(fs) - - # - # Method to Print CertProvisioningApplyVariable to stdout - # - def Print(self): - print ("CertProvisioningVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" Identity: 0x%X (%s)" % (self.Identity, self.IDENTITY_MAP[self.Identity])) - print (" SessionId: 0x%X" % self.SessionId) - if (self.HeaderVersion == self.VERSION_V1): - print (" SN Target: %d" % self.SNTarget) - elif (self.HeaderVersion == self.VERSION_V2): - print (" Version: %s" % self.Version) - print (" Lsv: %s" % self.Lsv) - print (" Manufacturer: %s" % self.Manufacturer) - print (" Product Name: %s" % self.ProductName) - print (" SerialNumber: %s" % self.SerialNumber) - else: - raise Exception("Invalid header version") - - print (" TrustedCertSize: 0x%X" % self.TrustedCertSize) - print (" TrustedCert: ") - if(self.TrustedCert != None): - ndbl = self.TrustedCert.tolist() - PrintByteList(ndbl) - - if(self.TrustedCertSize > 0) and (self.TestSignature != None): - print (" TestSignature: ") - self.TestSignature.Print() - - if(self.Signature != None): - print (" Signature: ") - self.Signature.Print() - - - def Write(self, fs): - fs.write(self.HeaderSignature.encode('utf-8')) - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Identity)) - if (self.HeaderVersion == self.VERSION_V1): - fs.write(struct.pack("=Q", self.SNTarget)) - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.TrustedCertSize)) - elif (self.HeaderVersion == self.VERSION_V2): - fs.write(struct.pack("=B", 0)) - fs.write(struct.pack("=B", 0)) - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.MfgOffset)) - self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 - self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 - self.TrustedCertOffset = self.SerialOffset + len(self.SerialNumber) + 1 - fs.write(struct.pack("=H", self.ProductOffset)) - fs.write(struct.pack("=H", self.SerialOffset)) - fs.write(struct.pack("=H", self.TrustedCertSize)) - fs.write(struct.pack("=H", self.TrustedCertOffset)) - fs.write(struct.pack("=H", 0)) # Alignment UINT16 - fs.write(struct.pack("=I", self.Version)) - fs.write(struct.pack("=I", self.Lsv)) - fs.write(self.Manufacturer.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.ProductName.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.SerialNumber.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - - else: - raise Exception("Invalid header version") - - if(self.TrustedCertSize != 0): - fs.write(self.TrustedCert) - if(self.TestSignature != None): - self.TestSignature.Write(fs) - if(self.Signature != None): - self.Signature.Write(fs) - - - def VerifyComplete(self): - if(self.TrustedCertSize > 0): - if(not self.TestSignature): - return False - if(not self.Signature): - return False - - return True - - def GetCertType(self): - return self.IDENTITY_MAP[self.Identity] - - def WriteCert(self, fs): - if(self.TrustedCertSize != 0): - fs.write(self.TrustedCert) - -## -## SEM Cert Provision Result Variable Data -## -class CertProvisioningResultVariable(object): - STATIC_STRUCT_SIZE=18 - HEADER_SIG_VALUE = "MSPR" - VERSION = 1 - - def __init__(self, filestream=None): - if(filestream == None): - self.HeaderSignature = self.HEADER_SIG_VALUE - self.HeaderVersion = self.VERSION - self.Status = 0 - self.Identity = 0 - self.SessionId = 0 - else: - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < self.STATIC_STRUCT_SIZE): #size of the static header data - raise Exception("Invalid file stream size") - - self.HeaderSignature = fs.read(4).decode() - if self.HeaderSignature != self.HEADER_SIG_VALUE: - raise Exception("Incorrect Header Signature") - self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] - if (self.HeaderVersion != self.VERSION): - raise Exception("Incorrect Header Version") - self.Identity = struct.unpack("=B", fs.read(1))[0] - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.Status = struct.unpack("=Q", fs.read(8))[0] - - # - # Method to Print SEM var to stdout - # - def Print(self): - print ("CertProvisioningResultVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" Identity: 0x%X (%s)" % (self.Identity, CertProvisioningApplyVariable.IDENTITY_MAP[self.Identity])) - print (" SessionId: 0x%X" % self.SessionId) - print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) - - - def Write(self, fs): - fs.write(self.HeaderSignature.encode('utf-8')) - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Identity)) - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=Q", self.Status)) - +# @file +# +# Script to support the binary structure of a provisioning variable. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +## +## Data Structure support for Cert Provisioning Variable +## +## + +import sys +import struct +from edk2toollib.uefi.wincert import * +from edk2toollib.uefi.status_codes import UefiStatusCode +from edk2toollib.utility_functions import PrintByteList + +## +## SEM Cert Provisioning Apply Variable Data +## +class CertProvisioningApplyVariable(object): + STATIC_STRUCT_SIZE_V1=20 + STATIC_STRUCT_SIZE_V2=32 + HEADER_SIG_VALUE = "MSPA" + VERSION_V1 = 1 + VERSION_V2 = 2 + IDENTITY_MAP = ["NONE", "OWNER CERT", "USER CERT", "USER1 CERT", "USER2 CERT", "ZTC CERT"] + + def __init__(self, filestream=None, HdrVersion=1): + if (HdrVersion != self.VERSION_V1 and + HdrVersion != self.VERSION_V2): + raise Exception("Invalid version specified") + + self.TestSignature = None + self.Signature = None + self.TrustedCertSize = 0 + self.TrustedCert = None + self.HeaderSignature = self.HEADER_SIG_VALUE + self.HeaderVersion = HdrVersion + self.Identity = 0 + self.SessionId = 0 + + # V1 unique members + self.SNTarget = 0 + + # V2 unique members + self.Version = 0 + self.Lsv = 0 + self.Manufacturer = None + self.ProductName = None + self.SerialNumber = None + self.MfgOffset = self.STATIC_STRUCT_SIZE_V2 + self.ProductOffset = 0 + self.SerialOffset = 0 + self.TrustedCertOffset = 0 + + if(filestream != None): + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < self.STATIC_STRUCT_SIZE_V1): #size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = fs.read(4).decode() + if self.HeaderSignature != self.HEADER_SIG_VALUE: + raise Exception("Incorrect Header Signature") + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + + if (self.HeaderVersion == self.VERSION_V1): + self.Identity = struct.unpack("=B", fs.read(1))[0] + self.SNTarget = struct.unpack("=Q", fs.read(8))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.TrustedCertSize = struct.unpack("=H", fs.read(2))[0] + self.TrustedCert = None + elif (self.HeaderVersion == self.VERSION_V2): + self.Identity = struct.unpack("=B", fs.read(1))[0] + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid Reserved Field 1") + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid Reserved Field 2") + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.MfgOffset = struct.unpack("=H", fs.read(2))[0] + self.ProductOffset = struct.unpack("=H", fs.read(2))[0] + self.SerialOffset = struct.unpack("=H", fs.read(2))[0] + self.TrustedCertSize = struct.unpack("=H", fs.read(2))[0] + self.TrustedCertOffset = struct.unpack("=H", fs.read(2))[0] + self.TrustedCert = None + + Temp = struct.unpack("=H", fs.read(2))[0] + if Temp != 0: + raise Exception("Invalid Reserved Field 1") + self.Version = struct.unpack("=I", fs.read(4))[0] + self.Lsv = struct.unpack("=I", fs.read(4))[0] + + if self.Version < self.Lsv: + raise Exception("Invalid Lsv - must not be > Version") + + if ((self.MfgOffset >= self.ProductOffset) or + (self.ProductOffset >= self.SerialOffset) or + (self.SerialOffset >= self.TrustedCertOffset)): + raise Exception("Invalid Offset Structure") + + Temp = fs.tell() + if Temp != self.MfgOffset: + raise Exception("Invalid Mfg Offset") + self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in Mfg") + + Temp = fs.tell() + if Temp != self.ProductOffset: + raise Exception("Invalid Product Offset") + self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in ProductName") + + Temp = fs.tell() + if Temp != self.SerialOffset: + raise Exception("Invalid SerialOffset Offset") + self.SerialNumber = fs.read(self.TrustedCertOffset - self.SerialOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in SerialNumber") + + if self.TrustedCertSize != 0: + Temp = fs.tell() + if Temp != self.TrustedCertOffset: + raise Exception("Invalid TrustedCertOffset Offset") + else: + raise Exception("Invalid header version") + + if((end - fs.tell()) < self.TrustedCertSize): + raise Exception("Invalid file stream size (Trusted Cert Size)") + + if(self.TrustedCertSize > 0): + self.TrustedCert = memoryview(fs.read(self.TrustedCertSize)) + + if((end - fs.tell()) > 0): + if(self.TrustedCertSize > 0): + self.TestSignature = WinCert.Factory(fs) + + if((end - fs.tell()) > 0): + self.Signature = WinCert.Factory(fs) + + # + # Method to Print CertProvisioningApplyVariable to stdout + # + def Print(self): + print ("CertProvisioningVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" Identity: 0x%X (%s)" % (self.Identity, self.IDENTITY_MAP[self.Identity])) + print (" SessionId: 0x%X" % self.SessionId) + if (self.HeaderVersion == self.VERSION_V1): + print (" SN Target: %d" % self.SNTarget) + elif (self.HeaderVersion == self.VERSION_V2): + print (" Version: %s" % self.Version) + print (" Lsv: %s" % self.Lsv) + print (" Manufacturer: %s" % self.Manufacturer) + print (" Product Name: %s" % self.ProductName) + print (" SerialNumber: %s" % self.SerialNumber) + else: + raise Exception("Invalid header version") + + print (" TrustedCertSize: 0x%X" % self.TrustedCertSize) + print (" TrustedCert: ") + if(self.TrustedCert != None): + ndbl = self.TrustedCert.tolist() + PrintByteList(ndbl) + + if(self.TrustedCertSize > 0) and (self.TestSignature != None): + print (" TestSignature: ") + self.TestSignature.Print() + + if(self.Signature != None): + print (" Signature: ") + self.Signature.Print() + + + def Write(self, fs): + fs.write(self.HeaderSignature.encode('utf-8')) + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Identity)) + if (self.HeaderVersion == self.VERSION_V1): + fs.write(struct.pack("=Q", self.SNTarget)) + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.TrustedCertSize)) + elif (self.HeaderVersion == self.VERSION_V2): + fs.write(struct.pack("=B", 0)) + fs.write(struct.pack("=B", 0)) + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.MfgOffset)) + self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 + self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 + self.TrustedCertOffset = self.SerialOffset + len(self.SerialNumber) + 1 + fs.write(struct.pack("=H", self.ProductOffset)) + fs.write(struct.pack("=H", self.SerialOffset)) + fs.write(struct.pack("=H", self.TrustedCertSize)) + fs.write(struct.pack("=H", self.TrustedCertOffset)) + fs.write(struct.pack("=H", 0)) # Alignment UINT16 + fs.write(struct.pack("=I", self.Version)) + fs.write(struct.pack("=I", self.Lsv)) + fs.write(self.Manufacturer.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.ProductName.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.SerialNumber.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + + else: + raise Exception("Invalid header version") + + if(self.TrustedCertSize != 0): + fs.write(self.TrustedCert) + if(self.TestSignature != None): + self.TestSignature.Write(fs) + if(self.Signature != None): + self.Signature.Write(fs) + + + def VerifyComplete(self): + if(self.TrustedCertSize > 0): + if(not self.TestSignature): + return False + if(not self.Signature): + return False + + return True + + def GetCertType(self): + return self.IDENTITY_MAP[self.Identity] + + def WriteCert(self, fs): + if(self.TrustedCertSize != 0): + fs.write(self.TrustedCert) + +## +## SEM Cert Provision Result Variable Data +## +class CertProvisioningResultVariable(object): + STATIC_STRUCT_SIZE=18 + HEADER_SIG_VALUE = "MSPR" + VERSION = 1 + + def __init__(self, filestream=None): + if(filestream == None): + self.HeaderSignature = self.HEADER_SIG_VALUE + self.HeaderVersion = self.VERSION + self.Status = 0 + self.Identity = 0 + self.SessionId = 0 + else: + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < self.STATIC_STRUCT_SIZE): #size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = fs.read(4).decode() + if self.HeaderSignature != self.HEADER_SIG_VALUE: + raise Exception("Incorrect Header Signature") + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + if (self.HeaderVersion != self.VERSION): + raise Exception("Incorrect Header Version") + self.Identity = struct.unpack("=B", fs.read(1))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.Status = struct.unpack("=Q", fs.read(8))[0] + + # + # Method to Print SEM var to stdout + # + def Print(self): + print ("CertProvisioningResultVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" Identity: 0x%X (%s)" % (self.Identity, CertProvisioningApplyVariable.IDENTITY_MAP[self.Identity])) + print (" SessionId: 0x%X" % self.SessionId) + print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) + + + def Write(self, fs): + fs.write(self.HeaderSignature.encode('utf-8')) + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Identity)) + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=Q", self.Status)) + diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/Data/PermissionPacketVariable.py b/DfciPkg/UnitTests/DfciTests/Support/Python/Data/PermissionPacketVariable.py index c86d92b0..b113908e 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/Data/PermissionPacketVariable.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/Data/PermissionPacketVariable.py @@ -1,333 +1,333 @@ -# @file -# -# Script to support the binary format of a Permission variable -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -## -## Data Structure support for Permission Packet Provisioning Variable -## -## - -import struct -import xml.dom.minidom -from edk2toollib.uefi.wincert import WinCert -from edk2toollib.uefi.status_codes import UefiStatusCode -from edk2toollib.utility_functions import PrintByteList - - -## -## SEM Permission Apply Variable Data -## -class PermissionApplyVariable(object): - STATIC_STRUCT_SIZE_V1=22 - STATIC_STRUCT_SIZE_V2=22 - HEADER_SIG_VALUE = "MPPA" - VERSION_V1 = 1 - VERSION_V2 = 2 - - def __init__(self, filestream=None, HdrVersion=1): - if (HdrVersion != self.VERSION_V1 and - HdrVersion != self.VERSION_V2): - raise Exception("Invalid version specified") - - # Common members - self.HeaderSignature = None - self.HeaderVersion = 0 - self.Payload = None - self._XmlTree = None #private XML structure - self.Signature = None - self.SessionId = 0 - self.PayloadSize = 0 - self.Rsvd1 = 0 - self.Rsvd2 = 0 - self.Rsvd3 = 0 - - # V1 unique members - self.SNTarget = 0 - - # V2 unique members - self.Manufacturer = None - self.ProductName = None - self.SerialNumber = None - self.MfgOffset = self.STATIC_STRUCT_SIZE_V2 - self.ProductOffset = 0 - self.SerialOffset = 0 - self.PayloadOffset = 0 - - if(filestream == None): - self.HeaderSignature = self.HEADER_SIG_VALUE - self.HeaderVersion = HdrVersion - else: - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < self.STATIC_STRUCT_SIZE_V1): # minimum size of the static header data - raise Exception("Invalid file stream size") - - self.HeaderSignature = fs.read(4).decode() - if self.HeaderSignature != self.HEADER_SIG_VALUE: - print (" HeaderSignature: %s" % self.HeaderSignature) - raise Exception("Incorrect Header Signature") - self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] - self.Rsvd1 = struct.unpack("=B", fs.read(1))[0] - self.Rsvd2 = struct.unpack("=B", fs.read(1))[0] - self.Rsvd3 = struct.unpack("=B", fs.read(1))[0] - if ((self.Rsvd1 != 0) or - (self.Rsvd2 != 0) or - (self.Rsvd3 != 0)): - raise Exception("Reserved bytes must be zero") - - self.Payload = None - - if (self.HeaderVersion == self.VERSION_V1): - self.SNTarget = struct.unpack("=Q", fs.read(8))[0] - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - - elif (self.HeaderVersion == self.VERSION_V2): - if((end - offset) < self.STATIC_STRUCT_SIZE_V2): # minimum size of the static header data - raise Exception("Invalid V2 file stream size") - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.MfgOffset = struct.unpack("=H", fs.read(2))[0] - self.ProductOffset = struct.unpack("=H", fs.read(2))[0] - self.SerialOffset = struct.unpack("=H", fs.read(2))[0] - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - self.PayloadOffset = struct.unpack("=H", fs.read(2))[0] - - if ((self.MfgOffset >= self.ProductOffset) or - (self.ProductOffset >= self.SerialOffset) or - (self.SerialOffset >= self.PayloadOffset)): - raise Exception("Invalid Offset Structure") - - if (end - fs.tell() < self.PayloadOffset): - raise Exception("Packet too small for SmBiosString") - - Temp = fs.tell() - if Temp != self.MfgOffset: - raise Exception("Invalid Mfg Offset") - self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in Mfg") - - Temp = fs.tell() - if Temp != self.ProductOffset: - raise Exception("Invalid Product Offset") - self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in ProductName") - - Temp = fs.tell() - if Temp != self.SerialOffset: - raise Exception("Invalid SerialOffset Offset") - self.SerialNumber = fs.read(self.PayloadOffset - self.SerialOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in ProductName") - else: - raise Exception("Invalid header version") - - if((end - fs.tell()) < self.PayloadSize): - raise Exception("Invalid file stream size (PayloadSize)") - - self.Payload = fs.read(self.PayloadSize).decode() - self._XmlTree = xml.dom.minidom.parseString(self.Payload) - - - if((end - fs.tell()) > 0): - self.Signature = WinCert.Factory(fs) - - - def AddXmlPayload(self, xmlstring): - if(self.Payload): - raise Exception("Can't Add an XML payload to an object already containing payload") - - self.Payload = xmlstring - self._XmlTree = xml.dom.minidom.parseString(self.Payload) - self.PayloadSize = len(xmlstring) - # - # Method to Print PermissionApplyVariable to stdout - # - def Print(self, ShowRawXmlAsBytes=False): - print ("PermissionApplyVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" SessionId: 0x%X" % self.SessionId) - print (" PayloadSize: 0x%X" % self.PayloadSize) - if (self.HeaderVersion == self.VERSION_V1): - print (" SN Target: %d" % self.SNTarget) - elif (self.HeaderVersion == self.VERSION_V2): - print (" Manufacturer: %s" % self.Manufacturer) - print (" Product Name: %s" % self.ProductName) - print (" SerialNumber: %s" % self.SerialNumber) - else: - raise Exception("Invalid header version") - - if(self._XmlTree is not None): - print ("%s" % self._XmlTree.toprettyxml()) - else: - print ("XML TREE DOESN'T EXIST") - - if(ShowRawXmlAsBytes and (self.Payload != None)): - print (" Payload Bytes: ") - ndbl = list(bytearray(self.Payload.encode())) - print(type(ndbl ) ) - PrintByteList(ndbl) - - if(self.Signature != None): - self.Signature.Print() - - - def Write(self, fs): - fs.write(self.HeaderSignature.encode('utf-8')) - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Rsvd1)) - fs.write(struct.pack("=B", self.Rsvd2)) - fs.write(struct.pack("=B", self.Rsvd3)) - - if (self.HeaderVersion == self.VERSION_V1): - fs.write(struct.pack("=Q", self.SNTarget)) - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.PayloadSize)) - elif (self.HeaderVersion == self.VERSION_V2): - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.MfgOffset)) - self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 - self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 - self.PayloadOffset = self.SerialOffset + len(self.SerialNumber) + 1 - fs.write(struct.pack("=H", self.ProductOffset)) - fs.write(struct.pack("=H", self.SerialOffset)) - fs.write(struct.pack("=H", self.PayloadSize)) - fs.write(struct.pack("=H", self.PayloadOffset)) - fs.write(self.Manufacturer.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.ProductName.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.SerialNumber.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - else: - raise Exception("Invalid header version") - - fs.write(self.Payload.encode('utf-8')) - if(self.Signature != None): - self.Signature.Write(fs) - - -## -## SEM Permission Result Variable Data -## -class PermissionResultVariable(object): - STATIC_STRUCT_SIZE=20 - STATIC_STRUCT_SIZE_V2=22 - HEADER_SIG_VALUE = "MPPR" - VERSION_V1 = 1 - VERSION_V2 = 2 - - def __init__(self, filestream=None, HdrVersion=1): - if (HdrVersion != PermissionResultVariable.VERSION_V1 and - HdrVersion != PermissionResultVariable.VERSION_V2): - raise Exception("Invalid version specified") - - self.Payload = None - self.PayloadSize = 0 - self._XmlTree = None #private xml structure - - if(filestream == None): - self.HeaderSignature = PermissionResultVariable.HEADER_SIG_VALUE - self.HeaderVersion = HdrVersion - self.Status = 0 - self.SessionId = 0 - else: - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < PermissionResultVariable.STATIC_STRUCT_SIZE): #size of the static header data - raise Exception("Invalid file stream size") - - self.HeaderSignature = fs.read(4).decode() - if self.HeaderSignature != PermissionResultVariable.HEADER_SIG_VALUE: - print (" HeaderSignature: %s" % self.HeaderSignature) - raise Exception("Incorrect Header Signature") - self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] - if (self.HeaderVersion != PermissionResultVariable.VERSION_V1 and - self.HeaderVersion != PermissionResultVariable.VERSION_V2): - raise Exception("Incorrect Header Version") - fs.seek(3,1) #skip three bytes ahead to avoid the rsvd bytes - self.Status = struct.unpack("=Q", fs.read(8))[0] - self.SessionId = struct.unpack("=I", fs.read(4))[0] - if self.HeaderVersion == PermissionResultVariable.VERSION_V2: - if((end - offset) < PermissionResultVariable.STATIC_STRUCT_SIZE_V2): #size of the static header data - raise Exception("Invalid file stream size") - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - self.Payload = None - self._XmlTree = None - - if((end - fs.tell()) < self.PayloadSize): - raise Exception("Invalid file stream size (Payload). %d" % self.PayloadSize) - - #is it possible to have 0 sized - if(self.PayloadSize > 0): - self.Payload = fs.read(self.PayloadSize) - self.Payload = self.Payload.decode("utf-8") - self.Payload = self.Payload.rstrip('\x00') #remove ending NULL if there. this only happens in some cases - self._XmlTree = xml.dom.minidom.parseString(self.Payload) - - # - # Method to Print SEM var to stdout - # - def Print(self, ShowRawXmlAsBytes=False): - print ("PermissionResultVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) - print (" SessionId: 0x%X" % self.SessionId) - - if self.HeaderVersion == PermissionResultVariable.VERSION_V2: - print (" Payload Size: 0x%X" % self.PayloadSize) - if(self._XmlTree is not None): - print ("%s" % self._XmlTree.toprettyxml() ) - else: - print ("XML TREE DOESN'T EXIST" ) - - if(ShowRawXmlAsBytes and (self.Payload != None)): - print (" Payload Bytes: " ) - ndbl = memoryview(self.Payload).tolist() - PrintByteList(ndbl) - - - def Write(self, fs): - raise Exception("Unsupported/Unnecessary function") - - '''fs.write(self.HeaderSignature.encode('utf-8') - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Identity)) - fs.write(struct.pack("=H", self.NewDataSize)) - fs.write(self.NewDataBuffer) - if(self.Signature != None): - self.Signature.Write(fs) - ''' +# @file +# +# Script to support the binary format of a Permission variable +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +## +## Data Structure support for Permission Packet Provisioning Variable +## +## + +import struct +import xml.dom.minidom +from edk2toollib.uefi.wincert import WinCert +from edk2toollib.uefi.status_codes import UefiStatusCode +from edk2toollib.utility_functions import PrintByteList + + +## +## SEM Permission Apply Variable Data +## +class PermissionApplyVariable(object): + STATIC_STRUCT_SIZE_V1=22 + STATIC_STRUCT_SIZE_V2=22 + HEADER_SIG_VALUE = "MPPA" + VERSION_V1 = 1 + VERSION_V2 = 2 + + def __init__(self, filestream=None, HdrVersion=1): + if (HdrVersion != self.VERSION_V1 and + HdrVersion != self.VERSION_V2): + raise Exception("Invalid version specified") + + # Common members + self.HeaderSignature = None + self.HeaderVersion = 0 + self.Payload = None + self._XmlTree = None #private XML structure + self.Signature = None + self.SessionId = 0 + self.PayloadSize = 0 + self.Rsvd1 = 0 + self.Rsvd2 = 0 + self.Rsvd3 = 0 + + # V1 unique members + self.SNTarget = 0 + + # V2 unique members + self.Manufacturer = None + self.ProductName = None + self.SerialNumber = None + self.MfgOffset = self.STATIC_STRUCT_SIZE_V2 + self.ProductOffset = 0 + self.SerialOffset = 0 + self.PayloadOffset = 0 + + if(filestream == None): + self.HeaderSignature = self.HEADER_SIG_VALUE + self.HeaderVersion = HdrVersion + else: + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < self.STATIC_STRUCT_SIZE_V1): # minimum size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = fs.read(4).decode() + if self.HeaderSignature != self.HEADER_SIG_VALUE: + print (" HeaderSignature: %s" % self.HeaderSignature) + raise Exception("Incorrect Header Signature") + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + self.Rsvd1 = struct.unpack("=B", fs.read(1))[0] + self.Rsvd2 = struct.unpack("=B", fs.read(1))[0] + self.Rsvd3 = struct.unpack("=B", fs.read(1))[0] + if ((self.Rsvd1 != 0) or + (self.Rsvd2 != 0) or + (self.Rsvd3 != 0)): + raise Exception("Reserved bytes must be zero") + + self.Payload = None + + if (self.HeaderVersion == self.VERSION_V1): + self.SNTarget = struct.unpack("=Q", fs.read(8))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + + elif (self.HeaderVersion == self.VERSION_V2): + if((end - offset) < self.STATIC_STRUCT_SIZE_V2): # minimum size of the static header data + raise Exception("Invalid V2 file stream size") + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.MfgOffset = struct.unpack("=H", fs.read(2))[0] + self.ProductOffset = struct.unpack("=H", fs.read(2))[0] + self.SerialOffset = struct.unpack("=H", fs.read(2))[0] + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + self.PayloadOffset = struct.unpack("=H", fs.read(2))[0] + + if ((self.MfgOffset >= self.ProductOffset) or + (self.ProductOffset >= self.SerialOffset) or + (self.SerialOffset >= self.PayloadOffset)): + raise Exception("Invalid Offset Structure") + + if (end - fs.tell() < self.PayloadOffset): + raise Exception("Packet too small for SmBiosString") + + Temp = fs.tell() + if Temp != self.MfgOffset: + raise Exception("Invalid Mfg Offset") + self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in Mfg") + + Temp = fs.tell() + if Temp != self.ProductOffset: + raise Exception("Invalid Product Offset") + self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in ProductName") + + Temp = fs.tell() + if Temp != self.SerialOffset: + raise Exception("Invalid SerialOffset Offset") + self.SerialNumber = fs.read(self.PayloadOffset - self.SerialOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in ProductName") + else: + raise Exception("Invalid header version") + + if((end - fs.tell()) < self.PayloadSize): + raise Exception("Invalid file stream size (PayloadSize)") + + self.Payload = fs.read(self.PayloadSize).decode() + self._XmlTree = xml.dom.minidom.parseString(self.Payload) + + + if((end - fs.tell()) > 0): + self.Signature = WinCert.Factory(fs) + + + def AddXmlPayload(self, xmlstring): + if(self.Payload): + raise Exception("Can't Add an XML payload to an object already containing payload") + + self.Payload = xmlstring + self._XmlTree = xml.dom.minidom.parseString(self.Payload) + self.PayloadSize = len(xmlstring) + # + # Method to Print PermissionApplyVariable to stdout + # + def Print(self, ShowRawXmlAsBytes=False): + print ("PermissionApplyVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" SessionId: 0x%X" % self.SessionId) + print (" PayloadSize: 0x%X" % self.PayloadSize) + if (self.HeaderVersion == self.VERSION_V1): + print (" SN Target: %d" % self.SNTarget) + elif (self.HeaderVersion == self.VERSION_V2): + print (" Manufacturer: %s" % self.Manufacturer) + print (" Product Name: %s" % self.ProductName) + print (" SerialNumber: %s" % self.SerialNumber) + else: + raise Exception("Invalid header version") + + if(self._XmlTree is not None): + print ("%s" % self._XmlTree.toprettyxml()) + else: + print ("XML TREE DOESN'T EXIST") + + if(ShowRawXmlAsBytes and (self.Payload != None)): + print (" Payload Bytes: ") + ndbl = list(bytearray(self.Payload.encode())) + print(type(ndbl ) ) + PrintByteList(ndbl) + + if(self.Signature != None): + self.Signature.Print() + + + def Write(self, fs): + fs.write(self.HeaderSignature.encode('utf-8')) + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Rsvd1)) + fs.write(struct.pack("=B", self.Rsvd2)) + fs.write(struct.pack("=B", self.Rsvd3)) + + if (self.HeaderVersion == self.VERSION_V1): + fs.write(struct.pack("=Q", self.SNTarget)) + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.PayloadSize)) + elif (self.HeaderVersion == self.VERSION_V2): + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.MfgOffset)) + self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 + self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 + self.PayloadOffset = self.SerialOffset + len(self.SerialNumber) + 1 + fs.write(struct.pack("=H", self.ProductOffset)) + fs.write(struct.pack("=H", self.SerialOffset)) + fs.write(struct.pack("=H", self.PayloadSize)) + fs.write(struct.pack("=H", self.PayloadOffset)) + fs.write(self.Manufacturer.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.ProductName.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.SerialNumber.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + else: + raise Exception("Invalid header version") + + fs.write(self.Payload.encode('utf-8')) + if(self.Signature != None): + self.Signature.Write(fs) + + +## +## SEM Permission Result Variable Data +## +class PermissionResultVariable(object): + STATIC_STRUCT_SIZE=20 + STATIC_STRUCT_SIZE_V2=22 + HEADER_SIG_VALUE = "MPPR" + VERSION_V1 = 1 + VERSION_V2 = 2 + + def __init__(self, filestream=None, HdrVersion=1): + if (HdrVersion != PermissionResultVariable.VERSION_V1 and + HdrVersion != PermissionResultVariable.VERSION_V2): + raise Exception("Invalid version specified") + + self.Payload = None + self.PayloadSize = 0 + self._XmlTree = None #private xml structure + + if(filestream == None): + self.HeaderSignature = PermissionResultVariable.HEADER_SIG_VALUE + self.HeaderVersion = HdrVersion + self.Status = 0 + self.SessionId = 0 + else: + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < PermissionResultVariable.STATIC_STRUCT_SIZE): #size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = fs.read(4).decode() + if self.HeaderSignature != PermissionResultVariable.HEADER_SIG_VALUE: + print (" HeaderSignature: %s" % self.HeaderSignature) + raise Exception("Incorrect Header Signature") + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + if (self.HeaderVersion != PermissionResultVariable.VERSION_V1 and + self.HeaderVersion != PermissionResultVariable.VERSION_V2): + raise Exception("Incorrect Header Version") + fs.seek(3,1) #skip three bytes ahead to avoid the rsvd bytes + self.Status = struct.unpack("=Q", fs.read(8))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + if self.HeaderVersion == PermissionResultVariable.VERSION_V2: + if((end - offset) < PermissionResultVariable.STATIC_STRUCT_SIZE_V2): #size of the static header data + raise Exception("Invalid file stream size") + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + self.Payload = None + self._XmlTree = None + + if((end - fs.tell()) < self.PayloadSize): + raise Exception("Invalid file stream size (Payload). %d" % self.PayloadSize) + + #is it possible to have 0 sized + if(self.PayloadSize > 0): + self.Payload = fs.read(self.PayloadSize) + self.Payload = self.Payload.decode("utf-8") + self.Payload = self.Payload.rstrip('\x00') #remove ending NULL if there. this only happens in some cases + self._XmlTree = xml.dom.minidom.parseString(self.Payload) + + # + # Method to Print SEM var to stdout + # + def Print(self, ShowRawXmlAsBytes=False): + print ("PermissionResultVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) + print (" SessionId: 0x%X" % self.SessionId) + + if self.HeaderVersion == PermissionResultVariable.VERSION_V2: + print (" Payload Size: 0x%X" % self.PayloadSize) + if(self._XmlTree is not None): + print ("%s" % self._XmlTree.toprettyxml() ) + else: + print ("XML TREE DOESN'T EXIST" ) + + if(ShowRawXmlAsBytes and (self.Payload != None)): + print (" Payload Bytes: " ) + ndbl = memoryview(self.Payload).tolist() + PrintByteList(ndbl) + + + def Write(self, fs): + raise Exception("Unsupported/Unnecessary function") + + '''fs.write(self.HeaderSignature.encode('utf-8') + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Identity)) + fs.write(struct.pack("=H", self.NewDataSize)) + fs.write(self.NewDataBuffer) + if(self.Signature != None): + self.Signature.Write(fs) + ''' diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/Data/SecureSettingVariable.py b/DfciPkg/UnitTests/DfciTests/Support/Python/Data/SecureSettingVariable.py index 03fd355f..67396c4e 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/Data/SecureSettingVariable.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/Data/SecureSettingVariable.py @@ -1,364 +1,364 @@ -# @file -# -# Script to support the binary form of the setting variable -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -## -## Data Structure support for SEM Setting Apply/Result Variable -## -## - -import struct -import xml.dom.minidom -from edk2toollib.uefi.wincert import WinCert -from edk2toollib.uefi.status_codes import UefiStatusCode -from edk2toollib.utility_functions import DetachedSignWithSignTool -from edk2toollib.utility_functions import PrintByteList - - -## -## SEM Secure Settings Apply Variable Data -## -class SecureSettingsApplyVariable(object): - STATIC_STRUCT_SIZE_V1=22 - STATIC_STRUCT_SIZE_V2=22 - HEADER_SIG_VALUE = "MSSA" - VERSION_V1 = 1 - VERSION_V2 = 2 - - def __init__(self, filestream=None, HdrVersion=1): - if (HdrVersion != self.VERSION_V1 and - HdrVersion != self.VERSION_V2): - raise Exception("Invalid version specified") - - print ("Processing Version %s" % HdrVersion) - # Common members - self.HeaderSignature = None - self.HeaderVersion = 0 - self.Rsvd1 = 0 - self.Rsvd2 = 0 - self.Rsvd3 = 0 - self.SessionId = 0 - self.PayloadSize = 0 - self.Payload = None - self._XmlTree = None #private XML structure - self.Signature = None - - # V1 unique members - self.SNTarget = 0 - - # V2 unique members - self.Manufacturer = None - self.ProductName = None - self.SerialNumber = None - self.MfgOffset = self.STATIC_STRUCT_SIZE_V2 - self.ProductOffset = 0 - self.SerialOffset = 0 - self.PayloadOffset = 0 - - if(filestream == None): - self.HeaderSignature = self.HEADER_SIG_VALUE - self.HeaderVersion = HdrVersion - else: - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < self.STATIC_STRUCT_SIZE_V1): # minimum size of the static header data - raise Exception("Invalid file stream size") - - self.HeaderSignature = fs.read(4).decode() - if self.HeaderSignature != self.HEADER_SIG_VALUE: - raise Exception("Incorrect Header Signature") - self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] - self.rsvd1 = struct.unpack("=B", fs.read(1))[0] - self.rsvd2 = struct.unpack("=B", fs.read(1))[0] - self.rsvd3 = struct.unpack("=B", fs.read(1))[0] - - if (self.HeaderVersion == self.VERSION_V1): - self.SNTarget = struct.unpack("=Q", fs.read(8))[0] - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - - elif (self.HeaderVersion == self.VERSION_V2): - if((end - offset) < self.STATIC_STRUCT_SIZE_V2): # minimum size for v2 data - raise Exception("Invalid V2 file stream size") - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.MfgOffset = struct.unpack("=H", fs.read(2))[0] - self.ProductOffset = struct.unpack("=H", fs.read(2))[0] - self.SerialOffset = struct.unpack("=H", fs.read(2))[0] - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - self.PayloadOffset = struct.unpack("=H", fs.read(2))[0] - - if (end - fs.tell() < self.PayloadOffset): - raise Exception("Packet too small for SmBiosString") - - if ((self.MfgOffset >= self.ProductOffset) or - (self.ProductOffset >= self.SerialOffset) or - (self.SerialOffset >= self.PayloadOffset)): - raise Exception("Invalid Offset Structure") - - Temp = fs.tell() - if Temp != self.MfgOffset: - raise Exception("Invalid Mfg Offset") - self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in Mfg") - - Temp = fs.tell() - if Temp != self.ProductOffset: - raise Exception("Invalid Product Offset") - self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in ProductName") - - Temp = fs.tell() - if Temp != self.SerialOffset: - raise Exception("Invalid SerialOffset Offset") - self.SerialNumber = fs.read(self.PayloadOffset - self.SerialOffset - 1).decode() - Temp = struct.unpack("=B", fs.read(1))[0] - if Temp != 0: - raise Exception("Invalid NULL in SerialNumber") - else: - raise Exception("Invalid header version") - - self.Payload = None - self._PayloadXml = None - self.Signature = None - - if((end - fs.tell()) < self.PayloadSize): - raise Exception("Invalid file stream size (payload size incorrect)") - - self.Payload = fs.read(self.PayloadSize).decode('utf-8') - prep = self.Payload - prep = prep.rstrip('\x00') - self._PayloadXml = xml.dom.minidom.parseString(prep) - - if((end - fs.tell()) > 0): - self.Signature = WinCert.Factory(fs) - - - def AddXmlPayload(self, xmlstring): - if(self.Payload): - raise Exception("Can't Add an XML payload to an object already containing payload") - xmlclean = ' '.join(xmlstring.split()) #get rid of extra whitespace and new line chars. This changes newline to blank which i don't like but better than before. If replace with '' then xml attributes are messed up - self.Payload = xmlclean; - self._PayloadXml = xml.dom.minidom.parseString(xmlclean) - self.PayloadSize = len(xmlclean) - - # - # Method to Print SecureSettingsApplyVariable to stdout - # - def Print(self, ShowRawXmlAsBytes=False): - print ("SecureSettingsApplyVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" SessionId: 0x%X" % self.SessionId) - print (" Payload Size: 0x%X" % self.PayloadSize) - if (self.HeaderVersion == self.VERSION_V1): - print (" SN Target: %d" % self.SNTarget) - elif (self.HeaderVersion == self.VERSION_V2): - print (" Manufacturer: %s" % self.Manufacturer) - print (" Product Name: %s" % self.ProductName) - print (" SerialNumber: %s" % self.SerialNumber) - else: - raise Exception("Invalid header version") - - if(self._PayloadXml is not None): - print ("%s" % self._PayloadXml.toprettyxml()) - else: - print ("XML TREE DOESN'T EXIST") - - if(ShowRawXmlAsBytes and (self.Payload is not None)): - print (" Payload Bytes: ") - ndbl = list(bytearray(self.Payload.encode())) - print(type(ndbl)) - PrintByteList(ndbl) - - if(self.Signature != None): - self.Signature.Print() - - - def Write(self, fs): - fs.write(self.HeaderSignature.encode('utf-8')) - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Rsvd1)) - fs.write(struct.pack("=B", self.Rsvd2)) - fs.write(struct.pack("=B", self.Rsvd3)) - - if (self.HeaderVersion == self.VERSION_V1): - fs.write(struct.pack("=Q", self.SNTarget)) - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.PayloadSize)) - elif (self.HeaderVersion == self.VERSION_V2): - fs.write(struct.pack("=I", self.SessionId)) - fs.write(struct.pack("=H", self.MfgOffset)) - self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 - self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 - self.PayloadOffset = self.SerialOffset + len(self.SerialNumber) + 1 - fs.write(struct.pack("=H", self.ProductOffset)) - fs.write(struct.pack("=H", self.SerialOffset)) - fs.write(struct.pack("=H", self.PayloadSize)) - fs.write(struct.pack("=H", self.PayloadOffset)) - fs.write(self.Manufacturer.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.ProductName.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - fs.write(self.SerialNumber.encode('utf-8')) - fs.write(struct.pack("=B", 0)) # NULL Terminator - else: - raise Exception("Invalid header version") - - fs.write(self.Payload.encode('utf-8')) - if(self.Signature != None): - self.Signature.Write(fs) - -## -## SEM Secure Settings Result Variable Data -## -class SecureSettingsResultVariable(object): - STATIC_STRUCT_SIZE=22 - HEADER_SIG_VALUE = "MSSR" - VERSION = 1 - - def __init__(self, filestream=None): - if(filestream == None): - self.HeaderSignature = SecureSettingsResultVariable.HEADER_SIG_VALUE - self.HeaderVersion = SecureSettingsResultVariable.VERSION - self.Status = 0 - self.SessionId = 0 - self.PayloadSize = 0 - self.Payload = None - self._XmlTree = None #private xml structure - else: - self._XmlTree = None - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < SecureSettingsResultVariable.STATIC_STRUCT_SIZE): #size of the static header data - raise Exception("Invalid file stream size") - - self.HeaderSignature = str(fs.read(4)) - self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] - fs.seek(3,1) #skip three bytes ahead to avoid the rsvd bytes - self.Status = struct.unpack("=Q", fs.read(8))[0] - self.SessionId = struct.unpack("=I", fs.read(4))[0] - self.PayloadSize = struct.unpack("=H", fs.read(2))[0] - self.Payload = None - self._XmlTree = None - - if((end - fs.tell()) < self.PayloadSize): - raise Exception("Invalid file stream size (Payload). %d" % self.PayloadSize) - - #is it possible to have 0 sized - if(self.PayloadSize > 0): - self.Payload = fs.read(self.PayloadSize) - self.Payload = self.Payload.decode("utf-8") - self.Payload = self.Payload.rstrip('\x00') #remove ending NULL if there. this only happens in some cases - self._XmlTree = xml.dom.minidom.parseString(self.Payload) - - # - # Method to Print SEM var results to stdout - # - def Print(self, ShowRawXmlAsBytes=False): - print ("SecureSettingResultVariable") - print (" HeaderSignature: %s" % self.HeaderSignature) - print (" HeaderVersion: 0x%X" % self.HeaderVersion) - print (" SessionId: 0x%X" % (self.SessionId)) - print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) - print (" Payload Size: 0x%X" % self.PayloadSize) - if(self._XmlTree is not None): - print ("%s" % self._XmlTree.toprettyxml() ) - else: - print ("XML TREE DOESN'T EXIST" ) - - if(ShowRawXmlAsBytes and (self.Payload is not None)): - print (" Payload Bytes: " ) - ndbl = list(bytearray(self.Payload.encode())) - print(type(ndbl)) - PrintByteList(ndbl) - - - def Write(self, fs): - raise Exception("Unsupported/Unnecessary function") - - '''fs.write(self.HeaderSignature.encode('utf-8')) - fs.write(struct.pack("=B", self.HeaderVersion)) - fs.write(struct.pack("=B", self.Identity)) - fs.write(struct.pack("=H", self.NewDataSize)) - fs.write(self.NewDataBuffer) - if(self.Signature != None): - self.Signature.Write(fs) - ''' - - -## -## SEM Secure Settings Current Variable Data -## -class SecureSettingsCurrentVariable(object): - STATIC_STRUCT_SIZE=0 - - def __init__(self, filestream=None): - self._Payload = None - self._XmlTree = None #private xml structure - if(filestream != None): - self.PopulateFromFileStream(filestream) - # - # Method to un-serialize from a filestream - # - def PopulateFromFileStream(self, fs): - if(fs == None): - raise Exception("Invalid File stream") - - #only populate from file stream those parts that are complete in the file stream - offset = fs.tell() - fs.seek(0,2) - end = fs.tell() - fs.seek(offset) - - if((end - offset) < 1): # no data - raise Exception("Invalid file stream size. No data") - self._Payload = fs.read() - self._Payload = self._Payload.rstrip('\x00') - self._XmlTree = xml.dom.minidom.parseString(self._Payload) - - # - # Method to Print SEM var to stdout - # - def Print(self): - print ("Current Settings XML") - if(self._XmlTree is not None): - print ("%s" % self._XmlTree.toprettyxml()) - else: - print ("XML TREE DOESN'T EXIST") - - - def Write(self, fs): - if(self._Payload == None): - raise Exception("No payload to write") - fs.write(self._Payload) +# @file +# +# Script to support the binary form of the setting variable +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +## +## Data Structure support for SEM Setting Apply/Result Variable +## +## + +import struct +import xml.dom.minidom +from edk2toollib.uefi.wincert import WinCert +from edk2toollib.uefi.status_codes import UefiStatusCode +from edk2toollib.utility_functions import DetachedSignWithSignTool +from edk2toollib.utility_functions import PrintByteList + + +## +## SEM Secure Settings Apply Variable Data +## +class SecureSettingsApplyVariable(object): + STATIC_STRUCT_SIZE_V1=22 + STATIC_STRUCT_SIZE_V2=22 + HEADER_SIG_VALUE = "MSSA" + VERSION_V1 = 1 + VERSION_V2 = 2 + + def __init__(self, filestream=None, HdrVersion=1): + if (HdrVersion != self.VERSION_V1 and + HdrVersion != self.VERSION_V2): + raise Exception("Invalid version specified") + + print ("Processing Version %s" % HdrVersion) + # Common members + self.HeaderSignature = None + self.HeaderVersion = 0 + self.Rsvd1 = 0 + self.Rsvd2 = 0 + self.Rsvd3 = 0 + self.SessionId = 0 + self.PayloadSize = 0 + self.Payload = None + self._XmlTree = None #private XML structure + self.Signature = None + + # V1 unique members + self.SNTarget = 0 + + # V2 unique members + self.Manufacturer = None + self.ProductName = None + self.SerialNumber = None + self.MfgOffset = self.STATIC_STRUCT_SIZE_V2 + self.ProductOffset = 0 + self.SerialOffset = 0 + self.PayloadOffset = 0 + + if(filestream == None): + self.HeaderSignature = self.HEADER_SIG_VALUE + self.HeaderVersion = HdrVersion + else: + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < self.STATIC_STRUCT_SIZE_V1): # minimum size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = fs.read(4).decode() + if self.HeaderSignature != self.HEADER_SIG_VALUE: + raise Exception("Incorrect Header Signature") + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + self.rsvd1 = struct.unpack("=B", fs.read(1))[0] + self.rsvd2 = struct.unpack("=B", fs.read(1))[0] + self.rsvd3 = struct.unpack("=B", fs.read(1))[0] + + if (self.HeaderVersion == self.VERSION_V1): + self.SNTarget = struct.unpack("=Q", fs.read(8))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + + elif (self.HeaderVersion == self.VERSION_V2): + if((end - offset) < self.STATIC_STRUCT_SIZE_V2): # minimum size for v2 data + raise Exception("Invalid V2 file stream size") + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.MfgOffset = struct.unpack("=H", fs.read(2))[0] + self.ProductOffset = struct.unpack("=H", fs.read(2))[0] + self.SerialOffset = struct.unpack("=H", fs.read(2))[0] + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + self.PayloadOffset = struct.unpack("=H", fs.read(2))[0] + + if (end - fs.tell() < self.PayloadOffset): + raise Exception("Packet too small for SmBiosString") + + if ((self.MfgOffset >= self.ProductOffset) or + (self.ProductOffset >= self.SerialOffset) or + (self.SerialOffset >= self.PayloadOffset)): + raise Exception("Invalid Offset Structure") + + Temp = fs.tell() + if Temp != self.MfgOffset: + raise Exception("Invalid Mfg Offset") + self.Manufacturer = fs.read(self.ProductOffset - self.MfgOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in Mfg") + + Temp = fs.tell() + if Temp != self.ProductOffset: + raise Exception("Invalid Product Offset") + self.ProductName = fs.read(self.SerialOffset - self.ProductOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in ProductName") + + Temp = fs.tell() + if Temp != self.SerialOffset: + raise Exception("Invalid SerialOffset Offset") + self.SerialNumber = fs.read(self.PayloadOffset - self.SerialOffset - 1).decode() + Temp = struct.unpack("=B", fs.read(1))[0] + if Temp != 0: + raise Exception("Invalid NULL in SerialNumber") + else: + raise Exception("Invalid header version") + + self.Payload = None + self._PayloadXml = None + self.Signature = None + + if((end - fs.tell()) < self.PayloadSize): + raise Exception("Invalid file stream size (payload size incorrect)") + + self.Payload = fs.read(self.PayloadSize).decode('utf-8') + prep = self.Payload + prep = prep.rstrip('\x00') + self._PayloadXml = xml.dom.minidom.parseString(prep) + + if((end - fs.tell()) > 0): + self.Signature = WinCert.Factory(fs) + + + def AddXmlPayload(self, xmlstring): + if(self.Payload): + raise Exception("Can't Add an XML payload to an object already containing payload") + xmlclean = ' '.join(xmlstring.split()) #get rid of extra whitespace and new line chars. This changes newline to blank which i don't like but better than before. If replace with '' then xml attributes are messed up + self.Payload = xmlclean; + self._PayloadXml = xml.dom.minidom.parseString(xmlclean) + self.PayloadSize = len(xmlclean) + + # + # Method to Print SecureSettingsApplyVariable to stdout + # + def Print(self, ShowRawXmlAsBytes=False): + print ("SecureSettingsApplyVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" SessionId: 0x%X" % self.SessionId) + print (" Payload Size: 0x%X" % self.PayloadSize) + if (self.HeaderVersion == self.VERSION_V1): + print (" SN Target: %d" % self.SNTarget) + elif (self.HeaderVersion == self.VERSION_V2): + print (" Manufacturer: %s" % self.Manufacturer) + print (" Product Name: %s" % self.ProductName) + print (" SerialNumber: %s" % self.SerialNumber) + else: + raise Exception("Invalid header version") + + if(self._PayloadXml is not None): + print ("%s" % self._PayloadXml.toprettyxml()) + else: + print ("XML TREE DOESN'T EXIST") + + if(ShowRawXmlAsBytes and (self.Payload is not None)): + print (" Payload Bytes: ") + ndbl = list(bytearray(self.Payload.encode())) + print(type(ndbl)) + PrintByteList(ndbl) + + if(self.Signature != None): + self.Signature.Print() + + + def Write(self, fs): + fs.write(self.HeaderSignature.encode('utf-8')) + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Rsvd1)) + fs.write(struct.pack("=B", self.Rsvd2)) + fs.write(struct.pack("=B", self.Rsvd3)) + + if (self.HeaderVersion == self.VERSION_V1): + fs.write(struct.pack("=Q", self.SNTarget)) + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.PayloadSize)) + elif (self.HeaderVersion == self.VERSION_V2): + fs.write(struct.pack("=I", self.SessionId)) + fs.write(struct.pack("=H", self.MfgOffset)) + self.ProductOffset = self.MfgOffset + len(self.Manufacturer) + 1 + self.SerialOffset = self.ProductOffset + len(self.ProductName) + 1 + self.PayloadOffset = self.SerialOffset + len(self.SerialNumber) + 1 + fs.write(struct.pack("=H", self.ProductOffset)) + fs.write(struct.pack("=H", self.SerialOffset)) + fs.write(struct.pack("=H", self.PayloadSize)) + fs.write(struct.pack("=H", self.PayloadOffset)) + fs.write(self.Manufacturer.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.ProductName.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + fs.write(self.SerialNumber.encode('utf-8')) + fs.write(struct.pack("=B", 0)) # NULL Terminator + else: + raise Exception("Invalid header version") + + fs.write(self.Payload.encode('utf-8')) + if(self.Signature != None): + self.Signature.Write(fs) + +## +## SEM Secure Settings Result Variable Data +## +class SecureSettingsResultVariable(object): + STATIC_STRUCT_SIZE=22 + HEADER_SIG_VALUE = "MSSR" + VERSION = 1 + + def __init__(self, filestream=None): + if(filestream == None): + self.HeaderSignature = SecureSettingsResultVariable.HEADER_SIG_VALUE + self.HeaderVersion = SecureSettingsResultVariable.VERSION + self.Status = 0 + self.SessionId = 0 + self.PayloadSize = 0 + self.Payload = None + self._XmlTree = None #private xml structure + else: + self._XmlTree = None + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < SecureSettingsResultVariable.STATIC_STRUCT_SIZE): #size of the static header data + raise Exception("Invalid file stream size") + + self.HeaderSignature = str(fs.read(4)) + self.HeaderVersion = struct.unpack("=B", fs.read(1))[0] + fs.seek(3,1) #skip three bytes ahead to avoid the rsvd bytes + self.Status = struct.unpack("=Q", fs.read(8))[0] + self.SessionId = struct.unpack("=I", fs.read(4))[0] + self.PayloadSize = struct.unpack("=H", fs.read(2))[0] + self.Payload = None + self._XmlTree = None + + if((end - fs.tell()) < self.PayloadSize): + raise Exception("Invalid file stream size (Payload). %d" % self.PayloadSize) + + #is it possible to have 0 sized + if(self.PayloadSize > 0): + self.Payload = fs.read(self.PayloadSize) + self.Payload = self.Payload.decode("utf-8") + self.Payload = self.Payload.rstrip('\x00') #remove ending NULL if there. this only happens in some cases + self._XmlTree = xml.dom.minidom.parseString(self.Payload) + + # + # Method to Print SEM var results to stdout + # + def Print(self, ShowRawXmlAsBytes=False): + print ("SecureSettingResultVariable") + print (" HeaderSignature: %s" % self.HeaderSignature) + print (" HeaderVersion: 0x%X" % self.HeaderVersion) + print (" SessionId: 0x%X" % (self.SessionId)) + print (" Status: %s (0x%X)" % (UefiStatusCode().Convert64BitToString(self.Status), self.Status)) + print (" Payload Size: 0x%X" % self.PayloadSize) + if(self._XmlTree is not None): + print ("%s" % self._XmlTree.toprettyxml() ) + else: + print ("XML TREE DOESN'T EXIST" ) + + if(ShowRawXmlAsBytes and (self.Payload is not None)): + print (" Payload Bytes: " ) + ndbl = list(bytearray(self.Payload.encode())) + print(type(ndbl)) + PrintByteList(ndbl) + + + def Write(self, fs): + raise Exception("Unsupported/Unnecessary function") + + '''fs.write(self.HeaderSignature.encode('utf-8')) + fs.write(struct.pack("=B", self.HeaderVersion)) + fs.write(struct.pack("=B", self.Identity)) + fs.write(struct.pack("=H", self.NewDataSize)) + fs.write(self.NewDataBuffer) + if(self.Signature != None): + self.Signature.Write(fs) + ''' + + +## +## SEM Secure Settings Current Variable Data +## +class SecureSettingsCurrentVariable(object): + STATIC_STRUCT_SIZE=0 + + def __init__(self, filestream=None): + self._Payload = None + self._XmlTree = None #private xml structure + if(filestream != None): + self.PopulateFromFileStream(filestream) + # + # Method to un-serialize from a filestream + # + def PopulateFromFileStream(self, fs): + if(fs == None): + raise Exception("Invalid File stream") + + #only populate from file stream those parts that are complete in the file stream + offset = fs.tell() + fs.seek(0,2) + end = fs.tell() + fs.seek(offset) + + if((end - offset) < 1): # no data + raise Exception("Invalid file stream size. No data") + self._Payload = fs.read() + self._Payload = self._Payload.rstrip('\x00') + self._XmlTree = xml.dom.minidom.parseString(self._Payload) + + # + # Method to Print SEM var to stdout + # + def Print(self): + print ("Current Settings XML") + if(self._XmlTree is not None): + print ("%s" % self._XmlTree.toprettyxml()) + else: + print ("XML TREE DOESN'T EXIST") + + + def Write(self, fs): + if(self._Payload == None): + raise Exception("No payload to write") + fs.write(self._Payload) diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/DependencyLib.py b/DfciPkg/UnitTests/DfciTests/Support/Python/DependencyLib.py index 9d0c2ee6..8d35530e 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/DependencyLib.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/DependencyLib.py @@ -1,31 +1,31 @@ -# @file -# -# Dependency Lib - Limited functionality to for a robot testcase to depende on a successful -# completion of a previous testcase. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -from robot.libraries.BuiltIn import BuiltIn - -class DependencyLib(object): - ROBOT_LISTENER_API_VERSION = 2 - ROBOT_LIBRARY_SCOPE = "GLOBAL" - - def __init__(self): - self.ROBOT_LIBRARY_LISTENER = self - self.test_status = {} - - def require_test_case(self, name): - key = name.lower() - if (key not in self.test_status): - BuiltIn().fail("required test case can't be found: '%s'" % name) - - if (self.test_status[key] != "PASS"): - BuiltIn().fail("required test case failed: '%s'" % name) - - return True - - def _end_test(self, name, attrs): - self.test_status[name.lower()] = attrs["status"] +# @file +# +# Dependency Lib - Limited functionality to for a robot testcase to depende on a successful +# completion of a previous testcase. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +from robot.libraries.BuiltIn import BuiltIn + +class DependencyLib(object): + ROBOT_LISTENER_API_VERSION = 2 + ROBOT_LIBRARY_SCOPE = "GLOBAL" + + def __init__(self): + self.ROBOT_LIBRARY_LISTENER = self + self.test_status = {} + + def require_test_case(self, name): + key = name.lower() + if (key not in self.test_status): + BuiltIn().fail("required test case can't be found: '%s'" % name) + + if (self.test_status[key] != "PASS"): + BuiltIn().fail("required test case failed: '%s'" % name) + + return True + + def _end_test(self, name, attrs): + self.test_status[name.lower()] = attrs["status"] diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateCertProvisionData.py b/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateCertProvisionData.py index f24e0d67..c070393d 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateCertProvisionData.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateCertProvisionData.py @@ -1,510 +1,510 @@ -# @file -# -# Script to Generate a Device Firmware Configuration Interface Provisiong Blob -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -## -## Script to Generate a Device Firmware Configuration Interface Provisiong Blob -## This tool takes in a CER file in binary encoding, packages it in a -## DFCI_SIGNER_PROVISION_APPLY_VAR structure, signs it with the -## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. -## -## This binary file can then be written to variable store: -## GUID: gDfciAuthProvisionVarNamespace -## NAME: DFCI_IDENTITY_APPLY_VAR_NAME L"DfciIdentityApply" -## -## THIS IS FOR UNIT TEST -## -## General process: -## Phase 1: Create payload file by combining relevant info -## Phase 2: Sign it using signtool -## Phase 3: Parse signature into WIN_CERT and package to create final output -## - -import os, sys -import argparse -import logging -import datetime -import struct -import shutil -import time -import random -import hashlib - -#get script path -sp = os.path.dirname(os.path.realpath(sys.argv[0])) - -#setup python path for build modules -sys.path.append(sp) - -from DFCI_SupportLib import DFCI_SupportLib - -from Data.CertProvisioningVariable import CertProvisioningApplyVariable -from Data.CertProvisioningVariable import CertProvisioningResultVariable -from edk2toollib.uefi.wincert import * -from edk2toollib.windows.locate_tools import FindToolInWinSdk -from edk2toollib.utility_functions import DetachedSignWithSignTool - -#PKCS7 Signed Data OID -gOid = "1.2.840.113549.1.7.2" -gPath2SignTool = None - -def PrintSEM(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = CertProvisioningApplyVariable(s) - s.close() - - #now print it out. - SEM.Print() - -def ExtractCert(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = CertProvisioningApplyVariable(s) - s.close() - - #now write the certificate out. - (certtype, a, b) = SEM.GetCertType().partition(' ') - - certfilename = os.path.basename(filepath) + "_" + certtype + ".cer" - s = open(certfilename, "wb") - SEM.WriteCert(s) - s.close() - s = open(certfilename, "rb") - m = hashlib.new("sha1",s.read()) - s.close() - - # return the sha1 (Thumbprint) of the certificate. - return m.digest().hex() - -def PrintSEMCurrent(filepath): - if(filepath and os.path.isfile(filepath)): - outfilename = os.path.basename(filepath) + "_Current" + ".xml" - a = DFCI_SupportLib () - a.extract_payload_from_current(filepath, outfilename) - -def PrintSEMResults(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = CertProvisioningResultVariable(s) - s.close() - - #now print it out. - SEM.Print() - -def SignSEMProvisionData(options): - global gPath2SignTool - if gPath2SignTool == None: - a = DFCI_SupportLib () - gPath2SignTool = a.get_signtool_path () - - logging.critical("Signing Started") - logging.critical(options.SigningInputFile) - logging.critical(options.SigningOutputFile) - logging.critical(options.SigningPfxFile) - - return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) - -def TestSignSemTrustedCert(options): - global gPath2SignTool - if gPath2SignTool == None: - a = DFCI_SupportLib () - gPath2SignTool = a.get_signtool_path () - - logging.critical("Signing Started") - logging.critical(gPath2SignTool) - logging.critical(options.CertFilePath) - logging.critical(options.Signing2AOutputFile) - logging.critical(options.Signing2APfxFile) - - return DetachedSignWithSignTool (gPath2SignTool, options.CertFilePath, options.Signing2AOutputFile, options.Signing2APfxFile, options.Signing2APfxPw, gOid) - -def is_32bit_number(s): - try: - float(s) - if s < 4294967296: - return True - else: - return False - except ValueError: - return False - - -# -#main script function -# -def main(): - parser = argparse.ArgumentParser(description='Create SEM Provisioning Cert') - - #Output debug log - parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) - parser.add_argument("-p", dest="PrintFile", help="Print File as Provisioning Blob", default= None) - parser.add_argument("-pr", dest="PrintResultsFile", help="Print Result File as Identity Blob", default= None) - parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File as {basename}_Current.xml", default= None) - parser.add_argument("-xc", dest="ExtractCertFile", help="Extract the certificate to {basename}_{certtype}.cer", default=None) - parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) - - Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") - Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") - Step1Group.add_argument("--Identity", dest="Identity", help="Identity (Owner=1, User=2, User1=3, User2=4, Ztc=5). Default is Owner", default=1) - Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) - Step1Group.add_argument("--CertFilePath", dest="CertFilePath", help="Path to binary DER Cert", default=None) - Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2 or step2A", default=None) - Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default=CertProvisioningApplyVariable.VERSION_V1) - Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) - Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) - Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) - Step1Group.add_argument("--Version", dest="Version", help="Specify Identity version", default=0) - Step1Group.add_argument("--Lsv", dest="Lsv", help="Specify the lowest supported version", default=0) - - Step2AGroup = parser.add_argument_group(title="Step2A", description="Test Signature Generation Step.") - Step2AGroup.add_argument("--Step2AEnable", dest="Step2AEnable", help="Do Step 2A - Local Signing for Test Signature", default=False, action="store_true") - #need to add arguments here for signing. - Step2AGroup.add_argument("--Signing2AResultFile", dest="Signing2AResultFile", help="Optional File for output from Step2A. Required if not doing step2B", default=None) - Step2AGroup.add_argument("--Signing2APfxFile", dest="Signing2APfxFile", help="Path to PFX file for signing Test Signature ", default=None) - Step2AGroup.add_argument("--Signing2APfxPw", dest="Signing2APfxPw", help="Optional Password for PFX file for signing Test Signature", default=None) - - Step2BGroup = parser.add_argument_group(title="Step2B", description="Package Cert Provision With Test Signature.") - Step2BGroup.add_argument("--Step2BEnable", dest="Step2BEnable", help="Do Step 2B - Package Test Signature with Cert Provision Data", default=False, action="store_true") - Step2BGroup.add_argument("--TestSignatureInputFile", dest="TestSignatureInputFile", help="Detached Signature file for Test Signature", default=None) - Step2BGroup.add_argument("--CertProvisionBlobInputFile", dest="CertProvisionBlobAfterStep1File", help="Step1 Output File to use as Input to combine with Test Signature", default=None) - Step2BGroup.add_argument("--Prep2BResultFile", dest="Prep2BResultFile", help="Optional File for output from Step2B. Required if not doing step2", default=None) - - - Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") - Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") - #need to add arguments here for signing. - Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) - Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) - Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) - Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) - - Step3Group = parser.add_argument_group(title="Step3", description="Final Provisioning Var Construction.") - Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") - Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) - Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) - Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) - - - #Turn on debug level logging - parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) - options = parser.parse_args() - - #setup file based logging if outputReport specified - if(options.OutputLog): - if(len(options.OutputLog) < 2): - logging.critical("the output log file parameter is invalid") - return -2 - else: - #setup file based logging - filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') - if(options.debug): - filelogger.setLevel(logging.DEBUG) - else: - filelogger.setLevel(logging.INFO) - - filelogger.setFormatter(formatter) - logging.getLogger('').addHandler(filelogger) - - logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) - - #Step 1 Prep - if(options.Step1Enable): - logging.debug("Step 1 Enabled") - if(not options.CertFilePath) or (not os.path.isfile(options.CertFilePath)): - logging.critical("Not CertFilePath. That means we are un-enrolling") - - if(not options.Step2Enable) and (not options.Step2AEnable): - #must have output file - if(not options.PrepResultFile): - logging.critical("Since Step2A/2 is not enabled there must be a PrepResultFile for the result") - return -3 - - if(options.PrepResultFile): - logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) - - if(options.SigningInputFile): - logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") - return -11 - - #Step 2A Test Signature Generation - if(options.Step2AEnable): - logging.debug("Step 2A Enabled") - if(not options.CertFilePath) or (not os.path.isfile(options.CertFilePath)): - logging.debug("Not CertFilePath. That means we are un-enrolling") - logging.critical("Step 2A should not be enabled if un-enrolling") - return -847 - - if(not options.Signing2APfxFile): - logging.critical("Since Step2A is enabled you must supply a path to a PFX file for test signing") - return -848 - - if(not options.Step2BEnable): - #must have output file - if(not options.Signing2AResultFile): - logging.critical("Since Step2B is not enabled there must be a Signing2AResultFile for the result") - return -5 - - if(options.Signing2AResultFile): - logging.debug("Step2A Result will be written to: " + options.Signing2AResultFile) - - #Step2B Combine Step1 and Step2A into Single File in prep for Step2 - if(options.Step2BEnable): - logging.debug("Step 2B Enabled") - if(not options.Step2AEnable): - #must have Test Signature Input File - if(not options.TestSignatureInputFile) or (not os.path.isfile(options.TestSignatureInputFile)): - logging.critical("Step2B Must have an Test Signature Input File when 2A is not enabled") - return -8487 - else: - #Step 2A enabled - if(options.TestSignatureInputFile): - logging.critical("Step2B can not have a Test Signature Input File when 2A is enabled") - return -8489 - - if(not options.Step1Enable): - #must have Step1s data file - if(not options.CertProvisionBlobAfterStep1File) or (not os.path.isfile(options.CertProvisionBlobAfterStep1File)): - logging.critical("Step2B must have a Cert Priovision Blob when Step 1 is not enabled") - return -8490 - - if(not options.Step2Enable): - #must have an output file - if(not options.Prep2BResultFile): - logging.critical("Step2B must have an output file (Prep2BResultFile) when Step2 is not enabled") - return -8491 - - - #Step 2 signing - if(options.Step2Enable): - logging.debug("Step 2 Enabled") - if(not options.SigningPfxFile): - logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") - return -10 - - if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): - logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") - return -4 - - if(not options.Step3Enable): - #must have output file - if(not options.SigningResultFile): - logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") - return -5 - if(options.SigningResultFile): - logging.debug("Step2 Result will be written to: " + options.SigningResultFile) - - if(options.FinalizeInputDetachedSignatureFile): - logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") - return -13 - - if(options.FinalizeInputFile): - logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") - return -14 - - #Step 3 Finalize - if(options.Step3Enable): - logging.debug("Step 3 Enabled") - - if(not options.Step2Enable) and (options.Step1Enable): - logging.critical("Can't have only Step1 and 3 Enabled") - return -12 - - if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): - logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") - return -6 - - #must have an output file - if(not options.FinalizeResultFile): - logging.critical("For Step3 you must have a FinalizeResultFile") - return -7 - else: - logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) - - tempdir = "_temp_" + str(time.time()) - logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) - os.makedirs(tempdir) - - #STEP 1 - Prep Var - if(options.Step1Enable): - logging.critical("Step1 Started") - Step1OutFile = os.path.join(tempdir, "Step1Out.bin") - SEM = CertProvisioningApplyVariable(None, int(options.HdrVersion)) - SEM.Identity = int(options.Identity); - - if (int(options.HdrVersion) == CertProvisioningApplyVariable.VERSION_V1): - SEM.SNTarget = int(options.SnTarget); - elif (int(options.HdrVersion) == CertProvisioningApplyVariable.VERSION_V2): - if options.SMBIOSMfg == None: - SEM.Manufacturer = "OEMSH" - else: - SEM.Manufacturer = options.SMBIOSMfg - - if options.SMBIOSProd == None: - SEM.ProductName = "OEMSH Product" - else: - SEM.ProductName = options.SMBIOSProd - - if options.SMBIOSSerial == None: - SEM.SerialNumber = "789789789" - else: - SEM.SerialNumber = options.SMBIOSSerial - - if is_32bit_number (options.Version ): - SEM.Version = options.Version - - if is_32bit_number (options.Lsv): - SEM.Lsv = options.Lsv - else: - logging.critical("Invalid Header Version specified") - return -31 - - if(options.CertFilePath != None): - a = open(options.CertFilePath, "rb") - SEM.TrustedCert = a.read() - a.close() - SEM.TrustedCertSize = os.path.getsize(options.CertFilePath) - - of = open(Step1OutFile, "wb") - SEM.Write(of) - of.close() - - #if user requested a step1 output file copy the temp file - if(options.PrepResultFile): - shutil.copy(Step1OutFile, options.PrepResultFile) - - #setup input for Step2 - options.SigningInputFile = Step1OutFile - #setup input for Step2B - options.CertProvisionBlobAfterStep1File = Step1OutFile - - #STEP 2A - Local Test Signature of Cert - if(options.Step2AEnable): - logging.critical("Step2A Started") - Step2AFileToSign = os.path.join(tempdir, "Step2AIn.bin") - Step2AOutFile = os.path.join(tempdir, "Step2AOut.bin") - shutil.copy(options.CertFilePath, Step2AFileToSign) - options.Signing2AOutputFile = Step2AOutFile - ret = TestSignSemTrustedCert(options) - if(ret != 0): - logging.critical("TestSignSemTrustedCert (Step2A) Failed: " + str(ret)) - return ret - - if(options.Signing2AResultFile): - shutil.copy(Step2AOutFile, options.Signing2AResultFile) - - #setup for step 2B - options.TestSignatureInputFile = Step2AOutFile - - #STEP 2B - Combine Cert Provision blob with Test signature - if(options.Step2BEnable): - logging.critical("Step2B Started") - Step2BOutFile = os.path.join(tempdir, "Step2BOut.bin") - fi = open(options.CertProvisionBlobAfterStep1File, "rb") - SEM = CertProvisioningApplyVariable(fi) - fi.close() - SEM.TestSignature = WinCertUefiGuid() - TestDetached = open(options.TestSignatureInputFile, "rb") - SEM.TestSignature.AddCertData(TestDetached) - TestDetached.close() - SemOut = open(Step2BOutFile, "wb") - SEM.Write(SemOut) - SemOut.close() - - if(options.Prep2BResultFile): - shutil.copy(Step2BOutFile, options.Prep2BResultFile) - - #Setup for Step2 - options.SigningInputFile = Step2BOutFile - - #STEP 2 - Local sign - if(options.Step2Enable): - logging.critical("Step2 Started") - #copy signinginputfile into temp dir - FileToSign = os.path.join(tempdir, "Step2In.bin") - shutil.copy(options.SigningInputFile, FileToSign) - options.SigningInputFile = FileToSign - options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") - - #do local signature - ret = SignSEMProvisionData(options) - if(ret != 0): - logging.critical("SignSEMProvisionData (Step2) Failed: " + str(ret)) - return ret - - if(options.SigningResultFile): - shutil.copy(options.SigningOutputFile, options.SigningResultFile) - - #setup input for Step3 - options.FinalizeInputFile = options.SigningInputFile - options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile - - - #STEP 3 - Write Signature Structure and complete the KeyManifiest - if(options.Step3Enable): - logging.critical("Step3 Started") - sstep1file = open(options.FinalizeInputFile, "rb") - SEM = CertProvisioningApplyVariable(sstep1file) - sstep1file.close() - SEM.SessionId = random.randint(0, 4294967295) #generate a random session id - SEM.Signature = WinCertUefiGuid() - detached = open(options.FinalizeInputDetachedSignatureFile, "rb") - SEM.Signature.AddCertData(detached) - detached.close() - - if(not options.FinalizeResultFile): - options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") - - of = open(options.FinalizeResultFile, "wb") - SEM.Write(of) - of.close() - - if(not SEM.VerifyComplete()): - logging.critical("SEM Package Not complete") - return -84 - - # - # Function to print SEM - # - if(options.PrintFile) and (os.path.isfile(options.PrintFile)): - PrintSEM(options.PrintFile) - - if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): - PrintSEMResults(options.PrintResultsFile) - - if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): - PrintSEMCurrent(options.PrintCurrentFile) - - if(options.ExtractCertFile) and (os.path.isfile(options.ExtractCertFile)): - Thumbprint = ExtractCert(options.ExtractCertFile) - logging.critical(f"Extracted cert with thumbprint {Thumbprint}") - - #clean up if user didn't request to leave around - if(not options.dirty): - shutil.rmtree(tempdir) - - return 0 - - -if __name__ == '__main__': - #setup main console as logger - logger = logging.getLogger('') - logger.setLevel(logging.DEBUG) - formatter = logging.Formatter("%(levelname)s - %(message)s") - console = logging.StreamHandler() - console.setLevel(logging.CRITICAL) - console.setFormatter(formatter) - logger.addHandler(console) - - #call main worker function - retcode = main() - - if retcode != 0: - logging.critical("Failed. Return Code: %i" % retcode) - #end logging - logging.shutdown() - sys.exit(retcode) +# @file +# +# Script to Generate a Device Firmware Configuration Interface Provisiong Blob +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +## +## Script to Generate a Device Firmware Configuration Interface Provisiong Blob +## This tool takes in a CER file in binary encoding, packages it in a +## DFCI_SIGNER_PROVISION_APPLY_VAR structure, signs it with the +## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. +## +## This binary file can then be written to variable store: +## GUID: gDfciAuthProvisionVarNamespace +## NAME: DFCI_IDENTITY_APPLY_VAR_NAME L"DfciIdentityApply" +## +## THIS IS FOR UNIT TEST +## +## General process: +## Phase 1: Create payload file by combining relevant info +## Phase 2: Sign it using signtool +## Phase 3: Parse signature into WIN_CERT and package to create final output +## + +import os, sys +import argparse +import logging +import datetime +import struct +import shutil +import time +import random +import hashlib + +#get script path +sp = os.path.dirname(os.path.realpath(sys.argv[0])) + +#setup python path for build modules +sys.path.append(sp) + +from DFCI_SupportLib import DFCI_SupportLib + +from Data.CertProvisioningVariable import CertProvisioningApplyVariable +from Data.CertProvisioningVariable import CertProvisioningResultVariable +from edk2toollib.uefi.wincert import * +from edk2toollib.windows.locate_tools import FindToolInWinSdk +from edk2toollib.utility_functions import DetachedSignWithSignTool + +#PKCS7 Signed Data OID +gOid = "1.2.840.113549.1.7.2" +gPath2SignTool = None + +def PrintSEM(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = CertProvisioningApplyVariable(s) + s.close() + + #now print it out. + SEM.Print() + +def ExtractCert(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = CertProvisioningApplyVariable(s) + s.close() + + #now write the certificate out. + (certtype, a, b) = SEM.GetCertType().partition(' ') + + certfilename = os.path.basename(filepath) + "_" + certtype + ".cer" + s = open(certfilename, "wb") + SEM.WriteCert(s) + s.close() + s = open(certfilename, "rb") + m = hashlib.new("sha1",s.read()) + s.close() + + # return the sha1 (Thumbprint) of the certificate. + return m.digest().hex() + +def PrintSEMCurrent(filepath): + if(filepath and os.path.isfile(filepath)): + outfilename = os.path.basename(filepath) + "_Current" + ".xml" + a = DFCI_SupportLib () + a.extract_payload_from_current(filepath, outfilename) + +def PrintSEMResults(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = CertProvisioningResultVariable(s) + s.close() + + #now print it out. + SEM.Print() + +def SignSEMProvisionData(options): + global gPath2SignTool + if gPath2SignTool == None: + a = DFCI_SupportLib () + gPath2SignTool = a.get_signtool_path () + + logging.critical("Signing Started") + logging.critical(options.SigningInputFile) + logging.critical(options.SigningOutputFile) + logging.critical(options.SigningPfxFile) + + return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) + +def TestSignSemTrustedCert(options): + global gPath2SignTool + if gPath2SignTool == None: + a = DFCI_SupportLib () + gPath2SignTool = a.get_signtool_path () + + logging.critical("Signing Started") + logging.critical(gPath2SignTool) + logging.critical(options.CertFilePath) + logging.critical(options.Signing2AOutputFile) + logging.critical(options.Signing2APfxFile) + + return DetachedSignWithSignTool (gPath2SignTool, options.CertFilePath, options.Signing2AOutputFile, options.Signing2APfxFile, options.Signing2APfxPw, gOid) + +def is_32bit_number(s): + try: + float(s) + if s < 4294967296: + return True + else: + return False + except ValueError: + return False + + +# +#main script function +# +def main(): + parser = argparse.ArgumentParser(description='Create SEM Provisioning Cert') + + #Output debug log + parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) + parser.add_argument("-p", dest="PrintFile", help="Print File as Provisioning Blob", default= None) + parser.add_argument("-pr", dest="PrintResultsFile", help="Print Result File as Identity Blob", default= None) + parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File as {basename}_Current.xml", default= None) + parser.add_argument("-xc", dest="ExtractCertFile", help="Extract the certificate to {basename}_{certtype}.cer", default=None) + parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) + + Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") + Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") + Step1Group.add_argument("--Identity", dest="Identity", help="Identity (Owner=1, User=2, User1=3, User2=4, Ztc=5). Default is Owner", default=1) + Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) + Step1Group.add_argument("--CertFilePath", dest="CertFilePath", help="Path to binary DER Cert", default=None) + Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2 or step2A", default=None) + Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default=CertProvisioningApplyVariable.VERSION_V1) + Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) + Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) + Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) + Step1Group.add_argument("--Version", dest="Version", help="Specify Identity version", default=0) + Step1Group.add_argument("--Lsv", dest="Lsv", help="Specify the lowest supported version", default=0) + + Step2AGroup = parser.add_argument_group(title="Step2A", description="Test Signature Generation Step.") + Step2AGroup.add_argument("--Step2AEnable", dest="Step2AEnable", help="Do Step 2A - Local Signing for Test Signature", default=False, action="store_true") + #need to add arguments here for signing. + Step2AGroup.add_argument("--Signing2AResultFile", dest="Signing2AResultFile", help="Optional File for output from Step2A. Required if not doing step2B", default=None) + Step2AGroup.add_argument("--Signing2APfxFile", dest="Signing2APfxFile", help="Path to PFX file for signing Test Signature ", default=None) + Step2AGroup.add_argument("--Signing2APfxPw", dest="Signing2APfxPw", help="Optional Password for PFX file for signing Test Signature", default=None) + + Step2BGroup = parser.add_argument_group(title="Step2B", description="Package Cert Provision With Test Signature.") + Step2BGroup.add_argument("--Step2BEnable", dest="Step2BEnable", help="Do Step 2B - Package Test Signature with Cert Provision Data", default=False, action="store_true") + Step2BGroup.add_argument("--TestSignatureInputFile", dest="TestSignatureInputFile", help="Detached Signature file for Test Signature", default=None) + Step2BGroup.add_argument("--CertProvisionBlobInputFile", dest="CertProvisionBlobAfterStep1File", help="Step1 Output File to use as Input to combine with Test Signature", default=None) + Step2BGroup.add_argument("--Prep2BResultFile", dest="Prep2BResultFile", help="Optional File for output from Step2B. Required if not doing step2", default=None) + + + Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") + Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") + #need to add arguments here for signing. + Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) + Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) + Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) + Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) + + Step3Group = parser.add_argument_group(title="Step3", description="Final Provisioning Var Construction.") + Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") + Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) + Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) + Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) + + + #Turn on debug level logging + parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) + options = parser.parse_args() + + #setup file based logging if outputReport specified + if(options.OutputLog): + if(len(options.OutputLog) < 2): + logging.critical("the output log file parameter is invalid") + return -2 + else: + #setup file based logging + filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') + if(options.debug): + filelogger.setLevel(logging.DEBUG) + else: + filelogger.setLevel(logging.INFO) + + filelogger.setFormatter(formatter) + logging.getLogger('').addHandler(filelogger) + + logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) + + #Step 1 Prep + if(options.Step1Enable): + logging.debug("Step 1 Enabled") + if(not options.CertFilePath) or (not os.path.isfile(options.CertFilePath)): + logging.critical("Not CertFilePath. That means we are un-enrolling") + + if(not options.Step2Enable) and (not options.Step2AEnable): + #must have output file + if(not options.PrepResultFile): + logging.critical("Since Step2A/2 is not enabled there must be a PrepResultFile for the result") + return -3 + + if(options.PrepResultFile): + logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) + + if(options.SigningInputFile): + logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") + return -11 + + #Step 2A Test Signature Generation + if(options.Step2AEnable): + logging.debug("Step 2A Enabled") + if(not options.CertFilePath) or (not os.path.isfile(options.CertFilePath)): + logging.debug("Not CertFilePath. That means we are un-enrolling") + logging.critical("Step 2A should not be enabled if un-enrolling") + return -847 + + if(not options.Signing2APfxFile): + logging.critical("Since Step2A is enabled you must supply a path to a PFX file for test signing") + return -848 + + if(not options.Step2BEnable): + #must have output file + if(not options.Signing2AResultFile): + logging.critical("Since Step2B is not enabled there must be a Signing2AResultFile for the result") + return -5 + + if(options.Signing2AResultFile): + logging.debug("Step2A Result will be written to: " + options.Signing2AResultFile) + + #Step2B Combine Step1 and Step2A into Single File in prep for Step2 + if(options.Step2BEnable): + logging.debug("Step 2B Enabled") + if(not options.Step2AEnable): + #must have Test Signature Input File + if(not options.TestSignatureInputFile) or (not os.path.isfile(options.TestSignatureInputFile)): + logging.critical("Step2B Must have an Test Signature Input File when 2A is not enabled") + return -8487 + else: + #Step 2A enabled + if(options.TestSignatureInputFile): + logging.critical("Step2B can not have a Test Signature Input File when 2A is enabled") + return -8489 + + if(not options.Step1Enable): + #must have Step1s data file + if(not options.CertProvisionBlobAfterStep1File) or (not os.path.isfile(options.CertProvisionBlobAfterStep1File)): + logging.critical("Step2B must have a Cert Priovision Blob when Step 1 is not enabled") + return -8490 + + if(not options.Step2Enable): + #must have an output file + if(not options.Prep2BResultFile): + logging.critical("Step2B must have an output file (Prep2BResultFile) when Step2 is not enabled") + return -8491 + + + #Step 2 signing + if(options.Step2Enable): + logging.debug("Step 2 Enabled") + if(not options.SigningPfxFile): + logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") + return -10 + + if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): + logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") + return -4 + + if(not options.Step3Enable): + #must have output file + if(not options.SigningResultFile): + logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") + return -5 + if(options.SigningResultFile): + logging.debug("Step2 Result will be written to: " + options.SigningResultFile) + + if(options.FinalizeInputDetachedSignatureFile): + logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") + return -13 + + if(options.FinalizeInputFile): + logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") + return -14 + + #Step 3 Finalize + if(options.Step3Enable): + logging.debug("Step 3 Enabled") + + if(not options.Step2Enable) and (options.Step1Enable): + logging.critical("Can't have only Step1 and 3 Enabled") + return -12 + + if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): + logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") + return -6 + + #must have an output file + if(not options.FinalizeResultFile): + logging.critical("For Step3 you must have a FinalizeResultFile") + return -7 + else: + logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) + + tempdir = "_temp_" + str(time.time()) + logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) + os.makedirs(tempdir) + + #STEP 1 - Prep Var + if(options.Step1Enable): + logging.critical("Step1 Started") + Step1OutFile = os.path.join(tempdir, "Step1Out.bin") + SEM = CertProvisioningApplyVariable(None, int(options.HdrVersion)) + SEM.Identity = int(options.Identity); + + if (int(options.HdrVersion) == CertProvisioningApplyVariable.VERSION_V1): + SEM.SNTarget = int(options.SnTarget); + elif (int(options.HdrVersion) == CertProvisioningApplyVariable.VERSION_V2): + if options.SMBIOSMfg == None: + SEM.Manufacturer = "OEMSH" + else: + SEM.Manufacturer = options.SMBIOSMfg + + if options.SMBIOSProd == None: + SEM.ProductName = "OEMSH Product" + else: + SEM.ProductName = options.SMBIOSProd + + if options.SMBIOSSerial == None: + SEM.SerialNumber = "789789789" + else: + SEM.SerialNumber = options.SMBIOSSerial + + if is_32bit_number (options.Version ): + SEM.Version = options.Version + + if is_32bit_number (options.Lsv): + SEM.Lsv = options.Lsv + else: + logging.critical("Invalid Header Version specified") + return -31 + + if(options.CertFilePath != None): + a = open(options.CertFilePath, "rb") + SEM.TrustedCert = a.read() + a.close() + SEM.TrustedCertSize = os.path.getsize(options.CertFilePath) + + of = open(Step1OutFile, "wb") + SEM.Write(of) + of.close() + + #if user requested a step1 output file copy the temp file + if(options.PrepResultFile): + shutil.copy(Step1OutFile, options.PrepResultFile) + + #setup input for Step2 + options.SigningInputFile = Step1OutFile + #setup input for Step2B + options.CertProvisionBlobAfterStep1File = Step1OutFile + + #STEP 2A - Local Test Signature of Cert + if(options.Step2AEnable): + logging.critical("Step2A Started") + Step2AFileToSign = os.path.join(tempdir, "Step2AIn.bin") + Step2AOutFile = os.path.join(tempdir, "Step2AOut.bin") + shutil.copy(options.CertFilePath, Step2AFileToSign) + options.Signing2AOutputFile = Step2AOutFile + ret = TestSignSemTrustedCert(options) + if(ret != 0): + logging.critical("TestSignSemTrustedCert (Step2A) Failed: " + str(ret)) + return ret + + if(options.Signing2AResultFile): + shutil.copy(Step2AOutFile, options.Signing2AResultFile) + + #setup for step 2B + options.TestSignatureInputFile = Step2AOutFile + + #STEP 2B - Combine Cert Provision blob with Test signature + if(options.Step2BEnable): + logging.critical("Step2B Started") + Step2BOutFile = os.path.join(tempdir, "Step2BOut.bin") + fi = open(options.CertProvisionBlobAfterStep1File, "rb") + SEM = CertProvisioningApplyVariable(fi) + fi.close() + SEM.TestSignature = WinCertUefiGuid() + TestDetached = open(options.TestSignatureInputFile, "rb") + SEM.TestSignature.AddCertData(TestDetached) + TestDetached.close() + SemOut = open(Step2BOutFile, "wb") + SEM.Write(SemOut) + SemOut.close() + + if(options.Prep2BResultFile): + shutil.copy(Step2BOutFile, options.Prep2BResultFile) + + #Setup for Step2 + options.SigningInputFile = Step2BOutFile + + #STEP 2 - Local sign + if(options.Step2Enable): + logging.critical("Step2 Started") + #copy signinginputfile into temp dir + FileToSign = os.path.join(tempdir, "Step2In.bin") + shutil.copy(options.SigningInputFile, FileToSign) + options.SigningInputFile = FileToSign + options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") + + #do local signature + ret = SignSEMProvisionData(options) + if(ret != 0): + logging.critical("SignSEMProvisionData (Step2) Failed: " + str(ret)) + return ret + + if(options.SigningResultFile): + shutil.copy(options.SigningOutputFile, options.SigningResultFile) + + #setup input for Step3 + options.FinalizeInputFile = options.SigningInputFile + options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile + + + #STEP 3 - Write Signature Structure and complete the KeyManifiest + if(options.Step3Enable): + logging.critical("Step3 Started") + sstep1file = open(options.FinalizeInputFile, "rb") + SEM = CertProvisioningApplyVariable(sstep1file) + sstep1file.close() + SEM.SessionId = random.randint(0, 4294967295) #generate a random session id + SEM.Signature = WinCertUefiGuid() + detached = open(options.FinalizeInputDetachedSignatureFile, "rb") + SEM.Signature.AddCertData(detached) + detached.close() + + if(not options.FinalizeResultFile): + options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") + + of = open(options.FinalizeResultFile, "wb") + SEM.Write(of) + of.close() + + if(not SEM.VerifyComplete()): + logging.critical("SEM Package Not complete") + return -84 + + # + # Function to print SEM + # + if(options.PrintFile) and (os.path.isfile(options.PrintFile)): + PrintSEM(options.PrintFile) + + if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): + PrintSEMResults(options.PrintResultsFile) + + if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): + PrintSEMCurrent(options.PrintCurrentFile) + + if(options.ExtractCertFile) and (os.path.isfile(options.ExtractCertFile)): + Thumbprint = ExtractCert(options.ExtractCertFile) + logging.critical(f"Extracted cert with thumbprint {Thumbprint}") + + #clean up if user didn't request to leave around + if(not options.dirty): + shutil.rmtree(tempdir) + + return 0 + + +if __name__ == '__main__': + #setup main console as logger + logger = logging.getLogger('') + logger.setLevel(logging.DEBUG) + formatter = logging.Formatter("%(levelname)s - %(message)s") + console = logging.StreamHandler() + console.setLevel(logging.CRITICAL) + console.setFormatter(formatter) + logger.addHandler(console) + + #call main worker function + retcode = main() + + if retcode != 0: + logging.critical("Failed. Return Code: %i" % retcode) + #end logging + logging.shutdown() + sys.exit(retcode) diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/GeneratePermissionPacketData.py b/DfciPkg/UnitTests/DfciTests/Support/Python/GeneratePermissionPacketData.py index 1225949d..5b09af01 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/GeneratePermissionPacketData.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/GeneratePermissionPacketData.py @@ -1,339 +1,339 @@ -# @file -# -# Script to Generate a Device Firmware Configuration Interface Permission Provisiong Blob -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -## -## Script to Generate a Device Firmware Configuration Interface Permission Provisiong Blob -## This tool takes in a XML file in PermissionPacket format, packages it in a -## DFCI_PERMISSION_POLICY_APPLY_VAR structure, signs it with the -## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. -## -## This binary file can then be written to variable store: -## GUID: gDfciPermissionManagerVarNamespace -## NAME: DFCI_PERMISSION_POLICY_APPLY_VAR_NAME L"DfciPermissionApply" -## -## THIS IS FOR UNIT TEST -## -## General process: -## Phase 1: Create payload file by combining relevant info -## Phase 2: Sign it using signtool -## Phase 3: Parse signature into WIN_CERT and package to create final output -## - -import os, sys -import argparse -import logging -import datetime -import struct -import shutil -import time -import random - -#get script path -sp = os.path.dirname(os.path.realpath(sys.argv[0])) - -#setup python path for build modules -sys.path.append(sp) - -from DFCI_SupportLib import DFCI_SupportLib - -from edk2toollib.uefi.wincert import * -from edk2toollib.utility_functions import DetachedSignWithSignTool -from edk2toollib.windows.locate_tools import FindToolInWinSdk -from Data.PermissionPacketVariable import PermissionApplyVariable -from Data.PermissionPacketVariable import PermissionResultVariable - - -#PKCS7 Signed Data OID -gOid = "1.2.840.113549.1.7.2" -gPath2SignTool = None - - -def PrintSEM(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = PermissionApplyVariable(s) - s.close() - - #now print it out. - SEM.Print() - -def PrintSEMResults(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = PermissionResultVariable(s) - s.close() - - #now print it out. - SEM.Print() - -def PrintSEMCurrent(filepath): - if(filepath and os.path.isfile(filepath)): - outfilename = os.path.basename(filepath) + "_Current" + ".xml" - a = DFCI_SupportLib () - a.extract_payload_from_current(filepath, outfilename) - -def SignSEMData(options): - global gPath2SignTool - if gPath2SignTool == None: - a = DFCI_SupportLib () - gPath2SignTool = a.get_signtool_path () - - return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) - -# -#main script function -# -def main(): - parser = argparse.ArgumentParser(description='Create SEM Permission Packet Variable') - - #Output debug log - parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) - parser.add_argument("-p", dest="PrintFile", help="Print File as Permission Blob", default= None) - parser.add_argument("-pr", dest="PrintResultsFile", help="Print Result File as Permission Blob", default= None) - parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File to {basename}_Current.xml", default= None) - parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) - - Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") - Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") - Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) - Step1Group.add_argument("--XmlFilePath", dest="XmlFilePath", help="Path to Xml Permission Packet File", default=None) - Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2", default=None) - Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default= PermissionApplyVariable.VERSION_V1) - Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) - Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) - Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) - - Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") - Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") - #need to add arguments here for signing. signtool path and parameters - Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) - Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) - Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) - Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) - - Step3Group = parser.add_argument_group(title="Step3", description="Final Var Construction.") - Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") - Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) - Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) - Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) - - #Turn on debug level logging - parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) - options = parser.parse_args() - - #setup file based logging if outputReport specified - if(options.OutputLog): - if(len(options.OutputLog) < 2): - logging.critical("the output log file parameter is invalid") - return -2 - else: - #setup file based logging - filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') - if(options.debug): - filelogger.setLevel(logging.DEBUG) - else: - filelogger.setLevel(logging.INFO) - - filelogger.setFormatter(formatter) - logging.getLogger('').addHandler(filelogger) - - logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) - - #Step 1 Prep - if(options.Step1Enable): - logging.debug("Step 1 Enabled") - if(not options.XmlFilePath) or (not os.path.isfile(options.XmlFilePath)): - logging.critical("For Step1 there must be a valid XML Permission file") - return -2 - - if(not options.Step2Enable): - #must have output file - if(not options.PrepResultFile): - logging.critical("Since Step2 is not enabled there must be a PrepResultFile for the result") - return -3 - - if(options.PrepResultFile): - logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) - - if(options.SigningInputFile): - logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") - return -11 - - #Step 2 signing - if(options.Step2Enable): - logging.debug("Step 2 Enabled") - if(not options.SigningPfxFile): - logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") - return -10 - - if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): - logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") - return -4 - - if(not options.Step3Enable): - #must have output file - if(not options.SigningResultFile): - logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") - return -5 - if(options.SigningResultFile): - logging.debug("Step2 Result will be written to: " + options.SigningResultFile) - - if(options.FinalizeInputDetachedSignatureFile): - logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") - return -13 - - if(options.FinalizeInputFile): - logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") - return -14 - - #Step 3 Finalize - if(options.Step3Enable): - logging.debug("Step 3 Enabled") - - if(not options.Step2Enable) and (options.Step1Enable): - logging.critical("Can't have only Step1 and 3 Enabled") - return -12 - - if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): - logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") - return -6 - - #must have an output file - if(not options.FinalizeResultFile): - logging.critical("For Step3 you must have a FinalizeResultFile") - return -7 - else: - logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) - - - tempdir = "_temp_" + str(time.time()) - logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) - os.makedirs(tempdir) - - #STEP 1 - Prep Var - if(options.Step1Enable): - logging.critical("Step1 Started") - Step1OutFile = os.path.join(tempdir, "Step1Out.bin") - SEM = PermissionApplyVariable(None, int(options.HdrVersion)) - - if (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V1): - SEM.SNTarget = int(options.SnTarget); - elif (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V2): - if options.SMBIOSMfg == None: - SEM.Manufacturer = "OEMSH" - else: - SEM.Manufacturer = options.SMBIOSMfg - - if options.SMBIOSProd == None: - SEM.ProductName = "OEMSH Product" - else: - SEM.ProductName = options.SMBIOSProd - - if options.SMBIOSSerial == None: - SEM.SerialNumber = "789789789" - else: - SEM.SerialNumber = options.SMBIOSSerial - else: - logging.critical("Invalid header version specified") - return -31 - - a = open(options.XmlFilePath, "r") - SEM.AddXmlPayload(a.read()) - a.close() - - of = open(Step1OutFile, "wb") - SEM.Write(of) - of.close() - - #if user requested a step1 output file copy the temp file - if(options.PrepResultFile): - shutil.copy(Step1OutFile, options.PrepResultFile) - - #setup input for Step2 - options.SigningInputFile = Step1OutFile - - - #STEP 2 - Local sign - if(options.Step2Enable): - logging.critical("Step2 Started") - #copy signinginputfile into temp dir - FileToSign = os.path.join(tempdir, "Step2In.bin") - shutil.copy(options.SigningInputFile, FileToSign) - options.SigningInputFile = FileToSign - options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") - - #do local signature - ret = SignSEMData(options) - if(ret != 0): - logging.critical("SignSEMData (Step2) Failed: " + str(ret)) - return ret - - if(options.SigningResultFile): - shutil.copy(options.SigningOutputFile, options.SigningResultFile) - - #setup input for Step3 - options.FinalizeInputFile = options.SigningInputFile - options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile - - - #STEP 3 - Write Signature Structure and complete file - if(options.Step3Enable): - logging.critical("Step3 Started") - sstep1file = open(options.FinalizeInputFile, "rb") - SEM = PermissionApplyVariable(sstep1file) - sstep1file.close() - SEM.Signature = WinCertUefiGuid() - detached = open(options.FinalizeInputDetachedSignatureFile, "rb") - SEM.Signature.AddCertData(detached) - detached.close() - SEM.SessionId = random.randint(0, 4294967295) #generate a random session id - - if(not options.FinalizeResultFile): - options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") - - of = open(options.FinalizeResultFile, "wb") - SEM.Write(of) - of.close() - - # - # Function to print SEM - # - if(options.PrintFile) and (os.path.isfile(options.PrintFile)): - PrintSEM(options.PrintFile) - - if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): - PrintSEMResults(options.PrintResultsFile) - - if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): - PrintSEMCurrent(options.PrintCurrentFile) - - #clean up if user didn't request to leave around - if(not options.dirty): - shutil.rmtree(tempdir) - - return 0 - - -if __name__ == '__main__': - #setup main console as logger - logger = logging.getLogger('') - logger.setLevel(logging.DEBUG) - formatter = logging.Formatter("%(levelname)s - %(message)s") - console = logging.StreamHandler() - console.setLevel(logging.CRITICAL) - console.setFormatter(formatter) - logger.addHandler(console) - - #call main worker function - retcode = main() - - if retcode != 0: - logging.critical("Failed. Return Code: %i" % retcode) - #end logging - logging.shutdown() - sys.exit(retcode) +# @file +# +# Script to Generate a Device Firmware Configuration Interface Permission Provisiong Blob +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +## +## Script to Generate a Device Firmware Configuration Interface Permission Provisiong Blob +## This tool takes in a XML file in PermissionPacket format, packages it in a +## DFCI_PERMISSION_POLICY_APPLY_VAR structure, signs it with the +## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. +## +## This binary file can then be written to variable store: +## GUID: gDfciPermissionManagerVarNamespace +## NAME: DFCI_PERMISSION_POLICY_APPLY_VAR_NAME L"DfciPermissionApply" +## +## THIS IS FOR UNIT TEST +## +## General process: +## Phase 1: Create payload file by combining relevant info +## Phase 2: Sign it using signtool +## Phase 3: Parse signature into WIN_CERT and package to create final output +## + +import os, sys +import argparse +import logging +import datetime +import struct +import shutil +import time +import random + +#get script path +sp = os.path.dirname(os.path.realpath(sys.argv[0])) + +#setup python path for build modules +sys.path.append(sp) + +from DFCI_SupportLib import DFCI_SupportLib + +from edk2toollib.uefi.wincert import * +from edk2toollib.utility_functions import DetachedSignWithSignTool +from edk2toollib.windows.locate_tools import FindToolInWinSdk +from Data.PermissionPacketVariable import PermissionApplyVariable +from Data.PermissionPacketVariable import PermissionResultVariable + + +#PKCS7 Signed Data OID +gOid = "1.2.840.113549.1.7.2" +gPath2SignTool = None + + +def PrintSEM(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = PermissionApplyVariable(s) + s.close() + + #now print it out. + SEM.Print() + +def PrintSEMResults(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = PermissionResultVariable(s) + s.close() + + #now print it out. + SEM.Print() + +def PrintSEMCurrent(filepath): + if(filepath and os.path.isfile(filepath)): + outfilename = os.path.basename(filepath) + "_Current" + ".xml" + a = DFCI_SupportLib () + a.extract_payload_from_current(filepath, outfilename) + +def SignSEMData(options): + global gPath2SignTool + if gPath2SignTool == None: + a = DFCI_SupportLib () + gPath2SignTool = a.get_signtool_path () + + return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) + +# +#main script function +# +def main(): + parser = argparse.ArgumentParser(description='Create SEM Permission Packet Variable') + + #Output debug log + parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) + parser.add_argument("-p", dest="PrintFile", help="Print File as Permission Blob", default= None) + parser.add_argument("-pr", dest="PrintResultsFile", help="Print Result File as Permission Blob", default= None) + parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File to {basename}_Current.xml", default= None) + parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) + + Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") + Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") + Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) + Step1Group.add_argument("--XmlFilePath", dest="XmlFilePath", help="Path to Xml Permission Packet File", default=None) + Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2", default=None) + Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default= PermissionApplyVariable.VERSION_V1) + Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) + Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) + Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) + + Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") + Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") + #need to add arguments here for signing. signtool path and parameters + Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) + Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) + Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) + Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) + + Step3Group = parser.add_argument_group(title="Step3", description="Final Var Construction.") + Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") + Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) + Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) + Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) + + #Turn on debug level logging + parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) + options = parser.parse_args() + + #setup file based logging if outputReport specified + if(options.OutputLog): + if(len(options.OutputLog) < 2): + logging.critical("the output log file parameter is invalid") + return -2 + else: + #setup file based logging + filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') + if(options.debug): + filelogger.setLevel(logging.DEBUG) + else: + filelogger.setLevel(logging.INFO) + + filelogger.setFormatter(formatter) + logging.getLogger('').addHandler(filelogger) + + logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) + + #Step 1 Prep + if(options.Step1Enable): + logging.debug("Step 1 Enabled") + if(not options.XmlFilePath) or (not os.path.isfile(options.XmlFilePath)): + logging.critical("For Step1 there must be a valid XML Permission file") + return -2 + + if(not options.Step2Enable): + #must have output file + if(not options.PrepResultFile): + logging.critical("Since Step2 is not enabled there must be a PrepResultFile for the result") + return -3 + + if(options.PrepResultFile): + logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) + + if(options.SigningInputFile): + logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") + return -11 + + #Step 2 signing + if(options.Step2Enable): + logging.debug("Step 2 Enabled") + if(not options.SigningPfxFile): + logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") + return -10 + + if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): + logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") + return -4 + + if(not options.Step3Enable): + #must have output file + if(not options.SigningResultFile): + logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") + return -5 + if(options.SigningResultFile): + logging.debug("Step2 Result will be written to: " + options.SigningResultFile) + + if(options.FinalizeInputDetachedSignatureFile): + logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") + return -13 + + if(options.FinalizeInputFile): + logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") + return -14 + + #Step 3 Finalize + if(options.Step3Enable): + logging.debug("Step 3 Enabled") + + if(not options.Step2Enable) and (options.Step1Enable): + logging.critical("Can't have only Step1 and 3 Enabled") + return -12 + + if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): + logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") + return -6 + + #must have an output file + if(not options.FinalizeResultFile): + logging.critical("For Step3 you must have a FinalizeResultFile") + return -7 + else: + logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) + + + tempdir = "_temp_" + str(time.time()) + logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) + os.makedirs(tempdir) + + #STEP 1 - Prep Var + if(options.Step1Enable): + logging.critical("Step1 Started") + Step1OutFile = os.path.join(tempdir, "Step1Out.bin") + SEM = PermissionApplyVariable(None, int(options.HdrVersion)) + + if (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V1): + SEM.SNTarget = int(options.SnTarget); + elif (int(options.HdrVersion) == PermissionApplyVariable.VERSION_V2): + if options.SMBIOSMfg == None: + SEM.Manufacturer = "OEMSH" + else: + SEM.Manufacturer = options.SMBIOSMfg + + if options.SMBIOSProd == None: + SEM.ProductName = "OEMSH Product" + else: + SEM.ProductName = options.SMBIOSProd + + if options.SMBIOSSerial == None: + SEM.SerialNumber = "789789789" + else: + SEM.SerialNumber = options.SMBIOSSerial + else: + logging.critical("Invalid header version specified") + return -31 + + a = open(options.XmlFilePath, "r") + SEM.AddXmlPayload(a.read()) + a.close() + + of = open(Step1OutFile, "wb") + SEM.Write(of) + of.close() + + #if user requested a step1 output file copy the temp file + if(options.PrepResultFile): + shutil.copy(Step1OutFile, options.PrepResultFile) + + #setup input for Step2 + options.SigningInputFile = Step1OutFile + + + #STEP 2 - Local sign + if(options.Step2Enable): + logging.critical("Step2 Started") + #copy signinginputfile into temp dir + FileToSign = os.path.join(tempdir, "Step2In.bin") + shutil.copy(options.SigningInputFile, FileToSign) + options.SigningInputFile = FileToSign + options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") + + #do local signature + ret = SignSEMData(options) + if(ret != 0): + logging.critical("SignSEMData (Step2) Failed: " + str(ret)) + return ret + + if(options.SigningResultFile): + shutil.copy(options.SigningOutputFile, options.SigningResultFile) + + #setup input for Step3 + options.FinalizeInputFile = options.SigningInputFile + options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile + + + #STEP 3 - Write Signature Structure and complete file + if(options.Step3Enable): + logging.critical("Step3 Started") + sstep1file = open(options.FinalizeInputFile, "rb") + SEM = PermissionApplyVariable(sstep1file) + sstep1file.close() + SEM.Signature = WinCertUefiGuid() + detached = open(options.FinalizeInputDetachedSignatureFile, "rb") + SEM.Signature.AddCertData(detached) + detached.close() + SEM.SessionId = random.randint(0, 4294967295) #generate a random session id + + if(not options.FinalizeResultFile): + options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") + + of = open(options.FinalizeResultFile, "wb") + SEM.Write(of) + of.close() + + # + # Function to print SEM + # + if(options.PrintFile) and (os.path.isfile(options.PrintFile)): + PrintSEM(options.PrintFile) + + if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): + PrintSEMResults(options.PrintResultsFile) + + if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): + PrintSEMCurrent(options.PrintCurrentFile) + + #clean up if user didn't request to leave around + if(not options.dirty): + shutil.rmtree(tempdir) + + return 0 + + +if __name__ == '__main__': + #setup main console as logger + logger = logging.getLogger('') + logger.setLevel(logging.DEBUG) + formatter = logging.Formatter("%(levelname)s - %(message)s") + console = logging.StreamHandler() + console.setLevel(logging.CRITICAL) + console.setFormatter(formatter) + logger.addHandler(console) + + #call main worker function + retcode = main() + + if retcode != 0: + logging.critical("Failed. Return Code: %i" % retcode) + #end logging + logging.shutdown() + sys.exit(retcode) diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateSettingsPacketData.py b/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateSettingsPacketData.py index f1a053fc..312e433d 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateSettingsPacketData.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/GenerateSettingsPacketData.py @@ -1,340 +1,340 @@ -# @file -# -# Script to Generate a Device Firmware Configuration Interface Settings Blob -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -## -## Script to Generate a Device Firmware Configuration Interface Settings Blob -## This tool takes in a XML file in SettingsPacket format, packages it in a -## DFCI_SECURED_SETTINGS_APPLY_VAR structure, signs it with the -## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. -## -## This binary file can then be written to variable store: -## GUID: gDfciSettingsManagerVarNamespace -## NAME: DFCI_SETTINGS_APPLY_INPUT_VAR_NAME L"DfciSettingsRequest" -## -## THIS IS FOR UNIT TEST -## -## General process: -## Phase 1: Create payload file by combining relevant info -## Phase 2: Sign it using signtool.exe -## Phase 3: Parse signature into WIN_CERT and package to create final output -## - -import os, sys -import argparse -import logging -import datetime -import struct -import shutil -import time -import random - -#get script path -sp = os.path.dirname(os.path.realpath(sys.argv[0])) - -#setup python path for build modules -sys.path.append(sp) - -from DFCI_SupportLib import DFCI_SupportLib - -from edk2toollib.uefi.wincert import * -from edk2toollib.utility_functions import DetachedSignWithSignTool -from edk2toollib.windows.locate_tools import FindToolInWinSdk -from Data.SecureSettingVariable import SecureSettingsApplyVariable -from Data.SecureSettingVariable import SecureSettingsResultVariable - - -#PKCS7 Signed Data OID -gOid = "1.2.840.113549.1.7.2" -gPath2SignTool = None - - -def PrintSEM(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = SecureSettingsApplyVariable(s) - s.close() - - #now print it out. - SEM.Print(True) - -def PrintSEMCurrent(filepath): - if(filepath and os.path.isfile(filepath)): - outfilename = os.path.basename(filepath) + "_Current" + ".xml" - a = DFCI_SupportLib () - a.extract_payload_from_current(filepath, outfilename) - -def PrintSEMResults(filepath): - if(filepath and os.path.isfile(filepath)): - s = open(filepath, "rb") - SEM = SecureSettingsResultVariable(s) - s.close() - - #now print it out. - SEM.Print(True) - -def SignSEMData(options): - global gPath2SignTool - if gPath2SignTool == None: - a = DFCI_SupportLib () - gPath2SignTool = a.get_signtool_path () - - return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) - - -# -#main script function -# -def main(): - parser = argparse.ArgumentParser(description='Create SEM Settings Packet Variable') - - #Output debug log - parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) - parser.add_argument("-p", dest="PrintFile", help="Print File as Settings Blob", default= None) - parser.add_argument("-pr", dest="PrintResultsFile", help="Print Results File as Settings Blob", default= None) - parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File as {basename}_Current.xml", default= None) - parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) - - Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") - Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") - Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) - Step1Group.add_argument("--XmlFilePath", dest="XmlFilePath", help="Path to Xml Permission Packet File", default=None) - Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2", default=None) - Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default= SecureSettingsApplyVariable.VERSION_V1) - Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) - Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) - Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) - - Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") - Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") - #need to add arguments here for signing. signtool path and parameters - Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) - Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) - Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) - Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) - - Step3Group = parser.add_argument_group(title="Step3", description="Final Var Construction.") - Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") - Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) - Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) - Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) - - #Turn on debug level logging - parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) - options = parser.parse_args() - - #setup file based logging if outputReport specified - if(options.OutputLog): - if(len(options.OutputLog) < 2): - logging.critical("the output log file parameter is invalid") - return -27 - else: - #setup file based logging - filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') - if(options.debug): - filelogger.setLevel(logging.DEBUG) - else: - filelogger.setLevel(logging.INFO) - - filelogger.setFormatter(formatter) - logging.getLogger('').addHandler(filelogger) - - logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) - - #Step 1 Prep - if(options.Step1Enable): - logging.debug("Step 1 Enabled") - if(not options.XmlFilePath) or (not os.path.isfile(options.XmlFilePath)): - logging.critical("For Step1 there must be a valid XML Settings file") - return -2 - - if(not options.Step2Enable): - #must have output file - if(not options.PrepResultFile): - logging.critical("Since Step2 is not enabled there must be a PrepResultFile for the result") - return -3 - - if(options.PrepResultFile): - logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) - - if(options.SigningInputFile): - logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") - return -11 - - #Step 2 signing - if(options.Step2Enable): - logging.debug("Step 2 Enabled") - if(not options.SigningPfxFile): - logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") - return -10 - - if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): - logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") - return -4 - - if(not options.Step3Enable): - #must have output file - if(not options.SigningResultFile): - logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") - return -5 - if(options.SigningResultFile): - logging.debug("Step2 Result will be written to: " + options.SigningResultFile) - - if(options.FinalizeInputDetachedSignatureFile): - logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") - return -13 - - if(options.FinalizeInputFile): - logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") - return -14 - - #Step 3 Finalize - if(options.Step3Enable): - logging.debug("Step 3 Enabled") - - if(not options.Step2Enable) and (options.Step1Enable): - logging.critical("Can't have only Step1 and 3 Enabled") - return -12 - - if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): - logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") - return -6 - - #must have an output file - if(not options.FinalizeResultFile): - logging.critical("For Step3 you must have a FinalizeResultFile") - return -7 - else: - logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) - - tempdir = "_temp_" + str(time.time()) - logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) - os.makedirs(tempdir) - - #STEP 1 - Prep Var - if(options.Step1Enable): - logging.critical("Step1 Started") - Step1OutFile = os.path.join(tempdir, "Step1Out.bin") - SEM = SecureSettingsApplyVariable(None, int(options.HdrVersion)) - - if (int(options.HdrVersion) == SecureSettingsApplyVariable.VERSION_V1): - SEM.SNTarget = int(options.SnTarget); - elif (int(options.HdrVersion) == SecureSettingsApplyVariable.VERSION_V2): - if options.SMBIOSMfg == None: - SEM.Manufacturer = "OEMSH" - else: - SEM.Manufacturer = options.SMBIOSMfg - - if options.SMBIOSProd == None: - SEM.ProductName = "OEMSH Product" - else: - SEM.ProductName = options.SMBIOSProd - - if options.SMBIOSSerial == None: - SEM.SerialNumber = "789789789" - else: - SEM.SerialNumber = options.SMBIOSSerial - - else: - logging.critical("Invalid header version specified") - return -31 - - a = open(options.XmlFilePath, "r") - SEM.AddXmlPayload(a.read()) - a.close() - - of = open(Step1OutFile, "wb") - SEM.Write(of) - of.close() - - #if user requested a step1 output file copy the temp file - if(options.PrepResultFile): - shutil.copy(Step1OutFile, options.PrepResultFile) - - #setup input for Step2 - options.SigningInputFile = Step1OutFile - - - #STEP 2 - Local sign - if(options.Step2Enable): - logging.critical("Step2 Started") - #copy signinginputfile into temp dir - FileToSign = os.path.join(tempdir, "Step2In.bin") - shutil.copy(options.SigningInputFile, FileToSign) - options.SigningInputFile = FileToSign - options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") - - #do local signature - ret = SignSEMData(options) - if(ret != 0): - logging.critical("SignSEMData (Step2) Failed: " + str(ret)) - return ret - - if(options.SigningResultFile): - shutil.copy(options.SigningOutputFile, options.SigningResultFile) - - #setup input for Step3 - options.FinalizeInputFile = options.SigningInputFile - options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile - - - #STEP 3 - Write Signature Structure and complete file - if(options.Step3Enable): - logging.critical("Step3 Started") - sstep1file = open(options.FinalizeInputFile, "rb") - SEM = SecureSettingsApplyVariable(sstep1file) - sstep1file.close() - SEM.Signature = WinCertUefiGuid() - detached = open(options.FinalizeInputDetachedSignatureFile, "rb") - SEM.Signature.AddCertData(detached) - detached.close() - SEM.SessionId = random.randint(0, 4294967295) #generate a random session id - - if(not options.FinalizeResultFile): - options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") - - of = open(options.FinalizeResultFile, "wb") - SEM.Write(of) - of.close() - - # - # Function to print SEM - # - if(options.PrintFile) and (os.path.isfile(options.PrintFile)): - PrintSEM(options.PrintFile) - - if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): - PrintSEMResults(options.PrintResultsFile) - - if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): - PrintSEMCurrent(options.PrintCurrentFile) - - #clean up if user didn't request to leave around - if(not options.dirty): - shutil.rmtree(tempdir) - - return 0 - - -if __name__ == '__main__': - #setup main console as logger - logger = logging.getLogger('') - logger.setLevel(logging.DEBUG) - formatter = logging.Formatter("%(levelname)s - %(message)s") - console = logging.StreamHandler() - console.setLevel(logging.CRITICAL) - console.setFormatter(formatter) - logger.addHandler(console) - - #call main worker function - retcode = main() - - if retcode != 0: - logging.critical("Failed. Return Code: %i" % retcode) - #end logging - logging.shutdown() - sys.exit(retcode) +# @file +# +# Script to Generate a Device Firmware Configuration Interface Settings Blob +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +## +## Script to Generate a Device Firmware Configuration Interface Settings Blob +## This tool takes in a XML file in SettingsPacket format, packages it in a +## DFCI_SECURED_SETTINGS_APPLY_VAR structure, signs it with the +## requested key, and then attaches the signature data in WIN_CERTIFICATE_UEFI_GUID format. +## +## This binary file can then be written to variable store: +## GUID: gDfciSettingsManagerVarNamespace +## NAME: DFCI_SETTINGS_APPLY_INPUT_VAR_NAME L"DfciSettingsRequest" +## +## THIS IS FOR UNIT TEST +## +## General process: +## Phase 1: Create payload file by combining relevant info +## Phase 2: Sign it using signtool.exe +## Phase 3: Parse signature into WIN_CERT and package to create final output +## + +import os, sys +import argparse +import logging +import datetime +import struct +import shutil +import time +import random + +#get script path +sp = os.path.dirname(os.path.realpath(sys.argv[0])) + +#setup python path for build modules +sys.path.append(sp) + +from DFCI_SupportLib import DFCI_SupportLib + +from edk2toollib.uefi.wincert import * +from edk2toollib.utility_functions import DetachedSignWithSignTool +from edk2toollib.windows.locate_tools import FindToolInWinSdk +from Data.SecureSettingVariable import SecureSettingsApplyVariable +from Data.SecureSettingVariable import SecureSettingsResultVariable + + +#PKCS7 Signed Data OID +gOid = "1.2.840.113549.1.7.2" +gPath2SignTool = None + + +def PrintSEM(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = SecureSettingsApplyVariable(s) + s.close() + + #now print it out. + SEM.Print(True) + +def PrintSEMCurrent(filepath): + if(filepath and os.path.isfile(filepath)): + outfilename = os.path.basename(filepath) + "_Current" + ".xml" + a = DFCI_SupportLib () + a.extract_payload_from_current(filepath, outfilename) + +def PrintSEMResults(filepath): + if(filepath and os.path.isfile(filepath)): + s = open(filepath, "rb") + SEM = SecureSettingsResultVariable(s) + s.close() + + #now print it out. + SEM.Print(True) + +def SignSEMData(options): + global gPath2SignTool + if gPath2SignTool == None: + a = DFCI_SupportLib () + gPath2SignTool = a.get_signtool_path () + + return DetachedSignWithSignTool (gPath2SignTool, options.SigningInputFile, options.SigningOutputFile, options.SigningPfxFile, options.SigningPfxPw, gOid) + + +# +#main script function +# +def main(): + parser = argparse.ArgumentParser(description='Create SEM Settings Packet Variable') + + #Output debug log + parser.add_argument("-l", dest="OutputLog", help="Create an output log file: ie -l out.txt", default=None) + parser.add_argument("-p", dest="PrintFile", help="Print File as Settings Blob", default= None) + parser.add_argument("-pr", dest="PrintResultsFile", help="Print Results File as Settings Blob", default= None) + parser.add_argument("-pc", dest="PrintCurrentFile", help="Print Current File as {basename}_Current.xml", default= None) + parser.add_argument("--dirty", action="store_true", dest="dirty", help="Leave around the temp files after finished", default=False) + + Step1Group = parser.add_argument_group(title="Step1", description="Signed Data Prep. Build data structure.") + Step1Group.add_argument("--Step1Enable", dest="Step1Enable", help="Do Step 1 - Signed Data Prep", default=False, action="store_true") + Step1Group.add_argument("--SnTarget", dest="SnTarget", help="Target to only a device with given Serial Number in decimal. Zero means all devices", default=0) + Step1Group.add_argument("--XmlFilePath", dest="XmlFilePath", help="Path to Xml Permission Packet File", default=None) + Step1Group.add_argument("--PrepResultFile", dest="PrepResultFile", help="Optional File for output from Step1. Required if not doing step2", default=None) + Step1Group.add_argument("--HdrVersion", dest="HdrVersion", help="Specify packet version", default= SecureSettingsApplyVariable.VERSION_V1) + Step1Group.add_argument("--SMBIOSMfg", dest="SMBIOSMfg", help="Specify SMBIOS Manufacturer", default=None) + Step1Group.add_argument("--SMBIOSProd", dest="SMBIOSProd", help="Specify SMBIOS Product Name", default=None) + Step1Group.add_argument("--SMBIOSSerial", dest="SMBIOSSerial", help="Specify SMBIOS Serial Number", default=None) + + Step2Group = parser.add_argument_group(title="Step2", description="Signature Generation Step.") + Step2Group.add_argument("--Step2Enable", dest="Step2Enable", help="Do Step 2 - Local Signing", default=False, action="store_true") + #need to add arguments here for signing. signtool path and parameters + Step2Group.add_argument("--SigningInputFile", dest="SigningInputFile", help="Optional File for intput for Step2. Required if not doing step1", default=None) + Step2Group.add_argument("--SigningResultFile", dest="SigningResultFile", help="Optional File for output from Step2. Required if not doing step3", default=None) + Step2Group.add_argument("--SigningPfxFile", dest="SigningPfxFile", help="Path to PFX file for signing", default=None) + Step2Group.add_argument("--SigningPfxPw", dest="SigningPfxPw", help="Optional Password for PFX file for signing", default=None) + + Step3Group = parser.add_argument_group(title="Step3", description="Final Var Construction.") + Step3Group.add_argument("--Step3Enable", dest="Step3Enable", help="Do Step 3 - Final Provisioning Var Construction", default=False, action="store_true") + Step3Group.add_argument("--FinalizeInputFile", dest="FinalizeInputFile", help="Optional if doing Step2. Generally Step1 Output or Step2 input. ", default=None) + Step3Group.add_argument("--FinalizeInputDetachedSignatureFile", dest="FinalizeInputDetachedSignatureFile", help="Signtool Detached Signature File. Optional if doing Step2", default=None) + Step3Group.add_argument("--FinalizeResultFile", dest="FinalizeResultFile", help="File for output from Step3. Complete SEM Provisioning Var File.", default=None) + + #Turn on debug level logging + parser.add_argument("--debug", action="store_true", dest="debug", help="turn on debug logging level for file log", default=False) + options = parser.parse_args() + + #setup file based logging if outputReport specified + if(options.OutputLog): + if(len(options.OutputLog) < 2): + logging.critical("the output log file parameter is invalid") + return -27 + else: + #setup file based logging + filelogger = logging.FileHandler(filename=options.OutputLog, mode='w') + if(options.debug): + filelogger.setLevel(logging.DEBUG) + else: + filelogger.setLevel(logging.INFO) + + filelogger.setFormatter(formatter) + logging.getLogger('').addHandler(filelogger) + + logging.info("Log Started: " + datetime.datetime.strftime(datetime.datetime.now(), "%A, %B %d, %Y %I:%M%p" )) + + #Step 1 Prep + if(options.Step1Enable): + logging.debug("Step 1 Enabled") + if(not options.XmlFilePath) or (not os.path.isfile(options.XmlFilePath)): + logging.critical("For Step1 there must be a valid XML Settings file") + return -2 + + if(not options.Step2Enable): + #must have output file + if(not options.PrepResultFile): + logging.critical("Since Step2 is not enabled there must be a PrepResultFile for the result") + return -3 + + if(options.PrepResultFile): + logging.debug("Step 1 Result will be written to: " + options.PrepResultFile) + + if(options.SigningInputFile): + logging.critical("Since Step1 is enabled an Input File for Step2 is not allowed") + return -11 + + #Step 2 signing + if(options.Step2Enable): + logging.debug("Step 2 Enabled") + if(not options.SigningPfxFile): + logging.critical("Since Step2 is enabled you must supply a path to a PFX file for signing") + return -10 + + if(not options.Step1Enable) and ((not options.SigningInputFile) or (not os.path.isfile(options.SigningInputFile))): + logging.critical("For Step2 you must do Step1 or have a valid SigningInputFile") + return -4 + + if(not options.Step3Enable): + #must have output file + if(not options.SigningResultFile): + logging.critical("Since Step3 is not enabled there must be a SigningResultFile for the result") + return -5 + if(options.SigningResultFile): + logging.debug("Step2 Result will be written to: " + options.SigningResultFile) + + if(options.FinalizeInputDetachedSignatureFile): + logging.critical("Since Step2 is enabled an Input Detached signature file for Step3 is not allowed") + return -13 + + if(options.FinalizeInputFile): + logging.critical("Since Step2 is enabled an Input file for Step3 is not allowed") + return -14 + + #Step 3 Finalize + if(options.Step3Enable): + logging.debug("Step 3 Enabled") + + if(not options.Step2Enable) and (options.Step1Enable): + logging.critical("Can't have only Step1 and 3 Enabled") + return -12 + + if(not options.Step2Enable) and ((not options.FinalizeInputFile) or (not os.path.isfile(options.FinalizeInputFile)) or (not options.FinalizeInputDetachedSignatureFile) or (not os.path.isfile(options.FinalizeInputDetachedSignatureFile))): + logging.critical("For Step3 you must do Step2 or have a valid FinalizeInputFile and FinalizeInputDetachedSignatureFile") + return -6 + + #must have an output file + if(not options.FinalizeResultFile): + logging.critical("For Step3 you must have a FinalizeResultFile") + return -7 + else: + logging.debug("Step3 Result will be written to: " + options.FinalizeResultFile) + + tempdir = "_temp_" + str(time.time()) + logging.critical("Temp directory is: " + os.path.join(os.getcwd(), tempdir)) + os.makedirs(tempdir) + + #STEP 1 - Prep Var + if(options.Step1Enable): + logging.critical("Step1 Started") + Step1OutFile = os.path.join(tempdir, "Step1Out.bin") + SEM = SecureSettingsApplyVariable(None, int(options.HdrVersion)) + + if (int(options.HdrVersion) == SecureSettingsApplyVariable.VERSION_V1): + SEM.SNTarget = int(options.SnTarget); + elif (int(options.HdrVersion) == SecureSettingsApplyVariable.VERSION_V2): + if options.SMBIOSMfg == None: + SEM.Manufacturer = "OEMSH" + else: + SEM.Manufacturer = options.SMBIOSMfg + + if options.SMBIOSProd == None: + SEM.ProductName = "OEMSH Product" + else: + SEM.ProductName = options.SMBIOSProd + + if options.SMBIOSSerial == None: + SEM.SerialNumber = "789789789" + else: + SEM.SerialNumber = options.SMBIOSSerial + + else: + logging.critical("Invalid header version specified") + return -31 + + a = open(options.XmlFilePath, "r") + SEM.AddXmlPayload(a.read()) + a.close() + + of = open(Step1OutFile, "wb") + SEM.Write(of) + of.close() + + #if user requested a step1 output file copy the temp file + if(options.PrepResultFile): + shutil.copy(Step1OutFile, options.PrepResultFile) + + #setup input for Step2 + options.SigningInputFile = Step1OutFile + + + #STEP 2 - Local sign + if(options.Step2Enable): + logging.critical("Step2 Started") + #copy signinginputfile into temp dir + FileToSign = os.path.join(tempdir, "Step2In.bin") + shutil.copy(options.SigningInputFile, FileToSign) + options.SigningInputFile = FileToSign + options.SigningOutputFile = os.path.join(tempdir, "Step2Signature.bin") + + #do local signature + ret = SignSEMData(options) + if(ret != 0): + logging.critical("SignSEMData (Step2) Failed: " + str(ret)) + return ret + + if(options.SigningResultFile): + shutil.copy(options.SigningOutputFile, options.SigningResultFile) + + #setup input for Step3 + options.FinalizeInputFile = options.SigningInputFile + options.FinalizeInputDetachedSignatureFile = options.SigningOutputFile + + + #STEP 3 - Write Signature Structure and complete file + if(options.Step3Enable): + logging.critical("Step3 Started") + sstep1file = open(options.FinalizeInputFile, "rb") + SEM = SecureSettingsApplyVariable(sstep1file) + sstep1file.close() + SEM.Signature = WinCertUefiGuid() + detached = open(options.FinalizeInputDetachedSignatureFile, "rb") + SEM.Signature.AddCertData(detached) + detached.close() + SEM.SessionId = random.randint(0, 4294967295) #generate a random session id + + if(not options.FinalizeResultFile): + options.FinalizeResultFile = os.path.join(tempdir, "Step3Out.bin") + + of = open(options.FinalizeResultFile, "wb") + SEM.Write(of) + of.close() + + # + # Function to print SEM + # + if(options.PrintFile) and (os.path.isfile(options.PrintFile)): + PrintSEM(options.PrintFile) + + if(options.PrintResultsFile) and (os.path.isfile(options.PrintResultsFile)): + PrintSEMResults(options.PrintResultsFile) + + if(options.PrintCurrentFile) and (os.path.isfile(options.PrintCurrentFile)): + PrintSEMCurrent(options.PrintCurrentFile) + + #clean up if user didn't request to leave around + if(not options.dirty): + shutil.rmtree(tempdir) + + return 0 + + +if __name__ == '__main__': + #setup main console as logger + logger = logging.getLogger('') + logger.setLevel(logging.DEBUG) + formatter = logging.Formatter("%(levelname)s - %(message)s") + console = logging.StreamHandler() + console.setLevel(logging.CRITICAL) + console.setFormatter(formatter) + logger.addHandler(console) + + #call main worker function + retcode = main() + + if retcode != 0: + logging.critical("Failed. Return Code: %i" % retcode) + #end logging + logging.shutdown() + sys.exit(retcode) diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/InsertCertIntoXML.py b/DfciPkg/UnitTests/DfciTests/Support/Python/InsertCertIntoXML.py index a242eca0..2aac009c 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/InsertCertIntoXML.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/InsertCertIntoXML.py @@ -1,71 +1,71 @@ -# @file -# -# Convert Bin cert file to base 64 string, and replace the XYZZY string with the -# base 64 string. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -import os, sys - -import argparse -import logging -import binascii - - -# -#main script function -# -def main(): - parser = argparse.ArgumentParser(description='Create SEM Provisioning Cert CSP XML') - - parser.add_argument("--BinFilePath", dest="BinFilePath", help="Path to binary packet", default=None) - parser.add_argument("--OutputFilePath", dest="OutputFilePath", help="Path to output file", default=None) - parser.add_argument("--PatternFilePath", dest="PatternFilePath", help="Path to Xml pattern", default=None) - - options = parser.parse_args() - - with open(options.BinFilePath, "rb") as binfile: - bindata = binfile.read() - - if bindata == None: - raise Exception ("Invalid binary data") - - b64data = binascii.b2a_base64(bindata).decode("utf-8") - - FoundXYZZY = False - with open(options.OutputFilePath, "w") as outfile: - with open(options.PatternFilePath, "r") as patternfile: - for pl in patternfile: - if pl.strip() == "XYZZY": - FoundXYZZY = True - outfile.write(b64data) - else: - outfile.write(pl) - if not FoundXYZZY: - raise Exception ("Invalid pattern data") - logging.critical("Successfully created XML pkt") - return 0 - - - -if __name__ == '__main__': - #setup main console as logger - logger = logging.getLogger('') - logger.setLevel(logging.DEBUG) - formatter = logging.Formatter("%(levelname)s - %(message)s") - console = logging.StreamHandler() - console.setLevel(logging.CRITICAL) - console.setFormatter(formatter) - logger.addHandler(console) - - #call main worker function - retcode = main() - - if retcode != 0: - logging.critical("Failed. Return Code: %i" % retcode) - #end logging - logging.shutdown() - sys.exit(retcode) - +# @file +# +# Convert Bin cert file to base 64 string, and replace the XYZZY string with the +# base 64 string. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +import os, sys + +import argparse +import logging +import binascii + + +# +#main script function +# +def main(): + parser = argparse.ArgumentParser(description='Create SEM Provisioning Cert CSP XML') + + parser.add_argument("--BinFilePath", dest="BinFilePath", help="Path to binary packet", default=None) + parser.add_argument("--OutputFilePath", dest="OutputFilePath", help="Path to output file", default=None) + parser.add_argument("--PatternFilePath", dest="PatternFilePath", help="Path to Xml pattern", default=None) + + options = parser.parse_args() + + with open(options.BinFilePath, "rb") as binfile: + bindata = binfile.read() + + if bindata == None: + raise Exception ("Invalid binary data") + + b64data = binascii.b2a_base64(bindata).decode("utf-8") + + FoundXYZZY = False + with open(options.OutputFilePath, "w") as outfile: + with open(options.PatternFilePath, "r") as patternfile: + for pl in patternfile: + if pl.strip() == "XYZZY": + FoundXYZZY = True + outfile.write(b64data) + else: + outfile.write(pl) + if not FoundXYZZY: + raise Exception ("Invalid pattern data") + logging.critical("Successfully created XML pkt") + return 0 + + + +if __name__ == '__main__': + #setup main console as logger + logger = logging.getLogger('') + logger.setLevel(logging.DEBUG) + formatter = logging.Formatter("%(levelname)s - %(message)s") + console = logging.StreamHandler() + console.setLevel(logging.CRITICAL) + console.setFormatter(formatter) + logger.addHandler(console) + + #call main worker function + retcode = main() + + if retcode != 0: + logging.critical("Failed. Return Code: %i" % retcode) + #end logging + logging.shutdown() + sys.exit(retcode) + diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/PermissionsXMLLib.py b/DfciPkg/UnitTests/DfciTests/Support/Python/PermissionsXMLLib.py index b0d55339..d11c4aeb 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/PermissionsXMLLib.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/PermissionsXMLLib.py @@ -1,112 +1,112 @@ -# @file -# -# Script to Generate a a Permissions XML payload. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -import os, sys -import traceback -import argparse -import datetime -from DFCI_SupportLib import DFCI_SupportLib - -class PermissionsXMLLib(object): - - # - # Create Permissions XML - # - # Given a list of permissions, PMASK, and DMASK, create an XML permissions payload - # - def create_permissions_xml(self, filename, version, lsv, def_pmask, def_dmask, permissionslist): - - f = open(filename, "w") - f.write('\n') - f.write('\n') - f.write(' Dfci Testcase Libraries\n') - f.write(' ') - - print(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"), end='', file=f) - - f.write('\n') - f.write(' ') - print (version, end='', file=f) - f.write('\n') - f.write(' 2\n') - f.write(' ') - - # - # The permissions list is a list of a list. The lowest level list is really a tuple of - # permission id, PMASK, and DMASK. DMASK may be None. - # - for permission in permissionslist: - f.write(' \n') - f.write(' ') - print (permission[0], end='', file=f) - f.write('\n') - f.write(' ') - print (permission[1], end='', file=f) - f.write('\n') - if (permission[2] is not None): - f.write(' ') - print (permission[2], end='', file=f) - f.write('\n') - f.write(' \n') - - f.write(' \n') - f.write('\n') - - f.close - - return True - - # - # Validate Current Permissions - # - # Input is the current permissions and a list of permission/PMASK/DMASK tuples (list of lists) - # - # Ensure the settings in the checklist have the proper value - # - def validate_current_permissions(self, testname, currentPermissionsXmlFile, checklist): - - for item in checklist: - a = DFCI_SupportLib() - PMask, DMask = a.get_current_permission_value(currentPermissionsXmlFile, item[0]) - - if (PMask != item[1]): - print ('PMask Mismatch for %s, was=%s, Should be=%s' % (item[0], PMask, item[1])) - return False - - if (PMask is not None): - if (DMask != item[2]): - print ('DMask Mismatch for %s, was=%s, Should be=%s' % (item[0], DMask, item[2])) - return False; - - return True - - # - # Validate Current Permission Defaults - # - # Input is the current permissions and the default PMASK and DMASK - # - # Ensure the settings in the checklist have the proper value - # - def validate_current_permission_defaults(self, testname, currentPermissionsXmlFile, CheckDefault, CheckDelegated): - - a = DFCI_SupportLib() - Default, Delegated = a.get_current_permission_defaults(currentPermissionsXmlFile) - - if (Default != CheckDefault): - print ('PMask Mismatch was %s should be %s' % (Default, CheckDefault)) - return False - - if (Delegated != CheckDelegated): - print ('DMask Mismatch was %s should be %s' % (Delegated, CheckDelegated)) - return False; - - return True +# @file +# +# Script to Generate a a Permissions XML payload. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +import os, sys +import traceback +import argparse +import datetime +from DFCI_SupportLib import DFCI_SupportLib + +class PermissionsXMLLib(object): + + # + # Create Permissions XML + # + # Given a list of permissions, PMASK, and DMASK, create an XML permissions payload + # + def create_permissions_xml(self, filename, version, lsv, def_pmask, def_dmask, permissionslist): + + f = open(filename, "w") + f.write('\n') + f.write('\n') + f.write(' Dfci Testcase Libraries\n') + f.write(' ') + + print(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"), end='', file=f) + + f.write('\n') + f.write(' ') + print (version, end='', file=f) + f.write('\n') + f.write(' 2\n') + f.write(' ') + + # + # The permissions list is a list of a list. The lowest level list is really a tuple of + # permission id, PMASK, and DMASK. DMASK may be None. + # + for permission in permissionslist: + f.write(' \n') + f.write(' ') + print (permission[0], end='', file=f) + f.write('\n') + f.write(' ') + print (permission[1], end='', file=f) + f.write('\n') + if (permission[2] is not None): + f.write(' ') + print (permission[2], end='', file=f) + f.write('\n') + f.write(' \n') + + f.write(' \n') + f.write('\n') + + f.close + + return True + + # + # Validate Current Permissions + # + # Input is the current permissions and a list of permission/PMASK/DMASK tuples (list of lists) + # + # Ensure the settings in the checklist have the proper value + # + def validate_current_permissions(self, testname, currentPermissionsXmlFile, checklist): + + for item in checklist: + a = DFCI_SupportLib() + PMask, DMask = a.get_current_permission_value(currentPermissionsXmlFile, item[0]) + + if (PMask != item[1]): + print ('PMask Mismatch for %s, was=%s, Should be=%s' % (item[0], PMask, item[1])) + return False + + if (PMask is not None): + if (DMask != item[2]): + print ('DMask Mismatch for %s, was=%s, Should be=%s' % (item[0], DMask, item[2])) + return False; + + return True + + # + # Validate Current Permission Defaults + # + # Input is the current permissions and the default PMASK and DMASK + # + # Ensure the settings in the checklist have the proper value + # + def validate_current_permission_defaults(self, testname, currentPermissionsXmlFile, CheckDefault, CheckDelegated): + + a = DFCI_SupportLib() + Default, Delegated = a.get_current_permission_defaults(currentPermissionsXmlFile) + + if (Default != CheckDefault): + print ('PMask Mismatch was %s should be %s' % (Default, CheckDefault)) + return False + + if (Delegated != CheckDelegated): + print ('DMask Mismatch was %s should be %s' % (Delegated, CheckDelegated)) + return False; + + return True diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/PyRobotRemote.py b/DfciPkg/UnitTests/DfciTests/Support/Python/PyRobotRemote.py index f541321b..281ec6b0 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/PyRobotRemote.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/PyRobotRemote.py @@ -1,103 +1,103 @@ -# @file -# -# PyRobotRemote - Runs on the System Under Test (DUT) providing -# functionality needed for DFCI testing -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -import os -import sys -import subprocess -import logging -import shlex -import win32api -import win32con -import win32security -import winnt - -from Lib.UefiVariablesSupportLib import UefiVariable - - -# update this whenever you make a change -RobotRemoteChangeDate = "2021-12-14 11:00" -RobotRemoteVersion = 1.06 - - -class UefiRemoteTesting(object): - """Library to be used with Robot Framework's remote server. - - This supports Robot Framework Remote Interface. This lets a remote test system perform local operations using - remote framework and built in remote "Keywords" - """ - def __init__(self): - self.filepath = None - self.lines = [] - - def Run_PowerShell_And_Return_Output(self, cmdline): - completed = subprocess.run(["powershell", "-Command", cmdline], capture_output=True) - - if completed.returncode != 0: - return "Error" - else: - return completed.stdout.decode('utf-8').strip() - - # - # String variables are designed to have a NULL. This does - # confuse Python, so get rid of the NULL when it is expected - # - def GetUefiVariable(self, name, guid, trim): - UefiVar = UefiVariable() - logging.info("Calling GetUefiVar(name='%s', GUID='%s')" % (name, "{%s}" % guid)) - (rc, var, errorstring) = UefiVar.GetUefiVar(name, guid) - var2 = var - if (var is not None) and (trim == 'trim'): - varlen = len(var) - if varlen > 1: - var2 = var[0:varlen-1] - return (rc, var2, errorstring) - - def SetUefiVariable(self, name, guid, attrs=None, contents=None): - UefiVar = UefiVariable() - (rc, err, errorstring) = UefiVar.SetUefiVar(name, guid, contents, attrs) - return rc - - def remote_ack(self): - return True - - def remote_get_version(self): - return RobotRemoteVersion - - def remote_warm_reboot(self): - os.system("shutdown -r -t 1") - - def remote_reboot_to_firmware(self): - TokenHandle = win32security.OpenProcessToken(win32api.GetCurrentProcess(), - win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) - NewPrivilege = [(win32security.LookupPrivilegeValue(None, winnt.SE_SHUTDOWN_NAME), - winnt.SE_PRIVILEGE_ENABLED)] - win32security.AdjustTokenPrivileges(TokenHandle, False, NewPrivilege) - os.system("shutdown -r -fw -t 0") - - -if __name__ == '__main__': - from robotremoteserver import RobotRemoteServer - print("Version %s - %s" % (str(RobotRemoteVersion), RobotRemoteChangeDate)) - - # setup main console as logger - logger = logging.getLogger('') - logger.setLevel(logging.DEBUG) - formatter = logging.Formatter("%(levelname)s - %(message)s") - console = logging.StreamHandler() - console.setLevel(logging.CRITICAL) - console.setFormatter(formatter) - logger.addHandler(console) - - # Display IP address for convenience of tester - os.system('ipconfig | findstr IPv4') - - RobotRemoteServer(UefiRemoteTesting(), host='0.0.0.0', port=8270) - - logging.shutdown() - sys.exit(0) +# @file +# +# PyRobotRemote - Runs on the System Under Test (DUT) providing +# functionality needed for DFCI testing +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +import os +import sys +import subprocess +import logging +import shlex +import win32api +import win32con +import win32security +import winnt + +from Lib.UefiVariablesSupportLib import UefiVariable + + +# update this whenever you make a change +RobotRemoteChangeDate = "2021-12-14 11:00" +RobotRemoteVersion = 1.06 + + +class UefiRemoteTesting(object): + """Library to be used with Robot Framework's remote server. + + This supports Robot Framework Remote Interface. This lets a remote test system perform local operations using + remote framework and built in remote "Keywords" + """ + def __init__(self): + self.filepath = None + self.lines = [] + + def Run_PowerShell_And_Return_Output(self, cmdline): + completed = subprocess.run(["powershell", "-Command", cmdline], capture_output=True) + + if completed.returncode != 0: + return "Error" + else: + return completed.stdout.decode('utf-8').strip() + + # + # String variables are designed to have a NULL. This does + # confuse Python, so get rid of the NULL when it is expected + # + def GetUefiVariable(self, name, guid, trim): + UefiVar = UefiVariable() + logging.info("Calling GetUefiVar(name='%s', GUID='%s')" % (name, "{%s}" % guid)) + (rc, var, errorstring) = UefiVar.GetUefiVar(name, guid) + var2 = var + if (var is not None) and (trim == 'trim'): + varlen = len(var) + if varlen > 1: + var2 = var[0:varlen-1] + return (rc, var2, errorstring) + + def SetUefiVariable(self, name, guid, attrs=None, contents=None): + UefiVar = UefiVariable() + (rc, err, errorstring) = UefiVar.SetUefiVar(name, guid, contents, attrs) + return rc + + def remote_ack(self): + return True + + def remote_get_version(self): + return RobotRemoteVersion + + def remote_warm_reboot(self): + os.system("shutdown -r -t 1") + + def remote_reboot_to_firmware(self): + TokenHandle = win32security.OpenProcessToken(win32api.GetCurrentProcess(), + win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) + NewPrivilege = [(win32security.LookupPrivilegeValue(None, winnt.SE_SHUTDOWN_NAME), + winnt.SE_PRIVILEGE_ENABLED)] + win32security.AdjustTokenPrivileges(TokenHandle, False, NewPrivilege) + os.system("shutdown -r -fw -t 0") + + +if __name__ == '__main__': + from robotremoteserver import RobotRemoteServer + print("Version %s - %s" % (str(RobotRemoteVersion), RobotRemoteChangeDate)) + + # setup main console as logger + logger = logging.getLogger('') + logger.setLevel(logging.DEBUG) + formatter = logging.Formatter("%(levelname)s - %(message)s") + console = logging.StreamHandler() + console.setLevel(logging.CRITICAL) + console.setFormatter(formatter) + logger.addHandler(console) + + # Display IP address for convenience of tester + os.system('ipconfig | findstr IPv4') + + RobotRemoteServer(UefiRemoteTesting(), host='0.0.0.0', port=8270) + + logging.shutdown() + sys.exit(0) diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/SettingsXMLLib.py b/DfciPkg/UnitTests/DfciTests/Support/Python/SettingsXMLLib.py index 9c109b60..d917b515 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/SettingsXMLLib.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/SettingsXMLLib.py @@ -1,74 +1,74 @@ -# @file -# -# Script to Generate a Settings XML payload. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -import os, sys -import traceback -import argparse -import datetime -from DFCI_SupportLib import DFCI_SupportLib - -class SettingsXMLLib(object): - - # - # Create Settings XML - # - # Given a list of settings and values, create an XML settings payload - # - def create_settings_xml(self, filename, version, lsv, settingslist): - - f = open(filename, "w") - f.write('\n') - f.write('\n') - f.write(' Dfci Testcase Libraries\n') - f.write(' ') - - print(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"), end='', file=f) - - f.write('\n') - f.write(' ') - print (version, end='', file=f) - f.write('\n') - f.write(' 2\n') - f.write(' \n') - - # - # The settings list is a list of a list. The lowest level list is really a tuple of - # setting id and value - # - for setting in settingslist: - f.write(' \n') - f.write(' ') - print (setting[0], end='', file=f) - f.write('\n') - f.write(' ') - print (setting[1], end='', file=f) - f.write('\n') - f.write(' \n') - - f.write(' \n') - f.write('\n') - - f.close - - return True - - # - # Validate Current Settings - # - # Input is the current settings and a list of setting/value pairs (list of lists) - # - # Ensure the settings in the checklist have the proper value - # - def validate_current_settings(self, testname, currentSettingXmlFile, checklist): - - for item in checklist: - a = DFCI_SupportLib() - rc = a.check_current_setting_value(currentSettingXmlFile, item[0], item[1]) - if not rc: - return rc - - return True +# @file +# +# Script to Generate a Settings XML payload. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +import os, sys +import traceback +import argparse +import datetime +from DFCI_SupportLib import DFCI_SupportLib + +class SettingsXMLLib(object): + + # + # Create Settings XML + # + # Given a list of settings and values, create an XML settings payload + # + def create_settings_xml(self, filename, version, lsv, settingslist): + + f = open(filename, "w") + f.write('\n') + f.write('\n') + f.write(' Dfci Testcase Libraries\n') + f.write(' ') + + print(datetime.datetime.now().strftime("%Y-%m-%d %H:%M"), end='', file=f) + + f.write('\n') + f.write(' ') + print (version, end='', file=f) + f.write('\n') + f.write(' 2\n') + f.write(' \n') + + # + # The settings list is a list of a list. The lowest level list is really a tuple of + # setting id and value + # + for setting in settingslist: + f.write(' \n') + f.write(' ') + print (setting[0], end='', file=f) + f.write('\n') + f.write(' ') + print (setting[1], end='', file=f) + f.write('\n') + f.write(' \n') + + f.write(' \n') + f.write('\n') + + f.close + + return True + + # + # Validate Current Settings + # + # Input is the current settings and a list of setting/value pairs (list of lists) + # + # Ensure the settings in the checklist have the proper value + # + def validate_current_settings(self, testname, currentSettingXmlFile, checklist): + + for item in checklist: + a = DFCI_SupportLib() + rc = a.check_current_setting_value(currentSettingXmlFile, item[0], item[1]) + if not rc: + return rc + + return True diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/UefiVariablesSupportLib.py b/DfciPkg/UnitTests/DfciTests/Support/Python/UefiVariablesSupportLib.py index a401d8c8..f7037d20 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/UefiVariablesSupportLib.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/UefiVariablesSupportLib.py @@ -1,108 +1,108 @@ -# @file -# -# Python lib to support Reading and writing UEFI variables from windows -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -import os, sys -from ctypes import * -import logging -import pywintypes -import win32api, win32process, win32security, win32file -import winerror - -kernel32 = windll.kernel32 -EFI_VAR_MAX_BUFFER_SIZE = 1024*1024 - -class UefiVariable(object): - - def __init__(self): - # enable required SeSystemEnvironmentPrivilege privilege - privilege = win32security.LookupPrivilegeValue( None, 'SeSystemEnvironmentPrivilege' ) - token = win32security.OpenProcessToken( win32process.GetCurrentProcess(), win32security.TOKEN_READ|win32security.TOKEN_ADJUST_PRIVILEGES ) - win32security.AdjustTokenPrivileges( token, False, [(privilege, win32security.SE_PRIVILEGE_ENABLED)] ) - win32api.CloseHandle( token ) - - # import firmware variable API - try: - self._GetFirmwareEnvironmentVariable = kernel32.GetFirmwareEnvironmentVariableW - self._GetFirmwareEnvironmentVariable.restype = c_int - self._GetFirmwareEnvironmentVariable.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int] - self._SetFirmwareEnvironmentVariable = kernel32.SetFirmwareEnvironmentVariableW - self._SetFirmwareEnvironmentVariable.restype = c_int - self._SetFirmwareEnvironmentVariable.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int] - self._SetFirmwareEnvironmentVariableEx = kernel32.SetFirmwareEnvironmentVariableExW - self._SetFirmwareEnvironmentVariableEx.restype = c_int - self._SetFirmwareEnvironmentVariableEx.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int, c_int] - except AttributeError as msg: - logging.warn( "G[S]etFirmwareEnvironmentVariableW function doesn't seem to exist" ) - pass - - # - # Helper function to create buffer for var read/write - # - def CreateBuffer(self, init, size=None): - """CreateBuffer(aString) -> character array - CreateBuffer(anInteger) -> character array - CreateBuffer(aString, anInteger) -> character array - """ - if isinstance(init, str): - if size is None: - size = len(init)+1 - buftype = c_char * size - buf = buftype() - buf.value = init - return buf - elif isinstance(init, int): - buftype = c_char * init - buf = buftype() - return buf - raise TypeError(init) - - # - #Function to get variable - # return a tuple of error code and variable data as string - # - def GetUefiVar(self, name, guid ): - err = 0 #success - efi_var = create_string_buffer( EFI_VAR_MAX_BUFFER_SIZE ) - if self._GetFirmwareEnvironmentVariable is not None: - logging.info("calling GetFirmwareEnvironmentVariable( name='%s', GUID='%s' ).." % (name, "{%s}" % guid) ) - length = self._GetFirmwareEnvironmentVariable( name, "{%s}" % guid, efi_var, EFI_VAR_MAX_BUFFER_SIZE ) - if (0 == length) or (efi_var is None): - err = kernel32.GetLastError() - logging.error( 'GetFirmwareEnvironmentVariable[Ex] failed (GetLastError = 0x%x)' % err) - logging.error(WinError()) - return (err, None, WinError(err)) - return (err, efi_var[:length], None) - # - #Function to set variable - # return a tuple of boolean status, errorcode, errorstring (None if not error) - # - def SetUefiVar(self, name, guid, var=None, attrs=None): - var_len = 0 - err = 0 - errorstring = None - if var is None: - var = bytes(0) - else: - var_len = len(var) - success = 0 # Fail - if(attrs == None): - if self._SetFirmwareEnvironmentVariable is not None: - logging.info("Calling SetFirmwareEnvironmentVariable (name='%s', Guid='%s')..." % (name, "{%s}" % guid, )) - success = self._SetFirmwareEnvironmentVariable(name, "{%s}" % guid, var, var_len) - else: - attrs = int(attrs) - if self._SetFirmwareEnvironmentVariableEx is not None: - logging.info(" calling SetFirmwareEnvironmentVariableEx( name='%s', GUID='%s', length=0x%X, attributes=0x%X ).." % (name, "{%s}" % guid, var_len, attrs) ) - success = self._SetFirmwareEnvironmentVariableEx( name, "{%s}" % guid, var, var_len, attrs ) - - if 0 == success: - err = kernel32.GetLastError() - logging.error('SetFirmwareEnvironmentVariable failed (GetLastError = 0x%x)' % err ) - logging.error(WinError()) - errorstring = WinError(err) - return (success,err, errorstring) - +# @file +# +# Python lib to support Reading and writing UEFI variables from windows +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +import os, sys +from ctypes import * +import logging +import pywintypes +import win32api, win32process, win32security, win32file +import winerror + +kernel32 = windll.kernel32 +EFI_VAR_MAX_BUFFER_SIZE = 1024*1024 + +class UefiVariable(object): + + def __init__(self): + # enable required SeSystemEnvironmentPrivilege privilege + privilege = win32security.LookupPrivilegeValue( None, 'SeSystemEnvironmentPrivilege' ) + token = win32security.OpenProcessToken( win32process.GetCurrentProcess(), win32security.TOKEN_READ|win32security.TOKEN_ADJUST_PRIVILEGES ) + win32security.AdjustTokenPrivileges( token, False, [(privilege, win32security.SE_PRIVILEGE_ENABLED)] ) + win32api.CloseHandle( token ) + + # import firmware variable API + try: + self._GetFirmwareEnvironmentVariable = kernel32.GetFirmwareEnvironmentVariableW + self._GetFirmwareEnvironmentVariable.restype = c_int + self._GetFirmwareEnvironmentVariable.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int] + self._SetFirmwareEnvironmentVariable = kernel32.SetFirmwareEnvironmentVariableW + self._SetFirmwareEnvironmentVariable.restype = c_int + self._SetFirmwareEnvironmentVariable.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int] + self._SetFirmwareEnvironmentVariableEx = kernel32.SetFirmwareEnvironmentVariableExW + self._SetFirmwareEnvironmentVariableEx.restype = c_int + self._SetFirmwareEnvironmentVariableEx.argtypes = [c_wchar_p, c_wchar_p, c_void_p, c_int, c_int] + except AttributeError as msg: + logging.warn( "G[S]etFirmwareEnvironmentVariableW function doesn't seem to exist" ) + pass + + # + # Helper function to create buffer for var read/write + # + def CreateBuffer(self, init, size=None): + """CreateBuffer(aString) -> character array + CreateBuffer(anInteger) -> character array + CreateBuffer(aString, anInteger) -> character array + """ + if isinstance(init, str): + if size is None: + size = len(init)+1 + buftype = c_char * size + buf = buftype() + buf.value = init + return buf + elif isinstance(init, int): + buftype = c_char * init + buf = buftype() + return buf + raise TypeError(init) + + # + #Function to get variable + # return a tuple of error code and variable data as string + # + def GetUefiVar(self, name, guid ): + err = 0 #success + efi_var = create_string_buffer( EFI_VAR_MAX_BUFFER_SIZE ) + if self._GetFirmwareEnvironmentVariable is not None: + logging.info("calling GetFirmwareEnvironmentVariable( name='%s', GUID='%s' ).." % (name, "{%s}" % guid) ) + length = self._GetFirmwareEnvironmentVariable( name, "{%s}" % guid, efi_var, EFI_VAR_MAX_BUFFER_SIZE ) + if (0 == length) or (efi_var is None): + err = kernel32.GetLastError() + logging.error( 'GetFirmwareEnvironmentVariable[Ex] failed (GetLastError = 0x%x)' % err) + logging.error(WinError()) + return (err, None, WinError(err)) + return (err, efi_var[:length], None) + # + #Function to set variable + # return a tuple of boolean status, errorcode, errorstring (None if not error) + # + def SetUefiVar(self, name, guid, var=None, attrs=None): + var_len = 0 + err = 0 + errorstring = None + if var is None: + var = bytes(0) + else: + var_len = len(var) + success = 0 # Fail + if(attrs == None): + if self._SetFirmwareEnvironmentVariable is not None: + logging.info("Calling SetFirmwareEnvironmentVariable (name='%s', Guid='%s')..." % (name, "{%s}" % guid, )) + success = self._SetFirmwareEnvironmentVariable(name, "{%s}" % guid, var, var_len) + else: + attrs = int(attrs) + if self._SetFirmwareEnvironmentVariableEx is not None: + logging.info(" calling SetFirmwareEnvironmentVariableEx( name='%s', GUID='%s', length=0x%X, attributes=0x%X ).." % (name, "{%s}" % guid, var_len, attrs) ) + success = self._SetFirmwareEnvironmentVariableEx( name, "{%s}" % guid, var, var_len, attrs ) + + if 0 == success: + err = kernel32.GetLastError() + logging.error('SetFirmwareEnvironmentVariable failed (GetLastError = 0x%x)' % err ) + logging.error(WinError()) + errorstring = WinError(err) + return (success,err, errorstring) + diff --git a/DfciPkg/UnitTests/DfciTests/Support/Python/UtilityFunctions.py b/DfciPkg/UnitTests/DfciTests/Support/Python/UtilityFunctions.py index febfcf96..eae5782c 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Python/UtilityFunctions.py +++ b/DfciPkg/UnitTests/DfciTests/Support/Python/UtilityFunctions.py @@ -1,175 +1,175 @@ -# @file -# -# Utility Functions to support re-use in python scripts. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -## -## Utility Functions to support re-use in python scripts. -## -## Includes functions for running external commands, etc -## -from __future__ import print_function #support Python3 and 2 for print -import os -import sys -import logging -import datetime -import shutil -import threading -import subprocess - -# -#set signtool path -- -# Requires the windows 8.1 kit. -# only works on 64bit systems but all dev machines should be 64bit by now. -gSignToolPath = os.path.join(os.getenv("ProgramFiles(x86)"), "Windows Kits", "10", "bin", "10.0.18362.0", "x64", "signtool.exe") - -# -# Cert Manager is used for deleting the cert when add/removing certs -# -gCertMgrPath = os.path.join(os.getenv("ProgramFiles(x86)"), "Windows Kits", "10", "bin", "10.0.18363.0", "x64", "certmgr.exe") - -# -# Cert Util is used to import PFX into cert store -# -gCertUtilPath = "CertUtil.exe" - -# -#check Windows Kit files and try using 8.1 if not in 10 -# -#check the tool path and update it -if not os.path.exists(gCertMgrPath): - gCertMgrPath = gCertMgrPath.replace('10', '8.1') - -#check the tool path and update it -if not os.path.exists(gSignToolPath): - gSignToolPath = gSignToolPath.replace('10', '8.1') - - -# -# process output stream and write to log. -# part of the threading pattern. -# -# http://stackoverflow.com/questions/19423008/logged-subprocess-communicate -# -def reader(stream): - while True: - s = stream.readline() - if not s: - break - logging.info(s.rstrip()) - stream.close() - -def filereader(filepath, stream): - f = open(filepath, "w") - while True: - s = stream.readline() - if not s: - break - f.write(s) - stream.close() - f.close() - -# -# Run a shell commmand and print the output to the log file -# -def RunCmd(cmd, capture=True, outfile=None): - starttime = datetime.datetime.now() - logging.debug("Cmd to run is: " + cmd) - logging.info("------------------------------------------------") - logging.info("--------------Cmd Output Starting---------------") - logging.info("------------------------------------------------") - c = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - if(capture): - if(outfile): - outr = threading.Thread(target=filereader, args=(outfile, c.stdout,)) - else: - outr = threading.Thread(target=reader, args=(c.stdout,)) - outr.start() - c.wait() - outr.join() - else: - c.wait() - - #replaced communicate method with modified threading solution found here - # http://stackoverflow.com/questions/19423008/logged-subprocess-communicate - # - - endtime = datetime.datetime.now() - delta = endtime - starttime - logging.info("------------------------------------------------") - logging.info("--------------Cmd Output Finished---------------") - logging.info("--------- Running Time (mm:ss): {0[0]:02}:{0[1]:02} ----------".format(divmod(delta.seconds, 60))) - logging.info("------------------------------------------------") - return c.returncode - - -def SignWithSignTool(ToSignFilePath, DetachedSignatureOutputFilePath, PfxFile, PfxPass, Oid): - OutputDir = os.path.dirname(DetachedSignatureOutputFilePath) - cmd = gSignToolPath + ' sign /p7ce DetachedSignedData /fd sha256 /p7co ' + Oid + ' /p7 "' + OutputDir + '" /f "' + PfxFile + '"' - if PfxPass: - #add password if set - cmd = cmd + ' /p ' + PfxPass - cmd = cmd + ' /debug /v "' + ToSignFilePath + '" ' - logging.critical("Command is: %s" % cmd) - ret = RunCmd(cmd) - if(ret != 0): - raise Exception("Signtool error %d" % ret) - signedfile = os.path.join(OutputDir, os.path.basename(ToSignFilePath) + ".p7") - if(not os.path.isfile(signedfile)): - raise Exception("Output file doesn't eixst %s" % signedfile) - - shutil.move(signedfile, DetachedSignatureOutputFilePath) - return ret - -### -# Function to print a byte list as hex and optionally output ascii as well as -# offset within the buffer -### -def PrintByteList(ByteList, IncludeAscii=True, IncludeOffset=True, IncludeHexSep=True, OffsetStart=0): - Ascii = "" - for index in range(len(ByteList)): - #Start of New Line - if(index % 16 == 0): - if(IncludeOffset): - print("0x%04X -" % (index + OffsetStart), end='') - - #Midpoint of a Line - if(index % 16 == 8): - if(IncludeHexSep): - print(" -", end='') - - #Print As Hex Byte - print(" 0x%02X" % ByteList[index], end='') - - #Prepare to Print As Ascii - if(ByteList[index] < 0x20) or (ByteList[index] > 0x7E): - Ascii += "." - else: - Ascii += ("%c" % ByteList[index]) - - #End of Line - if(index % 16 == 15): - if(IncludeAscii): - print(" %s" % Ascii, end='') - Ascii = "" - print("") - - #Done - Lets check if we have partial - if(index % 16 != 15): - #Lets print any partial line of ascii - if(IncludeAscii) and (Ascii != ""): - #Pad out to the correct spot - - while(index % 16 != 15): - print(" ", end='') - if(index % 16 == 7): #acount for the - symbol in the hex dump - if(IncludeOffset): - print(" ", end='') - index += 1 - #print the ascii partial line - print(" %s" % Ascii, end='') - #print a single newline so that next print will be on new line - print("") - +# @file +# +# Utility Functions to support re-use in python scripts. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +## +## Utility Functions to support re-use in python scripts. +## +## Includes functions for running external commands, etc +## +from __future__ import print_function #support Python3 and 2 for print +import os +import sys +import logging +import datetime +import shutil +import threading +import subprocess + +# +#set signtool path -- +# Requires the windows 8.1 kit. +# only works on 64bit systems but all dev machines should be 64bit by now. +gSignToolPath = os.path.join(os.getenv("ProgramFiles(x86)"), "Windows Kits", "10", "bin", "10.0.18362.0", "x64", "signtool.exe") + +# +# Cert Manager is used for deleting the cert when add/removing certs +# +gCertMgrPath = os.path.join(os.getenv("ProgramFiles(x86)"), "Windows Kits", "10", "bin", "10.0.18363.0", "x64", "certmgr.exe") + +# +# Cert Util is used to import PFX into cert store +# +gCertUtilPath = "CertUtil.exe" + +# +#check Windows Kit files and try using 8.1 if not in 10 +# +#check the tool path and update it +if not os.path.exists(gCertMgrPath): + gCertMgrPath = gCertMgrPath.replace('10', '8.1') + +#check the tool path and update it +if not os.path.exists(gSignToolPath): + gSignToolPath = gSignToolPath.replace('10', '8.1') + + +# +# process output stream and write to log. +# part of the threading pattern. +# +# http://stackoverflow.com/questions/19423008/logged-subprocess-communicate +# +def reader(stream): + while True: + s = stream.readline() + if not s: + break + logging.info(s.rstrip()) + stream.close() + +def filereader(filepath, stream): + f = open(filepath, "w") + while True: + s = stream.readline() + if not s: + break + f.write(s) + stream.close() + f.close() + +# +# Run a shell commmand and print the output to the log file +# +def RunCmd(cmd, capture=True, outfile=None): + starttime = datetime.datetime.now() + logging.debug("Cmd to run is: " + cmd) + logging.info("------------------------------------------------") + logging.info("--------------Cmd Output Starting---------------") + logging.info("------------------------------------------------") + c = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + if(capture): + if(outfile): + outr = threading.Thread(target=filereader, args=(outfile, c.stdout,)) + else: + outr = threading.Thread(target=reader, args=(c.stdout,)) + outr.start() + c.wait() + outr.join() + else: + c.wait() + + #replaced communicate method with modified threading solution found here + # http://stackoverflow.com/questions/19423008/logged-subprocess-communicate + # + + endtime = datetime.datetime.now() + delta = endtime - starttime + logging.info("------------------------------------------------") + logging.info("--------------Cmd Output Finished---------------") + logging.info("--------- Running Time (mm:ss): {0[0]:02}:{0[1]:02} ----------".format(divmod(delta.seconds, 60))) + logging.info("------------------------------------------------") + return c.returncode + + +def SignWithSignTool(ToSignFilePath, DetachedSignatureOutputFilePath, PfxFile, PfxPass, Oid): + OutputDir = os.path.dirname(DetachedSignatureOutputFilePath) + cmd = gSignToolPath + ' sign /p7ce DetachedSignedData /fd sha256 /p7co ' + Oid + ' /p7 "' + OutputDir + '" /f "' + PfxFile + '"' + if PfxPass: + #add password if set + cmd = cmd + ' /p ' + PfxPass + cmd = cmd + ' /debug /v "' + ToSignFilePath + '" ' + logging.critical("Command is: %s" % cmd) + ret = RunCmd(cmd) + if(ret != 0): + raise Exception("Signtool error %d" % ret) + signedfile = os.path.join(OutputDir, os.path.basename(ToSignFilePath) + ".p7") + if(not os.path.isfile(signedfile)): + raise Exception("Output file doesn't eixst %s" % signedfile) + + shutil.move(signedfile, DetachedSignatureOutputFilePath) + return ret + +### +# Function to print a byte list as hex and optionally output ascii as well as +# offset within the buffer +### +def PrintByteList(ByteList, IncludeAscii=True, IncludeOffset=True, IncludeHexSep=True, OffsetStart=0): + Ascii = "" + for index in range(len(ByteList)): + #Start of New Line + if(index % 16 == 0): + if(IncludeOffset): + print("0x%04X -" % (index + OffsetStart), end='') + + #Midpoint of a Line + if(index % 16 == 8): + if(IncludeHexSep): + print(" -", end='') + + #Print As Hex Byte + print(" 0x%02X" % ByteList[index], end='') + + #Prepare to Print As Ascii + if(ByteList[index] < 0x20) or (ByteList[index] > 0x7E): + Ascii += "." + else: + Ascii += ("%c" % ByteList[index]) + + #End of Line + if(index % 16 == 15): + if(IncludeAscii): + print(" %s" % Ascii, end='') + Ascii = "" + print("") + + #Done - Lets check if we have partial + if(index % 16 != 15): + #Lets print any partial line of ascii + if(IncludeAscii) and (Ascii != ""): + #Pad out to the correct spot + + while(index % 16 != 15): + print(" ", end='') + if(index % 16 == 7): #acount for the - symbol in the hex dump + if(IncludeOffset): + print(" ", end='') + index += 1 + #print the ascii partial line + print(" %s" % Ascii, end='') + #print a single newline so that next print will be on new line + print("") + diff --git a/DfciPkg/UnitTests/DfciTests/Support/Robot/CertSupport.robot b/DfciPkg/UnitTests/DfciTests/Support/Robot/CertSupport.robot index df665e7e..33d2fdbe 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Robot/CertSupport.robot +++ b/DfciPkg/UnitTests/DfciTests/Support/Robot/CertSupport.robot @@ -1,68 +1,68 @@ -*** Settings *** -# @file -# -Documentation DFCI Certificate Support -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process -Library ${CURDIR}${/}..${/}Python${/}CertSupportLib.py - -*** Keywords *** - -Set DDS CA cert - Set Global Variable ${NEW_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA.cer - Set Global Variable ${NEW_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf.pfx - Set Global Variable ${OLD_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf2.pfx - Set Global Variable ${OLD_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA2.cer - - -Set DDS CA2 cert - Set Global Variable ${NEW_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA2.cer - Set Global Variable ${NEW_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf2.pfx - Set Global Variable ${OLD_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf.pfx - Set Global Variable ${OLD_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA.cer - - -Set MDM CA cert - Set Global Variable ${NEW_USER_CERT} ${CERTS_DIR}${/}MDM_CA.cer - Set Global Variable ${NEW_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf.pfx - Set Global Variable ${OLD_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf2.pfx - Set Global Variable ${OLD_USER_CERT} ${CERTS_DIR}${/}MDM_CA2.cer - - -Set MDM CA2 cert - Set Global Variable ${NEW_USER_CERT} ${CERTS_DIR}${/}MDM_CA2.cer - Set Global Variable ${NEW_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf2.pfx - Set Global Variable ${OLD_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf.pfx - Set Global Variable ${OLD_USER_CERT} ${CERTS_DIR}${/}MDM_CA.cer - - -Initialize Thumbprints - [Arguments] ${OwnerThumbprint} ${UserThumbprint} - - ${DdsCA}= Set Variable ${CERTS_DIR}${/}DDS_CA.pfx - ${MdmCA}= Set Variable ${CERTS_DIR}${/}MDM_CA.pfx - ${ZtdLeaf}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx - ${ZtdCert}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.cer - - ${DdsThumbprint}= Get Thumbprint From Pfx ${DdsCA} - ${MdmThumbprint}= Get Thumbprint From Pfx ${MdmCA} - ${ZtdThumbprint}= Get Thumbprint From Pfx ${ZtdLeaf} - - Run Keyword If ${OwnerThumbprint} == '${DdsThumbprint}' - ... Set DDS CA2 cert - ... ELSE - ... Set DDS CA cert - Run Keyword If ${UserThumbprint} == '${MdmThumbprint}' - ... Set MDM CA2 cert - ... ELSE - ... Set MDM CA cert - - Set Global Variable ${ZTD_LEAF_PFX} ${ZtdLeaf} - Set Global Variable ${ZTD_LEAF_CERT} ${ZtdCert} - Set Global Variable ${DDS_CA_THUMBPRINT} '${DdsThumbprint}' - Set Global Variable ${MDM_CA_THUMBPRINT} '${MdmThumbprint}' - Set Global Variable ${ZTD_LEAF_THUMBPRINT} '${ZtdThumbprint}' +*** Settings *** +# @file +# +Documentation DFCI Certificate Support +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process +Library ${CURDIR}${/}..${/}Python${/}CertSupportLib.py + +*** Keywords *** + +Set DDS CA cert + Set Global Variable ${NEW_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA.cer + Set Global Variable ${NEW_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf.pfx + Set Global Variable ${OLD_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf2.pfx + Set Global Variable ${OLD_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA2.cer + + +Set DDS CA2 cert + Set Global Variable ${NEW_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA2.cer + Set Global Variable ${NEW_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf2.pfx + Set Global Variable ${OLD_OWNER_PFX} ${CERTS_DIR}${/}DDS_Leaf.pfx + Set Global Variable ${OLD_OWNER_CERT} ${CERTS_DIR}${/}DDS_CA.cer + + +Set MDM CA cert + Set Global Variable ${NEW_USER_CERT} ${CERTS_DIR}${/}MDM_CA.cer + Set Global Variable ${NEW_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf.pfx + Set Global Variable ${OLD_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf2.pfx + Set Global Variable ${OLD_USER_CERT} ${CERTS_DIR}${/}MDM_CA2.cer + + +Set MDM CA2 cert + Set Global Variable ${NEW_USER_CERT} ${CERTS_DIR}${/}MDM_CA2.cer + Set Global Variable ${NEW_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf2.pfx + Set Global Variable ${OLD_USER_PFX} ${CERTS_DIR}${/}MDM_Leaf.pfx + Set Global Variable ${OLD_USER_CERT} ${CERTS_DIR}${/}MDM_CA.cer + + +Initialize Thumbprints + [Arguments] ${OwnerThumbprint} ${UserThumbprint} + + ${DdsCA}= Set Variable ${CERTS_DIR}${/}DDS_CA.pfx + ${MdmCA}= Set Variable ${CERTS_DIR}${/}MDM_CA.pfx + ${ZtdLeaf}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx + ${ZtdCert}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.cer + + ${DdsThumbprint}= Get Thumbprint From Pfx ${DdsCA} + ${MdmThumbprint}= Get Thumbprint From Pfx ${MdmCA} + ${ZtdThumbprint}= Get Thumbprint From Pfx ${ZtdLeaf} + + Run Keyword If ${OwnerThumbprint} == '${DdsThumbprint}' + ... Set DDS CA2 cert + ... ELSE + ... Set DDS CA cert + Run Keyword If ${UserThumbprint} == '${MdmThumbprint}' + ... Set MDM CA2 cert + ... ELSE + ... Set MDM CA cert + + Set Global Variable ${ZTD_LEAF_PFX} ${ZtdLeaf} + Set Global Variable ${ZTD_LEAF_CERT} ${ZtdCert} + Set Global Variable ${DDS_CA_THUMBPRINT} '${DdsThumbprint}' + Set Global Variable ${MDM_CA_THUMBPRINT} '${MdmThumbprint}' + Set Global Variable ${ZTD_LEAF_THUMBPRINT} '${ZtdThumbprint}' diff --git a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Keywords.robot b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Keywords.robot index 3d66dc55..d37ae80c 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Keywords.robot +++ b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Keywords.robot @@ -1,479 +1,479 @@ -*** Settings *** -# @file -# -Documentation DFCI Shared Keywords -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process -Library Remote http://${IP_OF_DUT}:${RF_PORT} -Library Support${/}Python${/}DFCI_SupportLib.py - - -*** Variables *** -${CMD_MFG} Get-CimInstance -ClassName Win32_ComputerSystem -Property Manufacturer | Select-Object -ExpandProperty Manufacturer -${CMD_MODEL} Get-CimInstance -ClassName Win32_ComputerSystem -Property Model | Select-Object -ExpandProperty Model -${CMD_SERIALNUMBER} Get-CimInstance -ClassName Win32_systemenclosure -Property SerialNumber | Select-Object -ExpandProperty SerialNumber -${CMD_UUID} Get-CimInstance -ClassName Win32_computersystemproduct -Property uuid | Select-Object -ExpandProperty uuid - - -*** Keywords *** -Make Dfci Output - Create Directory ${TEST_OUTPUT} - Create Directory ${TOOL_DATA_OUT_DIR} - Create Directory ${TOOL_STD_OUT_DIR} - Create Directory ${BOOT_LOG_OUT_DIR} - Empty Directory ${TOOL_DATA_OUT_DIR} - Empty Directory ${TOOL_STD_OUT_DIR} - Empty Directory ${BOOT_LOG_OUT_DIR} - -Compare Files - [Arguments] ${CompareFile1} ${CompareFile2} ${ExpectedRC} - - ${result}= Run Process fc.exe /b ${CompareFile1} ${CompareFile2} - Log all stdout: ${result.stdout} - Log all stderr: ${result.stderr} - Should Be Equal As Integers ${result.rc} ${ExpectedRC} - - -############################################################ -# Get system under test Information # -############################################################ - -Get System Under Test SerialNumber - ${Value}= Run PowerShell And Return Output ${CMD_SERIALNUMBER} - Should Be True '${Value}' != 'Error' - Should Be True '${Value}' != '' - [Return] ${Value} - - -Get System Under Test Manufacturer - ${Value}= Run PowerShell And Return Output ${CMD_MFG} - Should Be True '${Value}' != 'Error' - Should Be True '${Value}' != '' - [Return] ${Value} - - -Get System Under Test ProductName - ${Value}= Run PowerShell And Return Output ${CMD_MODEL} - Should Be True '${Value}' != 'Error' - Should Be True '${Value}' != '' - [Return] ${Value} - - -############################################################ -# Print Routines for each Package # -############################################################ -Print Provisioning Package - [Arguments] ${binfile} ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GenerateCertProvisionData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - -Print Permission Package - [Arguments] ${binfile} ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GeneratePermissionPacketData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - -Print Settings Package - [Arguments] ${binfile} ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GenerateSettingsPacketData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - - -############################################################ -# Get results of each Package # -############################################################ -Get Provisioning Result Package - [Arguments] ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Provisioning --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - - -Get Permission Result Package - [Arguments] ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Permissions --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - - -Get Settings Result Package - [Arguments] ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Settings --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - - -############################################################ -# Get Current Settings Value in XML # -############################################################ -Get Current Settings Package - [Arguments] ${stdoutfile} - ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --CurrentSettings --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} - Log File ${stdoutfile} - Should Be Equal As Integers ${result.rc} 0 - - -Verify Provision Response - [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} - @{rc2}= get status and sessionid from identity results ${ResponseFile} - ${id2}= get sessionid from identity packet ${pktfile} - ${rc2zstring}= get uefistatus string ${rc2}[0] - ${ExpectedString}= get uefistatus string ${ExpectedRc} - Should Be Equal As Integers ${rc2}[1] ${id2} - Should Be Equal As strings ${rc2zstring} ${ExpectedString} - - -Verify Permission Response - [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} - @{rc2}= get status and sessionid from permission results ${ResponseFile} - ${id2}= get sessionid from permission packet ${pktfile} - ${rc2zstring}= get uefistatus string ${rc2}[0] - ${ExpectedString}= get uefistatus string ${ExpectedRc} - Should Be Equal As Integers ${rc2}[1] ${id2} - Should Be Equal As strings ${rc2zstring} ${ExpectedString} - - -Verify Settings Response - [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} ${checktype} - @{rc2}= get status and sessionid from settings results ${ResponseFile} ${checktype} - ${id2}= get sessionid from settings packet ${pktfile} - ${rc2zstring}= get uefistatus string ${rc2}[0] - ${ExpectedString}= get uefistatus string ${ExpectedRc} - Should Be Equal As Integers ${rc2}[1] ${id2} - Should Be Equal As strings ${rc2zstring} ${ExpectedString} - - -Verify Identity Current - [Arguments] ${xmlfile} ${Mfg} ${ProdName} ${SerialNumber} - ${rc}= Verify Device Id ${xmlfile} ${Mfg} ${ProdName} ${SerialNumber} - Should Be Equal As Integers ${rc} 0 - ${rc}= Verify Dfci Version ${xmlfile} 2 - Should Be True ${rc} - - -Get and Print Current Identities - [Arguments] ${currentxmlFile} - - Get Current Identities ${currentxmlFile} - Print Xml Payload ${currentxmlFile} - - -Get and Print Current Permissions - [Arguments] ${currentxmlFile} - - Get Current Permissions ${currentxmlFile} - Print Xml Payload ${currentxmlFile} - - -Get and Print Current Settings - [Arguments] ${currentxmlFile} - - Get Current Settings ${currentxmlFile} - Print Xml Payload ${currentxmlFile} - - -Get and Print Device Identifier - [Arguments] ${currentxmlFile} - - Get Device Identifier ${currentxmlFile} - Print Xml Payload ${currentxmlFile} - - -############################################################ -# Resetting system and wait for reboot complete # -############################################################ - -Wait For System Online - [Arguments] ${retries} - FOR ${index} IN RANGE ${retries} - ${result} = Is Device Online ${IP_OF_DUT} - Exit For Loop If '${result}' == 'True' - Sleep 5sec "Waiting for system to come back Online" - END - Should Be True ${result} System failed to come online: pinging ${IP_OF_DUT} failed ${retries} times - -Wait For System Offline - [Arguments] ${retries} - FOR ${index} IN RANGE ${retries} - ${result} = Is Device Online ${IP_OF_DUT} - Exit For Loop If '${result}' == 'False' - Sleep 5sec "Waiting for system to go offline" - END - Should Not Be True ${result} System failed to go offline: pinged ${IP_OF_DUT} ${retries} times - -Wait For Remote Robot - [Arguments] ${timeinseconds} - FOR ${retries} IN RANGE ${timeinseconds} - Log To Console Waiting for Robot To Ack ${retries} - ${status} ${message} Run Keyword And Ignore Error Remote Ack - Return From Keyword If '${status}' == 'PASS' ${message} - Sleep 1 - END - Return From Keyword ${False} - -Reboot System And Wait For System Online - remote_warm_reboot - Wait For System Offline 60 - Wait For System Online 60 - Wait For Remote Robot 15 - -Reboot System To Firmware And Wait For System Online - remote_reboot_to_firmware - Wait For System Offline 60 - Wait For System Online 120 - Wait For Remote Robot 15 - - -############################################################ -# Verify NO APPLY variables present # -############################################################ - -Verify No Mailboxes Have Data - - @{rcid}= GetUefiVariable ${IDENTITY_APPLY} ${IDENTITY_GUID} ${None} - Run Keyword If ${rcid}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${IDENTITY_APPLY} ${IDENTITY_GUID} - - @{rcid2}= GetUefiVariable ${IDENTITY2_APPLY} ${IDENTITY_GUID} ${None} - Run Keyword If ${rcid2}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${IDENTITY2_APPLY} ${IDENTITY_GUID} - - @{rcperm}= GetUefiVariable ${PERMISSION_APPLY} ${PERMISSION_GUID} ${None} - Run Keyword If ${rcperm}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${PERMISSION_APPLY} ${IDENTITY_GUID} - - @{rcperm2}= GetUefiVariable ${PERMISSION2_APPLY} ${PERMISSION_GUID} ${None} - Run Keyword If ${rcperm2}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${PERMISSION2_APPLY} ${IDENTITY_GUID} - - @{rcset}= GetUefiVariable ${SETTINGS_APPLY} ${SETTINGS_GUID} ${None} - Run Keyword If ${rcset}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${SETTINGS_APPLY} ${IDENTITY_GUID} - - @{rcset2}= GetUefiVariable ${SETTINGS2_APPLY} ${SETTINGS_GUID} ${None} - Run Keyword If ${rcset2}[0] != ${STATUS_VARIABLE_NOT_FOUND} - ... SetUefiVariable ${SETTINGS2_APPLY} ${IDENTITY_GUID} - - Should Be True ${rcid}[0] == ${STATUS_VARIABLE_NOT_FOUND} - Should Be True ${rcperm}[0] == ${STATUS_VARIABLE_NOT_FOUND} - Should Be True ${rcperm2}[0] == ${STATUS_VARIABLE_NOT_FOUND} - Should Be True ${rcset}[0] == ${STATUS_VARIABLE_NOT_FOUND} - Should Be True ${rcset2}[0] == ${STATUS_VARIABLE_NOT_FOUND} - - -# Create an Unenroll Identity Package File -# - -# binFile = Output binary package to send to DUT -# signPfx = Pfx file to sign the package -# testSignPfx = Pfx file to verify signing with cert file -# certFile = Cert used to verify incoming pkts -# KEY_INDEX = Which key to unenroll -# TargetParms = list with version and target information -# -Create Dfci Provisioning Package - [Arguments] ${binfile} ${signPfx} ${testSignPfx} ${certFile} ${KEY_INDEX} @{TargetParms} - - File Should Exist ${signPfx} - File Should Exist ${testSignPfx} - File Should Exist ${certFile} - - ${Result}= Run Process python.exe ${GEN_IDENTITY} --CertFilePath ${certFile} --Step2AEnable --Signing2APfxFile ${testSignPfx} --Step2BEnable --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --Identity ${KEY_INDEX} @{TargetParms} - - Log all stdout: ${result.stdout} - Log all stderr: ${result.stderr} - - Should Be Equal As Integers ${result.rc} 0 - File Should Exist ${binfile} - - -# Create an Unenroll Identity Package File -# -# binFile = Output binary package to send to DUT -# signPfx = Pfx file to sign the package -# KEY_INDEX = Which key to unenroll -# TargetParms = list with version and target information -# -Create Dfci UnEnroll Package - [Arguments] ${binfile} ${signPfx} ${KEY_INDEX} @{TargetParms} - - File Should Exist ${signPfx} - - ${Result}= Run Process python.exe ${GEN_IDENTITY} --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --Identity ${KEY_INDEX} @{TargetParms} - - Log all stdout: ${result.stdout} - Log all stderr: ${result.stderr} - - Should Be Equal As Integers ${result.rc} 0 - File Should Exist ${binfile} - - -# Create a Permissions Package File -# -# binFile = Output binary package to send to DUT -# signPfx = Pfx file to sign the package -# xmlFile = The permissions XML file to apply -# TargetParms = list with version and target information -# -Create Dfci Permission Package - [Arguments] ${binfile} ${signPfx} ${xmlFile} @{TargetParms} - - File Should Exist ${signPfx} - File Should Exist ${xmlFile} - - ${Result}= Run Process python.exe ${GEN_PERMISSIONS} --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --XmlFilePath ${xmlFile} @{TargetParms} - - Log all stdout: ${result.stdout} - Log all stderr: ${result.stderr} - - Should Be Equal As Integers ${result.rc} 0 - File Should Exist ${binfile} - - -# Create a Settings Package File -# -# binFile = Output binary package to send to DUT -# signPfx = Pfx file to sign the package -# xmlFile = The settings XML file to apply -# TargetParms = list with version and target information -# -Create Dfci Settings Package - [Arguments] ${binfile} ${signPfx} ${xmlFile} @{TargetParms} - File Should Exist ${xmlFile} - - IF '${signPfx}' == 'UNSIGNED' - ${Result}= Run Process python.exe ${GEN_SETTINGS} --HdrVersion 2 --Step1Enable --PrepResultFile ${binfile} --XmlFilePath ${xmlFile} @{TargetParms} - ELSE - File Should Exist ${signPfx} - ${Result}= Run Process python.exe ${GEN_SETTINGS} --HdrVersion 2 --Step1Enable --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --XmlFilePath ${xmlFile} @{TargetParms} - END - - Log all stdout: ${result.stdout} - Log all stderr: ${result.stderr} - - Should Be Equal As Integers ${result.rc} 0 - File Should Exist ${binfile} - - -######################################################################## -# Apply a Provision (Identity) Package, and check the results # -######################################################################## -Process Provision Packet - [Arguments] ${TestName} ${mailbox} ${signPfxFile} ${testsignPfxFile} ${ownerCertFile} ${KEY_INDEX} @{TargetParms} - ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Provision_apply.log - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_apply.bin - - #Create and deploy an identity packet - - Create Dfci Provisioning Package ${binPackageFile} ${signPfxFile} ${testsignPfxFile} ${ownerCertFile} ${KEY_INDEX} @{TargetParms} - Print Provisioning Package ${binPackageFile} ${applyPackageFile} - - Apply Identity ${mailbox} ${binPackageFile} - - -Validate Provision Status - [Arguments] ${TestName} ${mailbox} ${expectedStatus} - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_apply.bin - ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_result.bin - - Get Identity Results ${mailbox} ${binResultFile} - - Verify Provision Response ${binPackageFile} ${binResultFile} ${expectedStatus} - - -############################################################## -# Apply a Permission Package, and check the results # -############################################################## -Process Permission Packet - [Arguments] ${TestName} ${mailbox} ${ownerPfxFile} ${PayloadFile} @{TargetParms} - ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Permission_apply.log - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_apply.bin - - - #Create and deploy a permissions packet - - Create Dfci Permission Package ${binPackageFile} ${ownerPfxFile} ${PayloadFile} @{TargetParms} - Print Permission Package ${binPackageFile} ${applyPackageFile} - - Apply Permission ${mailbox} ${binPackageFile} - - -Validate Permission Status - [Arguments] ${TestName} ${mailbox} ${expectedStatus} - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_apply.bin - ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_result.bin - ${xmlResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_result.xml - - Get Permission Results ${mailbox} ${binResultFile} - - Verify Permission Response ${binPackageFile} ${binResultFile} ${expectedStatus} - - # V1 doesn't have permission payload - Return From Keyword If '${TARGET_VERSION}' == 'V1' - - Get Payload From Permissions Results ${binResultFile} ${xmlResultFile} - File Should Exist ${xmlResultFile} - [return] ${xmlResultFile} - - -############################################################ -# Apply a Settings Package, and check the results # -############################################################ -Process Settings Packet - [Arguments] ${TestName} ${mailbox} ${ownerPfxFile} ${PayloadFile} @{TargetParms} - ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Settings_apply.log - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_apply.bin - - #Create and deploy a settings packet - - Create Dfci Settings Package ${binPackageFile} ${ownerPfxFile} ${PayloadFile} @{TargetParms} - Print Settings Package ${binPackageFile} ${applyPackageFile} - - Apply Settings ${mailbox} ${binPackageFile} - - -Validate Settings Status - [Arguments] ${TestName} ${mailbox} ${expectedStatus} ${full} - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_apply.bin - ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_result.bin - ${xmlResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_result.xml - - Get Settings Results ${mailbox} ${binResultFile} - - Verify Settings Response ${binPackageFile} ${binResultFile} ${expectedStatus} ${full} - - Get Payload From Settings Results ${binResultFile} ${xmlResultFile} - Run Keyword If '${expectedStatus}' == ${STATUS_SUCCESS} File Should Exist ${xmlResultFile} - [return] ${xmlResultFile} - - -######################################################################## -# Process Unenroll Package # -######################################################################## -Process UnEnroll Packet - [Arguments] ${TestName} ${mailbox} ${signPfxFile} ${KEY_INDEX} @{TargetParms} - ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_UnEnroll_apply.log - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_apply.bin - - #Create and deploy an identity packet - - Create Dfci Unenroll Package ${binPackageFile} ${signPfxFile} ${KEY_INDEX} @{TargetParms} - Print Provisioning Package ${binPackageFile} ${applyPackageFile} - - Apply Identity ${mailbox} ${binPackageFile} - - -Validate UnEnroll Status - [Arguments] ${TestName} ${mailbox} ${expectedStatus} - ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_apply.bin - ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_result.bin - - Get Identity Results ${mailbox} ${binResultFile} - - Verify Provision Response ${binPackageFile} ${binResultFile} ${expectedStatus} +*** Settings *** +# @file +# +Documentation DFCI Shared Keywords +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process +Library Remote http://${IP_OF_DUT}:${RF_PORT} +Library Support${/}Python${/}DFCI_SupportLib.py + + +*** Variables *** +${CMD_MFG} Get-CimInstance -ClassName Win32_ComputerSystem -Property Manufacturer | Select-Object -ExpandProperty Manufacturer +${CMD_MODEL} Get-CimInstance -ClassName Win32_ComputerSystem -Property Model | Select-Object -ExpandProperty Model +${CMD_SERIALNUMBER} Get-CimInstance -ClassName Win32_systemenclosure -Property SerialNumber | Select-Object -ExpandProperty SerialNumber +${CMD_UUID} Get-CimInstance -ClassName Win32_computersystemproduct -Property uuid | Select-Object -ExpandProperty uuid + + +*** Keywords *** +Make Dfci Output + Create Directory ${TEST_OUTPUT} + Create Directory ${TOOL_DATA_OUT_DIR} + Create Directory ${TOOL_STD_OUT_DIR} + Create Directory ${BOOT_LOG_OUT_DIR} + Empty Directory ${TOOL_DATA_OUT_DIR} + Empty Directory ${TOOL_STD_OUT_DIR} + Empty Directory ${BOOT_LOG_OUT_DIR} + +Compare Files + [Arguments] ${CompareFile1} ${CompareFile2} ${ExpectedRC} + + ${result}= Run Process fc.exe /b ${CompareFile1} ${CompareFile2} + Log all stdout: ${result.stdout} + Log all stderr: ${result.stderr} + Should Be Equal As Integers ${result.rc} ${ExpectedRC} + + +############################################################ +# Get system under test Information # +############################################################ + +Get System Under Test SerialNumber + ${Value}= Run PowerShell And Return Output ${CMD_SERIALNUMBER} + Should Be True '${Value}' != 'Error' + Should Be True '${Value}' != '' + [Return] ${Value} + + +Get System Under Test Manufacturer + ${Value}= Run PowerShell And Return Output ${CMD_MFG} + Should Be True '${Value}' != 'Error' + Should Be True '${Value}' != '' + [Return] ${Value} + + +Get System Under Test ProductName + ${Value}= Run PowerShell And Return Output ${CMD_MODEL} + Should Be True '${Value}' != 'Error' + Should Be True '${Value}' != '' + [Return] ${Value} + + +############################################################ +# Print Routines for each Package # +############################################################ +Print Provisioning Package + [Arguments] ${binfile} ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GenerateCertProvisionData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + +Print Permission Package + [Arguments] ${binfile} ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GeneratePermissionPacketData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + +Print Settings Package + [Arguments] ${binfile} ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GenerateSettingsPacketData.py -p ${binfile} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + + +############################################################ +# Get results of each Package # +############################################################ +Get Provisioning Result Package + [Arguments] ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Provisioning --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + + +Get Permission Result Package + [Arguments] ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Permissions --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + + +Get Settings Result Package + [Arguments] ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --Settings --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + + +############################################################ +# Get Current Settings Value in XML # +############################################################ +Get Current Settings Package + [Arguments] ${stdoutfile} + ${result} = Run Process ${DFCI_PY_PATH}${/}GetSEMResultData.py --CurrentSettings --IpAddress ${IP_OF_DUT} shell=Yes timeout=10sec stdout=${stdoutfile} + Log File ${stdoutfile} + Should Be Equal As Integers ${result.rc} 0 + + +Verify Provision Response + [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} + @{rc2}= get status and sessionid from identity results ${ResponseFile} + ${id2}= get sessionid from identity packet ${pktfile} + ${rc2zstring}= get uefistatus string ${rc2}[0] + ${ExpectedString}= get uefistatus string ${ExpectedRc} + Should Be Equal As Integers ${rc2}[1] ${id2} + Should Be Equal As strings ${rc2zstring} ${ExpectedString} + + +Verify Permission Response + [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} + @{rc2}= get status and sessionid from permission results ${ResponseFile} + ${id2}= get sessionid from permission packet ${pktfile} + ${rc2zstring}= get uefistatus string ${rc2}[0] + ${ExpectedString}= get uefistatus string ${ExpectedRc} + Should Be Equal As Integers ${rc2}[1] ${id2} + Should Be Equal As strings ${rc2zstring} ${ExpectedString} + + +Verify Settings Response + [Arguments] ${pktfile} ${ResponseFile} ${ExpectedRc} ${checktype} + @{rc2}= get status and sessionid from settings results ${ResponseFile} ${checktype} + ${id2}= get sessionid from settings packet ${pktfile} + ${rc2zstring}= get uefistatus string ${rc2}[0] + ${ExpectedString}= get uefistatus string ${ExpectedRc} + Should Be Equal As Integers ${rc2}[1] ${id2} + Should Be Equal As strings ${rc2zstring} ${ExpectedString} + + +Verify Identity Current + [Arguments] ${xmlfile} ${Mfg} ${ProdName} ${SerialNumber} + ${rc}= Verify Device Id ${xmlfile} ${Mfg} ${ProdName} ${SerialNumber} + Should Be Equal As Integers ${rc} 0 + ${rc}= Verify Dfci Version ${xmlfile} 2 + Should Be True ${rc} + + +Get and Print Current Identities + [Arguments] ${currentxmlFile} + + Get Current Identities ${currentxmlFile} + Print Xml Payload ${currentxmlFile} + + +Get and Print Current Permissions + [Arguments] ${currentxmlFile} + + Get Current Permissions ${currentxmlFile} + Print Xml Payload ${currentxmlFile} + + +Get and Print Current Settings + [Arguments] ${currentxmlFile} + + Get Current Settings ${currentxmlFile} + Print Xml Payload ${currentxmlFile} + + +Get and Print Device Identifier + [Arguments] ${currentxmlFile} + + Get Device Identifier ${currentxmlFile} + Print Xml Payload ${currentxmlFile} + + +############################################################ +# Resetting system and wait for reboot complete # +############################################################ + +Wait For System Online + [Arguments] ${retries} + FOR ${index} IN RANGE ${retries} + ${result} = Is Device Online ${IP_OF_DUT} + Exit For Loop If '${result}' == 'True' + Sleep 5sec "Waiting for system to come back Online" + END + Should Be True ${result} System failed to come online: pinging ${IP_OF_DUT} failed ${retries} times + +Wait For System Offline + [Arguments] ${retries} + FOR ${index} IN RANGE ${retries} + ${result} = Is Device Online ${IP_OF_DUT} + Exit For Loop If '${result}' == 'False' + Sleep 5sec "Waiting for system to go offline" + END + Should Not Be True ${result} System failed to go offline: pinged ${IP_OF_DUT} ${retries} times + +Wait For Remote Robot + [Arguments] ${timeinseconds} + FOR ${retries} IN RANGE ${timeinseconds} + Log To Console Waiting for Robot To Ack ${retries} + ${status} ${message} Run Keyword And Ignore Error Remote Ack + Return From Keyword If '${status}' == 'PASS' ${message} + Sleep 1 + END + Return From Keyword ${False} + +Reboot System And Wait For System Online + remote_warm_reboot + Wait For System Offline 60 + Wait For System Online 60 + Wait For Remote Robot 15 + +Reboot System To Firmware And Wait For System Online + remote_reboot_to_firmware + Wait For System Offline 60 + Wait For System Online 120 + Wait For Remote Robot 15 + + +############################################################ +# Verify NO APPLY variables present # +############################################################ + +Verify No Mailboxes Have Data + + @{rcid}= GetUefiVariable ${IDENTITY_APPLY} ${IDENTITY_GUID} ${None} + Run Keyword If ${rcid}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${IDENTITY_APPLY} ${IDENTITY_GUID} + + @{rcid2}= GetUefiVariable ${IDENTITY2_APPLY} ${IDENTITY_GUID} ${None} + Run Keyword If ${rcid2}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${IDENTITY2_APPLY} ${IDENTITY_GUID} + + @{rcperm}= GetUefiVariable ${PERMISSION_APPLY} ${PERMISSION_GUID} ${None} + Run Keyword If ${rcperm}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${PERMISSION_APPLY} ${IDENTITY_GUID} + + @{rcperm2}= GetUefiVariable ${PERMISSION2_APPLY} ${PERMISSION_GUID} ${None} + Run Keyword If ${rcperm2}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${PERMISSION2_APPLY} ${IDENTITY_GUID} + + @{rcset}= GetUefiVariable ${SETTINGS_APPLY} ${SETTINGS_GUID} ${None} + Run Keyword If ${rcset}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${SETTINGS_APPLY} ${IDENTITY_GUID} + + @{rcset2}= GetUefiVariable ${SETTINGS2_APPLY} ${SETTINGS_GUID} ${None} + Run Keyword If ${rcset2}[0] != ${STATUS_VARIABLE_NOT_FOUND} + ... SetUefiVariable ${SETTINGS2_APPLY} ${IDENTITY_GUID} + + Should Be True ${rcid}[0] == ${STATUS_VARIABLE_NOT_FOUND} + Should Be True ${rcperm}[0] == ${STATUS_VARIABLE_NOT_FOUND} + Should Be True ${rcperm2}[0] == ${STATUS_VARIABLE_NOT_FOUND} + Should Be True ${rcset}[0] == ${STATUS_VARIABLE_NOT_FOUND} + Should Be True ${rcset2}[0] == ${STATUS_VARIABLE_NOT_FOUND} + + +# Create an Unenroll Identity Package File +# + +# binFile = Output binary package to send to DUT +# signPfx = Pfx file to sign the package +# testSignPfx = Pfx file to verify signing with cert file +# certFile = Cert used to verify incoming pkts +# KEY_INDEX = Which key to unenroll +# TargetParms = list with version and target information +# +Create Dfci Provisioning Package + [Arguments] ${binfile} ${signPfx} ${testSignPfx} ${certFile} ${KEY_INDEX} @{TargetParms} + + File Should Exist ${signPfx} + File Should Exist ${testSignPfx} + File Should Exist ${certFile} + + ${Result}= Run Process python.exe ${GEN_IDENTITY} --CertFilePath ${certFile} --Step2AEnable --Signing2APfxFile ${testSignPfx} --Step2BEnable --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --Identity ${KEY_INDEX} @{TargetParms} + + Log all stdout: ${result.stdout} + Log all stderr: ${result.stderr} + + Should Be Equal As Integers ${result.rc} 0 + File Should Exist ${binfile} + + +# Create an Unenroll Identity Package File +# +# binFile = Output binary package to send to DUT +# signPfx = Pfx file to sign the package +# KEY_INDEX = Which key to unenroll +# TargetParms = list with version and target information +# +Create Dfci UnEnroll Package + [Arguments] ${binfile} ${signPfx} ${KEY_INDEX} @{TargetParms} + + File Should Exist ${signPfx} + + ${Result}= Run Process python.exe ${GEN_IDENTITY} --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --Identity ${KEY_INDEX} @{TargetParms} + + Log all stdout: ${result.stdout} + Log all stderr: ${result.stderr} + + Should Be Equal As Integers ${result.rc} 0 + File Should Exist ${binfile} + + +# Create a Permissions Package File +# +# binFile = Output binary package to send to DUT +# signPfx = Pfx file to sign the package +# xmlFile = The permissions XML file to apply +# TargetParms = list with version and target information +# +Create Dfci Permission Package + [Arguments] ${binfile} ${signPfx} ${xmlFile} @{TargetParms} + + File Should Exist ${signPfx} + File Should Exist ${xmlFile} + + ${Result}= Run Process python.exe ${GEN_PERMISSIONS} --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --Step1Enable --XmlFilePath ${xmlFile} @{TargetParms} + + Log all stdout: ${result.stdout} + Log all stderr: ${result.stderr} + + Should Be Equal As Integers ${result.rc} 0 + File Should Exist ${binfile} + + +# Create a Settings Package File +# +# binFile = Output binary package to send to DUT +# signPfx = Pfx file to sign the package +# xmlFile = The settings XML file to apply +# TargetParms = list with version and target information +# +Create Dfci Settings Package + [Arguments] ${binfile} ${signPfx} ${xmlFile} @{TargetParms} + File Should Exist ${xmlFile} + + IF '${signPfx}' == 'UNSIGNED' + ${Result}= Run Process python.exe ${GEN_SETTINGS} --HdrVersion 2 --Step1Enable --PrepResultFile ${binfile} --XmlFilePath ${xmlFile} @{TargetParms} + ELSE + File Should Exist ${signPfx} + ${Result}= Run Process python.exe ${GEN_SETTINGS} --HdrVersion 2 --Step1Enable --Step2Enable --SigningPfxFile ${signPfx} --Step3Enable --FinalizeResultFile ${binfile} --XmlFilePath ${xmlFile} @{TargetParms} + END + + Log all stdout: ${result.stdout} + Log all stderr: ${result.stderr} + + Should Be Equal As Integers ${result.rc} 0 + File Should Exist ${binfile} + + +######################################################################## +# Apply a Provision (Identity) Package, and check the results # +######################################################################## +Process Provision Packet + [Arguments] ${TestName} ${mailbox} ${signPfxFile} ${testsignPfxFile} ${ownerCertFile} ${KEY_INDEX} @{TargetParms} + ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Provision_apply.log + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_apply.bin + + #Create and deploy an identity packet + + Create Dfci Provisioning Package ${binPackageFile} ${signPfxFile} ${testsignPfxFile} ${ownerCertFile} ${KEY_INDEX} @{TargetParms} + Print Provisioning Package ${binPackageFile} ${applyPackageFile} + + Apply Identity ${mailbox} ${binPackageFile} + + +Validate Provision Status + [Arguments] ${TestName} ${mailbox} ${expectedStatus} + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_apply.bin + ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Provision_result.bin + + Get Identity Results ${mailbox} ${binResultFile} + + Verify Provision Response ${binPackageFile} ${binResultFile} ${expectedStatus} + + +############################################################## +# Apply a Permission Package, and check the results # +############################################################## +Process Permission Packet + [Arguments] ${TestName} ${mailbox} ${ownerPfxFile} ${PayloadFile} @{TargetParms} + ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Permission_apply.log + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_apply.bin + + + #Create and deploy a permissions packet + + Create Dfci Permission Package ${binPackageFile} ${ownerPfxFile} ${PayloadFile} @{TargetParms} + Print Permission Package ${binPackageFile} ${applyPackageFile} + + Apply Permission ${mailbox} ${binPackageFile} + + +Validate Permission Status + [Arguments] ${TestName} ${mailbox} ${expectedStatus} + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_apply.bin + ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_result.bin + ${xmlResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Permission_result.xml + + Get Permission Results ${mailbox} ${binResultFile} + + Verify Permission Response ${binPackageFile} ${binResultFile} ${expectedStatus} + + # V1 doesn't have permission payload + Return From Keyword If '${TARGET_VERSION}' == 'V1' + + Get Payload From Permissions Results ${binResultFile} ${xmlResultFile} + File Should Exist ${xmlResultFile} + [return] ${xmlResultFile} + + +############################################################ +# Apply a Settings Package, and check the results # +############################################################ +Process Settings Packet + [Arguments] ${TestName} ${mailbox} ${ownerPfxFile} ${PayloadFile} @{TargetParms} + ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_Settings_apply.log + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_apply.bin + + #Create and deploy a settings packet + + Create Dfci Settings Package ${binPackageFile} ${ownerPfxFile} ${PayloadFile} @{TargetParms} + Print Settings Package ${binPackageFile} ${applyPackageFile} + + Apply Settings ${mailbox} ${binPackageFile} + + +Validate Settings Status + [Arguments] ${TestName} ${mailbox} ${expectedStatus} ${full} + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_apply.bin + ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_result.bin + ${xmlResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_Settings_result.xml + + Get Settings Results ${mailbox} ${binResultFile} + + Verify Settings Response ${binPackageFile} ${binResultFile} ${expectedStatus} ${full} + + Get Payload From Settings Results ${binResultFile} ${xmlResultFile} + Run Keyword If '${expectedStatus}' == ${STATUS_SUCCESS} File Should Exist ${xmlResultFile} + [return] ${xmlResultFile} + + +######################################################################## +# Process Unenroll Package # +######################################################################## +Process UnEnroll Packet + [Arguments] ${TestName} ${mailbox} ${signPfxFile} ${KEY_INDEX} @{TargetParms} + ${applyPackageFile}= Set Variable ${TOOL_STD_OUT_DIR}${/}${TestName}_UnEnroll_apply.log + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_apply.bin + + #Create and deploy an identity packet + + Create Dfci Unenroll Package ${binPackageFile} ${signPfxFile} ${KEY_INDEX} @{TargetParms} + Print Provisioning Package ${binPackageFile} ${applyPackageFile} + + Apply Identity ${mailbox} ${binPackageFile} + + +Validate UnEnroll Status + [Arguments] ${TestName} ${mailbox} ${expectedStatus} + ${binPackageFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_apply.bin + ${binResultFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${TestName}_UnEnroll_result.bin + + Get Identity Results ${mailbox} ${binResultFile} + + Verify Provision Response ${binPackageFile} ${binResultFile} ${expectedStatus} diff --git a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Paths.robot b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Paths.robot index c6473e7d..17ac6bf9 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Paths.robot +++ b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_Shared_Paths.robot @@ -1,80 +1,80 @@ -*** Settings *** -# @file -# -Documentation This test suite tests the standard DFCI feature set for regressions. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -*** Variables *** -#DFCI python scripts -${DFCI_PY_PATH} Support${/}Python -# Tools used -${GEN_IDENTITY} ${DFCI_PY_PATH}${/}GenerateCertProvisionData.py -${GEN_PERMISSIONS} ${DFCI_PY_PATH}${/}GeneratePermissionPacketData.py -${GEN_SETTINGS} ${DFCI_PY_PATH}${/}GenerateSettingsPacketData.py - - -${OWNER_KEY_INDEX} 1 -${USER_KEY_INDEX} 2 -${USER_KEY1_INDEX} 3 -${USER_KEY2_INDEX} 4 -${ZTD_KEY_INDEX} 5 - - -${STATUS_SUCCESS} 0 -${STATUS_VARIABLE_NOT_FOUND} 203 -${STATUS_LOAD_ERROR} 0x8000000000000001 -${STATUS_INVALID_PARAMETER} 0x8000000000000002 -${STATUS_UNSUPPORTED} 0x8000000000000003 -${STATUS_BAD_BUFFER_SIZE} 0x8000000000000004 -${STATUS_BUFFER_TO_SMALL} 0x8000000000000005 -${STATUS_NOT_READY} 0x8000000000000006 -${STATUS_DEVICE_ERROR} 0x8000000000000007 -${STATUS_NOT_FOUND} 0x800000000000000E -${STATUS_ACCESS_DENIED} 0x800000000000000F -${STATUS_NO_MAPPING} 0x8000000000000011 -${STATUS_ABORTED} 0x8000000000000015 -${STATUS_SECURITY_VIOLATION} 0x800000000000001A - -# -# Device Identifier Variables -# -${DEVICE_ID_GUID} 4123a1a9-6f50-4b58-9c3d-56fc24c6c89e - -${DEVICE_ID_CURRENT} DfciDeviceIdentifier - -# -# Identity Variables -# -${DFCI_ATTRIBUTES} 7 - -${IDENTITY_GUID} DE6A8726-05DF-43CE-B600-92BD5D286CFD - -${IDENTITY_CURRENT} DfciIdentityCurrent -${IDENTITY_APPLY} DfciIdentityApply -${IDENTITY_RESULT} DfciIdentityResult -${IDENTITY2_APPLY} DfciIdentity2Apply -${IDENTITY2_RESULT} DfciIdentity2Result - -# -# Permission Variables -# -${PERMISSION_GUID} 3a9777ea-0d9f-4b65-9ef3-7caa7c41994b - -${PERMISSION_CURRENT} DfciPermissionCurrent -${PERMISSION_APPLY} DfciPermissionApply -${PERMISSION_RESULT} DfciPermissionResult -${PERMISSION2_APPLY} DfciPermission2Apply -${PERMISSION2_RESULT} DfciPermission2Result - -# -# Settings Variables -# -${SETTINGS_GUID} D41C8C24-3F5E-4EF4-8FDD-073E1866CD01 - -${SETTINGS_CURRENT} DfciSettingsCurrent -${SETTINGS_APPLY} DfciSettingsRequest -${SETTINGS_RESULT} DfciSettingsResult -${SETTINGS2_APPLY} DfciSettings2Request -${SETTINGS2_RESULT} DfciSettings2Result +*** Settings *** +# @file +# +Documentation This test suite tests the standard DFCI feature set for regressions. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +*** Variables *** +#DFCI python scripts +${DFCI_PY_PATH} Support${/}Python +# Tools used +${GEN_IDENTITY} ${DFCI_PY_PATH}${/}GenerateCertProvisionData.py +${GEN_PERMISSIONS} ${DFCI_PY_PATH}${/}GeneratePermissionPacketData.py +${GEN_SETTINGS} ${DFCI_PY_PATH}${/}GenerateSettingsPacketData.py + + +${OWNER_KEY_INDEX} 1 +${USER_KEY_INDEX} 2 +${USER_KEY1_INDEX} 3 +${USER_KEY2_INDEX} 4 +${ZTD_KEY_INDEX} 5 + + +${STATUS_SUCCESS} 0 +${STATUS_VARIABLE_NOT_FOUND} 203 +${STATUS_LOAD_ERROR} 0x8000000000000001 +${STATUS_INVALID_PARAMETER} 0x8000000000000002 +${STATUS_UNSUPPORTED} 0x8000000000000003 +${STATUS_BAD_BUFFER_SIZE} 0x8000000000000004 +${STATUS_BUFFER_TO_SMALL} 0x8000000000000005 +${STATUS_NOT_READY} 0x8000000000000006 +${STATUS_DEVICE_ERROR} 0x8000000000000007 +${STATUS_NOT_FOUND} 0x800000000000000E +${STATUS_ACCESS_DENIED} 0x800000000000000F +${STATUS_NO_MAPPING} 0x8000000000000011 +${STATUS_ABORTED} 0x8000000000000015 +${STATUS_SECURITY_VIOLATION} 0x800000000000001A + +# +# Device Identifier Variables +# +${DEVICE_ID_GUID} 4123a1a9-6f50-4b58-9c3d-56fc24c6c89e + +${DEVICE_ID_CURRENT} DfciDeviceIdentifier + +# +# Identity Variables +# +${DFCI_ATTRIBUTES} 7 + +${IDENTITY_GUID} DE6A8726-05DF-43CE-B600-92BD5D286CFD + +${IDENTITY_CURRENT} DfciIdentityCurrent +${IDENTITY_APPLY} DfciIdentityApply +${IDENTITY_RESULT} DfciIdentityResult +${IDENTITY2_APPLY} DfciIdentity2Apply +${IDENTITY2_RESULT} DfciIdentity2Result + +# +# Permission Variables +# +${PERMISSION_GUID} 3a9777ea-0d9f-4b65-9ef3-7caa7c41994b + +${PERMISSION_CURRENT} DfciPermissionCurrent +${PERMISSION_APPLY} DfciPermissionApply +${PERMISSION_RESULT} DfciPermissionResult +${PERMISSION2_APPLY} DfciPermission2Apply +${PERMISSION2_RESULT} DfciPermission2Result + +# +# Settings Variables +# +${SETTINGS_GUID} D41C8C24-3F5E-4EF4-8FDD-073E1866CD01 + +${SETTINGS_CURRENT} DfciSettingsCurrent +${SETTINGS_APPLY} DfciSettingsRequest +${SETTINGS_RESULT} DfciSettingsResult +${SETTINGS2_APPLY} DfciSettings2Request +${SETTINGS2_RESULT} DfciSettings2Result diff --git a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_VariableTransport.robot b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_VariableTransport.robot index 0c660bbd..9cbb2cac 100644 --- a/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_VariableTransport.robot +++ b/DfciPkg/UnitTests/DfciTests/Support/Robot/DFCI_VariableTransport.robot @@ -1,105 +1,105 @@ -*** Settings *** -# @file -# -Documentation DFCI Variable Transport Keywords -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process -Library Remote http://${IP_OF_DUT}:${RF_PORT} -Library Support${/}Python${/}DFCI_SupportLib.py - - -*** Keywords *** - - -Generic Get With Variables - [Arguments] ${Variable} ${VariableGuid} ${outputXmlFile} ${Trim} - @{rc}= GetUefiVariable ${Variable} ${VariableGuid} ${Trim} - Should Be True ${rc}[0] == 0 - Create Binary File ${outputXmlFile} ${rc}[1] - File Should Exist ${outputXmlFile} - - -Generic Set With Variables - [Arguments] ${Variable} ${VariableGuid} ${VariableFile} - File Should Exist ${VariableFile} - ${FileContents}= Get Binary File ${VariableFile} - ${rc}= SetUefiVariable ${Variable} ${VariableGuid} ${DFCI_ATTRIBUTES} ${FileContents} - Should Be True ${rc} == 1 - - -# -# Device Identifier operations -# -Get Device Identifier - [Arguments] ${outputXmlFile} - Generic Get With Variables ${DEVICE_ID_CURRENT} ${DEVICE_ID_GUID} ${outputXmlFile} trim - - -# -# Identity operations -# -Get Current Identities - [Arguments] ${outputXmlFile} - Generic Get With Variables ${IDENTITY_CURRENT} ${IDENTITY_GUID} ${outputXmlFile} trim - - -Apply Identity - [Arguments] ${mailbox} ${binPkgFile} - ${identityApply}= Set Variable If '${mailbox}' == '1' ${IDENTITY_APPLY} ${IDENTITY2_APPLY} - - Generic Set With Variables ${identityApply} ${IDENTITY_GUID} ${binPkgFile} - - -Get Identity Results - [Arguments] ${mailbox} ${binResultPkgFile} - ${identityResult}= Set Variable If '${mailbox}' == '1' ${IDENTITY_RESULT} ${IDENTITY2_RESULT} - - Generic Get With Variables ${identityResult} ${IDENTITY_GUID} ${binResultPkgFIle} ${None} - - -# -# Permissionoperations -# -Get Current Permissions - [Arguments] ${outputXmlFile} - Generic Get With Variables ${PERMISSION_CURRENT} ${PERMISSION_GUID} ${outputXmlFile} trim - - -Apply Permission - [Arguments] ${mailbox} ${binPkgFile} - ${permissionApply}= Set Variable If '${mailbox}' == '1' ${PERMISSION_APPLY} ${PERMISSION2_APPLY} - - Generic Set With Variables ${permissionApply} ${PERMISSION_GUID} ${binPkgFile} - - -Get Permission Results - [Arguments] ${mailbox} ${binResultPkgFile} - ${permissionResult}= Set Variable If '${mailbox}' == '1' ${PERMISSION_RESULT} ${PERMISSION2_RESULT} - - Generic Get With Variables ${permissionResult} ${PERMISSION_GUID} ${binResultPkgFIle} ${None} - - -# -# Settings Operations -# -Get Current Settings - [Arguments] ${outputXmlFile} - Generic Get With Variables ${SETTINGS_CURRENT} ${SETTINGS_GUID} ${outputXmlFile} trim - - -Apply Settings - [Arguments] ${mailbox} ${binPkgFile} - ${settingsApply}= Set Variable If '${mailbox}' == '1' ${SETTINGS_APPLY} ${SETTINGS2_APPLY} - - Generic Set With Variables ${settingsApply} ${SETTINGS_GUID} ${binPkgFile} - - -Get Settings Results - [Arguments] ${mailbox} ${binResultPkgFile} - ${settingsResult}= Set Variable If '${mailbox}' == '1' ${SETTINGS_RESULT} ${SETTINGS2_RESULT} - +*** Settings *** +# @file +# +Documentation DFCI Variable Transport Keywords +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process +Library Remote http://${IP_OF_DUT}:${RF_PORT} +Library Support${/}Python${/}DFCI_SupportLib.py + + +*** Keywords *** + + +Generic Get With Variables + [Arguments] ${Variable} ${VariableGuid} ${outputXmlFile} ${Trim} + @{rc}= GetUefiVariable ${Variable} ${VariableGuid} ${Trim} + Should Be True ${rc}[0] == 0 + Create Binary File ${outputXmlFile} ${rc}[1] + File Should Exist ${outputXmlFile} + + +Generic Set With Variables + [Arguments] ${Variable} ${VariableGuid} ${VariableFile} + File Should Exist ${VariableFile} + ${FileContents}= Get Binary File ${VariableFile} + ${rc}= SetUefiVariable ${Variable} ${VariableGuid} ${DFCI_ATTRIBUTES} ${FileContents} + Should Be True ${rc} == 1 + + +# +# Device Identifier operations +# +Get Device Identifier + [Arguments] ${outputXmlFile} + Generic Get With Variables ${DEVICE_ID_CURRENT} ${DEVICE_ID_GUID} ${outputXmlFile} trim + + +# +# Identity operations +# +Get Current Identities + [Arguments] ${outputXmlFile} + Generic Get With Variables ${IDENTITY_CURRENT} ${IDENTITY_GUID} ${outputXmlFile} trim + + +Apply Identity + [Arguments] ${mailbox} ${binPkgFile} + ${identityApply}= Set Variable If '${mailbox}' == '1' ${IDENTITY_APPLY} ${IDENTITY2_APPLY} + + Generic Set With Variables ${identityApply} ${IDENTITY_GUID} ${binPkgFile} + + +Get Identity Results + [Arguments] ${mailbox} ${binResultPkgFile} + ${identityResult}= Set Variable If '${mailbox}' == '1' ${IDENTITY_RESULT} ${IDENTITY2_RESULT} + + Generic Get With Variables ${identityResult} ${IDENTITY_GUID} ${binResultPkgFIle} ${None} + + +# +# Permissionoperations +# +Get Current Permissions + [Arguments] ${outputXmlFile} + Generic Get With Variables ${PERMISSION_CURRENT} ${PERMISSION_GUID} ${outputXmlFile} trim + + +Apply Permission + [Arguments] ${mailbox} ${binPkgFile} + ${permissionApply}= Set Variable If '${mailbox}' == '1' ${PERMISSION_APPLY} ${PERMISSION2_APPLY} + + Generic Set With Variables ${permissionApply} ${PERMISSION_GUID} ${binPkgFile} + + +Get Permission Results + [Arguments] ${mailbox} ${binResultPkgFile} + ${permissionResult}= Set Variable If '${mailbox}' == '1' ${PERMISSION_RESULT} ${PERMISSION2_RESULT} + + Generic Get With Variables ${permissionResult} ${PERMISSION_GUID} ${binResultPkgFIle} ${None} + + +# +# Settings Operations +# +Get Current Settings + [Arguments] ${outputXmlFile} + Generic Get With Variables ${SETTINGS_CURRENT} ${SETTINGS_GUID} ${outputXmlFile} trim + + +Apply Settings + [Arguments] ${mailbox} ${binPkgFile} + ${settingsApply}= Set Variable If '${mailbox}' == '1' ${SETTINGS_APPLY} ${SETTINGS2_APPLY} + + Generic Set With Variables ${settingsApply} ${SETTINGS_GUID} ${binPkgFile} + + +Get Settings Results + [Arguments] ${mailbox} ${binResultPkgFile} + ${settingsResult}= Set Variable If '${mailbox}' == '1' ${SETTINGS_RESULT} ${SETTINGS2_RESULT} + Generic Get With Variables ${settingsResult} ${SETTINGS_GUID} ${binResultPkgFIle} ${None} \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/DfciPermission.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/DfciPermission.xml index 1c64543d..eb428d3a 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/DfciPermission.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/DfciPermission.xml @@ -1,60 +1,60 @@ - - - - DFCI Tester - 2018-03-28 - 1 - 1 - - - - Dfci.OwnerKey.Enum - 136 - 128 - - - - Dfci.UserKey.Enum - 192 - 128 - - - Dfci.User1Key.Enum - 192 - 192 - - - Dfci.User2Key.Enum - 192 - 192 - - - Dfci.RecoveryUrl.String - 128 - 128 - - + + + + DFCI Tester + 2018-03-28 + 1 + 1 + + + + Dfci.OwnerKey.Enum + 136 + 128 + + + + Dfci.UserKey.Enum + 192 + 128 + + + Dfci.User1Key.Enum + 192 + 192 + + + Dfci.User2Key.Enum + 192 + 192 + + + Dfci.RecoveryUrl.String + 128 + 128 + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/run.robot index b66a0819..2b8f26f1 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_CertChainingTest/run.robot @@ -1,272 +1,272 @@ -*** Settings *** -# @file -# -Documentation This test suite uses verifies that the ZTD leaf cert will verify against a packet signed by the ZTD_CA.pfx. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot -Resource Support${/}Robot${/}CertSupport.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Test Teardown Terminate All Processes - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_CertChainingTest - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - -*** Keywords *** - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -*** Test Cases *** - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - - ${nameofTest}= Set Variable DisplaySettingsAtStart - ${ZtdLeafPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx - ${ZTD_LEAF_THUMBPRINT}= Get Thumbprint From Pfx ${ZtdLeafPfxFile} - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - ${ZtdThumbprint}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' == 'Cert not installed' - Should Be True '${UserThumbprint}' == 'Cert not installed' - - Log To Console . - Log To Console The following test insures that the test ZTD_Leaf.cer - Log To Console is the cert installed. If not, this test cannot be run. - Should Be True '${ZtdThumbprint}' == ${ZTD_LEAF_THUMBPRINT} - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Attempt Enroll DDS CA cert Signed by ZTD_CA to System Being Enrolled - [Setup] Require test case Obtain Target Parameters From Target - - ${nameofTest}= Set Variable DDSwithBadKey - ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.pfx - ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.cer - ${signerPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_CA.pfx - ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}DDSwithBadKey.log - - Process Provision Packet ${nameofTest} 1 ${signerPfxFile} ${ownerPfxFile} ${ownerCertFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - ${OwnerCertThumbprint}= Get Thumbprint From Pfx ${ownerPfxFile} - Log To Console . - Log To Console ${OwnerCertThumbprint} - Log To Console Should be prompted, CANCEL THE PROMPT - - Reboot System And Wait For System Online - - Validate Provision Status ${nameofTest} 1 ${STATUS_ABORTED} - Get and Print Current Identities ${currentIdxmlFile} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == 'Cert not installed' - - -Enroll DDS CA cert Signed by ZTD_Leaf to System Being Enrolled - [Setup] Require test case Attempt Enroll DDS CA cert Signed by ZTD_CA to System Being Enrolled - - ${nameofTest}= Set Variable DDSwithGoodKey - ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.cer - ${ZTDsignerPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx - ${DDSsignerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission.xml - ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - - # The DDS Owner Enroll is signed by the ZTD_Leaf in order to have zero touch enroll - Process Provision Packet ${nameofTest} 1 ${ZTDsignerPfxFile} ${DDSsignerPfxFile} ${ownerCertFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - # Must grant permissions to enroll the MDM. These permissions need to be signed - # by the owner key, in this case DDS_Leaf - Process Permission Packet ${nameofTest} 1 ${DDSsignerPfxFile} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}DDSwithGoodKey.log - - Reboot System And Wait For System Online - - Get and Print Current Identities ${currentIdxmlFile} - Get and Print Current Permissions ${currentPermxmlFile} - - Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} - Validate Permission Status ${nameofTest} 1 ${STATUS_SUCCESS} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == 'Cert not installed' - - -Enroll MDM CA cert Signed by DDS_Leaf to System Being Enrolled - [Setup] Require test case Enroll DDS CA cert Signed by ZTD_Leaf to System Being Enrolled - - ${nameofTest}= Set Variable MDMwithGoodKey - ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}MDM_CA.pfx - ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}MDM_CA.cer - ${signerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx - ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - - Process Provision Packet ${nameofTest} 1 ${signerPfxFile} ${ownerPfxFile} ${ownerCertFile} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}MDMwithGoodKey.log - - Reboot System And Wait For System Online - - Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} - Get and Print Current Identities ${currentIdxmlFile} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' != 'Cert not installed' - - -Send DDS Unenroll signed by DDS_Leaf to complete UnEnroll - [Setup] Require test case Enroll MDM CA cert Signed by DDS_Leaf to System Being Enrolled - - ${nameofTest}= Set Variable UnEnrollDDS - ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx - ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - - Process UnEnroll Packet ${nameofTest} 1 ${ownerPfxFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}UnEnrollDDS.log - - Reboot System And Wait For System Online - - Validate UnEnroll Status ${nameofTest} 1 ${STATUS_SUCCESS} - Get and Print Current Identities ${currentIdxmlFile} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - Should Be True '${rc}' != 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == 'Cert not installed' - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - Should Be True '${rc}' == ${ZTD_LEAF_THUMBPRINT} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == 'Cert not installed' +*** Settings *** +# @file +# +Documentation This test suite uses verifies that the ZTD leaf cert will verify against a packet signed by the ZTD_CA.pfx. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot +Resource Support${/}Robot${/}CertSupport.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Test Teardown Terminate All Processes + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_CertChainingTest + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + +*** Keywords *** + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +*** Test Cases *** + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + + ${nameofTest}= Set Variable DisplaySettingsAtStart + ${ZtdLeafPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx + ${ZTD_LEAF_THUMBPRINT}= Get Thumbprint From Pfx ${ZtdLeafPfxFile} + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + ${ZtdThumbprint}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' == 'Cert not installed' + Should Be True '${UserThumbprint}' == 'Cert not installed' + + Log To Console . + Log To Console The following test insures that the test ZTD_Leaf.cer + Log To Console is the cert installed. If not, this test cannot be run. + Should Be True '${ZtdThumbprint}' == ${ZTD_LEAF_THUMBPRINT} + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Attempt Enroll DDS CA cert Signed by ZTD_CA to System Being Enrolled + [Setup] Require test case Obtain Target Parameters From Target + + ${nameofTest}= Set Variable DDSwithBadKey + ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.pfx + ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.cer + ${signerPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_CA.pfx + ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}DDSwithBadKey.log + + Process Provision Packet ${nameofTest} 1 ${signerPfxFile} ${ownerPfxFile} ${ownerCertFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + ${OwnerCertThumbprint}= Get Thumbprint From Pfx ${ownerPfxFile} + Log To Console . + Log To Console ${OwnerCertThumbprint} + Log To Console Should be prompted, CANCEL THE PROMPT + + Reboot System And Wait For System Online + + Validate Provision Status ${nameofTest} 1 ${STATUS_ABORTED} + Get and Print Current Identities ${currentIdxmlFile} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == 'Cert not installed' + + +Enroll DDS CA cert Signed by ZTD_Leaf to System Being Enrolled + [Setup] Require test case Attempt Enroll DDS CA cert Signed by ZTD_CA to System Being Enrolled + + ${nameofTest}= Set Variable DDSwithGoodKey + ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}DDS_CA.cer + ${ZTDsignerPfxFile}= Set Variable ${CERTS_DIR}${/}ZTD_Leaf.pfx + ${DDSsignerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission.xml + ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + + # The DDS Owner Enroll is signed by the ZTD_Leaf in order to have zero touch enroll + Process Provision Packet ${nameofTest} 1 ${ZTDsignerPfxFile} ${DDSsignerPfxFile} ${ownerCertFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + # Must grant permissions to enroll the MDM. These permissions need to be signed + # by the owner key, in this case DDS_Leaf + Process Permission Packet ${nameofTest} 1 ${DDSsignerPfxFile} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}DDSwithGoodKey.log + + Reboot System And Wait For System Online + + Get and Print Current Identities ${currentIdxmlFile} + Get and Print Current Permissions ${currentPermxmlFile} + + Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} + Validate Permission Status ${nameofTest} 1 ${STATUS_SUCCESS} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == 'Cert not installed' + + +Enroll MDM CA cert Signed by DDS_Leaf to System Being Enrolled + [Setup] Require test case Enroll DDS CA cert Signed by ZTD_Leaf to System Being Enrolled + + ${nameofTest}= Set Variable MDMwithGoodKey + ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}MDM_CA.pfx + ${ownerCertFile}= Set Variable ${CERTS_DIR}${/}MDM_CA.cer + ${signerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx + ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + + Process Provision Packet ${nameofTest} 1 ${signerPfxFile} ${ownerPfxFile} ${ownerCertFile} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}MDMwithGoodKey.log + + Reboot System And Wait For System Online + + Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} + Get and Print Current Identities ${currentIdxmlFile} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' != 'Cert not installed' + + +Send DDS Unenroll signed by DDS_Leaf to complete UnEnroll + [Setup] Require test case Enroll MDM CA cert Signed by DDS_Leaf to System Being Enrolled + + ${nameofTest}= Set Variable UnEnrollDDS + ${ownerPfxFile}= Set Variable ${CERTS_DIR}${/}DDS_Leaf.pfx + ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + + Process UnEnroll Packet ${nameofTest} 1 ${ownerPfxFile} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}UnEnrollDDS.log + + Reboot System And Wait For System Online + + Validate UnEnroll Status ${nameofTest} 1 ${STATUS_SUCCESS} + Get and Print Current Identities ${currentIdxmlFile} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + Should Be True '${rc}' != 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == 'Cert not installed' + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + ${currentIdxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsxmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + Should Be True '${rc}' == ${ZTD_LEAF_THUMBPRINT} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == 'Cert not installed' diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/DfciSettings2.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/DfciSettings2.xml index b7bef5cc..fe3f2e48 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/DfciSettings2.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/DfciSettings2.xml @@ -1,39 +1,39 @@ - - - - DFCI Tester - 2018-03-29 12:37:00 - 2 - 2 - - - MDM.FriendlyName.String - The DFCI Test Lab - - - MDM.TenantName.String - The DFCI Test Lab Tenant - - - Dfci.OnboardCameras.Enable - Disabled - - - Dfci.OnboardAudio.Enable - Disabled - - - Dfci.BootOnboardNetwork.Enable - Disabled - - + + + + DFCI Tester + 2018-03-29 12:37:00 + 2 + 2 + + + MDM.FriendlyName.String + The DFCI Test Lab + + + MDM.TenantName.String + The DFCI Test Lab Tenant + + + Dfci.OnboardCameras.Enable + Disabled + + + Dfci.OnboardAudio.Enable + Disabled + + + Dfci.BootOnboardNetwork.Enable + Disabled + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/run.robot index 5b1c9448..687794af 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneBadUpdate/run.robot @@ -1,156 +1,156 @@ -*** Settings *** -# @file -# -Documentation This test attempts to change the owner cert signed with the wrong cert. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Test Teardown Terminate All Processes kill=True - - -*** Variables *** -##default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneBadUpdate - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -*** Test Cases *** - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Send User Settings Packet Signed with wrong cert to Enrolled System - [Setup] Require test case Obtain Target Parameters From Target - - ${nameofTest}= Set Variable UserSettings - ${signerPfxFile}= Set Variable ${NEW_USER_PFX} - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml - - Process Settings Packet ${nameofTest} 2 ${signerPfxFile} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Restart System to Apply Bad Settings - [Setup] Require test case Send User Settings Packet Signed with wrong cert to Enrolled System - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyBadSettings.log - - Log To Console Restart - - Reboot System And Wait For System Online - -Verify User Update System Settings Results - ${nameofTest}= Set Variable UserSettings - - Validate Settings Status ${nameofTest} 2 ${STATUS_SECURITY_VIOLATION} FULL - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint} Get Thumbprint From Pfx ${OLD_OWNER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == '${OwnerThumbprint}' - - ${UserThumbprint} Get Thumbprint From Pfx ${OLD_USER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == '${UserThumbprint}' - - -Clean Up Mailboxes +*** Settings *** +# @file +# +Documentation This test attempts to change the owner cert signed with the wrong cert. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Test Teardown Terminate All Processes kill=True + + +*** Variables *** +##default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneBadUpdate + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +*** Test Cases *** + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Send User Settings Packet Signed with wrong cert to Enrolled System + [Setup] Require test case Obtain Target Parameters From Target + + ${nameofTest}= Set Variable UserSettings + ${signerPfxFile}= Set Variable ${NEW_USER_PFX} + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml + + Process Settings Packet ${nameofTest} 2 ${signerPfxFile} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Restart System to Apply Bad Settings + [Setup] Require test case Send User Settings Packet Signed with wrong cert to Enrolled System + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyBadSettings.log + + Log To Console Restart + + Reboot System And Wait For System Online + +Verify User Update System Settings Results + ${nameofTest}= Set Variable UserSettings + + Validate Settings Status ${nameofTest} 2 ${STATUS_SECURITY_VIOLATION} FULL + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint} Get Thumbprint From Pfx ${OLD_OWNER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == '${OwnerThumbprint}' + + ${UserThumbprint} Get Thumbprint From Pfx ${OLD_USER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == '${UserThumbprint}' + + +Clean Up Mailboxes Verify No Mailboxes Have Data \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/BuildSettings.bat b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/BuildSettings.bat index 746eaf3d..ea3ca2ee 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/BuildSettings.bat +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/BuildSettings.bat @@ -1,10 +1,10 @@ -@echo off -rem @file -rem -rem Script to insert a cert into an XML settings packet -rem -rem Copyright (c), Microsoft Corporation -rem SPDX-License-Identifier: BSD-2-Clause-Patent -rem - -..\..\Support\Python\InsertCertIntoXML.py --BinFilePath ..\..\certs\DFCI_HTTPS.cer --OutputFilePath DfciSettings.xml --PatternFilePath DfciSettingsPattern.xml +@echo off +rem @file +rem +rem Script to insert a cert into an XML settings packet +rem +rem Copyright (c), Microsoft Corporation +rem SPDX-License-Identifier: BSD-2-Clause-Patent +rem + +..\..\Support\Python\InsertCertIntoXML.py --BinFilePath ..\..\certs\DFCI_HTTPS.cer --OutputFilePath DfciSettings.xml --PatternFilePath DfciSettingsPattern.xml diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission.xml index 172acc59..750daf46 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission.xml @@ -1,77 +1,77 @@ - - - - DFCI Tester - 2020-03-27 10:22:00 - 1 - 1 - - - - Dfci.OwnerKey.Enum - 128 - 128 - - - - Dfci.UserKey.Enum - 192 - 128 - - - Dfci.RecoveryBootstrapUrl.String - 128 - 128 - - - Dfci.RecoveryUrl.String - 128 - 128 - - - Dfci.HttpsCert.Binary - 128 - 128 - - - Dfci.RegistrationId.String - 128 - 128 - - - Dfci.TenantId.String - 128 - 128 - - - Dfci3.AssetTag.String - 192 - 64 - - - + + + + DFCI Tester + 2020-03-27 10:22:00 + 1 + 1 + + + + Dfci.OwnerKey.Enum + 128 + 128 + + + + Dfci.UserKey.Enum + 192 + 128 + + + Dfci.RecoveryBootstrapUrl.String + 128 + 128 + + + Dfci.RecoveryUrl.String + 128 + 128 + + + Dfci.HttpsCert.Binary + 128 + 128 + + + Dfci.RegistrationId.String + 128 + 128 + + + Dfci.TenantId.String + 128 + 128 + + + Dfci3.AssetTag.String + 192 + 64 + + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission2.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission2.xml index d00a7db5..929b5bb3 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission2.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciPermission2.xml @@ -1,52 +1,52 @@ - - - - DFCI Tester - 2020-03-27 10:22:00 - 1 - 1 - - - - Dfci.OnboardCameras.Enable - 64 - - - Dfci.OnboardRadios.Enable - 64 - - - Dfci.BootExternalMedia.Enable - 64 - - - MDM.FriendlyName.String - 64 - - - MDM.TenantName.String - 64 - - - Dfci3.AssetTag.String - 64 - - + + + + DFCI Tester + 2020-03-27 10:22:00 + 1 + 1 + + + + Dfci.OnboardCameras.Enable + 64 + + + Dfci.OnboardRadios.Enable + 64 + + + Dfci.BootExternalMedia.Enable + 64 + + + MDM.FriendlyName.String + 64 + + + MDM.TenantName.String + 64 + + + Dfci3.AssetTag.String + 64 + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettings2.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettings2.xml index 91e2c308..a8187573 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettings2.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettings2.xml @@ -1,51 +1,51 @@ - - - - DFCI Tester - 2020-03-27 10:22:00 - 2 - 2 - - - MDM.FriendlyName.String - The DFCI Test Lab - - - MDM.TenantName.String - The DFCI Test Lab Tenant - - - Dfci.OnboardCameras.Enable - Disabled - - - Dfci.OnboardRadios.Enable - Disabled - - - Dfci.BootExternalMedia.Enable - Disabled - - - Dfci3.OnboardWpbt.Enable - Disabled - - - Dfci3.ProcessorSMT.Enable - Disabled - - - Dfci3.AssetTag.String - DFCI.LAB.001234 - - + + + + DFCI Tester + 2020-03-27 10:22:00 + 2 + 2 + + + MDM.FriendlyName.String + The DFCI Test Lab + + + MDM.TenantName.String + The DFCI Test Lab Tenant + + + Dfci.OnboardCameras.Enable + Disabled + + + Dfci.OnboardRadios.Enable + Disabled + + + Dfci.BootExternalMedia.Enable + Disabled + + + Dfci3.OnboardWpbt.Enable + Disabled + + + Dfci3.ProcessorSMT.Enable + Disabled + + + Dfci3.AssetTag.String + DFCI.LAB.001234 + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettingsPattern.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettingsPattern.xml index 59b3c564..e95d3f4d 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettingsPattern.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/DfciSettingsPattern.xml @@ -1,73 +1,73 @@ - - - - DFCI Tester - 2019-09-20 14:30:00 - 2 - - 2 - - - Dfci.RecoveryBootstrapUrl.String - http://mikeytbds3.eastus.cloudapp.azure.com/ztd/noauth/dfci/recovery-bootstrap/ - - - Dfci.RecoveryUrl.String - https://mikeytbds3.eastus.cloudapp.azure.com/ztd/unauth/dfci/recovery-packets/ - - - Dfci.HttpsCert.Binary - - - XYZZY - - - - Dfci.RegistrationId.String - - 12345678-1234-5678-1234-012345674321 - - - - Dfci.TenantId.String - - 98765432-1234-5678-1234-012345674321 - - - - Device.SecureBootKeys.Enum - - None - - - Device.BootOrderLock.Enable - Disabled - - + + + + DFCI Tester + 2019-09-20 14:30:00 + 2 + + 2 + + + Dfci.RecoveryBootstrapUrl.String + http://mikeytbds3.eastus.cloudapp.azure.com/ztd/noauth/dfci/recovery-bootstrap/ + + + Dfci.RecoveryUrl.String + https://mikeytbds3.eastus.cloudapp.azure.com/ztd/unauth/dfci/recovery-packets/ + + + Dfci.HttpsCert.Binary + + + XYZZY + + + + Dfci.RegistrationId.String + + 12345678-1234-5678-1234-012345674321 + + + + Dfci.TenantId.String + + 98765432-1234-5678-1234-012345674321 + + + + Device.SecureBootKeys.Enum + + None + + + Device.BootOrderLock.Enable + Disabled + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/run.robot index 0ba019ed..a9bb7d29 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneEnroll/run.robot @@ -1,261 +1,261 @@ -*** Settings *** -# @file -# -Documentation This test suite enrolls an owner and user into DFCI. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - - -Library OperatingSystem -Library Process - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Test Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneEnroll - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -*** Test Cases *** - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' == 'Cert not installed' - Should Be True '${UserThumbprint}' == 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - -Send Owner Enroll Packet to System Being Enrolled - [Setup] Require test case Obtain Target Parameters From Target - - ${nameofTest}= Set Variable OwnerEnroll - - Process Provision Packet ${nameofTest} 1 ${ZTD_LEAF_PFX} ${NEW_OWNER_PFX} ${NEW_OWNER_CERT} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - -Send Owner Permission Packet to Enrolled System - [Setup] Require test case Send Owner Enroll Packet to System Being Enrolled - ${nameofTest}= Set Variable OwnerPermissions - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission.xml - - Process Permission Packet ${nameofTest} 1 ${NEW_OWNER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Send User Enroll to System Being Enrolled - [Setup] Require test case Send Owner Permission Packet to Enrolled System - - # This adds the User key, packet signed by ownerkey - - ${nameofTest}= Set Variable UserEnroll - - Process Provision Packet ${nameofTest} 2 ${NEW_OWNER_PFX} ${NEW_USER_PFX} ${NEW_USER_CERT} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} - - -Send User Permission Packet to Enrolled System - [Setup] Require test case Send User Enroll to System Being Enrolled - #Files for the Permission package - ${nameofTest}= Set Variable UserPermissions - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission2.xml - - Process Permission Packet ${nameofTest} 2 ${NEW_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Send Owner Settings Packet to Enrolled System - [Setup] Require test case Send User Permission Packet to Enrolled System - #Initial settings for Enrolled System - ${nameofTest}= Set Variable OwnerSettings - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings.xml - - Process Settings Packet ${nameofTest} 1 ${NEW_OWNER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Send User Settings Packet to Enrolled System - [Setup] Require test case Send Owner Settings Packet to Enrolled System - #Initial settings for Enrolled System - ${nameofTest}= Set Variable UserSettings - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml - - Process Settings Packet ${nameofTest} 2 ${NEW_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Restart System to Apply Enrollment -# Start serial log to capture UEFI log during the restart - [Setup] Require test case Send User Settings Packet to Enrolled System - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyEnrollment.log - - Log To Console Restart - Log To Console If test Ztd cert is not installed, you will be prompted - Log To Console for the last two characters of the following thumbprint: - Log To Console Enrolling with ${DDS_CA_THUMBPRINT} - - Reboot System And Wait For System Online - - -Verify Owner Enrolled System Identity Results - ${nameofTest}= Set Variable OwnerEnroll - - Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} - - -Verify Owner Enrolled System Permission Results - ${nameofTest}= Set Variable OwnerPermissions - - ${xmlPermissionsRslt}= Validate Permission Status ${nameofTest} 1 ${STATUS_SUCCESS} - ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - - -Verify User Enrolled System Identity Results - ${nameofTest}= Set Variable UserEnroll - - Validate Provision Status ${nameofTest} 2 ${STATUS_SUCCESS} - - -Verify User Enrolled System Permission Results - ${nameofTest}= Set Variable UserPermissions - - ${xmlPermissionsRslt}= Validate Permission Status ${nameofTest} 2 ${STATUS_SUCCESS} - ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - - -Verify Owner Enrolled System Settings Results - ${nameofTest}= Set Variable OwnerSettings - - ${xmlOwnerSettingsRslt}= Validate Settings Status ${nameofTest} 1 ${STATUS_SUCCESS} FULL - ${rc} Check All Setting Status ${xmlOwnerSettingsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - -Verify User Enrolled System Settings Results - ${nameofTest}= Set Variable UserSettings - - ${xmlUserSettingsRslt}= Validate Settings Status ${nameofTest} 2 ${STATUS_SUCCESS} FULL - ${rc} Check All Setting Status ${xmlUserSettingsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint} Get Thumbprint From Pfx ${NEW_OWNER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == '${OwnerThumbprint}' - - ${UserThumbprint} Get Thumbprint From Pfx ${NEW_USER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == '${UserThumbprint}' - - -Clean Up Mailboxes - Verify No Mailboxes Have Data - -# -# Temporarily remove this last step as the OS doesn't always restart the system with -fw -# -##Restart System to Verify Device Setting -## Start serial log to capture UEFI log during the restart -# [Setup] Require test case Restart System to Apply Enrollment -# -# Start SerialLog ${BOOT_LOG_OUT_DIR}${/}VerifyDeviceSettings.log -# -# Log To Console Restarting to firmware -# Log To Console Check the device settings to insure that all -# Log To Console of the camera devices, and radio devices, are -# Log To Console off and grayed out. Other devices should be -# Log To Console available for the user to control. -# -# Reboot System To Firmware And Wait For System Online +*** Settings *** +# @file +# +Documentation This test suite enrolls an owner and user into DFCI. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + + +Library OperatingSystem +Library Process + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Test Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneEnroll + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +*** Test Cases *** + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' == 'Cert not installed' + Should Be True '${UserThumbprint}' == 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + +Send Owner Enroll Packet to System Being Enrolled + [Setup] Require test case Obtain Target Parameters From Target + + ${nameofTest}= Set Variable OwnerEnroll + + Process Provision Packet ${nameofTest} 1 ${ZTD_LEAF_PFX} ${NEW_OWNER_PFX} ${NEW_OWNER_CERT} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + +Send Owner Permission Packet to Enrolled System + [Setup] Require test case Send Owner Enroll Packet to System Being Enrolled + ${nameofTest}= Set Variable OwnerPermissions + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission.xml + + Process Permission Packet ${nameofTest} 1 ${NEW_OWNER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Send User Enroll to System Being Enrolled + [Setup] Require test case Send Owner Permission Packet to Enrolled System + + # This adds the User key, packet signed by ownerkey + + ${nameofTest}= Set Variable UserEnroll + + Process Provision Packet ${nameofTest} 2 ${NEW_OWNER_PFX} ${NEW_USER_PFX} ${NEW_USER_CERT} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} + + +Send User Permission Packet to Enrolled System + [Setup] Require test case Send User Enroll to System Being Enrolled + #Files for the Permission package + ${nameofTest}= Set Variable UserPermissions + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciPermission2.xml + + Process Permission Packet ${nameofTest} 2 ${NEW_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Send Owner Settings Packet to Enrolled System + [Setup] Require test case Send User Permission Packet to Enrolled System + #Initial settings for Enrolled System + ${nameofTest}= Set Variable OwnerSettings + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings.xml + + Process Settings Packet ${nameofTest} 1 ${NEW_OWNER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Send User Settings Packet to Enrolled System + [Setup] Require test case Send Owner Settings Packet to Enrolled System + #Initial settings for Enrolled System + ${nameofTest}= Set Variable UserSettings + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml + + Process Settings Packet ${nameofTest} 2 ${NEW_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Restart System to Apply Enrollment +# Start serial log to capture UEFI log during the restart + [Setup] Require test case Send User Settings Packet to Enrolled System + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyEnrollment.log + + Log To Console Restart + Log To Console If test Ztd cert is not installed, you will be prompted + Log To Console for the last two characters of the following thumbprint: + Log To Console Enrolling with ${DDS_CA_THUMBPRINT} + + Reboot System And Wait For System Online + + +Verify Owner Enrolled System Identity Results + ${nameofTest}= Set Variable OwnerEnroll + + Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} + + +Verify Owner Enrolled System Permission Results + ${nameofTest}= Set Variable OwnerPermissions + + ${xmlPermissionsRslt}= Validate Permission Status ${nameofTest} 1 ${STATUS_SUCCESS} + ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + + +Verify User Enrolled System Identity Results + ${nameofTest}= Set Variable UserEnroll + + Validate Provision Status ${nameofTest} 2 ${STATUS_SUCCESS} + + +Verify User Enrolled System Permission Results + ${nameofTest}= Set Variable UserPermissions + + ${xmlPermissionsRslt}= Validate Permission Status ${nameofTest} 2 ${STATUS_SUCCESS} + ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + + +Verify Owner Enrolled System Settings Results + ${nameofTest}= Set Variable OwnerSettings + + ${xmlOwnerSettingsRslt}= Validate Settings Status ${nameofTest} 1 ${STATUS_SUCCESS} FULL + ${rc} Check All Setting Status ${xmlOwnerSettingsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + +Verify User Enrolled System Settings Results + ${nameofTest}= Set Variable UserSettings + + ${xmlUserSettingsRslt}= Validate Settings Status ${nameofTest} 2 ${STATUS_SUCCESS} FULL + ${rc} Check All Setting Status ${xmlUserSettingsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint} Get Thumbprint From Pfx ${NEW_OWNER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == '${OwnerThumbprint}' + + ${UserThumbprint} Get Thumbprint From Pfx ${NEW_USER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == '${UserThumbprint}' + + +Clean Up Mailboxes + Verify No Mailboxes Have Data + +# +# Temporarily remove this last step as the OS doesn't always restart the system with -fw +# +##Restart System to Verify Device Setting +## Start serial log to capture UEFI log during the restart +# [Setup] Require test case Restart System to Apply Enrollment +# +# Start SerialLog ${BOOT_LOG_OUT_DIR}${/}VerifyDeviceSettings.log +# +# Log To Console Restarting to firmware +# Log To Console Check the device settings to insure that all +# Log To Console of the camera devices, and radio devices, are +# Log To Console off and grayed out. Other devices should be +# Log To Console available for the user to control. +# +# Reboot System To Firmware And Wait For System Online diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTunePermissions/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTunePermissions/run.robot index 9ab8e0e2..0399d9e4 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTunePermissions/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTunePermissions/run.robot @@ -1,263 +1,263 @@ -*** Settings *** -# @file -# -Documentation -... DFCI InTune Permissions test -... This test suite checks the action of setting a permission and the various -... PMASK and DMASK combinations. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -MetaData -... - Build a permissions packet -... - Send it to the system under test -... - Reboot the system under test to apply the permissions -... - Get the new "Current Permissions" -... - Verify the permissions are currect - -Library OperatingSystem -Library Process -Library Collections - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}PermissionsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTunePermissions - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - -Initialize lists of tests -#[Documentation] -#... Each permission/PMask/DMask tuple is a list of three elements - the permission, PMask, and the DMask. -#... Establish a list of the permission tuples for the permissions to be set, and another -#... list for the permissions to be checked after the reboot. - - @{VTEST_01_SET1}= Create List Dfci.OnboardCameras.Enable 64 64 - @{VTEST_01_SET2}= Create List Dfci.OnboardAudio.Enable 64 64 - @{VTEST_01_CHECK1}= Create List Dfci.OnboardCameras.Enable 64 64 - @{VTEST_01_CHECK2}= Create List Dfci.OnboardAudio.Enable 64 64 - @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} - @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} - - # Testcase 2 - @{VTEST_02_SET1}= Create List Dfci.OnboardRadios.Enable 64 64 - @{VTEST_02_CHECK1}= Create List Dfci.OnboardRadios.Enable 64 64 - @{VTEST_02_CHECK2}= Create List Dfci.OnboardCameras.Enable ${None} - @{VTEST_02_CHECK3}= Create List Dfci.OnboardAudio.Enable ${None} - @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} - @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} - - # Other tests here - - @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} 192 192 192 192 - @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} 193 193 193 193 - - # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists - Variables - # to be set before a reboot, and a set of variables to be checked after a reboot. For two tests, that means: - # 1. Test 1 Sets - # 2. reboot - # 3. Test 1 Checks - # 4. Test 2 Sets - # 5. reboot - # 6. Test 2 Checks - # - @{MASTER_TEST}= Create List ${VTEST_01} ${VTEST_02} - Set suite variable ${MASTER_TEST} - -# -# Use the following to ensure the lists are built correctly -# -# Log To Console . -# Log To Console ${VTEST_01_SET1} -# Log To Console ${VTEST_01_SET2} -# Log To Console ${VTEST_01_SETS} -# Log To Console ${VTEST_01_CHECKS} -# Log To Console ${VTEST_01} - - - -# -# -# -Process TestCases - [Arguments] @{ATest} - -# -# This function iterates over each of the test cases. For each test case, -# create a permissions payload, package it, send it to the system under test, -# restart the system to apply the permissions, and then validate that the -# permissions in the checklist are correct. -# - FOR ${Testname} ${Sets} ${Checks} ${PMask} ${DMask} ${CheckPMask} ${CheckDMask} IN @{ATest} - ${newPermissionsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewPermissions.xml - ${currentPermissionsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentPermissions.xml - # - # - Log To Console . - Log To Console Starting test ${Testname} - # - # Create the permissions packet - # - Create Permissions XML ${newPermissionsXmlFile} 2 2 ${PMask} ${DMask} ${Sets} - File should Exist ${newPermissionsXmlFile} - # - #Enable the serial log if the platform supports it - # - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplyPermissions.log - # - # Send the user(2) permissions packet to the system under test - # - Process Permission Packet ${Testname} 2 ${OLD_USER_PFX} ${newPermissionsXmlFile} @{TARGET_PARAMETERS} - # - # Restart the system to apply the permissions - # - Log To Console Restarting the system under test - Reboot System And Wait For System Online - # - # - Get and Print Current Permissions ${currentPermissionsXmlFile} - # - # Ensure all of the permissions set, were applied correctly - # - ${xmlPermissionsRslt}= Validate Permission Status ${Testname} 2 ${STATUS_SUCCESS} - # - # Validate the individual settings after the reboot - # - ${rc}= Validate Current Permission Defaults ${Testname} ${currentPermissionsXmlFile} ${CheckPMask} ${CheckDMask} - Should Be True ${rc} - # - ${rc}= Validate Current Permissions ${Testname} ${currentPermissionsXmlFile} ${Checks} - Should Be True ${rc} - # - ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - END - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -#------------------------------------------------------------------* -# Test Cases * -#------------------------------------------------------------------* -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Process Complete Testcase List - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test - - FOR ${ATest} IN @{MASTER_TEST} - Process TestCases @{ATest} - END - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation +... DFCI InTune Permissions test +... This test suite checks the action of setting a permission and the various +... PMASK and DMASK combinations. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +MetaData +... - Build a permissions packet +... - Send it to the system under test +... - Reboot the system under test to apply the permissions +... - Get the new "Current Permissions" +... - Verify the permissions are currect + +Library OperatingSystem +Library Process +Library Collections + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}PermissionsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTunePermissions + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + +Initialize lists of tests +#[Documentation] +#... Each permission/PMask/DMask tuple is a list of three elements - the permission, PMask, and the DMask. +#... Establish a list of the permission tuples for the permissions to be set, and another +#... list for the permissions to be checked after the reboot. + + @{VTEST_01_SET1}= Create List Dfci.OnboardCameras.Enable 64 64 + @{VTEST_01_SET2}= Create List Dfci.OnboardAudio.Enable 64 64 + @{VTEST_01_CHECK1}= Create List Dfci.OnboardCameras.Enable 64 64 + @{VTEST_01_CHECK2}= Create List Dfci.OnboardAudio.Enable 64 64 + @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} + @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} + + # Testcase 2 + @{VTEST_02_SET1}= Create List Dfci.OnboardRadios.Enable 64 64 + @{VTEST_02_CHECK1}= Create List Dfci.OnboardRadios.Enable 64 64 + @{VTEST_02_CHECK2}= Create List Dfci.OnboardCameras.Enable ${None} + @{VTEST_02_CHECK3}= Create List Dfci.OnboardAudio.Enable ${None} + @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} + @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} + + # Other tests here + + @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} 192 192 192 192 + @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} 193 193 193 193 + + # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists - Variables + # to be set before a reboot, and a set of variables to be checked after a reboot. For two tests, that means: + # 1. Test 1 Sets + # 2. reboot + # 3. Test 1 Checks + # 4. Test 2 Sets + # 5. reboot + # 6. Test 2 Checks + # + @{MASTER_TEST}= Create List ${VTEST_01} ${VTEST_02} + Set suite variable ${MASTER_TEST} + +# +# Use the following to ensure the lists are built correctly +# +# Log To Console . +# Log To Console ${VTEST_01_SET1} +# Log To Console ${VTEST_01_SET2} +# Log To Console ${VTEST_01_SETS} +# Log To Console ${VTEST_01_CHECKS} +# Log To Console ${VTEST_01} + + + +# +# +# +Process TestCases + [Arguments] @{ATest} + +# +# This function iterates over each of the test cases. For each test case, +# create a permissions payload, package it, send it to the system under test, +# restart the system to apply the permissions, and then validate that the +# permissions in the checklist are correct. +# + FOR ${Testname} ${Sets} ${Checks} ${PMask} ${DMask} ${CheckPMask} ${CheckDMask} IN @{ATest} + ${newPermissionsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewPermissions.xml + ${currentPermissionsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentPermissions.xml + # + # + Log To Console . + Log To Console Starting test ${Testname} + # + # Create the permissions packet + # + Create Permissions XML ${newPermissionsXmlFile} 2 2 ${PMask} ${DMask} ${Sets} + File should Exist ${newPermissionsXmlFile} + # + #Enable the serial log if the platform supports it + # + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplyPermissions.log + # + # Send the user(2) permissions packet to the system under test + # + Process Permission Packet ${Testname} 2 ${OLD_USER_PFX} ${newPermissionsXmlFile} @{TARGET_PARAMETERS} + # + # Restart the system to apply the permissions + # + Log To Console Restarting the system under test + Reboot System And Wait For System Online + # + # + Get and Print Current Permissions ${currentPermissionsXmlFile} + # + # Ensure all of the permissions set, were applied correctly + # + ${xmlPermissionsRslt}= Validate Permission Status ${Testname} 2 ${STATUS_SUCCESS} + # + # Validate the individual settings after the reboot + # + ${rc}= Validate Current Permission Defaults ${Testname} ${currentPermissionsXmlFile} ${CheckPMask} ${CheckDMask} + Should Be True ${rc} + # + ${rc}= Validate Current Permissions ${Testname} ${currentPermissionsXmlFile} ${Checks} + Should Be True ${rc} + # + ${rc} Check All Permission Status ${xmlPermissionsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + END + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +#------------------------------------------------------------------* +# Test Cases * +#------------------------------------------------------------------* +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Process Complete Testcase List + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test + + FOR ${ATest} IN @{MASTER_TEST} + Process TestCases @{ATest} + END + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneRollCerts/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneRollCerts/run.robot index 00f5c3e5..b8782398 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneRollCerts/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneRollCerts/run.robot @@ -1,171 +1,171 @@ -*** Settings *** -# @file -# -Documentation This test suite rolls the certificates used for owner and user. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneRollCerts - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - -Get the starting DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Send Owner Roll Certificate Packet to System Being Transitioned - [Setup] Require test case Obtain Target Parameters From Target - - # This replaces the owner key, packet signed by previous owner leaf - - ${nameofTest}= Set Variable OwnerEnroll - - Process Provision Packet ${nameofTest} 1 ${OLD_OWNER_PFX} ${NEW_OWNER_PFX} ${NEW_OWNER_CERT} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - -Send User Roll Certificate to System Being Transitioned - [Setup] Require test case Send Owner Roll Certificate Packet to System Being Transitioned - - # This replaces the User key, packet signed by previous owner leaf - - ${nameofTest}= Set Variable UserEnroll - - Process Provision Packet ${nameofTest} 2 ${OLD_USER_PFX} ${NEW_USER_PFX} ${NEW_USER_CERT} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} - - -Restart System to Apply Enrollment -# Start serial log to capture UEFI log during the restart - [Setup] Require test case Send User Roll Certificate to System Being Transitioned - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyEnrollment.log - - Reboot System And Wait For System Online - - -Verify Owner Roll Ceritificate Identity Results - ${nameofTest}= Set Variable OwnerEnroll - - Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} - - -Verify User Roll ceritificate Identity Results - ${nameofTest}= Set Variable UserEnroll - - Validate Provision Status ${nameofTest} 2 ${STATUS_SUCCESS} - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint From Pfx ${NEW_OWNER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == '${OwnerThumbprint}' - - ${UserThumbprint}= Get Thumbprint From Pfx ${NEW_USER_CERT} - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == '${UserThumbprint}' - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation This test suite rolls the certificates used for owner and user. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneRollCerts + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + +Get the starting DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Send Owner Roll Certificate Packet to System Being Transitioned + [Setup] Require test case Obtain Target Parameters From Target + + # This replaces the owner key, packet signed by previous owner leaf + + ${nameofTest}= Set Variable OwnerEnroll + + Process Provision Packet ${nameofTest} 1 ${OLD_OWNER_PFX} ${NEW_OWNER_PFX} ${NEW_OWNER_CERT} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + +Send User Roll Certificate to System Being Transitioned + [Setup] Require test case Send Owner Roll Certificate Packet to System Being Transitioned + + # This replaces the User key, packet signed by previous owner leaf + + ${nameofTest}= Set Variable UserEnroll + + Process Provision Packet ${nameofTest} 2 ${OLD_USER_PFX} ${NEW_USER_PFX} ${NEW_USER_CERT} ${USER_KEY_INDEX} @{TARGET_PARAMETERS} + + +Restart System to Apply Enrollment +# Start serial log to capture UEFI log during the restart + [Setup] Require test case Send User Roll Certificate to System Being Transitioned + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}ApplyEnrollment.log + + Reboot System And Wait For System Online + + +Verify Owner Roll Ceritificate Identity Results + ${nameofTest}= Set Variable OwnerEnroll + + Validate Provision Status ${nameofTest} 1 ${STATUS_SUCCESS} + + +Verify User Roll ceritificate Identity Results + ${nameofTest}= Set Variable UserEnroll + + Validate Provision Status ${nameofTest} 2 ${STATUS_SUCCESS} + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint From Pfx ${NEW_OWNER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == '${OwnerThumbprint}' + + ${UserThumbprint}= Get Thumbprint From Pfx ${NEW_USER_CERT} + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == '${UserThumbprint}' + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneSettings/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneSettings/run.robot index 6c4186e7..a8a4d339 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneSettings/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneSettings/run.robot @@ -1,385 +1,385 @@ -*** Settings *** -# @file -# -Documentation -... DFCI InTune Settings test -... This test suite checks the action of setting a setting, and the settings -... of group settings. -... -... NOTE: -... -... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: -... -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 -... -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -MetaData -... - Build a settings packet -... - Send it to the system under test -... - Reboot the system under test to apply the settings -... - Get the new "Current Settings" -... - Verify the settings that were changed - -Library OperatingSystem -Library Process -Library Collections - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}SettingsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneSettings - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - -Initialize lists of tests -#[Documentation] -#... Each setting/value pair is a list of two elements - the setting, and the value. -#... Establish a list of the settings pairs for the settings to be set, and another -#... list for the settings to be checked after the reboot. - - @{VTEST_01_SET1}= Create List Dfci.OnboardCameras.Enable Enabled - @{VTEST_01_SET2}= Create List Device.IRCamera.Enable Enabled - @{VTEST_01_SET3}= Create List Dfci.OnboardAudio.Enable Enabled - - @{VTEST_01_CHECK1}= Create List Device.FrontCamera.Enable Enabled - @{VTEST_01_CHECK2}= Create List Device.IRCamera.Enable Enabled - @{VTEST_01_CHECK3}= Create List Device.RearCamera.Enable Enabled - @{VTEST_01_CHECK4}= Create List Dfci.OnboardCameras.Enable Enabled - @{VTEST_01_CHECK5}= Create List Dfci.OnboardAudio.Enable Enabled - - ${VTEST_01_RESULTS}= Create Dictionary Dfci.OnboardCameras.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_01_RESULTS} Device.IRCamera.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_01_RESULTS} Dfci.OnboardAudio.Enable ${STATUS_SUCCESS} - - @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} ${VTEST_01_SET3} - @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} ${VTEST_01_CHECK4} ${VTEST_01_CHECK5} - - - # Testcase 2 - @{VTEST_02_SET1}= Create List Dfci.OnboardCameras.Enable Disabled - @{VTEST_02_SET2}= Create List Device.IRCamera.Enable Enabled - @{VTEST_02_SET3}= Create List Dfci.OnboardAudio.Enable Disabled - - @{VTEST_02_CHECK1}= Create List Device.FrontCamera.Enable Disabled - @{VTEST_02_CHECK2}= Create List Device.IRCamera.Enable Enabled - @{VTEST_02_CHECK3}= Create List Device.RearCamera.Enable Disabled - @{VTEST_02_CHECK4}= Create List Dfci.OnboardCameras.Enable Inconsistent - @{VTEST_02_CHECK5}= Create List Dfci.OnboardAudio.Enable Disabled - - ${VTEST_02_RESULTS}= Create Dictionary Dfci.OnboardCameras.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_02_RESULTS} Device.IRCamera.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_02_RESULTS} Dfci.OnboardAudio.Enable ${STATUS_SUCCESS} - - @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} ${VTEST_02_SET2} ${VTEST_02_SET3} - @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} ${VTEST_02_CHECK4} ${VTEST_02_CHECK5} - - - # Testcase 3 V3 Set variables - @{VTEST_03_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 - @{VTEST_03_SET2}= Create List Dfci3.OnboardWpbt.Enable Enabled - @{VTEST_03_SET3}= Create List Dfci3.ProcessorSMT.Enable Enabled - - @{VTEST_03_CHECK1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 - @{VTEST_03_CHECK2}= Create List Dfci3.OnboardWpbt.Enable Enabled - @{VTEST_03_CHECK3}= Create List Dfci3.ProcessorSMT.Enable Enabled - - ${VTEST_03_RESULTS} Create Dictionary Dfci3.AssetTag.String ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_03_RESULTS} Dfci3.OnboardWpbt.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_03_RESULTS} Dfci3.ProcessorSMT.Enable ${STATUS_SUCCESS} - - @{VTEST_03_SETS}= Create List ${VTEST_03_SET1} ${VTEST_03_SET2} ${VTEST_03_SET3} - @{VTEST_03_CHECKS}= Create List ${VTEST_03_CHECK1} ${VTEST_03_CHECK3} ${VTEST_03_CHECK3} - - - # Testcase 4 V3 Check Variables - @{VTEST_04_SET1}= Create List Dfci3.AssetTag.String ${EMPTY} - @{VTEST_04_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} - - ${VTEST_04_RESULTS} Create Dictionary Dfci3.AssetTag.String ${STATUS_SUCCESS} - - @{VTEST_04_SETS}= Create List ${VTEST_04_SET1} - @{VTEST_04_CHECKS}= Create List ${VTEST_04_CHECK1} - - - # Testcase 5 V3 Asset tag too long - @{VTEST_05_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ.1234567890 - @{VTEST_05_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} - - ${VTEST_05_RESULTS}= Create Dictionary Dfci3.AssetTag.String ${STATUS_INVALID_PARAMETER} - - @{VTEST_05_SETS}= Create List ${VTEST_05_SET1} - @{VTEST_05_CHECKS}= Create List ${VTEST_05_CHECK1} - - - # Testcase 6 V3 Asset tag invalid characters - @{VTEST_06_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789% - @{VTEST_06_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} - - ${VTEST_06_RESULTS}= Create Dictionary Dfci3.AssetTag.String ${STATUS_INVALID_PARAMETER} - - @{VTEST_06_SETS}= Create List ${VTEST_06_SET1} - @{VTEST_06_CHECKS}= Create List ${VTEST_06_CHECK1} - - - # The full tests are here - - @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} - @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} - @{VTEST_03}= Create List Test3 ${VTEST_03_SETS} ${VTEST_03_CHECKS} ${VTEST_03_RESULTS} - @{VTEST_04}= Create List Test4 ${VTEST_04_SETS} ${VTEST_04_CHECKS} ${VTEST_04_RESULTS} - @{VTEST_05}= Create List Test5 ${VTEST_05_SETS} ${VTEST_05_CHECKS} ${VTEST_05_RESULTS} - @{VTEST_06}= Create List Test6 ${VTEST_06_SETS} ${VTEST_06_CHECKS} ${VTEST_06_RESULTS} - - # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. - # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results - # for each setting. For two tests, that means: - # 1. Test 1 Sets - # 2. reboot - # 3. Test 1 Checks with return codes - # 4. Test 2 Sets - # 5. reboot - # 6. Test 2 Checks with return codes - # - @{MASTER_TEST_V2}= Create List ${VTEST_01} ${VTEST_02} - @{MASTER_TEST_V3}= Create List ${VTEST_03} ${VTEST_04} ${VTEST_05} ${VTEST_06} - - @{RESTORE_SETTINGS_V2}= Create List ${VTEST_01} - @{RESTORE_SETTINGS_V3}= Create List ${VTEST_03} - - # Default to all the tests - Set suite variable ${MASTER_TEST_V2} - Set suite variable ${MASTER_TEST_V3} - Set suite variable ${RESTORE_SETTINGS_V2} - Set suite variable ${RESTORE_SETTINGS_V3} - - -# -# Use the following to ensure the lists are built correctly -# -# Log To Console . -# Log To Console ${VTEST_01_SET1} -# Log To Console ${VTEST_01_SET2} -# Log To Console ${VTEST_01_SETS} -# Log To Console ${VTEST_01_CHECKS} -# Log To Console ${VTEST_01} - -# -# -# -Process TestCases - [Arguments] @{ATest} - -# -# This function iterates over each of the test cases. For each test case, -# create a settings payload, package it, send it to the system under test, -# restart the system to apply the settings, nd then validate that the -# settings in the checklist are correct. -# - FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} - ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml - ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml - # - # - Log To Console . - Log To Console Starting test ${Testname} - # - # Create the settings packet - # - Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} - File should Exist ${newSettingsXmlFile} - # - #Enable the serial log if the platform supports it - # - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log - # - # Send the user(2) settings packet to the system under test - # - Process Settings Packet ${Testname} 2 ${OLD_USER_PFX} ${newSettingsXmlFile} @{TARGET_PARAMETERS} - # - # Restart the system to apply the settings - # - Log To Console Restarting the system under test - Reboot System And Wait For System Online - # - # - Get and Print Current Settings ${currentSettingXmlFile} - # - # Ensure all of the setting set, were applied correctly - # - ${xmlSettingsRslt}= Validate Settings Status ${Testname} 2 ${STATUS_SUCCESS} BASIC - # - # Validate the individual settings after the reboot - # - ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} - Should Be True ${rc} - # - ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} - Should Be True ${rc} - END - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -#------------------------------------------------------------------* -# Test Cases * -#------------------------------------------------------------------* -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Process Complete Testcase List V2 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test V2 - - FOR ${ATest} IN @{MASTER_TEST_V2} - Process TestCases @{ATest} - END - - -Process Complete Testcase List V3 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test V3 - - FOR ${ATest} IN @{MASTER_TEST_V3} - Process TestCases @{ATest} - END - - -Restore Settings V2 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Restoring settings V2 - - FOR ${ATest} IN @{RESTORE_SETTINGS_V2} - Process TestCases @{ATest} - END - - -Restore Settings V3 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Restoring settings V3 - - FOR ${ATest} IN @{RESTORE_SETTINGS_V3} - Process TestCases @{ATest} - END - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation +... DFCI InTune Settings test +... This test suite checks the action of setting a setting, and the settings +... of group settings. +... +... NOTE: +... +... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: +... +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 +... +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +MetaData +... - Build a settings packet +... - Send it to the system under test +... - Reboot the system under test to apply the settings +... - Get the new "Current Settings" +... - Verify the settings that were changed + +Library OperatingSystem +Library Process +Library Collections + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}SettingsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneSettings + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + +Initialize lists of tests +#[Documentation] +#... Each setting/value pair is a list of two elements - the setting, and the value. +#... Establish a list of the settings pairs for the settings to be set, and another +#... list for the settings to be checked after the reboot. + + @{VTEST_01_SET1}= Create List Dfci.OnboardCameras.Enable Enabled + @{VTEST_01_SET2}= Create List Device.IRCamera.Enable Enabled + @{VTEST_01_SET3}= Create List Dfci.OnboardAudio.Enable Enabled + + @{VTEST_01_CHECK1}= Create List Device.FrontCamera.Enable Enabled + @{VTEST_01_CHECK2}= Create List Device.IRCamera.Enable Enabled + @{VTEST_01_CHECK3}= Create List Device.RearCamera.Enable Enabled + @{VTEST_01_CHECK4}= Create List Dfci.OnboardCameras.Enable Enabled + @{VTEST_01_CHECK5}= Create List Dfci.OnboardAudio.Enable Enabled + + ${VTEST_01_RESULTS}= Create Dictionary Dfci.OnboardCameras.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_01_RESULTS} Device.IRCamera.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_01_RESULTS} Dfci.OnboardAudio.Enable ${STATUS_SUCCESS} + + @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} ${VTEST_01_SET3} + @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} ${VTEST_01_CHECK4} ${VTEST_01_CHECK5} + + + # Testcase 2 + @{VTEST_02_SET1}= Create List Dfci.OnboardCameras.Enable Disabled + @{VTEST_02_SET2}= Create List Device.IRCamera.Enable Enabled + @{VTEST_02_SET3}= Create List Dfci.OnboardAudio.Enable Disabled + + @{VTEST_02_CHECK1}= Create List Device.FrontCamera.Enable Disabled + @{VTEST_02_CHECK2}= Create List Device.IRCamera.Enable Enabled + @{VTEST_02_CHECK3}= Create List Device.RearCamera.Enable Disabled + @{VTEST_02_CHECK4}= Create List Dfci.OnboardCameras.Enable Inconsistent + @{VTEST_02_CHECK5}= Create List Dfci.OnboardAudio.Enable Disabled + + ${VTEST_02_RESULTS}= Create Dictionary Dfci.OnboardCameras.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_02_RESULTS} Device.IRCamera.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_02_RESULTS} Dfci.OnboardAudio.Enable ${STATUS_SUCCESS} + + @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} ${VTEST_02_SET2} ${VTEST_02_SET3} + @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} ${VTEST_02_CHECK4} ${VTEST_02_CHECK5} + + + # Testcase 3 V3 Set variables + @{VTEST_03_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 + @{VTEST_03_SET2}= Create List Dfci3.OnboardWpbt.Enable Enabled + @{VTEST_03_SET3}= Create List Dfci3.ProcessorSMT.Enable Enabled + + @{VTEST_03_CHECK1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 + @{VTEST_03_CHECK2}= Create List Dfci3.OnboardWpbt.Enable Enabled + @{VTEST_03_CHECK3}= Create List Dfci3.ProcessorSMT.Enable Enabled + + ${VTEST_03_RESULTS} Create Dictionary Dfci3.AssetTag.String ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_03_RESULTS} Dfci3.OnboardWpbt.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_03_RESULTS} Dfci3.ProcessorSMT.Enable ${STATUS_SUCCESS} + + @{VTEST_03_SETS}= Create List ${VTEST_03_SET1} ${VTEST_03_SET2} ${VTEST_03_SET3} + @{VTEST_03_CHECKS}= Create List ${VTEST_03_CHECK1} ${VTEST_03_CHECK3} ${VTEST_03_CHECK3} + + + # Testcase 4 V3 Check Variables + @{VTEST_04_SET1}= Create List Dfci3.AssetTag.String ${EMPTY} + @{VTEST_04_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} + + ${VTEST_04_RESULTS} Create Dictionary Dfci3.AssetTag.String ${STATUS_SUCCESS} + + @{VTEST_04_SETS}= Create List ${VTEST_04_SET1} + @{VTEST_04_CHECKS}= Create List ${VTEST_04_CHECK1} + + + # Testcase 5 V3 Asset tag too long + @{VTEST_05_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ.1234567890 + @{VTEST_05_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} + + ${VTEST_05_RESULTS}= Create Dictionary Dfci3.AssetTag.String ${STATUS_INVALID_PARAMETER} + + @{VTEST_05_SETS}= Create List ${VTEST_05_SET1} + @{VTEST_05_CHECKS}= Create List ${VTEST_05_CHECK1} + + + # Testcase 6 V3 Asset tag invalid characters + @{VTEST_06_SET1}= Create List Dfci3.AssetTag.String ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789% + @{VTEST_06_CHECK1}= Create List Dfci3.AssetTag.String ${EMPTY} + + ${VTEST_06_RESULTS}= Create Dictionary Dfci3.AssetTag.String ${STATUS_INVALID_PARAMETER} + + @{VTEST_06_SETS}= Create List ${VTEST_06_SET1} + @{VTEST_06_CHECKS}= Create List ${VTEST_06_CHECK1} + + + # The full tests are here + + @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} + @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} + @{VTEST_03}= Create List Test3 ${VTEST_03_SETS} ${VTEST_03_CHECKS} ${VTEST_03_RESULTS} + @{VTEST_04}= Create List Test4 ${VTEST_04_SETS} ${VTEST_04_CHECKS} ${VTEST_04_RESULTS} + @{VTEST_05}= Create List Test5 ${VTEST_05_SETS} ${VTEST_05_CHECKS} ${VTEST_05_RESULTS} + @{VTEST_06}= Create List Test6 ${VTEST_06_SETS} ${VTEST_06_CHECKS} ${VTEST_06_RESULTS} + + # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. + # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results + # for each setting. For two tests, that means: + # 1. Test 1 Sets + # 2. reboot + # 3. Test 1 Checks with return codes + # 4. Test 2 Sets + # 5. reboot + # 6. Test 2 Checks with return codes + # + @{MASTER_TEST_V2}= Create List ${VTEST_01} ${VTEST_02} + @{MASTER_TEST_V3}= Create List ${VTEST_03} ${VTEST_04} ${VTEST_05} ${VTEST_06} + + @{RESTORE_SETTINGS_V2}= Create List ${VTEST_01} + @{RESTORE_SETTINGS_V3}= Create List ${VTEST_03} + + # Default to all the tests + Set suite variable ${MASTER_TEST_V2} + Set suite variable ${MASTER_TEST_V3} + Set suite variable ${RESTORE_SETTINGS_V2} + Set suite variable ${RESTORE_SETTINGS_V3} + + +# +# Use the following to ensure the lists are built correctly +# +# Log To Console . +# Log To Console ${VTEST_01_SET1} +# Log To Console ${VTEST_01_SET2} +# Log To Console ${VTEST_01_SETS} +# Log To Console ${VTEST_01_CHECKS} +# Log To Console ${VTEST_01} + +# +# +# +Process TestCases + [Arguments] @{ATest} + +# +# This function iterates over each of the test cases. For each test case, +# create a settings payload, package it, send it to the system under test, +# restart the system to apply the settings, nd then validate that the +# settings in the checklist are correct. +# + FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} + ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml + ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml + # + # + Log To Console . + Log To Console Starting test ${Testname} + # + # Create the settings packet + # + Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} + File should Exist ${newSettingsXmlFile} + # + #Enable the serial log if the platform supports it + # + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log + # + # Send the user(2) settings packet to the system under test + # + Process Settings Packet ${Testname} 2 ${OLD_USER_PFX} ${newSettingsXmlFile} @{TARGET_PARAMETERS} + # + # Restart the system to apply the settings + # + Log To Console Restarting the system under test + Reboot System And Wait For System Online + # + # + Get and Print Current Settings ${currentSettingXmlFile} + # + # Ensure all of the setting set, were applied correctly + # + ${xmlSettingsRslt}= Validate Settings Status ${Testname} 2 ${STATUS_SUCCESS} BASIC + # + # Validate the individual settings after the reboot + # + ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} + Should Be True ${rc} + # + ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} + Should Be True ${rc} + END + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +#------------------------------------------------------------------* +# Test Cases * +#------------------------------------------------------------------* +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Process Complete Testcase List V2 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test V2 + + FOR ${ATest} IN @{MASTER_TEST_V2} + Process TestCases @{ATest} + END + + +Process Complete Testcase List V3 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test V3 + + FOR ${ATest} IN @{MASTER_TEST_V3} + Process TestCases @{ATest} + END + + +Restore Settings V2 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Restoring settings V2 + + FOR ${ATest} IN @{RESTORE_SETTINGS_V2} + Process TestCases @{ATest} + END + + +Restore Settings V3 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Restoring settings V3 + + FOR ${ATest} IN @{RESTORE_SETTINGS_V3} + Process TestCases @{ATest} + END + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/DfciSettings2.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/DfciSettings2.xml index 88cea9e3..4f02828d 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/DfciSettings2.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/DfciSettings2.xml @@ -1,43 +1,43 @@ - - - - DFCI Tester - 2020-03-27 10:22:00 - 2 - 2 - - - Dfci.OnboardCameras.Enable - Enabled - - - Dfci.OnboardRadios.Enable - Enabled - - - Dfci.BootExternalMedia.Enable - Enabled - - - Dfci3.OnboardWpbt.Enable - Enabled - - - Dfci3.ProcessorSMT.Enable - Enabled - - - Dfci3.AssetTag.String - - - + + + + DFCI Tester + 2020-03-27 10:22:00 + 2 + 2 + + + Dfci.OnboardCameras.Enable + Enabled + + + Dfci.OnboardRadios.Enable + Enabled + + + Dfci.BootExternalMedia.Enable + Enabled + + + Dfci3.OnboardWpbt.Enable + Enabled + + + Dfci3.ProcessorSMT.Enable + Enabled + + + Dfci3.AssetTag.String + + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/run.robot index ce812f8a..91418e87 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InTuneUnenroll/run.robot @@ -1,217 +1,217 @@ -*** Settings *** -# @file -# -Documentation This test suite unenrolls the system after being enrolled with InTuneEnroll. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -Library OperatingSystem -Library Process - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}SettingsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 - -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneUnenroll - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the current DFCI Settings Before Unenroll - ${nameofTest}= Set Variable BeforeUnenroll - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the current DFCI Settings Before UnEnroll - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Send User Settings Packet to Enrolled System - [Setup] Require test case Obtain Target Parameters From Target - #Initial settings for Enrolled System - ${nameofTest}= Set Variable UserSettings - ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml - - - Process Settings Packet ${nameofTest} 2 ${OLD_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} - - -Send Owner Unenroll to System - [Setup] Require test case Send User Settings Packet to Enrolled System - ${nameofTest}= Set Variable Unenroll - - Process UnEnroll Packet ${nameofTest} 1 ${OLD_OWNER_PFX} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} - - -Restart System to UnEnroll -#Documentation Only run the restart test if all the previous setup operations passed - [Setup] Require test case Send Owner Unenroll to System - - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}InTuneUnenroll.log - - Reboot System And Wait For System Online - - -Verify User Enrolled System Settings Results - ${nameofTest}= Set Variable UserSettings - - ${xmlUserSettingsRslt}= Validate Settings Status ${nameofTest} 2 ${STATUS_SUCCESS} FULL - ${rc} Check All Setting Status ${xmlUserSettingsRslt} ${STATUS_SUCCESS} - Should Be True ${rc} - - -Verify Owner UnEnroll Results - ${nameofTest}= Set Variable Unenroll - - Validate UnEnroll Status ${nameofTest} 1 ${STATUS_SUCCESS} - - -Get the current DFCI Settings after Unenroll - ${nameofTest}= Set Variable AfterUnenroll - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner - Should Be True '${rc}' == 'Cert not installed' - - ${rc}= Get Thumbprint Element ${currentIdxmlFile} User - Should Be True '${rc}' == 'Cert not installed' - - -Verify Settings Returned To Defaults - ${nameofTest}= Set Variable VerifyDefaults - ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml - - -#Documentation Verify the no preboot UI settings are back to default - @{RTD_CHECK01}= Create List Dfci.HttpsCert.Binary ${EMPTY} - @{RTD_CHECK02}= Create List Dfci.RecoveryBootstrapUrl.String ${EMPTY} - @{RTD_CHECK03}= Create List Dfci.RecoveryUrl.String ${EMPTY} - @{RTD_CHECK04}= Create List Dfci.RegistrationId.String ${EMPTY} - @{RTD_CHECK05}= Create List Dfci.TenantId.String ${EMPTY} - @{RTD_CHECK06}= Create List Dfci3.AssetTag.String ${EMPTY} - @{RTD_CHECK07}= Create List Dfci3.OnboardWpbt.Enable Enabled - @{RTD_CHECK08}= Create List MDM.FriendlyName.String ${EMPTY} - @{RTD_CHECK09}= Create List MDM.TenantName.String ${EMPTY} - -#Documentation Verify the settings that require explicit reset reset to default - @{RTD_CHECK10}= Create List Dfci.OnboardCameras.Enable Enabled - @{RTD_CHECK11}= Create List Dfci.OnboardRadios.Enable Enabled - @{RTD_CHECK12}= Create List Dfci.BootExternalMedia.Enable Enabled - @{RTD_CHECK13}= Create List Dfci3.ProcessorSMT.Enable Enabled - @{RTD_CHECK14}= Create List Dfci3.AssetTag.String ${EMPTY} - - @{RTD_CHECKS}= Create List ${RTD_CHECK01} -... ${RTD_CHECK02} -... ${RTD_CHECK03} -... ${RTD_CHECK04} -... ${RTD_CHECK05} -... ${RTD_CHECK06} -... ${RTD_CHECK07} -... ${RTD_CHECK08} -... ${RTD_CHECK09} -... ${RTD_CHECK10} -... ${RTD_CHECK11} -... ${RTD_CHECK12} -... ${RTD_CHECK13} -... ${RTD_CHECK14} - - Get and Print Current Settings ${currentSettingXmlFile} - - ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${RTD_CHECKS} - Should Be True ${rc} - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation This test suite unenrolls the system after being enrolled with InTuneEnroll. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +Library OperatingSystem +Library Process + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}SettingsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 + +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_InTuneUnenroll + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the current DFCI Settings Before Unenroll + ${nameofTest}= Set Variable BeforeUnenroll + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the current DFCI Settings Before UnEnroll + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Send User Settings Packet to Enrolled System + [Setup] Require test case Obtain Target Parameters From Target + #Initial settings for Enrolled System + ${nameofTest}= Set Variable UserSettings + ${xmlPayloadFile}= Set Variable ${TEST_CASE_DIR}${/}DfciSettings2.xml + + + Process Settings Packet ${nameofTest} 2 ${OLD_USER_PFX} ${xmlPayloadFile} @{TARGET_PARAMETERS} + + +Send Owner Unenroll to System + [Setup] Require test case Send User Settings Packet to Enrolled System + ${nameofTest}= Set Variable Unenroll + + Process UnEnroll Packet ${nameofTest} 1 ${OLD_OWNER_PFX} ${OWNER_KEY_INDEX} @{TARGET_PARAMETERS} + + +Restart System to UnEnroll +#Documentation Only run the restart test if all the previous setup operations passed + [Setup] Require test case Send Owner Unenroll to System + + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}InTuneUnenroll.log + + Reboot System And Wait For System Online + + +Verify User Enrolled System Settings Results + ${nameofTest}= Set Variable UserSettings + + ${xmlUserSettingsRslt}= Validate Settings Status ${nameofTest} 2 ${STATUS_SUCCESS} FULL + ${rc} Check All Setting Status ${xmlUserSettingsRslt} ${STATUS_SUCCESS} + Should Be True ${rc} + + +Verify Owner UnEnroll Results + ${nameofTest}= Set Variable Unenroll + + Validate UnEnroll Status ${nameofTest} 1 ${STATUS_SUCCESS} + + +Get the current DFCI Settings after Unenroll + ${nameofTest}= Set Variable AfterUnenroll + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} Owner + Should Be True '${rc}' == 'Cert not installed' + + ${rc}= Get Thumbprint Element ${currentIdxmlFile} User + Should Be True '${rc}' == 'Cert not installed' + + +Verify Settings Returned To Defaults + ${nameofTest}= Set Variable VerifyDefaults + ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml + + +#Documentation Verify the no preboot UI settings are back to default + @{RTD_CHECK01}= Create List Dfci.HttpsCert.Binary ${EMPTY} + @{RTD_CHECK02}= Create List Dfci.RecoveryBootstrapUrl.String ${EMPTY} + @{RTD_CHECK03}= Create List Dfci.RecoveryUrl.String ${EMPTY} + @{RTD_CHECK04}= Create List Dfci.RegistrationId.String ${EMPTY} + @{RTD_CHECK05}= Create List Dfci.TenantId.String ${EMPTY} + @{RTD_CHECK06}= Create List Dfci3.AssetTag.String ${EMPTY} + @{RTD_CHECK07}= Create List Dfci3.OnboardWpbt.Enable Enabled + @{RTD_CHECK08}= Create List MDM.FriendlyName.String ${EMPTY} + @{RTD_CHECK09}= Create List MDM.TenantName.String ${EMPTY} + +#Documentation Verify the settings that require explicit reset reset to default + @{RTD_CHECK10}= Create List Dfci.OnboardCameras.Enable Enabled + @{RTD_CHECK11}= Create List Dfci.OnboardRadios.Enable Enabled + @{RTD_CHECK12}= Create List Dfci.BootExternalMedia.Enable Enabled + @{RTD_CHECK13}= Create List Dfci3.ProcessorSMT.Enable Enabled + @{RTD_CHECK14}= Create List Dfci3.AssetTag.String ${EMPTY} + + @{RTD_CHECKS}= Create List ${RTD_CHECK01} +... ${RTD_CHECK02} +... ${RTD_CHECK03} +... ${RTD_CHECK04} +... ${RTD_CHECK05} +... ${RTD_CHECK06} +... ${RTD_CHECK07} +... ${RTD_CHECK08} +... ${RTD_CHECK09} +... ${RTD_CHECK10} +... ${RTD_CHECK11} +... ${RTD_CHECK12} +... ${RTD_CHECK13} +... ${RTD_CHECK14} + + Get and Print Current Settings ${currentSettingXmlFile} + + ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${RTD_CHECKS} + Should Be True ${rc} + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InitialState/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InitialState/run.robot index bb8370a6..3f4dd6e1 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InitialState/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_InitialState/run.robot @@ -1,177 +1,177 @@ -*** Settings *** -# @file -# -Documentation -... DFCI Initial State test - Verifies that there are no enrolled identities, -... that the proper thumbprint is installed for the ZTD key, and verifies the -... initial state of the permission store. -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -MetaData -... - Build a permissions packet -... - Send it to the system under test -... - Reboot the system under test to apply the permissions -... - Get the new "Current Permissions" -... - Verify the permissions are currect - -Library OperatingSystem -Library Process -Library Collections - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}PermissionsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource UefiSerial_Keywords.robot - -#Import the DFCI Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -# -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} ${TEST_ROOT_DIR}${/}certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - -Initialize lists of tests -#[Documentation] -#... Each permission/PMask/DMask tuple is a list of three elements - the permission, PMask, and the DMask. -#... Establish a list of the permission tuples for the permissions to be set, and another -#... list for the permissions to be checked after the reboot. - - @{VTEST_01_CHECK1}= Create List Dfci.OwnerKey.Enum 9 128 - @{VTEST_01_CHECK2}= Create List Dfci.ZtdKey.Enum 1 ${None} - @{VTEST_01_CHECK3}= Create List Dfci.ZtdUnenroll.Enable 0 ${None} - @{VTEST_01_CHECK4}= Create List Dfci.Ztd.Recovery.Enable 0 ${None} - @{INITIAL_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} ${VTEST_01_CHECK4} - - Set suite variable ${INITIAL_CHECKS} -# -# -# -Process Initial Permission Check - [Arguments] ${Testname} - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}Testcase_currentPermission.xml - - Get and Print Current Permissions ${currentPermXmlFile} - # - ${rc}= Validate Current Permissions ${Testname} ${currentPermXmlFile} ${INITIAL_CHECKS} - Should Be True ${rc} - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}Testcase_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -#------------------------------------------------------------------* -# Test Cases * -#------------------------------------------------------------------* -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - ${User1Thumbprint}= Get Thumbprint Element ${currentIdxmlFile} User1 - ${User2Thumbprint}= Get Thumbprint Element ${currentIdxmlFile} User2 - ${ZtdThumbprint}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch - - Should Be True '${OwnerThumbprint}' == 'Cert not installed' - Should Be True '${UserThumbprint}' == 'Cert not installed' - Should Be True '${User1Thumbprint}' == 'Cert not installed' - Should Be True '${User2Thumbprint}' == 'Cert not installed' - Log To Console . - Log To Console Verifying the system under test is Opted In for InTune - Should Be True '${ZtdThumbprint}' != 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Process Complete Testcase List - [Setup] Require test case Obtain Target Parameters From Target - - ${nameofTest}= Set Variable ProcessInitialTest - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test - - Process Initial Permission Check ${nameofTest} +*** Settings *** +# @file +# +Documentation +... DFCI Initial State test - Verifies that there are no enrolled identities, +... that the proper thumbprint is installed for the ZTD key, and verifies the +... initial state of the permission store. +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +MetaData +... - Build a permissions packet +... - Send it to the system under test +... - Reboot the system under test to apply the permissions +... - Get the new "Current Permissions" +... - Verify the permissions are currect + +Library OperatingSystem +Library Process +Library Collections + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}PermissionsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource UefiSerial_Keywords.robot + +#Import the DFCI Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +# +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} ${TEST_ROOT_DIR}${/}certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + +Initialize lists of tests +#[Documentation] +#... Each permission/PMask/DMask tuple is a list of three elements - the permission, PMask, and the DMask. +#... Establish a list of the permission tuples for the permissions to be set, and another +#... list for the permissions to be checked after the reboot. + + @{VTEST_01_CHECK1}= Create List Dfci.OwnerKey.Enum 9 128 + @{VTEST_01_CHECK2}= Create List Dfci.ZtdKey.Enum 1 ${None} + @{VTEST_01_CHECK3}= Create List Dfci.ZtdUnenroll.Enable 0 ${None} + @{VTEST_01_CHECK4}= Create List Dfci.Ztd.Recovery.Enable 0 ${None} + @{INITIAL_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} ${VTEST_01_CHECK4} + + Set suite variable ${INITIAL_CHECKS} +# +# +# +Process Initial Permission Check + [Arguments] ${Testname} + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}Testcase_currentPermission.xml + + Get and Print Current Permissions ${currentPermXmlFile} + # + ${rc}= Validate Current Permissions ${Testname} ${currentPermXmlFile} ${INITIAL_CHECKS} + Should Be True ${rc} + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}Testcase_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +#------------------------------------------------------------------* +# Test Cases * +#------------------------------------------------------------------* +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + ${User1Thumbprint}= Get Thumbprint Element ${currentIdxmlFile} User1 + ${User2Thumbprint}= Get Thumbprint Element ${currentIdxmlFile} User2 + ${ZtdThumbprint}= Get Thumbprint Element ${currentIdxmlFile} ZeroTouch + + Should Be True '${OwnerThumbprint}' == 'Cert not installed' + Should Be True '${UserThumbprint}' == 'Cert not installed' + Should Be True '${User1Thumbprint}' == 'Cert not installed' + Should Be True '${User2Thumbprint}' == 'Cert not installed' + Log To Console . + Log To Console Verifying the system under test is Opted In for InTune + Should Be True '${ZtdThumbprint}' != 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Process Complete Testcase List + [Setup] Require test case Obtain Target Parameters From Target + + ${nameofTest}= Set Variable ProcessInitialTest + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test + + Process Initial Permission Check ${nameofTest} diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_TPM_DisableEnable/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_TPM_DisableEnable/run.robot index f997b115..b25108d8 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_TPM_DisableEnable/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_TPM_DisableEnable/run.robot @@ -1,288 +1,288 @@ -*** Settings *** -# @file -# -Documentation -... DFCI InTune Settings test -... This test suite checks the action of setting a setting, and the settings -... of group settings. -... -... NOTE: -... -... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: -... -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 -... -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -MetaData -... - Build a settings packet -... - Send it to the system under test -... - Reboot the system under test to apply the settings -... - Get the new "Current Settings" -... - Verify the settings that were changed - -Library OperatingSystem -Library Process -Library Collections - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}SettingsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_EnableTPM - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' -${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' -${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' - - -*** Keywords *** - -Initialize lists of tests -#[Documentation] -#... Each setting/value pair is a list of two elements - the setting, and the value. -#... Establish a list of the settings pairs for the settings to be set, and another -#... list for the settings to be checked after the reboot. - - @{VTEST_01_SET1}= Create List Device.Tpm.Enable Disabled - - @{VTEST_01_CHECK1}= Create List Device.Tpm.Enable Disabled - - ${VTEST_01_RESULTS}= Create Dictionary Device.Tpm.Enable ${STATUS_SUCCESS} - - @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} - @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} - - @{VTEST_02_SET1}= Create List Device.Tpm.Enable Enabled - - @{VTEST_02_CHECK1}= Create List Device.Tpm.Enable Enabled - - ${VTEST_02_RESULTS}= Create Dictionary Device.Tpm.Enable ${STATUS_SUCCESS} - - @{VTEST_02_SETS}= Create List ${VTEST_01_SET1} - @{VTEST_02_CHECKS}= Create List ${VTEST_01_CHECK1} - - # The full tests are here - - @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} - @{VTEST_02}= Create List Test1 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} - - # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. - # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results - # for each setting. For two tests, that means: - # 1. Test 1 Sets - # 2. reboot - # 3. Test 1 Checks with return codes - # 4. Test 2 Sets - # 5. reboot - # 6. Test 2 Checks with return codes - # - @{MASTER_TEST_V1}= Create List ${VTEST_01} - - @{MASTER_TEST_V2}= Create List ${VTEST_02} - - - # Default to all the tests - Set suite variable ${MASTER_TEST_V1} - - Set suite variable ${MASTER_TEST_V2} - -# -# Use the following to ensure the lists are built correctly -# -# Log To Console . -# Log To Console ${VTEST_01_SET1} -# Log To Console ${VTEST_01_SET2} -# Log To Console ${VTEST_01_SETS} -# Log To Console ${VTEST_01_CHECKS} -# Log To Console ${VTEST_01} - -# -# -# -Process TestCases - [Arguments] @{ATest} - -# -# This function iterates over each of the test cases. For each test case, -# create a settings payload, package it, send it to the system under test, -# restart the system to apply the settings, nd then validate that the -# settings in the checklist are correct. -# - FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} - ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml - ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml - # - # - Log To Console . - Log To Console Starting test ${Testname} - # - # Create the settings packet - # - Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} - File should Exist ${newSettingsXmlFile} - # - #Enable the serial log if the platform supports it - # - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log - # - # Send the user(2) settings packet to the system under test - # - Process Settings Packet ${Testname} 2 ${OLD_USER_PFX} ${newSettingsXmlFile} @{TARGET_PARAMETERS} - # - # Restart the system to apply the settings - # - Log To Console Restarting the system under test - Reboot System And Wait For System Online - # - # - Get and Print Current Settings ${currentSettingXmlFile} - # - # Ensure all of the setting set, were applied correctly - # - ${xmlSettingsRslt}= Validate Settings Status ${Testname} 2 ${STATUS_SUCCESS} BASIC - # - # Validate the individual settings after the reboot - # - ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} - Should Be True ${rc} - # - ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} - Should Be True ${rc} - END - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -#------------------------------------------------------------------* -# Test Cases * -#------------------------------------------------------------------* -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner - ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User - - Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' - - Should Be True '${OwnerThumbprint}' != 'Cert not installed' - Should Be True '${UserThumbprint}' != 'Cert not installed' - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Process Complete Testcase List V1 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test V1, Disable TPM - - FOR ${ATest} IN @{MASTER_TEST_V1} - Process TestCases @{ATest} - END - - -Process Complete Testcase List V2 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Runnint test V2, Enable TPM - - FOR ${ATest} IN @{MASTER_TEST_V2} - Process TestCases @{ATest} - END - - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation +... DFCI InTune Settings test +... This test suite checks the action of setting a setting, and the settings +... of group settings. +... +... NOTE: +... +... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: +... +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 +... +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +MetaData +... - Build a settings packet +... - Send it to the system under test +... - Reboot the system under test to apply the settings +... - Get the new "Current Settings" +... - Verify the settings that were changed + +Library OperatingSystem +Library Process +Library Collections + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}SettingsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_EnableTPM + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +${DDS_CA_THUMBPRINT} 'Thumbprint Not Set' +${MDM_CA_THUMBPRINT} 'Thumbprint Not Set' +${ZTD_LEAF_THUMBPRINT} 'Thumbprint Not Set' + + +*** Keywords *** + +Initialize lists of tests +#[Documentation] +#... Each setting/value pair is a list of two elements - the setting, and the value. +#... Establish a list of the settings pairs for the settings to be set, and another +#... list for the settings to be checked after the reboot. + + @{VTEST_01_SET1}= Create List Device.Tpm.Enable Disabled + + @{VTEST_01_CHECK1}= Create List Device.Tpm.Enable Disabled + + ${VTEST_01_RESULTS}= Create Dictionary Device.Tpm.Enable ${STATUS_SUCCESS} + + @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} + @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} + + @{VTEST_02_SET1}= Create List Device.Tpm.Enable Enabled + + @{VTEST_02_CHECK1}= Create List Device.Tpm.Enable Enabled + + ${VTEST_02_RESULTS}= Create Dictionary Device.Tpm.Enable ${STATUS_SUCCESS} + + @{VTEST_02_SETS}= Create List ${VTEST_01_SET1} + @{VTEST_02_CHECKS}= Create List ${VTEST_01_CHECK1} + + # The full tests are here + + @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} + @{VTEST_02}= Create List Test1 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} + + # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. + # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results + # for each setting. For two tests, that means: + # 1. Test 1 Sets + # 2. reboot + # 3. Test 1 Checks with return codes + # 4. Test 2 Sets + # 5. reboot + # 6. Test 2 Checks with return codes + # + @{MASTER_TEST_V1}= Create List ${VTEST_01} + + @{MASTER_TEST_V2}= Create List ${VTEST_02} + + + # Default to all the tests + Set suite variable ${MASTER_TEST_V1} + + Set suite variable ${MASTER_TEST_V2} + +# +# Use the following to ensure the lists are built correctly +# +# Log To Console . +# Log To Console ${VTEST_01_SET1} +# Log To Console ${VTEST_01_SET2} +# Log To Console ${VTEST_01_SETS} +# Log To Console ${VTEST_01_CHECKS} +# Log To Console ${VTEST_01} + +# +# +# +Process TestCases + [Arguments] @{ATest} + +# +# This function iterates over each of the test cases. For each test case, +# create a settings payload, package it, send it to the system under test, +# restart the system to apply the settings, nd then validate that the +# settings in the checklist are correct. +# + FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} + ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml + ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml + # + # + Log To Console . + Log To Console Starting test ${Testname} + # + # Create the settings packet + # + Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} + File should Exist ${newSettingsXmlFile} + # + #Enable the serial log if the platform supports it + # + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log + # + # Send the user(2) settings packet to the system under test + # + Process Settings Packet ${Testname} 2 ${OLD_USER_PFX} ${newSettingsXmlFile} @{TARGET_PARAMETERS} + # + # Restart the system to apply the settings + # + Log To Console Restarting the system under test + Reboot System And Wait For System Online + # + # + Get and Print Current Settings ${currentSettingXmlFile} + # + # Ensure all of the setting set, were applied correctly + # + ${xmlSettingsRslt}= Validate Settings Status ${Testname} 2 ${STATUS_SUCCESS} BASIC + # + # Validate the individual settings after the reboot + # + ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} + Should Be True ${rc} + # + ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} + Should Be True ${rc} + END + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +#------------------------------------------------------------------* +# Test Cases * +#------------------------------------------------------------------* +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + ${OwnerThumbprint}= Get Thumbprint Element ${currentIdxmlFile} Owner + ${UserThumbprint}= Get Thumbprint Element ${currentIdxmlFile} User + + Initialize Thumbprints '${OwnerThumbprint}' '${UserThumbprint}' + + Should Be True '${OwnerThumbprint}' != 'Cert not installed' + Should Be True '${UserThumbprint}' != 'Cert not installed' + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Process Complete Testcase List V1 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test V1, Disable TPM + + FOR ${ATest} IN @{MASTER_TEST_V1} + Process TestCases @{ATest} + END + + +Process Complete Testcase List V2 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Runnint test V2, Enable TPM + + FOR ${ATest} IN @{MASTER_TEST_V2} + Process TestCases @{ATest} + END + + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/SampleUnsignedPermissions.xml b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/SampleUnsignedPermissions.xml index 28b56b4e..45ba4816 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/SampleUnsignedPermissions.xml +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/SampleUnsignedPermissions.xml @@ -1,74 +1,74 @@ - - - - - - Device.PlatformSetting1.Enable - 243 - 0 - - - Device.PlatformSetting2.Enable - 243 - 0 - - - Device.PlatformSetting3.Enable - 243 - 0 - - - Device.PlatformSetting4.Enable - 243 - 0 - - - Device.PlatformSetting5.Enable - 243 - 0 - - - Device.PlatformSetting6.Enable - 243 - 0 - - - Device.PlatformSetting7.Enable - 243 - 0 - - - Device.PlatformSetting8.Enable - 243 - 0 - - - Device.PlatformSetting9.Enable - 243 - 0 - - - Surface.PlatformSetting10.Scenario - 243 - 0 - - + + + + + + Device.PlatformSetting1.Enable + 243 + 0 + + + Device.PlatformSetting2.Enable + 243 + 0 + + + Device.PlatformSetting3.Enable + 243 + 0 + + + Device.PlatformSetting4.Enable + 243 + 0 + + + Device.PlatformSetting5.Enable + 243 + 0 + + + Device.PlatformSetting6.Enable + 243 + 0 + + + Device.PlatformSetting7.Enable + 243 + 0 + + + Device.PlatformSetting8.Enable + 243 + 0 + + + Device.PlatformSetting9.Enable + 243 + 0 + + + Surface.PlatformSetting10.Scenario + 243 + 0 + + \ No newline at end of file diff --git a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/run.robot b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/run.robot index 2b33517e..220a907b 100644 --- a/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/run.robot +++ b/DfciPkg/UnitTests/DfciTests/TestCases/DFCI_UnsignedSettings/run.robot @@ -1,308 +1,308 @@ -*** Settings *** -# @file -# -Documentation -... DFCI Unsigned SSettings Test -... This test suite checks the action of setting a setting, and the settings -... of group settings. -... -... NOTE: -... -... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: -... -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 -... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 -... -# -# Copyright (c), Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent - -MetaData -... - Build a settings packet -... - Send it to the system under test -... - Reboot the system under test to apply the settings -... - Get the new "Current Settings" -... - Verify the settings that were changed - -Library OperatingSystem -Library Process -Library Collections - -Library Support${/}Python${/}DFCI_SupportLib.py -Library Support${/}Python${/}DependencyLib.py -Library Support${/}Python${/}SettingsXMLLib.py -Library Remote http://${IP_OF_DUT}:${RF_PORT} - -#Import the Generic Shared keywords -Resource Support${/}Robot${/}DFCI_Shared_Paths.robot -Resource Support${/}Robot${/}CertSupport.robot -Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot - -#Import the platform specific log support -Resource UefiSerial_Keywords.robot - -# Use the following line for Python remote write to the UEFI Variables -Resource Support${/}Robot${/}DFCI_VariableTransport.robot - -Suite setup Make Dfci Output -Suite Teardown Terminate All Processes kill=True - - -*** Variables *** -#default var but should be changed on the command line -${IP_OF_DUT} 127.0.0.1 -${RF_PORT} 8270 -#test output dir for data from this test run. -${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT - -#Test output location -${TEST_OUTPUT} ${TEST_OUTPUT_BASE} - -#Test Root Dir -${TEST_ROOT_DIR} TestCases -${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_UnsignedSettings - -${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata -${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout -${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs - -${CERTS_DIR} Certs - -${TARGET_VERSION} V2 - -*** Keywords *** - -Initialize lists of tests -#[Documentation] -#... Each setting/value pair is a list of two elements - the setting, and the value. -#... Establish a list of the settings pairs for the settings to be set, and another -#... list for the settings to be checked after the reboot. - - @{VTEST_01_SET1}= Create List Device.WakeOnPower.Enable Enabled - @{VTEST_01_SET2}= Create List Device.LANBoot.Enable Disabled - @{VTEST_01_SET3}= Create List Device.IPv6Pxe.Enable Enabled - - @{VTEST_01_CHECK1}= Create List Device.WakeOnPower.Enable Enabled - @{VTEST_01_CHECK2}= Create List Device.LANBoot.Enable Disabled - @{VTEST_01_CHECK3}= Create List Device.IPv6Pxe.Enable Enabled - - ${VTEST_01_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_01_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_01_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} - - @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} ${VTEST_01_SET3} - @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} - - - # Testcase 2 - @{VTEST_02_SET1}= Create List Device.WakeOnPower.Enable Disabled - @{VTEST_02_SET2}= Create List Device.LANBoot.Enable Enabled - @{VTEST_02_SET3}= Create List Device.IPv6Pxe.Enable Disabled - - @{VTEST_02_CHECK1}= Create List Device.WakeOnPower.Enable Disabled - @{VTEST_02_CHECK2}= Create List Device.LANBoot.Enable Enabled - @{VTEST_02_CHECK3}= Create List Device.IPv6Pxe.Enable Disabled - - ${VTEST_02_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_02_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_02_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} - - @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} ${VTEST_02_SET2} ${VTEST_02_SET3} - @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} - - - # Testcase 3 - @{VTEST_03_SET1}= Create List Device.WakeOnPower.Enable Enabled - @{VTEST_03_SET2}= Create List Device.LANBoot.Enable Enabled - @{VTEST_03_SET3}= Create List Device.IPv6Pxe.Enable Enabled - - @{VTEST_03_CHECK1}= Create List Device.WakeOnPower.Enable Enabled - @{VTEST_03_CHECK2}= Create List Device.LANBoot.Enable Enabled - @{VTEST_03_CHECK3}= Create List Device.IPv6Pxe.Enable Enabled - - ${VTEST_03_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_03_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} - Set To Dictionary ${VTEST_03_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} - - @{VTEST_03_SETS}= Create List ${VTEST_03_SET1} ${VTEST_03_SET2} ${VTEST_03_SET3} - @{VTEST_03_CHECKS}= Create List ${VTEST_03_CHECK1} ${VTEST_03_CHECK2} ${VTEST_03_CHECK3} - - - # The full tests are here - - @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} - @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} - @{VTEST_03}= Create List Test3 ${VTEST_03_SETS} ${VTEST_03_CHECKS} ${VTEST_03_RESULTS} - - - # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. - # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results - # for each setting. For two tests, that means: - # 1. Test 1 Sets - # 2. reboot - # 3. Test 1 Checks with return codes - # 4. Test 2 Sets - # 5. reboot - # 6. Test 2 Checks with return codes - # etc for Test 3 - # - @{MASTER_TEST}= Create List ${VTEST_01} ${VTEST_02} - - @{RESTORE_SETTINGS}= Create List ${VTEST_03} - - # Default to all the tests - Set suite variable ${MASTER_TEST} - Set suite variable ${RESTORE_SETTINGS} - - -# -# Use the following to ensure the lists are built correctly -# - Log To Console . - Log To Console ${VTEST_01_SET1} - Log To Console ${VTEST_01_SET2} - Log To Console ${VTEST_01_SET3} - Log To Console ${VTEST_01_CHECKS} - Log To Console ${VTEST_01} - -# -# -# -Process TestCases - [Arguments] @{ATest} - -# -# This function iterates over each of the test cases. For each test case, -# create a settings payload, package it, send it to the system under test, -# restart the system to apply the settings, nd then validate that the -# settings in the checklist are correct. -# - FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} - ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml - ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml - # - # - Log To Console . - Log To Console Starting test ${Testname} - # - # Create the settings packet - # - Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} - File should Exist ${newSettingsXmlFile} - # - #Enable the serial log if the platform supports it - # - Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log - # - # Send the user(2) settings packet to the system under test - # - Process Settings Packet ${Testname} 1 UNSIGNED ${newSettingsXmlFile} @{TARGET_PARAMETERS} - # - # Restart the system to apply the settings - # - Log To Console Restarting the system under test - Reboot System And Wait For System Online - # - # - Get and Print Current Settings ${currentSettingXmlFile} - # - # Ensure all of the setting set, were applied correctly - # - ${xmlSettingsRslt}= Validate Settings Status ${Testname} 1 ${STATUS_SUCCESS} BASIC - # - # Validate the individual settings after the reboot - # - ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} - Should Be True ${rc} - # - ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} - Should Be True ${rc} - END - - -Get The DFCI Settings - [Arguments] ${nameOfTest} - ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml - ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml - ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml - ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml - - Get and Print Device Identifier ${deviceIdXmlFile} - - Get and Print Current Identities ${currentIdxmlFile} - - Get and Print Current Permissions ${currentPermxmlFile} - - Get and Print Current Settings ${currentSettingsxmlFile} - - [return] ${currentIdxmlFile} - - -#------------------------------------------------------------------* -# Test Cases * -#------------------------------------------------------------------* -*** Test Cases *** - - -Ensure Mailboxes Are Clean -#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. - Verify No Mailboxes Have Data - - Log To Console . - Log To Console ${SUITE SOURCE} - - -Get the starting DFCI Settings - [Setup] Require test case Ensure Mailboxes Are Clean - ${nameofTest}= Set Variable DisplaySettingsAtStart - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - -Obtain Target Parameters From Target - [Setup] Require test case Get the starting DFCI Settings - - ${nameofTest}= Set Variable GetParameters - ${SerialNumber}= Get System Under Test SerialNumber - ${Manufacturer}= Get System Under Test Manufacturer - ${Model}= Get System Under Test ProductName - @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} - Set Suite Variable @{TARGET_PARAMETERS} - - ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml - - Get Device Identifier ${currentXmlFile} - Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} - - -Process Complete Testcase List - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Running test - - FOR ${ATest} IN @{MASTER_TEST} - Process TestCases @{ATest} - END - - -Restore Settings V2 - - Log To Console Initializing testcases - Initialize lists of tests - - Log To Console Restoring settings - - FOR ${ATest} IN @{RESTORE_SETTINGS} - Process TestCases @{ATest} - END - -Get the ending DFCI Settings - ${nameofTest}= Set Variable DisplaySettingsAtExit - - ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} - - -Clean Up Mailboxes - Verify No Mailboxes Have Data +*** Settings *** +# @file +# +Documentation +... DFCI Unsigned SSettings Test +... This test suite checks the action of setting a setting, and the settings +... of group settings. +... +... NOTE: +... +... The ASSET TAG test are dependent upon the DFCI PCD's being set to these values: +... +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagChars|"0123456789-.ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"|VOID*|0x40000017 +... gDfciPkgTokenSpaceGuid.PcdDfciAssetTagLen | 36 | UINT16 | 0x40000018 +... +# +# Copyright (c), Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent + +MetaData +... - Build a settings packet +... - Send it to the system under test +... - Reboot the system under test to apply the settings +... - Get the new "Current Settings" +... - Verify the settings that were changed + +Library OperatingSystem +Library Process +Library Collections + +Library Support${/}Python${/}DFCI_SupportLib.py +Library Support${/}Python${/}DependencyLib.py +Library Support${/}Python${/}SettingsXMLLib.py +Library Remote http://${IP_OF_DUT}:${RF_PORT} + +#Import the Generic Shared keywords +Resource Support${/}Robot${/}DFCI_Shared_Paths.robot +Resource Support${/}Robot${/}CertSupport.robot +Resource Support${/}Robot${/}DFCI_Shared_Keywords.robot + +#Import the platform specific log support +Resource UefiSerial_Keywords.robot + +# Use the following line for Python remote write to the UEFI Variables +Resource Support${/}Robot${/}DFCI_VariableTransport.robot + +Suite setup Make Dfci Output +Suite Teardown Terminate All Processes kill=True + + +*** Variables *** +#default var but should be changed on the command line +${IP_OF_DUT} 127.0.0.1 +${RF_PORT} 8270 +#test output dir for data from this test run. +${TEST_OUTPUT_BASE} ..${/}TEST_OUTPUT + +#Test output location +${TEST_OUTPUT} ${TEST_OUTPUT_BASE} + +#Test Root Dir +${TEST_ROOT_DIR} TestCases +${TEST_CASE_DIR} ${TEST_ROOT_DIR}${/}DFCI_UnsignedSettings + +${TOOL_DATA_OUT_DIR} ${TEST_OUTPUT}${/}bindata +${TOOL_STD_OUT_DIR} ${TEST_OUTPUT}${/}stdout +${BOOT_LOG_OUT_DIR} ${TEST_OUTPUT}${/}uefilogs + +${CERTS_DIR} Certs + +${TARGET_VERSION} V2 + +*** Keywords *** + +Initialize lists of tests +#[Documentation] +#... Each setting/value pair is a list of two elements - the setting, and the value. +#... Establish a list of the settings pairs for the settings to be set, and another +#... list for the settings to be checked after the reboot. + + @{VTEST_01_SET1}= Create List Device.WakeOnPower.Enable Enabled + @{VTEST_01_SET2}= Create List Device.LANBoot.Enable Disabled + @{VTEST_01_SET3}= Create List Device.IPv6Pxe.Enable Enabled + + @{VTEST_01_CHECK1}= Create List Device.WakeOnPower.Enable Enabled + @{VTEST_01_CHECK2}= Create List Device.LANBoot.Enable Disabled + @{VTEST_01_CHECK3}= Create List Device.IPv6Pxe.Enable Enabled + + ${VTEST_01_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_01_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_01_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} + + @{VTEST_01_SETS}= Create List ${VTEST_01_SET1} ${VTEST_01_SET2} ${VTEST_01_SET3} + @{VTEST_01_CHECKS}= Create List ${VTEST_01_CHECK1} ${VTEST_01_CHECK2} ${VTEST_01_CHECK3} + + + # Testcase 2 + @{VTEST_02_SET1}= Create List Device.WakeOnPower.Enable Disabled + @{VTEST_02_SET2}= Create List Device.LANBoot.Enable Enabled + @{VTEST_02_SET3}= Create List Device.IPv6Pxe.Enable Disabled + + @{VTEST_02_CHECK1}= Create List Device.WakeOnPower.Enable Disabled + @{VTEST_02_CHECK2}= Create List Device.LANBoot.Enable Enabled + @{VTEST_02_CHECK3}= Create List Device.IPv6Pxe.Enable Disabled + + ${VTEST_02_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_02_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_02_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} + + @{VTEST_02_SETS}= Create List ${VTEST_02_SET1} ${VTEST_02_SET2} ${VTEST_02_SET3} + @{VTEST_02_CHECKS}= Create List ${VTEST_02_CHECK1} ${VTEST_02_CHECK2} ${VTEST_02_CHECK3} + + + # Testcase 3 + @{VTEST_03_SET1}= Create List Device.WakeOnPower.Enable Enabled + @{VTEST_03_SET2}= Create List Device.LANBoot.Enable Enabled + @{VTEST_03_SET3}= Create List Device.IPv6Pxe.Enable Enabled + + @{VTEST_03_CHECK1}= Create List Device.WakeOnPower.Enable Enabled + @{VTEST_03_CHECK2}= Create List Device.LANBoot.Enable Enabled + @{VTEST_03_CHECK3}= Create List Device.IPv6Pxe.Enable Enabled + + ${VTEST_03_RESULTS}= Create Dictionary Device.WakeOnPower.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_03_RESULTS} Device.LANBoot.Enable ${STATUS_SUCCESS} + Set To Dictionary ${VTEST_03_RESULTS} Device.IPv6Pxe.Enable ${STATUS_SUCCESS} + + @{VTEST_03_SETS}= Create List ${VTEST_03_SET1} ${VTEST_03_SET2} ${VTEST_03_SET3} + @{VTEST_03_CHECKS}= Create List ${VTEST_03_CHECK1} ${VTEST_03_CHECK2} ${VTEST_03_CHECK3} + + + # The full tests are here + + @{VTEST_01}= Create List Test1 ${VTEST_01_SETS} ${VTEST_01_CHECKS} ${VTEST_01_RESULTS} + @{VTEST_02}= Create List Test2 ${VTEST_02_SETS} ${VTEST_02_CHECKS} ${VTEST_02_RESULTS} + @{VTEST_03}= Create List Test3 ${VTEST_03_SETS} ${VTEST_03_CHECKS} ${VTEST_03_RESULTS} + + + # Export one master test variable. Each entry in the MASTER TEST variable is a set of two lists and a dictionary of results. + # Variables to be set before a reboot, and a set of variables to be checked after a reboot, and a dictionary of expected results + # for each setting. For two tests, that means: + # 1. Test 1 Sets + # 2. reboot + # 3. Test 1 Checks with return codes + # 4. Test 2 Sets + # 5. reboot + # 6. Test 2 Checks with return codes + # etc for Test 3 + # + @{MASTER_TEST}= Create List ${VTEST_01} ${VTEST_02} + + @{RESTORE_SETTINGS}= Create List ${VTEST_03} + + # Default to all the tests + Set suite variable ${MASTER_TEST} + Set suite variable ${RESTORE_SETTINGS} + + +# +# Use the following to ensure the lists are built correctly +# + Log To Console . + Log To Console ${VTEST_01_SET1} + Log To Console ${VTEST_01_SET2} + Log To Console ${VTEST_01_SET3} + Log To Console ${VTEST_01_CHECKS} + Log To Console ${VTEST_01} + +# +# +# +Process TestCases + [Arguments] @{ATest} + +# +# This function iterates over each of the test cases. For each test case, +# create a settings payload, package it, send it to the system under test, +# restart the system to apply the settings, nd then validate that the +# settings in the checklist are correct. +# + FOR ${Testname} ${Sets} ${Checks} ${Results} IN @{ATest} + ${newSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_NewSettings.xml + ${currentSettingXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${Testname}_CurrentSettings.xml + # + # + Log To Console . + Log To Console Starting test ${Testname} + # + # Create the settings packet + # + Create Settings XML ${newSettingsXmlFile} 2 2 ${Sets} + File should Exist ${newSettingsXmlFile} + # + #Enable the serial log if the platform supports it + # + Start SerialLog ${BOOT_LOG_OUT_DIR}${/}${Testname}_ApplySettings.log + # + # Send the user(2) settings packet to the system under test + # + Process Settings Packet ${Testname} 1 UNSIGNED ${newSettingsXmlFile} @{TARGET_PARAMETERS} + # + # Restart the system to apply the settings + # + Log To Console Restarting the system under test + Reboot System And Wait For System Online + # + # + Get and Print Current Settings ${currentSettingXmlFile} + # + # Ensure all of the setting set, were applied correctly + # + ${xmlSettingsRslt}= Validate Settings Status ${Testname} 1 ${STATUS_SUCCESS} BASIC + # + # Validate the individual settings after the reboot + # + ${rc}= Validate Current Settings ${Testname} ${currentSettingXmlFile} ${Checks} + Should Be True ${rc} + # + ${rc}= Check Setting Status By Dictionary ${xmlSettingsRslt} ${Results} + Should Be True ${rc} + END + + +Get The DFCI Settings + [Arguments] ${nameOfTest} + ${deviceIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_deviceIdentifier.xml + ${currentIdXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentIdentities.xml + ${currentPermXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentPermission.xml + ${currentSettingsXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_currentSettings.xml + + Get and Print Device Identifier ${deviceIdXmlFile} + + Get and Print Current Identities ${currentIdxmlFile} + + Get and Print Current Permissions ${currentPermxmlFile} + + Get and Print Current Settings ${currentSettingsxmlFile} + + [return] ${currentIdxmlFile} + + +#------------------------------------------------------------------* +# Test Cases * +#------------------------------------------------------------------* +*** Test Cases *** + + +Ensure Mailboxes Are Clean +#Documentation Ensure all mailboxes are clear at the beginning of a test. If there are any mailboxes that have an element, a previous test failed. + Verify No Mailboxes Have Data + + Log To Console . + Log To Console ${SUITE SOURCE} + + +Get the starting DFCI Settings + [Setup] Require test case Ensure Mailboxes Are Clean + ${nameofTest}= Set Variable DisplaySettingsAtStart + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + +Obtain Target Parameters From Target + [Setup] Require test case Get the starting DFCI Settings + + ${nameofTest}= Set Variable GetParameters + ${SerialNumber}= Get System Under Test SerialNumber + ${Manufacturer}= Get System Under Test Manufacturer + ${Model}= Get System Under Test ProductName + @{TARGET_PARAMETERS}= Build Target Parameters ${TARGET_VERSION} ${SerialNumber} ${Manufacturer} ${Model} + Set Suite Variable @{TARGET_PARAMETERS} + + ${currentXmlFile}= Set Variable ${TOOL_DATA_OUT_DIR}${/}${nameofTest}_UefiDeviceId.xml + + Get Device Identifier ${currentXmlFile} + Verify Identity Current ${currentXmlFile} ${Manufacturer} ${Model} ${SerialNumber} + + +Process Complete Testcase List + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Running test + + FOR ${ATest} IN @{MASTER_TEST} + Process TestCases @{ATest} + END + + +Restore Settings V2 + + Log To Console Initializing testcases + Initialize lists of tests + + Log To Console Restoring settings + + FOR ${ATest} IN @{RESTORE_SETTINGS} + Process TestCases @{ATest} + END + +Get the ending DFCI Settings + ${nameofTest}= Set Variable DisplaySettingsAtExit + + ${currentIdXmlFile}= Get The DFCI Settings ${nameOfTest} + + +Clean Up Mailboxes + Verify No Mailboxes Have Data diff --git a/DfciPkg/UnitTests/DfciVarLockAudit/UEFI/DfciVarLockAuditTestApp.inf b/DfciPkg/UnitTests/DfciVarLockAudit/UEFI/DfciVarLockAuditTestApp.inf index c9680472..5dfaf44f 100644 --- a/DfciPkg/UnitTests/DfciVarLockAudit/UEFI/DfciVarLockAuditTestApp.inf +++ b/DfciPkg/UnitTests/DfciVarLockAudit/UEFI/DfciVarLockAuditTestApp.inf @@ -1,64 +1,64 @@ - -## @file -# A UEFI Audit test app that enumerates all DFCI variables in NV ram -# collects the attribute information and then attempts to make changes -# to the variable in order to gather variable protection information. -# -# If the variable is successfully deleted it will be recreated with the -# same data value. -# -# The result data is output in XML -# -# Copyright (C) Microsoft Corporation. All rights reserved. -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = DfciVarLockAuditTestApp - FILE_GUID = 1a92094b-5650-4161-8868-c3b4968a8416 - MODULE_TYPE = UEFI_APPLICATION - VERSION_STRING = 1.0 - ENTRY_POINT = DfciLockTestEntry - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 -# - -[Sources] - DfciLockTest.c - DfciLockTestXml.h - DfciLockTestXml.c - InternalFunctions.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - DfciPkg/DfciPkg.dec - XmlSupportPkg/XmlSupportPkg.dec - ShellPkg/ShellPkg.dec - ZeroTouchPkg/ZeroTouchPkg.dec - - -[LibraryClasses] - UefiApplicationEntryPoint - UefiLib - UefiBootServicesTableLib - UefiRuntimeServicesTableLib - DebugLib - BaseLib - BaseMemoryLib - ShellLib - PrintLib - XmlTreeLib - XmlTreeQueryLib - -[Guids] - gDfciDeviceIdVarNamespace - gDfciInternalVariableGuid - gDfciAuthProvisionVarNamespace - gDfciPermissionManagerVarNamespace - gDfciSettingsGuid - gDfciSettingsManagerVarNamespace + +## @file +# A UEFI Audit test app that enumerates all DFCI variables in NV ram +# collects the attribute information and then attempts to make changes +# to the variable in order to gather variable protection information. +# +# If the variable is successfully deleted it will be recreated with the +# same data value. +# +# The result data is output in XML +# +# Copyright (C) Microsoft Corporation. All rights reserved. +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DfciVarLockAuditTestApp + FILE_GUID = 1a92094b-5650-4161-8868-c3b4968a8416 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = DfciLockTestEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DfciLockTest.c + DfciLockTestXml.h + DfciLockTestXml.c + InternalFunctions.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DfciPkg/DfciPkg.dec + XmlSupportPkg/XmlSupportPkg.dec + ShellPkg/ShellPkg.dec + ZeroTouchPkg/ZeroTouchPkg.dec + + +[LibraryClasses] + UefiApplicationEntryPoint + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + DebugLib + BaseLib + BaseMemoryLib + ShellLib + PrintLib + XmlTreeLib + XmlTreeQueryLib + +[Guids] + gDfciDeviceIdVarNamespace + gDfciInternalVariableGuid + gDfciAuthProvisionVarNamespace + gDfciPermissionManagerVarNamespace + gDfciSettingsGuid + gDfciSettingsManagerVarNamespace gZeroTouchVariableGuid \ No newline at end of file diff --git a/ZeroTouchPkg/ZeroTouchPkg.ci.yaml b/ZeroTouchPkg/ZeroTouchPkg.ci.yaml index f770b969..89855400 100644 --- a/ZeroTouchPkg/ZeroTouchPkg.ci.yaml +++ b/ZeroTouchPkg/ZeroTouchPkg.ci.yaml @@ -1,60 +1,60 @@ -## -# CI configuration for ZeroTouchPkg -# -# Copyright (c) Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## -{ - ## options defined ci/Plugin/CompilerPlugin - "CompilerPlugin": { - "DscPath": "ZeroTouchPkg.dsc" - }, - - ## options defined ci/Plugin/CharEncodingCheck - "CharEncodingCheck": { - "IgnoreFiles": [] - }, - - ## options defined ci/Plugin/DependencyCheck - "DependencyCheck": { - "AcceptableDependencies": [ - "MdePkg/MdePkg.dec", - "MdeModulePkg/MdeModulePkg.dec", - "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec", - "ZeroTouchPkg/ZeroTouchPkg.dec" - ], - "IgnoreInf": [] - }, - - ## options defined ci/Plugin/DscCompleteCheck - "DscCompleteCheck": { - "IgnoreInf": [], - "DscPath": "ZeroTouchPkg.dsc" - }, - - ## options defined ci/Plugin/GuidCheck - "GuidCheck": { - "IgnoreGuidName": [], - "IgnoreGuidValue": [], - "IgnoreFoldersAndFiles": [], - "IgnoreDuplicates": [] - }, - - ## options defined ci/Plugin/LibraryClassCheck - "LibraryClassCheck": { - "IgnoreLibraryClass": [], - "IgnoreHeaderFile": [] - }, - - ## options defined ci/Plugin/SpellCheck - "SpellCheck": { - "AuditOnly": True, # Fails test but run in AuditOnly mode to collect log - "IgnoreStandardPaths": [ # Standard Plugin defined paths that should be ignore - ], - "IgnoreFiles": [ # use gitignore syntax to ignore errors in matching files - ], - "ExtendWords": [ # words to extend to the dictionary for this package - ], - "AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported) - } +## +# CI configuration for ZeroTouchPkg +# +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +{ + ## options defined ci/Plugin/CompilerPlugin + "CompilerPlugin": { + "DscPath": "ZeroTouchPkg.dsc" + }, + + ## options defined ci/Plugin/CharEncodingCheck + "CharEncodingCheck": { + "IgnoreFiles": [] + }, + + ## options defined ci/Plugin/DependencyCheck + "DependencyCheck": { + "AcceptableDependencies": [ + "MdePkg/MdePkg.dec", + "MdeModulePkg/MdeModulePkg.dec", + "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec", + "ZeroTouchPkg/ZeroTouchPkg.dec" + ], + "IgnoreInf": [] + }, + + ## options defined ci/Plugin/DscCompleteCheck + "DscCompleteCheck": { + "IgnoreInf": [], + "DscPath": "ZeroTouchPkg.dsc" + }, + + ## options defined ci/Plugin/GuidCheck + "GuidCheck": { + "IgnoreGuidName": [], + "IgnoreGuidValue": [], + "IgnoreFoldersAndFiles": [], + "IgnoreDuplicates": [] + }, + + ## options defined ci/Plugin/LibraryClassCheck + "LibraryClassCheck": { + "IgnoreLibraryClass": [], + "IgnoreHeaderFile": [] + }, + + ## options defined ci/Plugin/SpellCheck + "SpellCheck": { + "AuditOnly": True, # Fails test but run in AuditOnly mode to collect log + "IgnoreStandardPaths": [ # Standard Plugin defined paths that should be ignore + ], + "IgnoreFiles": [ # use gitignore syntax to ignore errors in matching files + ], + "ExtendWords": [ # words to extend to the dictionary for this package + ], + "AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported) + } } \ No newline at end of file diff --git a/ZeroTouchPkg/ZeroTouchPkg.dec b/ZeroTouchPkg/ZeroTouchPkg.dec index 8ccb05c0..8b3e3215 100644 --- a/ZeroTouchPkg/ZeroTouchPkg.dec +++ b/ZeroTouchPkg/ZeroTouchPkg.dec @@ -1,56 +1,56 @@ -## @file -# ZeroTouchPkg.dec -# -# This Package provides all definitions, library classes and libraries instances for ZeroTouch. -# ZeroTouch is common code used in the Microsoft UEFI Core code base -# -# This is targetted at promoting to open source and should be aligned with -# Tianocore standards -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -[Defines] - DEC_SPECIFICATION = 0x00010005 - PACKAGE_NAME = ZeroTouchPkg - PACKAGE_UNI_FILE = ZeroTouchPkg.uni - PACKAGE_GUID = 80061278-f44e-45b5-be81-1acc13362a7e - PACKAGE_VERSION = 0.20 - -[Includes] - Include - -[LibraryClasses] - ## @libraryclass Library to used to obtain the zero touch certificate - ## - ZeroTouchSettingsLib|Include/Library/ZeroTouchSettingsLib.h - -[Guids] - ## ZeroTouch Package token space guid - # Include/Guid/ZeroTouchTokenSpace.h - # { 353455c8-b2ec-44f3-91cf-0f7633c2de6b } - gZeroTouchPkgTokenSpaceGuid = { 0x353455c8, 0xb2ec, 0x44f3, { 0x91, 0xcf, 0x0f, 0x76, 0x33, 0xc2, 0xde, 0x6b } } - - ## Zero Touch Variable GUID - # Include/Guid/ZeroTouchVariables.h - # { be023d3e-5f0e-4ce0-805c-06b70aa24fe7 } - gZeroTouchVariableGuid = { 0xbe023d3e, 0x5f0e, 0x4ce0, { 0x80, 0x5c, 0x06, 0xb7, 0x0a, 0xa2, 0x4f, 0xe7 }} - -[Ppis] - -[Protocols] - -[PcdsFeatureFlag] - -[PcdsFixedAtBuild] - ## FFS filename of the Zero Touch certificate file. - # {ba8e0276-1ec6-4eac-b78f-612fe7694438 ae2d011c-4128-4960-a536-b424ccc3d1ea} - gZeroTouchPkgTokenSpaceGuid.PcdZeroTouchCertificateFile |{ 0x76, 0x02, 0x8e, 0xba, 0xc6, 0x1e, 0xac, 0x4e, 0xb7, 0x8f, 0x61, 0x2f, 0xe7, 0x69, 0x44, 0x38 }|VOID*|0x10000001 - -[PcdsFixedAtBuild, PcdsPatchableInModule] - -[PcdsDynamic, PcdsDynamicEx] - -[UserExtensions.TianoCore."ExtraFiles"] - ZeroTouchPkgExtra.uni +## @file +# ZeroTouchPkg.dec +# +# This Package provides all definitions, library classes and libraries instances for ZeroTouch. +# ZeroTouch is common code used in the Microsoft UEFI Core code base +# +# This is targetted at promoting to open source and should be aligned with +# Tianocore standards +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = ZeroTouchPkg + PACKAGE_UNI_FILE = ZeroTouchPkg.uni + PACKAGE_GUID = 80061278-f44e-45b5-be81-1acc13362a7e + PACKAGE_VERSION = 0.20 + +[Includes] + Include + +[LibraryClasses] + ## @libraryclass Library to used to obtain the zero touch certificate + ## + ZeroTouchSettingsLib|Include/Library/ZeroTouchSettingsLib.h + +[Guids] + ## ZeroTouch Package token space guid + # Include/Guid/ZeroTouchTokenSpace.h + # { 353455c8-b2ec-44f3-91cf-0f7633c2de6b } + gZeroTouchPkgTokenSpaceGuid = { 0x353455c8, 0xb2ec, 0x44f3, { 0x91, 0xcf, 0x0f, 0x76, 0x33, 0xc2, 0xde, 0x6b } } + + ## Zero Touch Variable GUID + # Include/Guid/ZeroTouchVariables.h + # { be023d3e-5f0e-4ce0-805c-06b70aa24fe7 } + gZeroTouchVariableGuid = { 0xbe023d3e, 0x5f0e, 0x4ce0, { 0x80, 0x5c, 0x06, 0xb7, 0x0a, 0xa2, 0x4f, 0xe7 }} + +[Ppis] + +[Protocols] + +[PcdsFeatureFlag] + +[PcdsFixedAtBuild] + ## FFS filename of the Zero Touch certificate file. + # {ba8e0276-1ec6-4eac-b78f-612fe7694438 ae2d011c-4128-4960-a536-b424ccc3d1ea} + gZeroTouchPkgTokenSpaceGuid.PcdZeroTouchCertificateFile |{ 0x76, 0x02, 0x8e, 0xba, 0xc6, 0x1e, 0xac, 0x4e, 0xb7, 0x8f, 0x61, 0x2f, 0xe7, 0x69, 0x44, 0x38 }|VOID*|0x10000001 + +[PcdsFixedAtBuild, PcdsPatchableInModule] + +[PcdsDynamic, PcdsDynamicEx] + +[UserExtensions.TianoCore."ExtraFiles"] + ZeroTouchPkgExtra.uni diff --git a/ZeroTouchPkg/ZeroTouchPkg.dsc b/ZeroTouchPkg/ZeroTouchPkg.dsc index b1efe716..9930447a 100644 --- a/ZeroTouchPkg/ZeroTouchPkg.dsc +++ b/ZeroTouchPkg/ZeroTouchPkg.dsc @@ -1,58 +1,58 @@ -## @file -# ZeroTouchPkg.dsc -# ZeroTouch Package Localized Strings and Content -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -[Defines] - PLATFORM_NAME = ZeroTouch - PLATFORM_GUID = 709fa506-3f3b-4ea3-9622-453c3881e8a3 - PLATFORM_VERSION = .10 - DSC_SPECIFICATION = 0x00010005 - OUTPUT_DIRECTORY = Build/ZeroTouchPkg - SUPPORTED_ARCHITECTURES = IA32|X64 - BUILD_TARGETS = DEBUG|RELEASE - SKUID_IDENTIFIER = DEFAULT - -[PcdsFeatureFlag] - -[PcdsFixedAtBuild] - -[LibraryClasses.common] - -[LibraryClasses.IA32] - -[LibraryClasses.X64, LibraryClasses.AARCH64] - ZeroTouchSettingsLib|ZeroTouchPkg/Library/ZeroTouchSettings/ZeroTouchSettings.inf - -################################################################################################### -# -# Components Section - list of the modules and components that will be processed by compilation -# tools and the EDK II tools to generate PE32/PE32+/Coff image files. -# -# Note: The EDK II DSC file is not used to specify how compiled binary images get placed -# into firmware volume images. This section is just a list of modules to compile from -# source into UEFI-compliant binaries. -# It is the FDF file that contains information on combining binary files into firmware -# volume images, whose concept is beyond UEFI and is described in PI specification. -# Binary modules do not need to be listed in this section, as they should be -# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), -# Logo (Logo.bmp), and etc. -# There may also be modules listed in this section that are not required in the FDF file, -# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be -# generated for it, but the binary will not be put into any firmware volume. -# -################################################################################################### - -[Components] - -[Components.IA32] - -[Components.X64, Components.AARCH64] - ZeroTouchPkg/Library/ZeroTouchSettings/ZeroTouchSettings.inf - -[BuildOptions] -#force deprecated interfaces off - *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES +## @file +# ZeroTouchPkg.dsc +# ZeroTouch Package Localized Strings and Content +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + PLATFORM_NAME = ZeroTouch + PLATFORM_GUID = 709fa506-3f3b-4ea3-9622-453c3881e8a3 + PLATFORM_VERSION = .10 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/ZeroTouchPkg + SUPPORTED_ARCHITECTURES = IA32|X64 + BUILD_TARGETS = DEBUG|RELEASE + SKUID_IDENTIFIER = DEFAULT + +[PcdsFeatureFlag] + +[PcdsFixedAtBuild] + +[LibraryClasses.common] + +[LibraryClasses.IA32] + +[LibraryClasses.X64, LibraryClasses.AARCH64] + ZeroTouchSettingsLib|ZeroTouchPkg/Library/ZeroTouchSettings/ZeroTouchSettings.inf + +################################################################################################### +# +# Components Section - list of the modules and components that will be processed by compilation +# tools and the EDK II tools to generate PE32/PE32+/Coff image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed +# into firmware volume images. This section is just a list of modules to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary files into firmware +# volume images, whose concept is beyond UEFI and is described in PI specification. +# Binary modules do not need to be listed in this section, as they should be +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not required in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be +# generated for it, but the binary will not be put into any firmware volume. +# +################################################################################################### + +[Components] + +[Components.IA32] + +[Components.X64, Components.AARCH64] + ZeroTouchPkg/Library/ZeroTouchSettings/ZeroTouchSettings.inf + +[BuildOptions] +#force deprecated interfaces off + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES diff --git a/ZeroTouchPkg/ZeroTouchPkg.uni b/ZeroTouchPkg/ZeroTouchPkg.uni index 2f7fc6be..3df3de07 100644 --- a/ZeroTouchPkg/ZeroTouchPkg.uni +++ b/ZeroTouchPkg/ZeroTouchPkg.uni @@ -1,16 +1,16 @@ -// /** @file -// This Package provides all definitions, library classes and libraries instances. -// for ZeroTouch. -// -// MsZeroTouch is common code used in the Microsoft UEFI Core code base -// This is targetted at promoting to open source and should be aligned with -// Tianocore standards -// -// Copyright (C) Microsoft Corporation. All rights reserved. -// SPDX-License-Identifier: BSD-2-Clause-Patent -// -// **/ - -#string STR_PACKAGE_ABSTRACT #language en-US "This Package provides all definitions, library classes and libraries instances for ZeroTouch." - +// /** @file +// This Package provides all definitions, library classes and libraries instances. +// for ZeroTouch. +// +// MsZeroTouch is common code used in the Microsoft UEFI Core code base +// This is targetted at promoting to open source and should be aligned with +// Tianocore standards +// +// Copyright (C) Microsoft Corporation. All rights reserved. +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PACKAGE_ABSTRACT #language en-US "This Package provides all definitions, library classes and libraries instances for ZeroTouch." + #string STR_PACKAGE_DESCRIPTION #language en-US "ZeroTouch is common code used in the Microsoft UEFI Core code base" \ No newline at end of file diff --git a/ZeroTouchPkg/ZeroTouchPkgExtra.uni b/ZeroTouchPkg/ZeroTouchPkgExtra.uni index 42abcb67..f42d2437 100644 --- a/ZeroTouchPkg/ZeroTouchPkgExtra.uni +++ b/ZeroTouchPkg/ZeroTouchPkgExtra.uni @@ -1,11 +1,11 @@ -## @file -# ZeroTouch Package Localized Strings and Content -# -# Copyright (C) Microsoft Corporation. All rights reserved. -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -#string STR_PROPERTIES_PACKAGE_NAME -#language en-US -"ZeroTouch Package" +## @file +# ZeroTouch Package Localized Strings and Content +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +#string STR_PROPERTIES_PACKAGE_NAME +#language en-US +"ZeroTouch Package"