Skip to content

Commit 584e0cf

Browse files
Zhiqiang520Zhiqiang520
committed
DeviceSecurityTestPkg: Test LIBSPDM_MAX_ROOT_CERT_SUPPORT.
1. there is only one SignatureList in database. 2. The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT. 3. Then fail to set multiple root certificates as trust anchors in SPDM context. 4. Finally fail to create a connection with the SPDM device and extend some error in PCR. Signed-off-by: Zhao, Zhiqiang <[email protected]>
1 parent 8453ff0 commit 584e0cf

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

DeviceSecurityTestPkg/Include/Test/TestConfig.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,5 +34,6 @@
3434
#define TEST_CONFIG_NO_EFI_CERT_X509_GUID_IN_DB 23
3535
#define TEST_CONFIG_SPDM_MESSAGE_VERSION_11 24
3636
#define TEST_CONFIG_SPDM_MESSAGE_VERSION_10 25
37+
#define TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB 26
3738

3839
#endif

DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -344,6 +344,7 @@ MainEntryPoint (
344344
ShaHashAllFunc ShaHashAll;
345345
UINT8 *RootKey;
346346
UINTN RootKeySize;
347+
UINTN CertCount;
347348

348349
Status = ShellCommandLineParse (mParamList, &ParamPackage, NULL, TRUE);
349350
if (EFI_ERROR (Status)) {
@@ -522,6 +523,19 @@ MainEntryPoint (
522523
RootCert,
523524
RootCertSize
524525
);
526+
} else if (TestConfig == TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB) {
527+
// The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT.
528+
CertCount = LIBSPDM_MAX_ROOT_CERT_SUPPORT + 1;
529+
SignatureHeaderSize = 0;
530+
DbSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + CertCount * sizeof(EFI_SIGNATURE_DATA);
531+
DbList = AllocateZeroPool (DbSize);
532+
SignatureList = DbList;
533+
SignatureListSize = DbSize;
534+
ASSERT (SignatureList != NULL);
535+
CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid);
536+
SignatureList->SignatureListSize = (UINT32)SignatureListSize;
537+
SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize;
538+
SignatureList->SignatureSize = (UINT32)(sizeof(EFI_SIGNATURE_DATA));
525539
} else {
526540
SignatureHeaderSize = 0;
527541
DbSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize;

0 commit comments

Comments
 (0)