From ac00f74ef2b914eb7e9c65150ed715839d462dfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Tue, 23 Apr 2024 09:34:45 +0200
Subject: [PATCH] SIE.yaml: add auth var unsigned update known acs limitations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ACS uses very large random blobs to test for unsigned authenticated
variable, which causes failures.

- Introduce a new `KNOWN ACS LIMITATION' category in SIE.yaml.
- Add rules in the SIE.yaml config file to mark those failures as known ACS
  limitations.
- Update the documentation and the schema accordingly.

Reported-by: Sam Moss <sam.moss@arm.com>
Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Suggested-by: Stuart Yoder <stuart.yoder@arm.com>
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
---
 README.md                  |  4 +++
 SIE.yaml                   | 68 ++++++++++++++++++++++++++++++++++++++
 schemas/common-schema.yaml |  2 ++
 3 files changed, 74 insertions(+)

diff --git a/README.md b/README.md
index 4e87a6c..37baf90 100644
--- a/README.md
+++ b/README.md
@@ -353,6 +353,10 @@ the result of some tests with the following ones:
 `KNOWN SIZE LIMITATION`  Genuine limitations, we know about them; they are due
                          to secure storage size limitations and they do not
                          prevent Secure Boot.
+
+ `KNOWN ACS LIMITATION`  Genuine bugs, which are fixed in a more recent
+                         version of the ACS or which must ultimately be fixed
+                         and which we know about.
 -------------------------------------------------------------------------------
 
 [BBSR]: https://developer.arm.com/documentation/den0107/b/?lang=en
diff --git a/SIE.yaml b/SIE.yaml
index ead4e2f..c791e7b 100644
--- a/SIE.yaml
+++ b/SIE.yaml
@@ -185,3 +185,71 @@
     sub set: ImageLoading
   update:
     result: KNOWN ACS LIMITATION
+
+###############################################################################
+#                           Known ACS limitations                             #
+###############################################################################
+
+# We force the following tests result as `KNOWN ACS LIMITATION'. They are
+# genuine bugs, which are fixed in a more recent version of the ACS or which
+# must ultimately be fixed and which we know about.
+
+- rule: Force unsigned authenticated variable update failure with ACS-IR
+    v23.09_2.1.0 as known ACS limitation
+    The SIE SCT sends a random, very large, blob which FW handles differently to
+    an invalid key and returns INVALID_PARAMETER, while the SIE SCT expects only
+    SECURITY_VIOLATION.
+  criteria:
+    descr: Secure Boot Test
+    device path: No device path
+    group: RuntimeServicesTest
+    guid: D2073163-EDB0-4D6B-BA8F-5C6116C1592C
+    log: Status - Invalid Parameter
+    name: SecureBoot - Verify unsigned KEK update
+    result: FAILURE
+    revision: '0x00010000'
+    set guid: 495CB6D7-0817-4015-A479-0DB4C2308626
+    sub set: VariableUpdates
+    test set: SecureBootTest
+  update:
+    result: KNOWN ACS LIMITATION
+
+- rule: Force unsigned authenticated variable update failure (2) with ACS-IR
+    v23.09_2.1.0 as known ACS limitation
+    The SIE SCT sends a random, very large, blob which FW handles differently to
+    an invalid key and returns INVALID_PARAMETER, while the SIE SCT expects only
+    SECURITY_VIOLATION.
+  criteria:
+    descr: Secure Boot Test
+    device path: No device path
+    group: RuntimeServicesTest
+    guid: 25AD4F9B-6533-4A96-9447-FEED03EEC3E2
+    log: Status - Invalid Parameter
+    name: SecureBoot - Verify unsigned db update
+    result: FAILURE
+    revision: '0x00010000'
+    set guid: 495CB6D7-0817-4015-A479-0DB4C2308626
+    sub set: VariableUpdates
+    test set: SecureBootTest
+  update:
+    result: KNOWN ACS LIMITATION
+
+- rule: Force unsigned authenticated variable update failure (3) with ACS-IR
+    v23.09_2.1.0 as known ACS limitation
+    The SIE SCT sends a random, very large, blob which FW handles differently to
+    an invalid key and returns INVALID_PARAMETER, while the SIE SCT expects only
+    SECURITY_VIOLATION.
+  criteria:
+    descr: Secure Boot Test
+    device path: No device path
+    group: RuntimeServicesTest
+    guid: 70FEBF5B-27D6-44AE-AB43-059DDD8B2947
+    log: Status - Invalid Parameter
+    name: SecureBoot - Verify unsigned dbx update
+    result: FAILURE
+    revision: '0x00010000'
+    set guid: 495CB6D7-0817-4015-A479-0DB4C2308626
+    sub set: VariableUpdates
+    test set: SecureBootTest
+  update:
+    result: KNOWN ACS LIMITATION
diff --git a/schemas/common-schema.yaml b/schemas/common-schema.yaml
index 8dbef1f..fe900cd 100644
--- a/schemas/common-schema.yaml
+++ b/schemas/common-schema.yaml
@@ -28,6 +28,7 @@ $defs:
             - SBBR UEFI System Environment and Configuration Tests
             - SBBRRuntimeServices Tests
             - SbbrBootServices Tests
+            - Secure Boot Test
             - Simple Input Protocol Test
             - Simple Network Protocol Test
             - Simple Text Input Ex Protocol Test
@@ -285,6 +286,7 @@ $defs:
             - SbbrBootServices
             - SbbrEfiSpecVerLvl
             - SbbrSysEnvConfig
+            - SecureBootTest
             - SimpleFileSystemProtocolTest
             - SimpleInputProtocolTest
             - SimpleNetworkProtocolTest
-- 
GitLab