DeviceSecurityTestPkg: Test LIBSPDM_MAX_ROOT_CERT_SUPPORT.

1. there is only one SignatureList in database. 2. The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT. 3. Then fail to set multiple root certificates as trust anchors in SPDM context. 4. Finally fail to create a connection with the SPDM device and extend some error in PCR. Signed-off-by: Zhao, Zhiqiang <zhiqiang.zhao@intel.com>
tianocore · Dec 21, 2022 · 584e0cf · 584e0cf
1 parent 8453ff0
commit 584e0cf
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/DeviceSecurityTestPkg/Include/Test/TestConfig.h b/DeviceSecurityTestPkg/Include/Test/TestConfig.h
@@ -34,5 +34,6 @@
 #define TEST_CONFIG_NO_EFI_CERT_X509_GUID_IN_DB       23
 #define TEST_CONFIG_SPDM_MESSAGE_VERSION_11           24
 #define TEST_CONFIG_SPDM_MESSAGE_VERSION_10           25
+#define TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB       26
 
 #endif
diff --git a/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c b/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c
@@ -344,6 +344,7 @@ MainEntryPoint (
   ShaHashAllFunc      ShaHashAll;
   UINT8               *RootKey;
   UINTN               RootKeySize;
+  UINTN               CertCount;
 
   Status = ShellCommandLineParse (mParamList, &ParamPackage, NULL, TRUE);
   if (EFI_ERROR (Status)) {
@@ -522,6 +523,19 @@ MainEntryPoint (
         RootCert,
         RootCertSize
         );
+    } else if (TestConfig == TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB) {
+      // The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT.
+      CertCount = LIBSPDM_MAX_ROOT_CERT_SUPPORT + 1;
+      SignatureHeaderSize = 0;
+      DbSize   = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + CertCount * sizeof(EFI_SIGNATURE_DATA);
+      DbList   = AllocateZeroPool (DbSize);
+      SignatureList = DbList;
+      SignatureListSize = DbSize;
+      ASSERT (SignatureList != NULL);
+      CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid);
+      SignatureList->SignatureListSize   = (UINT32)SignatureListSize;
+      SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize;
+      SignatureList->SignatureSize       = (UINT32)(sizeof(EFI_SIGNATURE_DATA));
     } else {
       SignatureHeaderSize = 0;
       DbSize   = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize;