SecurityPkg: Add gmock example

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Chris Johnson <chris.n.johnson@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.cpp

@@ -0,0 +1,174 @@
+/** @file
+  Unit tests for the implementation of SecureBootVariableLib.
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <Library/GoogleTestLib.h>
+#include <GoogleTest/Library/MockUefiLib.h>
+#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
+
+extern "C" {
+  #include <Uefi.h>
+  #include <UefiSecureBoot.h>
+  #include <Guid/AuthenticatedVariableFormat.h>
+  #include <Guid/ImageAuthentication.h>
+  #include <Library/SecureBootVariableLib.h>
+  #include <Library/MemoryAllocationLib.h>
+}
+
+using namespace testing;
+
+//////////////////////////////////////////////////////////////////////////////
+class SetSecureBootModeTest : public Test {
+  protected:
+    MockUefiRuntimeServicesTableLib RtServicesMock;
+    UINT8       SecureBootMode;
+    EFI_STATUS  Status;
+
+    void SetUp() override {
+      // Any random magic number can be used for these tests
+      SecureBootMode = 0xAB;
+    }
+};
+
+// Test SetSecureBootMode() API from SecureBootVariableLib to verify the
+// expected error is returned when the call to gRT->SetVariable() fails.
+TEST_F(SetSecureBootModeTest, SetVarError) {
+  EXPECT_CALL(RtServicesMock, gRT_SetVariable)
+    .WillOnce(Return(EFI_INVALID_PARAMETER));
+
+  Status = SetSecureBootMode(SecureBootMode);
+  EXPECT_EQ(Status, EFI_INVALID_PARAMETER);
+}
+
+// Test SetSecureBootMode() API from SecureBootVariableLib to verify the
+// expected secure boot mode is written to the correct variable in the call
+// to gRT->SetVariable().
+TEST_F(SetSecureBootModeTest, PropogateModeToSetVar) {
+  EXPECT_CALL(RtServicesMock,
+    gRT_SetVariable(
+      Char16StrEq(EFI_CUSTOM_MODE_NAME),
+      BufferEq(&gEfiCustomModeEnableGuid, sizeof(EFI_GUID)),
+      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+      sizeof(SecureBootMode),
+      BufferEq(&SecureBootMode, sizeof(SecureBootMode))))
+    .WillOnce(Return(EFI_SUCCESS));
+
+  Status = SetSecureBootMode(SecureBootMode);
+  EXPECT_EQ(Status, EFI_SUCCESS);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class GetSetupModeTest : public Test {
+  protected:
+    MockUefiRuntimeServicesTableLib RtServicesMock;
+    UINT8       SetupMode;
+    EFI_STATUS  Status;
+    UINT8       ExpSetupMode;
+
+    void SetUp() override {
+      // Any random magic number can be used for these tests
+      ExpSetupMode = 0xAB;
+    }
+};
+
+// Test GetSetupMode() API from SecureBootVariableLib to verify the expected
+// error is returned when the call to gRT->GetVariable() fails.
+TEST_F(GetSetupModeTest, GetVarError) {
+  EXPECT_CALL(RtServicesMock, gRT_GetVariable)
+    .WillOnce(Return(EFI_INVALID_PARAMETER));
+
+  Status = GetSetupMode (&SetupMode);
+  EXPECT_EQ(Status, EFI_INVALID_PARAMETER);
+}
+
+// Test GetSetupMode() API from SecureBootVariableLib to verify the expected
+// setup mode is returned (and with a success return code) when the mode is
+// successfully read from the call to gRT->GetVariable().
+TEST_F(GetSetupModeTest, FetchModeFromGetVar) {
+  EXPECT_CALL(RtServicesMock,
+    gRT_GetVariable(
+      Char16StrEq(EFI_SETUP_MODE_NAME),
+      BufferEq(&gEfiGlobalVariableGuid, sizeof(EFI_GUID)),
+      _,
+      Pointee(Eq(sizeof(SetupMode))),
+      NotNull()))
+    .WillOnce(DoAll(
+      SetArgPointee<3>(sizeof(ExpSetupMode)),
+      SetArgBuffer<4>(&ExpSetupMode, sizeof(ExpSetupMode)),
+      Return(EFI_SUCCESS)));
+
+  Status = GetSetupMode (&SetupMode);
+  ASSERT_EQ(Status, EFI_SUCCESS);
+  EXPECT_EQ(SetupMode, ExpSetupMode);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class IsSecureBootEnabledTest : public Test {
+  protected:
+    MockUefiLib UefiLibMock;
+    BOOLEAN     Enabled;
+};
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE
+// is returned when the call to GetEfiGlobalVariable2() fails.
+TEST_F(IsSecureBootEnabledTest, GetVarError) {
+  EXPECT_CALL(UefiLibMock, GetEfiGlobalVariable2)
+    .WillOnce(Return(EFI_ABORTED));
+
+  Enabled = IsSecureBootEnabled ();
+  EXPECT_EQ(Enabled, FALSE);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+class IsSecureBootEnabledAllocTest : public IsSecureBootEnabledTest {
+  protected:
+    UINT8 *BootEnabledBuffer;
+
+    void SetUp() override {
+      BootEnabledBuffer = (UINT8*) AllocatePool(1);
+      ASSERT_NE(BootEnabledBuffer, nullptr);
+    }
+};
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify TRUE
+// is returned when the call to GetEfiGlobalVariable2() is successful and
+// returns SECURE_BOOT_MODE_ENABLE.
+TEST_F(IsSecureBootEnabledAllocTest, IsEnabled) {
+  *BootEnabledBuffer = SECURE_BOOT_MODE_ENABLE;
+  EXPECT_CALL(UefiLibMock,
+    GetEfiGlobalVariable2(
+      Char16StrEq(EFI_SECURE_BOOT_MODE_NAME),
+      NotNull(),
+      _))
+    .WillOnce(DoAll(
+      SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)),
+      Return(EFI_SUCCESS)));
+
+  Enabled = IsSecureBootEnabled ();
+  EXPECT_EQ(Enabled, TRUE);
+}
+
+// Test IsSecureBootEnabled() API from SecureBootVariableLib to verify FALSE
+// is returned when the call to GetEfiGlobalVariable2() is successful and
+// returns SECURE_BOOT_MODE_DISABLE.
+TEST_F(IsSecureBootEnabledAllocTest, IsDisabled) {
+  *BootEnabledBuffer = SECURE_BOOT_MODE_DISABLE;
+  EXPECT_CALL(UefiLibMock,
+    GetEfiGlobalVariable2(
+      Char16StrEq(EFI_SECURE_BOOT_MODE_NAME),
+      NotNull(),
+      _))
+    .WillOnce(DoAll(
+      SetArgBuffer<1>(&BootEnabledBuffer, sizeof(VOID*)),
+      Return(EFI_SUCCESS)));
+
+  Enabled = IsSecureBootEnabled ();
+  EXPECT_EQ(Enabled, FALSE);
+}
+
+int main(int argc, char* argv[]) {
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}

SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf

@@ -0,0 +1,32 @@
+## @file
+# Unit test suite for the SecureBootVariableLib using Google Test
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION         = 0x00010017
+  BASE_NAME           = SecureBootVariableLibGoogleTest
+  FILE_GUID           = C88372AB-726B-4344-A250-6C7F826C874E
+  VERSION_STRING      = 1.0
+  MODULE_TYPE         = HOST_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  SecureBootVariableLibGoogleTest.cpp
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  GoogleTestLib
+  SecureBootVariableLib

SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf

@@ -10,9 +10,9 @@
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = MockPlatformPKProtectionLib
   FILE_GUID                      = 5FCD74D3-3965-4D56-AB83-000B9B4806A0
-  MODULE_TYPE                    = DXE_DRIVER
+  MODULE_TYPE                    = HOST_APPLICATION
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = PlatformPKProtectionLib|HOST_APPLICATION
+  LIBRARY_CLASS                  = PlatformPKProtectionLib
 
 #
 # The following information is for reference only and not required by the build tools.

SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf

@@ -18,9 +18,9 @@
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = MockUefiLib
   FILE_GUID                      = E3B7AEF9-4E55-49AF-B035-ED776C928EC6
-  MODULE_TYPE                    = UEFI_DRIVER
+  MODULE_TYPE                    = HOST_APPLICATION
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = UefiLib|HOST_APPLICATION
+  LIBRARY_CLASS                  = UefiLib
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64 EBC

SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf

@@ -10,9 +10,9 @@
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = MockUefiRuntimeServicesTableLib
   FILE_GUID                      = 84CE0021-ABEE-403C-9A1B-763CCF2D40F1
-  MODULE_TYPE                    = UEFI_DRIVER
+  MODULE_TYPE                    = HOST_APPLICATION
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = UefiRuntimeServicesTableLib|HOST_APPLICATION
+  LIBRARY_CLASS                  = UefiRuntimeServicesTableLib
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64 EBC

SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnitTest.c

@@ -163,7 +163,7 @@ MockGetVariable (
     return EFI_BUFFER_TOO_SMALL;
   } else {
     assert_non_null (Data);
-    CopyMem (Data, (VOID *)mock (), TargetSize);
+    CopyMem (Data, (VOID *)(UINTN)mock (), TargetSize);
   }
 
   return EFI_SUCCESS;

SecurityPkg/SecurityPkg.dec

@@ -21,6 +21,7 @@
 
 [Includes]
   Include
+  Test/Mock/Include
 
 [LibraryClasses]
   ##  @libraryclass  Provides hash interfaces from different implementations.

SecurityPkg/Test/Mock/Include/GoogleTest/Library/MockPlatformPKProtectionLib.h

@@ -0,0 +1,28 @@
+/** @file
+  Google Test mocks for PlatformPKProtectionLib
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_PLATFORM_PK_PROTECTION_LIB_H_
+#define MOCK_PLATFORM_PK_PROTECTION_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+#include <Uefi.h>
+#include <Library/PlatformPKProtectionLib.h>
+}
+
+struct MockPlatformPKProtectionLib {
+  MOCK_INTERFACE_DECLARATION (MockPlatformPKProtectionLib);
+
+  MOCK_FUNCTION_DECLARATION (
+    EFI_STATUS,
+    DisablePKProtection,
+    ()
+    );
+};
+
+#endif

SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.cpp

@@ -0,0 +1,11 @@
+/** @file
+  Google Test mocks for PlatformPKProtectionLib
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <GoogleTest/Library/MockPlatformPKProtectionLib.h>
+
+MOCK_INTERFACE_DEFINITION(MockPlatformPKProtectionLib);
+
+MOCK_FUNCTION_DEFINITION(MockPlatformPKProtectionLib, DisablePKProtection, 0, EFIAPI);

SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf

@@ -0,0 +1,34 @@
+## @file
+# Google Test mocks for PlatformPKProtectionLib
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = MockPlatformPKProtectionLib
+  FILE_GUID                      = C1383D85-E0ED-44E0-A0A6-125F1D78B6E9
+  MODULE_TYPE                    = HOST_APPLICATION
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformPKProtectionLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  MockPlatformPKProtectionLib.cpp
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  GoogleTestLib
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /EHsc

SecurityPkg/Test/SecurityPkgHostTest.dsc

@@ -25,6 +25,7 @@
   SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServicesTableLib.inf
   SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
   SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+  SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
 
   #
   # Build SecurityPkg HOST_APPLICATION Tests
@@ -36,3 +37,10 @@
       PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectionLib.inf
       UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
   }
+  SecurityPkg/Library/SecureBootVariableLib/GoogleTest/SecureBootVariableLibGoogleTest.inf {
+    <LibraryClasses>
+      SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+      UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+      PlatformPKProtectionLib|SecurityPkg/Test/Mock/Library/GoogleTest/MockPlatformPKProtectionLib/MockPlatformPKProtectionLib.inf
+      UefiLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
+  }