DeviceSecurityPkg: test exceed LIBSPDM_MAX_ROOT_CERT_SUPPORT.

1. there is only one SignatureList in database. 2. The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT. 3. Then fail to set multiple root certificates as trust anchors in SPDM context. 4. Finally fail to create a connection with the SPDM device. Signed-off-by: Zhao, Zhiqiang <[email protected]>
tianocore · Nov 22, 2022 · 4edf114 · 4edf114
1 parent 8dcc69f
commit 4edf114
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/DeviceSecurityPkg/Include/Test/TestConfig.h b/DeviceSecurityPkg/Include/Test/TestConfig.h
@@ -32,5 +32,6 @@
 #define TEST_CONFIG_MULTIPLE_CERT_IN_DB               21
 #define TEST_CONFIG_DIFF_CERT_IN_DIFF_SLOT            22
 #define TEST_CONFIG_NO_EFI_CERT_X509_GUID_IN_DB       23
+#define TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB       24
 
 #endif
diff --git a/DeviceSecurityPkg/Test/DeployCert/DeployCert.c b/DeviceSecurityPkg/Test/DeployCert/DeployCert.c
@@ -346,6 +346,7 @@ MainEntryPoint (
   ShaHashAllFunc      ShaHashAll;
   UINT8               *RootKey;
   UINTN               RootKeySize;
+  UINTN               CertCount;
 
   Status = ShellCommandLineParse (mParamList, &ParamPackage, NULL, TRUE);
   if (EFI_ERROR (Status)) {
@@ -524,6 +525,19 @@ MainEntryPoint (
         RootCert,
         RootCertSize
         );
+    } else if (TestConfig == TEST_CONFIG_MAX_ROOT_CERT_SUPPORT_IN_DB) {
+      // The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT.
+      CertCount = LIBSPDM_MAX_ROOT_CERT_SUPPORT + 1;
+      SignatureHeaderSize = 0;
+      DbSize   = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + CertCount * sizeof(EFI_SIGNATURE_DATA);
+      DbList   = AllocateZeroPool (DbSize);
+      SignatureList = DbList;
+      SignatureListSize = DbSize;
+      ASSERT (SignatureList != NULL);
+      CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid);
+      SignatureList->SignatureListSize   = (UINT32)SignatureListSize;
+      SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize;
+      SignatureList->SignatureSize       = (UINT32)(sizeof(EFI_SIGNATURE_DATA));
     } else {
       SignatureHeaderSize = 0;
       DbSize   = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize;