tianocore
[New test coverage] [Bug]: UEFI-SCT BBTestGetImageConformanceTestCheckpoint4 expects the GetImage() to return an EFI_SECURITY_VIOLATION, which deviates from the expected behavior defined in the UEFI v2.11
Is there an existing issue for this?
- [x] I have searched existing issues
Bug Type
- [x] Test Coverage
- [ ] Test Infrastructure
- [ ] Memory or crash related
- [ ] Build Issue
What packages are impacted?
UEFI-SCT
Which targets are impacted by this bug?
DEBUG, RELEASE
Which architectures are impacted by this bug?
All
Current Behavior
According to the UEFI Specification version 2.11, the FmpDxe GetImage() API is designed to retrieve a copy of the current firmware image from the device. This enables the image to be saved and later reused, for example, during recovery or rollback operations.
typedef EFI_STATUS (EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE) ( IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This, IN UINT8 ImageIndex, OUT VOID *Image, IN OUT UINTN *ImageSize ); Image: A pointer to the buffer where the current image is copied. If set to NULL with ImageSize = 0, the function returns the required buffer size. ImageSize: On input, indicates the size of the buffer. On output, reflects the actual image size retrieved.
The specification states that the validity of the retrieved image can be verified using the CheckImage() API before it is passed to SetImage().
In the list of possible return codes: EFI_SECURITY_VIOLATION indicates that the operation could not be completed due to image corruption. If the image is partially readable, the buffer should still be updated with the retrieved content.
Internally, this API performs basic parameter checks and then calls FmpDeviceSetContext, FmpDeviceGetSize, and FmpDeviceGetImage. According to the EDK2 implementation (e.g., FmpDeviceLibNull), none of these internal functions is expected to return EFI_SECURITY_VIOLATION.
Recommendation:-
BBTestGetImageConformanceTestCheckpoint4() should not expect EFI_SECCURITY_VIOLATION by passing dummy authentication data. Recommendation is either to remove this test checkpoint of modify it to some valid use case related to GetImage API
.
Expected Behavior
The SCT test case BBTestGetImageConformanceTestCheckpoint4() expects the GetImage() API to return EFI_SECURITY_VIOLATION when dummy authentication data is supplied in the input buffer. However, this behavior is not aligned with the specification. The GetImage() function does not inspect or validate the contents of the input Image buffer (only checks for a valid pointer), Overwrites the provided buffer with the actual image content, regardless of what was previously present.
As a result, the test case incorrectly expects EFI_SECURITY_VIOLATION based on pre-filled, invalid data in the Image buffer—while, per the specification, this error should only occur when the image retrieval fails due to corruption
Steps To Reproduce
Build the UEFI SCT on Linux Follow the instructions provided in the official guide:
HowToBuildSct.txt – edk2-test GitHub
Flash the SCT Image Flash the EFIESP.bin image onto the target system.
Boot into the UEFI Shell and execute the FirmwareManagementBBTestConformance test.
Test Case Failure BBTestGetImageConformanceTestCheckpoint4() fails but wont return EFI_SECURITY_VIOLATION
Build Environment
- OS(s): Linux
- Tool Chain(s): GCC
Version Information
Tag: edk2-test-stable202406
Urgency
Medium
Are you going to fix this?
Someone else needs to fix it
Do you need maintainer feedback?
Maintainer feedback requested
Anything else?
I have attached related definitions https://uefi.org/specs/UEFI/2.11/23_Firmware_Update_and_Reporting.html#efi-firmware-management-protocol-getimage
@dnkgqualcomm Thank you for the issue. This is an excellent find. Can you please volunteer to take up the fix? This case was also identified internally within Arm.
Do you have any thoughts on another new test for EFI_SECURITY_VIOLATION?
