sbat 1.0.0

UEFI Secure Boot Advanced Targeting (SBAT) no_std library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

use sbat::{RevocationSection, RevocationSectionError};

#[cfg(feature = "alloc")]
use sbat::RevocationSbatOwned;

/// Parse the actual `.sbatlevel` data in shim as of 2023-01-29.
#[cfg(feature = "alloc")]
#[test]
fn test_actual_sbatlevel_data() {
    let data = include_bytes!("sbatlevel.section");
    let sbat_level_section = RevocationSection::parse(data).unwrap();
    assert_eq!(
        sbat_level_section.previous(),
        b"sbat,1,2022052400\ngrub,2\n"
    );
    assert_eq!(
        sbat_level_section.latest(),
        b"sbat,1,2023012900\nshim,2\ngrub,3\ngrub.debian,4\n"
    );

    // Check that the revocation data parses.
    RevocationSbatOwned::parse(sbat_level_section.previous()).unwrap();
    RevocationSbatOwned::parse(sbat_level_section.latest()).unwrap();

    // Check equality despite extra trailing data.
    let mut data = data.to_vec();
    data.push(123);
    let sbat_level_section2 = RevocationSection::parse(&data).unwrap();
    assert_eq!(sbat_level_section, sbat_level_section2);
}

#[test]
fn test_sbat_level_section_errors() {
    assert_eq!(
        RevocationSection::parse(&[0, 0, 0]),
        Err(RevocationSectionError::MissingVersion)
    );

    assert_eq!(
        RevocationSection::parse(&[1, 0, 0, 0]),
        Err(RevocationSectionError::InvalidVersion(1))
    );

    assert_eq!(
        RevocationSection::parse(&[0; 11]),
        Err(RevocationSectionError::MissingHeader)
    );

    #[rustfmt::skip]
    let data = [
        // Version.
        0, 0, 0, 0,
        // Previous offset.
        8, 0, 0, 0,
        // Latest offset.
        8, 0, 0, 0,
    ];
    assert_eq!(
        RevocationSection::parse(&data),
        Err(RevocationSectionError::InvalidPreviousOffset(8))
    );

    #[rustfmt::skip]
    let data = [
        // Version.
        0, 0, 0, 0,
        // Previous offset.
        8, 0, 0, 0,
        // Latest offset.
        9, 0, 0, 0,
        // Previous data.
        0,
    ];
    assert_eq!(
        RevocationSection::parse(&data),
        Err(RevocationSectionError::InvalidLatestOffset(9))
    );

    #[rustfmt::skip]
    let data = [
        // Version.
        0, 0, 0, 0,
        // Previous offset.
        8, 0, 0, 0,
        // Latest offset.
        8, 0, 0, 0,
        // Previous data.
        1,
    ];
    assert_eq!(
        RevocationSection::parse(&data),
        Err(RevocationSectionError::MissingPreviousNull),
    );

    #[rustfmt::skip]
    let data = [
        // Version.
        0, 0, 0, 0,
        // Previous offset.
        8, 0, 0, 0,
        // Latest offset.
        9, 0, 0, 0,
        // Previous data.
        0,
        // Latest data.
        1,
    ];
    assert_eq!(
        RevocationSection::parse(&data),
        Err(RevocationSectionError::MissingLatestNull),
    );
}