[New test coverage] [Bug]: UEFI-SCT BBTestGetImageConformanceTestCheckpoint4 expects the GetImage() to return an EFI_SECURITY_VIOLATION, which deviates from the expected behavior defined in the UEFI v2.11

[dnkgqualcomm]

Is there an existing issue for this?

• I have searched existing issues

Bug Type

• Test Coverage
• Test Infrastructure
• Memory or crash related
• Build Issue

What packages are impacted?

UEFI-SCT

Which targets are impacted by this bug?

DEBUG, RELEASE

Which architectures are impacted by this bug?

All

Current Behavior

According to the UEFI Specification version 2.11, the FmpDxe GetImage() API is designed to retrieve a copy of the current firmware image from the device. This enables the image to be saved and later reused, for example, during recovery or rollback operations.

typedef
EFI_STATUS
(EFIAPI *EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GET_IMAGE) (
IN EFI_FIRMWARE_MANAGEMENT_PROTOCOL *This,
IN UINT8 ImageIndex,
OUT VOID *Image,
IN OUT UINTN *ImageSize
);
Image: A pointer to the buffer where the current image is copied. If set to NULL with ImageSize = 0, the function returns the required buffer size.
ImageSize: On input, indicates the size of the buffer. On output, reflects the actual image size retrieved.

The specification states that the validity of the retrieved image can be verified using the CheckImage() API before it is passed to SetImage().

In the list of possible return codes:
EFI_SECURITY_VIOLATION indicates that the operation could not be completed due to image corruption. If the image is partially readable, the buffer should still be updated with the retrieved content.

Internally, this API performs basic parameter checks and then calls FmpDeviceSetContext, FmpDeviceGetSize, and FmpDeviceGetImage. According to the EDK2 implementation (e.g., FmpDeviceLibNull), none of these internal functions is expected to return EFI_SECURITY_VIOLATION.

Recommendation:-

BBTestGetImageConformanceTestCheckpoint4() should not expect EFI_SECCURITY_VIOLATION by passing dummy authentication data. Recommendation is either to remove this test checkpoint of modify it to some valid use case related to GetImage API

.

Expected Behavior

The SCT test case BBTestGetImageConformanceTestCheckpoint4() expects the GetImage() API to return EFI_SECURITY_VIOLATION when dummy authentication data is supplied in the input buffer. However, this behavior is not aligned with the specification.
The GetImage() function does not inspect or validate the contents of the input Image buffer (only checks for a valid pointer), Overwrites the provided buffer with the actual image content, regardless of what was previously present.

As a result, the test case incorrectly expects EFI_SECURITY_VIOLATION based on pre-filled, invalid data in the Image buffer—while, per the specification, this error should only occur when the image retrieval fails due to corruption

Steps To Reproduce

Build the UEFI SCT on Linux
Follow the instructions provided in the official guide:

HowToBuildSct.txt – edk2-test GitHub

Flash the SCT Image
Flash the EFIESP.bin image onto the target system.

Boot into the UEFI Shell and execute the FirmwareManagementBBTestConformance test.

Test Case Failure
BBTestGetImageConformanceTestCheckpoint4() fails but wont return EFI_SECURITY_VIOLATION

Build Environment

- OS(s): Linux
- Tool Chain(s): GCC

Version Information

Tag: edk2-test-stable202406

Urgency

Medium

Are you going to fix this?

Someone else needs to fix it

Do you need maintainer feedback?

Maintainer feedback requested

Anything else?

I have attached related definitions
https://uefi.org/specs/UEFI/2.11/23_Firmware_Update_and_Reporting.html#efi-firmware-management-protocol-getimage

[edhay]

@dnkgqualcomm Thank you for the issue. This is an excellent find.
Can you please volunteer to take up the fix?
This case was also identified internally within Arm.

Do you have any thoughts on another new test for EFI_SECURITY_VIOLATION?