From nobody Mon Feb  9 14:03:08 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+90500+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+90500+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1655152809; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gnaiphYagMGtJqh+ZFtBbXIFFWJaUtlGlUaDC91odTQU307Hhh1FBROcooFQJJFf7OJqk0P0yrztvJswiZ1I8TUla8eC4pLG09vrZRJL5nJW+/+9uDb4TxljIQnecf/o0ichEjNLH534R7cPO+oof1WvAssV4JOWul+c47S02Ls=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1655152809;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=fqqfc2BrAQc0qC8x/A9yGlhIS4qPJoIlHJVonOLr6dM=;
	b=iB+UVR7doyUT2Vc6M6XV50MDdFeqeJBVn+LTcX0xfkhhAL5b96FNWCdRJ/CScV+3DeI3K6pwKPf05H88VoFvD92XHO+yerQD0xQxA0uQBIKaEd0vejE09kp55xYJGXIlsp+shCvFrQhGP/b1UBI8uHrneZfrAMtUbK7T966xRCQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+90500+1787277+3901457@groups.io;
	dmarc=fail header.from=<kuqin12@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1655152809885831.5321931848217;
 Mon, 13 Jun 2022 13:40:09 -0700 (PDT)
Return-Path: <bounce+27952+90500+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 5eA6YY1788612xunaa14j17H;
 Mon, 13 Jun 2022 13:40:09 -0700
X-Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web10.10963.1655152808692556291
 for <devel@edk2.groups.io>;
 Mon, 13 Jun 2022 13:40:08 -0700
X-Received: by mail-pj1-f47.google.com with SMTP id e9so6658466pju.5
        for <devel@edk2.groups.io>; Mon, 13 Jun 2022 13:40:08 -0700 (PDT)
X-Gm-Message-State: 6FL6wW9eLNndg3GBnkDJ4Fsox1787277AA=
X-Google-Smtp-Source: 
 AGRyM1tcGZFWCiNYDhrUTcIQV1Q4ZYqT/v2hTqKJvU6lGCwymILOvFTD6j0nvDeGhXvzFn2M8ePcLA==
X-Received: by 2002:a17:902:e5ca:b0:167:4e08:a63a with SMTP id
 u10-20020a170902e5ca00b001674e08a63amr740450plf.69.1655152807499;
        Mon, 13 Jun 2022 13:40:07 -0700 (PDT)
X-Received: from localhost.localdomain ([50.35.66.9])
        by smtp.gmail.com with ESMTPSA id
 g14-20020a17090a578e00b001ea90dada74sm5603239pji.12.2022.06.13.13.40.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Jun 2022 13:40:06 -0700 (PDT)
From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Min Xu <min.m.xu@intel.com>
Subject: [edk2-devel] [PATCH v2 09/11] SecurityPkg: SecureBootVariableLib:
 Added unit tests
Date: Mon, 13 Jun 2022 13:39:40 -0700
Message-Id: <20220613203943.704-10-kuqin12@gmail.com>
In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com>
References: <20220613203943.704-1-kuqin12@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,kuqin12@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1655152809;
 bh=igEI+QdagwDP7OMjVMVGRcEQMw7O/KhS4GlE63XtKC4=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=OZZN2OeM3k6aUViJV8Oya/zDeDB1IDow5I3173hpm8unkc4Z1r7h37vXmz+9ZlsVuGY
 KUcuff6W33gWnGHHhEFJhcdiu3YOL13KQIaNWWMeUX3FJcJ9fgktVh5LqHKmPCBSWSdby
 9CTfsVzYUkuHJU/jk0OShiwNaQnZq7bDZUM=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1655152810811100027
Content-Type: text/plain; charset="utf-8"

From: kuqin <kuqin@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3911

This change added unit test and enabled it from pipeline for the updated
SecureBootVariableLib.

The unit test covers all implemented interfaces and certain corner cases.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
---
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.c       |   36 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c          =
             |  201 ++
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.c   |   13 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.c     | 2037 ++++++++++++++++++++
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio=
nLib.inf     |   33 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf        =
             |   45 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices=
TableLib.inf |   25 +
 SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUn=
itTest.inf   |   36 +
 SecurityPkg/SecurityPkg.ci.yaml                                           =
             |   11 +
 SecurityPkg/Test/SecurityPkgHostTest.dsc                                  =
             |   38 +
 10 files changed, 2475 insertions(+)

diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/Moc=
kPlatformPKProtectionLib.c
new file mode 100644
index 000000000000..a8644d272df6
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.c
@@ -0,0 +1,36 @@
+/** @file
+  Provides a mocked interface for configuring PK related variable protecti=
on.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+
+/**
+  Disable any applicable protection against variable 'PK'. The implementat=
ion
+  of this interface is platform specific, depending on the protection tech=
niques
+  used per platform.
+
+  Note: It is the platform's responsibility to conduct cautious operation =
after
+        disabling this protection.
+
+  @retval     EFI_SUCCESS             State has been successfully updated.
+  @retval     Others                  Error returned from implementation s=
pecific
+                                      underying APIs.
+
+**/
+EFI_STATUS
+EFIAPI
+DisablePKProtection (
+  VOID
+  )
+{
+  return (EFI_STATUS)mock ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
new file mode 100644
index 000000000000..df271c39f26c
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c
@@ -0,0 +1,201 @@
+/** @file
+  The UEFI Library provides functions and macros that simplify the develop=
ment of
+  UEFI Drivers and UEFI Applications.  These functions and macros help man=
age EFI
+  events, build simple locks utilizing EFI Task Priority Levels (TPLs), in=
stall
+  EFI Driver Model related protocols, manage Unicode string tables for UEF=
I Drivers,
+  and print messages on the console output and standard error devices.
+
+  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+/**
+  Returns the status whether get the variable success. The function retrie=
ves
+  variable  through the UEFI Runtime Service GetVariable().  The
+  returned buffer is allocated using AllocatePool().  The caller is respon=
sible
+  for freeing this buffer with FreePool().
+
+  If Name  is NULL, then ASSERT().
+  If Guid  is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[in]  Guid  The pointer to an EFI_GUID structure
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+
+  @return EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @return EFI_SUCCESS               Find the specified variable.
+  @return Others Errors             Return errors from call to gRT->GetVar=
iable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable2 (
+  IN CONST CHAR16    *Name,
+  IN CONST EFI_GUID  *Guid,
+  OUT VOID           **Value,
+  OUT UINTN          *Size OPTIONAL
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BufferSize;
+
+  ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);
+
+  //
+  // Try to get the variable size.
+  //
+  BufferSize =3D 0;
+  *Value     =3D NULL;
+  if (Size !=3D NULL) {
+    *Size =3D 0;
+  }
+
+  Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);
+  if (Status !=3D EFI_BUFFER_TOO_SMALL) {
+    return Status;
+  }
+
+  //
+  // Allocate buffer to get the variable.
+  //
+  *Value =3D AllocatePool (BufferSize);
+  ASSERT (*Value !=3D NULL);
+  if (*Value =3D=3D NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Get the variable data.
+  //
+  Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu=
fferSize, *Value);
+  if (EFI_ERROR (Status)) {
+    FreePool (*Value);
+    *Value =3D NULL;
+  }
+
+  if (Size !=3D NULL) {
+    *Size =3D BufferSize;
+  }
+
+  return Status;
+}
+
+/** Return the attributes of the variable.
+
+  Returns the status whether get the variable success. The function retrie=
ves
+  variable  through the UEFI Runtime Service GetVariable().  The
+  returned buffer is allocated using AllocatePool().  The caller is respon=
sible
+  for freeing this buffer with FreePool().  The attributes are returned if
+  the caller provides a valid Attribute parameter.
+
+  If Name  is NULL, then ASSERT().
+  If Guid  is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[in]  Guid  The pointer to an EFI_GUID structure
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+  @param[out] Attr  The pointer to the variable attributes as found in var=
 store
+
+  @retval EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @retval EFI_SUCCESS               Find the specified variable.
+  @retval Others Errors             Return errors from call to gRT->GetVar=
iable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariable3 (
+  IN CONST CHAR16    *Name,
+  IN CONST EFI_GUID  *Guid,
+  OUT VOID           **Value,
+  OUT UINTN          *Size OPTIONAL,
+  OUT UINT32         *Attr OPTIONAL
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       BufferSize;
+
+  ASSERT (Name !=3D NULL && Guid !=3D NULL && Value !=3D NULL);
+
+  //
+  // Try to get the variable size.
+  //
+  BufferSize =3D 0;
+  *Value     =3D NULL;
+  if (Size !=3D NULL) {
+    *Size =3D 0;
+  }
+
+  if (Attr !=3D NULL) {
+    *Attr =3D 0;
+  }
+
+  Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);
+  if (Status !=3D EFI_BUFFER_TOO_SMALL) {
+    return Status;
+  }
+
+  //
+  // Allocate buffer to get the variable.
+  //
+  *Value =3D AllocatePool (BufferSize);
+  ASSERT (*Value !=3D NULL);
+  if (*Value =3D=3D NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Get the variable data.
+  //
+  Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, Attr, &Bu=
fferSize, *Value);
+  if (EFI_ERROR (Status)) {
+    FreePool (*Value);
+    *Value =3D NULL;
+  }
+
+  if (Size !=3D NULL) {
+    *Size =3D BufferSize;
+  }
+
+  return Status;
+}
+
+/**
+  Returns a pointer to an allocated buffer that contains the contents of a
+  variable retrieved through the UEFI Runtime Service GetVariable().  This
+  function always uses the EFI_GLOBAL_VARIABLE GUID to retrieve variables.
+  The returned buffer is allocated using AllocatePool().  The caller is
+  responsible for freeing this buffer with FreePool().
+
+  If Name is NULL, then ASSERT().
+  If Value is NULL, then ASSERT().
+
+  @param[in]  Name  The pointer to a Null-terminated Unicode string.
+  @param[out] Value The buffer point saved the variable info.
+  @param[out] Size  The buffer size of the variable.
+
+  @return EFI_OUT_OF_RESOURCES      Allocate buffer failed.
+  @return EFI_SUCCESS               Find the specified variable.
+  @return Others Errors             Return errors from call to gRT->GetVar=
iable.
+
+**/
+EFI_STATUS
+EFIAPI
+GetEfiGlobalVariable2 (
+  IN CONST CHAR16  *Name,
+  OUT VOID         **Value,
+  OUT UINTN        *Size OPTIONAL
+  )
+{
+  return GetVariable2 (Name, &gEfiGlobalVariableGuid, Value, Size);
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/MockUefiRuntimeServicesTableLib.c
new file mode 100644
index 000000000000..e86192a05f32
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.c
@@ -0,0 +1,13 @@
+/** @file
+  Mock implementation of the UEFI Runtime Services Table Library.
+
+  Copyright (C) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+extern EFI_RUNTIME_SERVICES  gMockRuntime;
+
+EFI_RUNTIME_SERVICES  *gRT =3D &gMockRuntime;
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.c b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/S=
ecureBootVariableLibUnitTest.c
new file mode 100644
index 000000000000..a23135dfb016
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.c
@@ -0,0 +1,2037 @@
+/** @file
+  Unit tests of the implementation of SecureBootVariableLib.
+
+  Copyright (C) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <Uefi.h>
+#include <UefiSecureBoot.h>
+#include <Guid/GlobalVariable.h>
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Library/UnitTestLib.h>
+#include <Library/SecureBootVariableLib.h>
+
+#define UNIT_TEST_APP_NAME     "SecureBootVariableLib Unit Tests"
+#define UNIT_TEST_APP_VERSION  "1.0"
+#define VAR_AUTH_DESC_SIZE     OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, A=
uthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)
+
+extern EFI_TIME  mMaxTimestamp;
+extern EFI_TIME  mDefaultPayloadTimestamp;
+
+/**
+  Sets the value of a variable.
+
+  @param[in]  VariableName       A Null-terminated string that is the name=
 of the vendor's variable.
+                                 Each VariableName is unique for each Vend=
orGuid. VariableName must
+                                 contain 1 or more characters. If Variable=
Name is an empty string,
+                                 then EFI_INVALID_PARAMETER is returned.
+  @param[in]  VendorGuid         A unique identifier for the vendor.
+  @param[in]  Attributes         Attributes bitmask to set for the variabl=
e.
+  @param[in]  DataSize           The size in bytes of the Data buffer. Unl=
ess the EFI_VARIABLE_APPEND_WRITE or
+                                 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI=
TE_ACCESS attribute is set, a size of zero
+                                 causes the variable to be deleted. When t=
he EFI_VARIABLE_APPEND_WRITE attribute is
+                                 set, then a SetVariable() call with a Dat=
aSize of zero will not cause any change to
+                                 the variable value (the timestamp associa=
ted with the variable may be updated however
+                                 even if no new data value is provided,see=
 the description of the
+                                 EFI_VARIABLE_AUTHENTICATION_2 descriptor =
below. In this case the DataSize will not
+                                 be zero since the EFI_VARIABLE_AUTHENTICA=
TION_2 descriptor will be populated).
+  @param[in]  Data               The contents for the variable.
+
+  @retval EFI_SUCCESS            The firmware has successfully stored the =
variable and its data as
+                                 defined by the Attributes.
+  @retval EFI_INVALID_PARAMETER  An invalid combination of attribute bits,=
 name, and GUID was supplied, or the
+                                 DataSize exceeds the maximum allowed.
+  @retval EFI_INVALID_PARAMETER  VariableName is an empty string.
+  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold t=
he variable and its data.
+  @retval EFI_DEVICE_ERROR       The variable could not be retrieved due t=
o a hardware error.
+  @retval EFI_WRITE_PROTECTED    The variable in question is read-only.
+  @retval EFI_WRITE_PROTECTED    The variable in question cannot be delete=
d.
+  @retval EFI_SECURITY_VIOLATION The variable could not be written due to =
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,
+                                 but the AuthInfo does NOT pass the valida=
tion check carried out by the firmware.
+
+  @retval EFI_NOT_FOUND          The variable trying to be updated or dele=
ted was not found.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockSetVariable (
+  IN  CHAR16    *VariableName,
+  IN  EFI_GUID  *VendorGuid,
+  IN  UINT32    Attributes,
+  IN  UINTN     DataSize,
+  IN  VOID      *Data
+  )
+{
+  DEBUG ((
+    DEBUG_INFO,
+    "%a %s %g %x %x %p\n",
+    __FUNCTION__,
+    VariableName,
+    VendorGuid,
+    Attributes,
+    DataSize,
+    Data
+    ));
+  check_expected_ptr (VariableName);
+  check_expected_ptr (VendorGuid);
+  check_expected_ptr (Attributes);
+  check_expected (DataSize);
+  check_expected (Data);
+
+  return (EFI_STATUS)mock ();
+}
+
+/**
+  Returns the value of a variable.
+
+  @param[in]       VariableName  A Null-terminated string that is the name=
 of the vendor's
+                                 variable.
+  @param[in]       VendorGuid    A unique identifier for the vendor.
+  @param[out]      Attributes    If not NULL, a pointer to the memory loca=
tion to return the
+                                 attributes bitmask for the variable.
+  @param[in, out]  DataSize      On input, the size in bytes of the return=
 Data buffer.
+                                 On output the size of data returned in Da=
ta.
+  @param[out]      Data          The buffer to return the contents of the =
variable. May be NULL
+                                 with a zero DataSize in order to determin=
e the size buffer needed.
+
+  @retval EFI_SUCCESS            The function completed successfully.
+  @retval EFI_NOT_FOUND          The variable was not found.
+  @retval EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
+  @retval EFI_INVALID_PARAMETER  VariableName is NULL.
+  @retval EFI_INVALID_PARAMETER  VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER  DataSize is NULL.
+  @retval EFI_INVALID_PARAMETER  The DataSize is not too small and Data is=
 NULL.
+  @retval EFI_DEVICE_ERROR       The variable could not be retrieved due t=
o a hardware error.
+  @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due t=
o an authentication failure.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MockGetVariable (
+  IN     CHAR16    *VariableName,
+  IN     EFI_GUID  *VendorGuid,
+  OUT    UINT32    *Attributes     OPTIONAL,
+  IN OUT UINTN     *DataSize,
+  OUT    VOID      *Data           OPTIONAL
+  )
+{
+  UINTN    TargetSize;
+  BOOLEAN  Exist;
+
+  DEBUG ((
+    DEBUG_INFO,
+    "%a %s %g %p %x %p\n",
+    __FUNCTION__,
+    VariableName,
+    VendorGuid,
+    Attributes,
+    *DataSize,
+    Data
+    ));
+  assert_non_null (DataSize);
+  check_expected_ptr (VariableName);
+  check_expected_ptr (VendorGuid);
+  check_expected (*DataSize);
+
+  Exist =3D (BOOLEAN)mock ();
+
+  if (!Exist) {
+    return EFI_NOT_FOUND;
+  }
+
+  TargetSize =3D (UINTN)mock ();
+  if (TargetSize > *DataSize) {
+    *DataSize =3D TargetSize;
+    return EFI_BUFFER_TOO_SMALL;
+  } else {
+    assert_non_null (Data);
+    CopyMem (Data, (VOID *)mock (), TargetSize);
+  }
+
+  return EFI_SUCCESS;
+}
+
+///
+/// Mock version of the UEFI Runtime Services Table
+///
+EFI_RUNTIME_SERVICES  gMockRuntime =3D {
+  {
+    EFI_RUNTIME_SERVICES_SIGNATURE,     // Signature
+    EFI_RUNTIME_SERVICES_REVISION,      // Revision
+    sizeof (EFI_RUNTIME_SERVICES),      // HeaderSize
+    0,                                  // CRC32
+    0                                   // Reserved
+  },
+  NULL,               // GetTime
+  NULL,               // SetTime
+  NULL,               // GetWakeupTime
+  NULL,               // SetWakeupTime
+  NULL,               // SetVirtualAddressMap
+  NULL,               // ConvertPointer
+  MockGetVariable,    // GetVariable
+  NULL,               // GetNextVariableName
+  MockSetVariable,    // SetVariable
+  NULL,               // GetNextHighMonotonicCount
+  NULL,               // ResetSystem
+  NULL,               // UpdateCapsule
+  NULL,               // QueryCapsuleCapabilities
+  NULL                // QueryVariableInfo
+};
+
+/**
+  Unit test for SetSecureBootMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootModeShouldSetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINT8       SecureBootMode;
+  EFI_STATUS  Status;
+
+  SecureBootMode =3D 0xAB; // Any random magic number...
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (SecureBootMode));
+  expect_memory (MockSetVariable, Data, &SecureBootMode, sizeof (SecureBoo=
tMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D SetSecureBootMode (SecureBootMode);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+GetSetupModeShouldGetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       TargetMode;
+  UINT8       SetupMode;
+
+  TargetMode =3D 0xAB; // Any random magic number...
+  expect_memory (MockGetVariable, VariableName, EFI_SETUP_MODE_NAME, sizeo=
f (EFI_SETUP_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (SetupMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (SetupMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Status =3D GetSetupMode (&SetupMode);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (SetupMode, TargetMode);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for GetSetupMode () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+IsSecureBootEnableShouldGetVar (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Enabled;
+  UINT8    TargetMode;
+
+  TargetMode =3D SECURE_BOOT_MODE_ENABLE;
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Enabled =3D IsSecureBootEnabled ();
+
+  UT_ASSERT_EQUAL (Enabled, SECURE_BOOT_MODE_ENABLE);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputSimple (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    =3D NULL;
+  EFI_SIGNATURE_DATA            *SigData    =3D NULL;
+  UINTN                         SigListSize =3D 0;
+  EFI_STATUS                    Status;
+  UINT8                         TestData[] =3D { 0 };
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo    =3D {
+    .Data     =3D TestData,
+    .DataSize =3D sizeof (TestData)
+  };
+
+  Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);
+
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  UT_ASSERT_NOT_NULL (SigList);
+  UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)=
);
+  UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) - 1=
 + sizeof (TestData));
+  UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+  UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIST)=
 + sizeof (EFI_SIGNATURE_DATA) - 1 + sizeof (TestData));
+  UT_ASSERT_EQUAL (SigList->SignatureListSize, SigListSize);
+
+  SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNATUR=
E_LIST));
+  UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVariab=
leGuid));
+  UT_ASSERT_MEM_EQUAL (SigData->SignatureData, TestData, sizeof (TestData)=
);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputNull (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    =3D NULL;
+  UINTN                         SigListSize =3D 0;
+  EFI_STATUS                    Status;
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo =3D {
+    .Data     =3D NULL,
+    .DataSize =3D 0
+  };
+
+  Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 0, NUL=
L);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 1, &Ke=
yInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_NOT_FOUND);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SecureBootCreateDataFromInput () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SecureBootCreateDataFromInputMultiple (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_SIGNATURE_LIST            *SigList    =3D NULL;
+  EFI_SIGNATURE_DATA            *SigData    =3D NULL;
+  UINTN                         SigListSize =3D 0;
+  UINTN                         TotalSize   =3D 0;
+  UINTN                         Index       =3D 0;
+  UINT8                         TestData1[] =3D { 0 };
+  UINT8                         TestData2[] =3D { 1, 2 };
+  EFI_STATUS                    Status;
+  SECURE_BOOT_CERTIFICATE_INFO  KeyInfo[2] =3D {
+    {
+      .Data     =3D TestData1,
+      .DataSize =3D sizeof (TestData1)
+    },
+    {
+      .Data     =3D TestData2,
+      .DataSize =3D sizeof (TestData2)
+    }
+  };
+
+  Status =3D SecureBootCreateDataFromInput (&SigListSize, &SigList, 2, Key=
Info);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  UT_ASSERT_NOT_NULL (SigList);
+
+  for (Index =3D 0; Index < 2; Index++) {
+    UT_ASSERT_TRUE (SigListSize > TotalSize);
+
+    UT_ASSERT_TRUE (CompareGuid (&SigList->SignatureType, &gEfiCertX509Gui=
d));
+    UT_ASSERT_EQUAL (SigList->SignatureSize, sizeof (EFI_SIGNATURE_DATA) -=
 1 + KeyInfo[Index].DataSize);
+    UT_ASSERT_EQUAL (SigList->SignatureHeaderSize, 0);
+    UT_ASSERT_EQUAL (SigList->SignatureListSize, sizeof (EFI_SIGNATURE_LIS=
T) + sizeof (EFI_SIGNATURE_DATA) - 1 + KeyInfo[Index].DataSize);
+
+    SigData =3D (EFI_SIGNATURE_DATA *)((UINTN)SigList + sizeof (EFI_SIGNAT=
URE_LIST));
+    UT_ASSERT_TRUE (CompareGuid (&SigData->SignatureOwner, &gEfiGlobalVari=
ableGuid));
+    UT_ASSERT_MEM_EQUAL (SigData->SignatureData, KeyInfo[Index].Data, KeyI=
nfo[Index].DataSize);
+    TotalSize =3D TotalSize + SigList->SignatureListSize;
+    SigList   =3D (EFI_SIGNATURE_LIST *)((UINTN)SigList + SigList->Signatu=
reListSize);
+  }
+
+  UT_ASSERT_EQUAL (SigListSize, TotalSize);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldPopulateDescriptor (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINT8                          Data[]   =3D { 2 };
+  UINTN                          DataSize =3D sizeof (Data);
+  UINT8                          *CheckData;
+  EFI_VARIABLE_AUTHENTICATION_2  *VarAuth;
+  EFI_STATUS                     Status;
+  EFI_TIME                       Time =3D {
+    .Year       =3D 2012,
+    .Month      =3D 3,
+    .Day        =3D 4,
+    .Hour       =3D 5,
+    .Minute     =3D 6,
+    .Second     =3D 7,
+    .Pad1       =3D 0,
+    .Nanosecond =3D 8910,
+    .TimeZone   =3D 1112,
+    .Pad2       =3D 0
+  };
+
+  CheckData =3D AllocateCopyPool (DataSize, Data);
+  Status    =3D CreateTimeBasedPayload (&DataSize, &CheckData, &Time);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  // This is result that we did not pack this structure...
+  // we cannot even use the sizeof (EFI_VARIABLE_AUTHENTICATION_2) - 1,
+  // because the structure is not at the end of this structure, but partia=
lly
+  // inside it...
+  UT_ASSERT_EQUAL (DataSize, VAR_AUTH_DESC_SIZE + sizeof (Data));
+  UT_ASSERT_NOT_NULL (CheckData);
+
+  VarAuth =3D (EFI_VARIABLE_AUTHENTICATION_2 *)CheckData;
+  UT_ASSERT_MEM_EQUAL (&(VarAuth->TimeStamp), &Time, sizeof (EFI_TIME));
+
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.dwLength, OFFSET_OF (WIN_CERTIFIC=
ATE_UEFI_GUID, CertData));
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wRevision, 0x0200);
+  UT_ASSERT_EQUAL (VarAuth->AuthInfo.Hdr.wCertificateType, WIN_CERT_TYPE_E=
FI_GUID);
+  UT_ASSERT_TRUE (CompareGuid (&VarAuth->AuthInfo.CertType, &gEfiCertPkcs7=
Guid));
+
+  UT_ASSERT_MEM_EQUAL (VarAuth->AuthInfo.CertData, Data, sizeof (Data));
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for CreateTimeBasedPayload () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+CreateTimeBasedPayloadShouldCheckInput (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  UINTN       DataSize =3D 0;
+  UINT8       *Data    =3D NULL;
+  EFI_TIME    Time;
+  EFI_STATUS  Status;
+
+  Status =3D CreateTimeBasedPayload (NULL, &Data, &Time);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status =3D CreateTimeBasedPayload (&DataSize, NULL, &Time);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  Status =3D CreateTimeBasedPayload (&DataSize, &Data, NULL);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_INVALID_PARAMETER);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDb () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeleteDb ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDbx () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbxShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeleteDbx ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteDbt () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteDbtShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeleteDbt ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteKEK () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteKEKShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeleteKEK ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeletePlatformKey () API of the SecureBootVariableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeletePKShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+  UINT8       BootMode    =3D CUSTOM_SECURE_BOOT_MODE;
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeletePlatformKey ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldDelete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D 0;
+  UINT8       BootMode    =3D CUSTOM_SECURE_BOOT_MODE;
+
+  Status =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mMaxTimestam=
p);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE);
+
+  will_return (DisablePKProtection, EFI_SUCCESS);
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, sizeof (Dummy));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (Dummy));
+  will_return (MockGetVariable, &Dummy);
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE);
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE);
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D DeleteSecureBootVariables ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldCheckProtection (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+
+  will_return (DisablePKProtection, EFI_SECURITY_VIOLATION);
+
+  Status =3D DeleteSecureBootVariables ();
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+DeleteSecureBootVariablesShouldProceedWithNotFound (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       BootMode =3D CUSTOM_SECURE_BOOT_MODE;
+
+  will_return (DisablePKProtection, EFI_SUCCESS);
+
+  expect_memory (MockSetVariable, VariableName, EFI_CUSTOM_MODE_NAME, size=
of (EFI_CUSTOM_MODE_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiCustomModeEnableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_BOOTSERVICE_ACCESS);
+  expect_value (MockSetVariable, DataSize, sizeof (BootMode));
+  expect_memory (MockSetVariable, Data, &BootMode, sizeof (BootMode));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  expect_memory (MockGetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  expect_memory (MockGetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockGetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Status =3D DeleteSecureBootVariables ();
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for DeleteSecureBootVariables () API of the SecureBootVariable=
Lib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+EnrollFromInputShouldComplete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Dummy       =3D 3;
+  UINT8       *Payload    =3D NULL;
+  UINTN       PayloadSize =3D sizeof (Dummy);
+
+  Payload =3D AllocateCopyPool (sizeof (Dummy), &Dummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (Dummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Du=
mmy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (Dummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D EnrollFromInput (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGu=
id, sizeof (Dummy), &Dummy);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldComplete (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbtDummy    =3D 0xAD;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     KekDummy    =3D 0xEF;
+  UINT8                     PkDummy     =3D 0xFE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .DbtPtr            =3D &DbtDummy,
+    .DbtSize           =3D sizeof (DbtDummy),
+    .KekPtr            =3D &KekDummy,
+    .KekSize           =3D sizeof (KekDummy),
+    .PkPtr             =3D &PkDummy,
+    .PkSize            =3D sizeof (PkDummy),
+    .SecureBootKeyName =3D L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize =3D sizeof (DbtDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize =3D sizeof (KekDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize =3D sizeof (PkDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopWhenSecure (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     TargetMode =3D SECURE_BOOT_MODE_ENABLE;
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo;
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, sizeof (TargetMode));
+
+  will_return (MockGetVariable, TRUE);
+  will_return (MockGetVariable, sizeof (TargetMode));
+  will_return (MockGetVariable, &TargetMode);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBX (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbxDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .SecureBootKeyName =3D L"Fail DBX"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDB (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .SecureBootKeyName =3D L"Fail DB"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_WRITE_PROTECTED);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_WRITE_PROTECTED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailDBT (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbtDummy    =3D 0xAD;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .DbtPtr            =3D &DbtDummy,
+    .DbtSize           =3D sizeof (DbtDummy),
+    .SecureBootKeyName =3D L"Fail DBT"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize =3D sizeof (DbtDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));
+
+  will_return (MockSetVariable, EFI_ACCESS_DENIED);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_ACCESS_DENIED);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailKEK (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbtDummy    =3D 0xAD;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     KekDummy    =3D 0xEF;
+  UINT8                     PkDummy     =3D 0xFE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .DbtPtr            =3D &DbtDummy,
+    .DbtSize           =3D sizeof (DbtDummy),
+    .KekPtr            =3D &KekDummy,
+    .KekSize           =3D sizeof (KekDummy),
+    .PkPtr             =3D &PkDummy,
+    .PkSize            =3D sizeof (PkDummy),
+    .SecureBootKeyName =3D L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize =3D sizeof (DbtDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize =3D sizeof (KekDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));
+
+  will_return (MockSetVariable, EFI_DEVICE_ERROR);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_DEVICE_ERROR);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesShouldStopFailPK (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbtDummy    =3D 0xAD;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     KekDummy    =3D 0xEF;
+  UINT8                     PkDummy     =3D 0xFE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .DbtPtr            =3D &DbtDummy,
+    .DbtSize           =3D sizeof (DbtDummy),
+    .KekPtr            =3D &KekDummy,
+    .KekSize           =3D sizeof (KekDummy),
+    .PkPtr             =3D &PkDummy,
+    .PkSize            =3D sizeof (PkDummy),
+    .SecureBootKeyName =3D L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbtDummy, sizeof (DbtDummy));
+  PayloadSize =3D sizeof (DbtDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbtDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E2, sizeof (EFI_IMAGE_SECURITY_DATABASE2));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
tDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbtDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize =3D sizeof (KekDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize =3D sizeof (PkDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));
+
+  will_return (MockSetVariable, EFI_INVALID_PARAMETER);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_STATUS_EQUAL (Status, EFI_SECURITY_VIOLATION);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Unit test for SetDefaultSecureBootVariables () API of the SecureBootVari=
ableLib.
+
+  @param[in]  Context    [Optional] An optional parameter that enables:
+                         1) test-case reuse with varied parameters and
+                         2) test-case re-entry for Target tests that need a
+                         reboot.  This parameter is a VOID* and it is the
+                         responsibility of the test author to ensure that =
the
+                         contents are well understood by all test cases th=
at may
+                         consume it.
+
+  @retval  UNIT_TEST_PASSED             The Unit test has completed and th=
e test
+                                        case was successful.
+  @retval  UNIT_TEST_ERROR_TEST_FAILED  A test case assertion has failed.
+**/
+UNIT_TEST_STATUS
+EFIAPI
+SetSecureBootVariablesDBTOptional (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  EFI_STATUS                Status;
+  UINT8                     DbDummy     =3D 0xDE;
+  UINT8                     DbxDummy    =3D 0xBE;
+  UINT8                     KekDummy    =3D 0xEF;
+  UINT8                     PkDummy     =3D 0xFE;
+  UINT8                     *Payload    =3D NULL;
+  UINTN                     PayloadSize =3D sizeof (DbDummy);
+  SECURE_BOOT_PAYLOAD_INFO  PayloadInfo =3D {
+    .DbPtr             =3D &DbDummy,
+    .DbSize            =3D sizeof (DbDummy),
+    .DbxPtr            =3D &DbxDummy,
+    .DbxSize           =3D sizeof (DbxDummy),
+    .DbtPtr            =3D NULL,
+    .DbtSize           =3D 0,
+    .KekPtr            =3D &KekDummy,
+    .KekSize           =3D sizeof (KekDummy),
+    .PkPtr             =3D &PkDummy,
+    .PkSize            =3D sizeof (PkDummy),
+    .SecureBootKeyName =3D L"Food"
+  };
+
+  expect_memory (MockGetVariable, VariableName, EFI_SECURE_BOOT_MODE_NAME,=
 sizeof (EFI_SECURE_BOOT_MODE_NAME));
+  expect_value (MockGetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockGetVariable, *DataSize, 0);
+
+  will_return (MockGetVariable, FALSE);
+
+  Payload =3D AllocateCopyPool (sizeof (DbxDummy), &DbxDummy);
+  Status  =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaultPay=
loadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbxDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E1, sizeof (EFI_IMAGE_SECURITY_DATABASE1));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
xDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbxDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &DbDummy, sizeof (DbDummy));
+  PayloadSize =3D sizeof (DbDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (DbDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_IMAGE_SECURITY_DATABAS=
E, sizeof (EFI_IMAGE_SECURITY_DATABASE));
+  expect_value (MockSetVariable, VendorGuid, &gEfiImageSecurityDatabaseGui=
d);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Db=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (DbDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &KekDummy, sizeof (KekDummy));
+  PayloadSize =3D sizeof (KekDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (KekDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_KEY_EXCHANGE_KEY_NAME,=
 sizeof (EFI_KEY_EXCHANGE_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Ke=
kDummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (KekDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  CopyMem (Payload, &PkDummy, sizeof (PkDummy));
+  PayloadSize =3D sizeof (PkDummy);
+  Status      =3D CreateTimeBasedPayload (&PayloadSize, &Payload, &mDefaul=
tPayloadTimestamp);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+  UT_ASSERT_EQUAL (PayloadSize, VAR_AUTH_DESC_SIZE + sizeof (PkDummy));
+
+  expect_memory (MockSetVariable, VariableName, EFI_PLATFORM_KEY_NAME, siz=
eof (EFI_PLATFORM_KEY_NAME));
+  expect_value (MockSetVariable, VendorGuid, &gEfiGlobalVariableGuid);
+  expect_value (MockSetVariable, Attributes, EFI_VARIABLE_NON_VOLATILE | E=
FI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE=
_TIME_BASED_AUTHENTICATED_WRITE_ACCESS);
+  expect_value (MockSetVariable, DataSize, VAR_AUTH_DESC_SIZE + sizeof (Pk=
Dummy));
+  expect_memory (MockSetVariable, Data, Payload, VAR_AUTH_DESC_SIZE + size=
of (PkDummy));
+
+  will_return (MockSetVariable, EFI_SUCCESS);
+
+  Status =3D SetSecureBootVariablesToDefault (&PayloadInfo);
+  UT_ASSERT_NOT_EFI_ERROR (Status);
+
+  return UNIT_TEST_PASSED;
+}
+
+/**
+  Initialze the unit test framework, suite, and unit tests for the
+  SecureBootVariableLib and run the SecureBootVariableLib unit test.
+
+  @retval  EFI_SUCCESS           All test cases were dispatched.
+  @retval  EFI_OUT_OF_RESOURCES  There are not enough resources available =
to
+                                 initialize the unit tests.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+UnitTestingEntry (
+  VOID
+  )
+{
+  EFI_STATUS                  Status;
+  UNIT_TEST_FRAMEWORK_HANDLE  Framework;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarMiscTests;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarDeleteTests;
+  UNIT_TEST_SUITE_HANDLE      SecureBootVarEnrollTests;
+
+  Framework =3D NULL;
+
+  DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSIO=
N));
+
+  //
+  // Start setting up the test framework for running the tests.
+  //
+  Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_APP_NAME, gEfiCa=
llerBaseName, UNIT_TEST_APP_VERSION);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n=
", Status));
+    goto EXIT;
+  }
+
+  //
+  // Populate the SecureBootVariableLib Unit Test Suite.
+  //
+  Status =3D CreateUnitTestSuite (&SecureBootVarMiscTests, Framework, "Sec=
ureBootVariableLib Miscellaneous Tests", "SecureBootVariableLib.Miscellaneo=
us", NULL, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));
+    Status =3D EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  Status =3D CreateUnitTestSuite (&SecureBootVarDeleteTests, Framework, "S=
ecureBootVariableLib Deletion Tests", "SecureBootVariableLib.Deletion", NUL=
L, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));
+    Status =3D EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  Status =3D CreateUnitTestSuite (&SecureBootVarEnrollTests, Framework, "S=
ecureBootVariableLib Enrollment Tests", "SecureBootVariableLib.Enrollment",=
 NULL, NULL);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for SecureBootVari=
ableLib\n"));
+    Status =3D EFI_OUT_OF_RESOURCES;
+    goto EXIT;
+  }
+
+  //
+  // --------------Suite-----------Description--------------Name----------=
Function--------Pre---Post-------------------Context-----------
+  //
+  AddTestCase (SecureBootVarMiscTests, "SetSecureBootMode should propagate=
 to set variable", "SetSecureBootMode", SetSecureBootModeShouldSetVar, NULL=
, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "GetSetupMode should propagate to g=
et variable", "GetSetupMode", GetSetupModeShouldGetVar, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "IsSecureBootEnabled should propaga=
te to get variable", "IsSecureBootEnabled", IsSecureBootEnableShouldGetVar,=
 NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
 one input cert", "SecureBootCreateDataFromInput One Cert", SecureBootCreat=
eDataFromInputSimple, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
 no input cert", "SecureBootCreateDataFromInput No Cert", SecureBootCreateD=
ataFromInputNull, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "SecureBootCreateDataFromInput with=
 multiple input cert", "SecureBootCreateDataFromInput No Cert", SecureBootC=
reateDataFromInputMultiple, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should popu=
late descriptor data", "CreateTimeBasedPayload Normal", CreateTimeBasedPayl=
oadShouldPopulateDescriptor, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarMiscTests, "CreateTimeBasedPayload should fail=
 on NULL inputs", "CreateTimeBasedPayload NULL", CreateTimeBasedPayloadShou=
ldCheckInput, NULL, NULL, NULL);
+
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDb should delete DB with a=
uth info", "DeleteDb", DeleteDbShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDbx should delete DBX with=
 auth info", "DeleteDbx", DeleteDbxShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteDbt should delete DBT with=
 auth info", "DeleteDbt", DeleteDbtShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteKEK should delete KEK with=
 auth info", "DeleteKEK", DeleteKEKShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeletePlatformKey should delete =
PK with auth info", "DeletePlatformKey", DeletePKShouldDelete, NULL, NULL, =
NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
 delete properly", "DeleteSecureBootVariables Normal", DeleteSecureBootVari=
ablesShouldDelete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
 fail if protection disable fails", "DeleteSecureBootVariables Fail", Delet=
eSecureBootVariablesShouldCheckProtection, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarDeleteTests, "DeleteSecureBootVariables should=
 continue if any variable is not found", "DeleteSecureBootVariables Proceed=
", DeleteSecureBootVariablesShouldProceedWithNotFound, NULL, NULL, NULL);
+
+  AddTestCase (SecureBootVarEnrollTests, "EnrollFromInput should supply wi=
th authenticated payload", "EnrollFromInput Normal", EnrollFromInputShouldC=
omplete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should complete", "SetSecureBootVariablesToDefault Normal", SetSecureBootVa=
riablesShouldComplete, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when already enabled", "SetSecureBootVariablesToDefault Already=
 Started", SetSecureBootVariablesShouldStopWhenSecure, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DB failed", "SetSecureBootVariablesToDefault Fails DB", Se=
tSecureBootVariablesShouldStopFailDB, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBT failed", "SetSecureBootVariablesToDefault Fails DBT", =
SetSecureBootVariablesShouldStopFailDBT, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when DBX failed", "SetSecureBootVariablesToDefault Fails DBX", =
SetSecureBootVariablesShouldStopFailDBX, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when KEK failed", "SetSecureBootVariablesToDefault Fails KEK", =
SetSecureBootVariablesShouldStopFailKEK, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should stop when PK failed", "SetSecureBootVariablesToDefault Fails PK", Se=
tSecureBootVariablesShouldStopFailPK, NULL, NULL, NULL);
+  AddTestCase (SecureBootVarEnrollTests, "SetSecureBootVariablesToDefault =
should only be optional", "SetSecureBootVariablesToDefault DBT Optional", S=
etSecureBootVariablesDBTOptional, NULL, NULL, NULL);
+
+  //
+  // Execute the tests.
+  //
+  Status =3D RunAllTestSuites (Framework);
+
+EXIT:
+  if (Framework) {
+    FreeUnitTestFramework (Framework);
+  }
+
+  return Status;
+}
+
+/**
+  Standard POSIX C entry point for host based unit test execution.
+**/
+int
+main (
+  int   argc,
+  char  *argv[]
+  )
+{
+  return UnitTestingEntry ();
+}
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatfor=
mPKProtectionLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/M=
ockPlatformPKProtectionLib.inf
new file mode 100644
index 000000000000..1e19033c5a91
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProt=
ectionLib.inf
@@ -0,0 +1,33 @@
+## @file
+#  Provides an abstracted interface for configuring PK related variable pr=
otection.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D MockPlatformPKProtectionLib
+  FILE_GUID                      =3D 5FCD74D3-3965-4D56-AB83-000B9B4806A0
+  MODULE_TYPE                    =3D DXE_DRIVER
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D PlatformPKProtectionLib|HOST_APPLICAT=
ION
+
+#
+# The following information is for reference only and not required by the =
build tools.
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64 AARCH64
+#
+
+[Sources]
+  MockPlatformPKProtectionLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  UnitTestLib
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib=
.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
new file mode 100644
index 000000000000..a84242ac7205
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
@@ -0,0 +1,45 @@
+## @file
+# Instance of UEFI Library.
+#
+# The UEFI Library provides functions and macros that simplify the develop=
ment of
+#  UEFI Drivers and UEFI Applications.  These functions and macros help ma=
nage EFI
+#  events, build simple locks utilizing EFI Task Priority Levels (TPLs), i=
nstall
+#  EFI Driver Model related protocols, manage Unicode string tables for UE=
FI Drivers,
+#  and print messages on the console output and standard error devices.
+#
+# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D MockUefiLib
+  FILE_GUID                      =3D E3B7AEF9-4E55-49AF-B035-ED776C928EC6
+  MODULE_TYPE                    =3D UEFI_DRIVER
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D UefiLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  PrintLib
+  PcdLib
+  MemoryAllocationLib
+  DebugLib
+  BaseMemoryLib
+  BaseLib
+  UefiRuntimeServicesTableLib
+
+[Guids]
+  gEfiGlobalVariableGuid                        ## SOMETIMES_CONSUMES  ## =
Variable
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRun=
timeServicesTableLib.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTe=
st/MockUefiRuntimeServicesTableLib.inf
new file mode 100644
index 000000000000..f832a93e2254
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeSer=
vicesTableLib.inf
@@ -0,0 +1,25 @@
+## @file
+#  Mock implementation of the UEFI Runtime Services Table Library.
+#
+#  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D MockUefiRuntimeServicesTableLib
+  FILE_GUID                      =3D 84CE0021-ABEE-403C-9A1B-763CCF2D40F1
+  MODULE_TYPE                    =3D UEFI_DRIVER
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D UefiRuntimeServicesTableLib|HOST_APPL=
ICATION
+
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiRuntimeServicesTableLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
diff --git a/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootV=
ariableLibUnitTest.inf b/SecurityPkg/Library/SecureBootVariableLib/UnitTest=
/SecureBootVariableLibUnitTest.inf
new file mode 100644
index 000000000000..f99fb09be52e
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariable=
LibUnitTest.inf
@@ -0,0 +1,36 @@
+## @file
+# Unit tests of the implementation of SecureBootVariableLib.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010006
+  BASE_NAME                      =3D SecureBootVariableLibUnitTest
+  FILE_GUID                      =3D 71C5359E-08FB-450E-9766-BC70482DF66B
+  MODULE_TYPE                    =3D HOST_APPLICATION
+  VERSION_STRING                 =3D 1.0
+
+#
+# The following information is for reference only and not required by the =
build tools.
+#
+#  VALID_ARCHITECTURES           =3D IA32 X64
+#
+
+[Sources]
+  SecureBootVariableLibUnitTest.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[LibraryClasses]
+  SecureBootVariableLib
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  UefiLib
+  UnitTestLib
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.y=
aml
index 791214239899..2138b0a5e21b 100644
--- a/SecurityPkg/SecurityPkg.ci.yaml
+++ b/SecurityPkg/SecurityPkg.ci.yaml
@@ -15,6 +15,7 @@
         ##     "<ErrorID>", "<KeyWord>"
         ## ]
         "ExceptionList": [
+            "8005", "gRT",
         ],
         ## Both file path and directory path are accepted.
         "IgnoreFiles": [
@@ -26,6 +27,10 @@
     "CompilerPlugin": {
         "DscPath": "SecurityPkg.dsc"
     },
+    ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
+    "HostUnitTestCompilerPlugin": {
+        "DscPath": "Test/SecurityPkgHostTest.dsc"
+    },
     "CharEncodingCheck": {
         "IgnoreFiles": []
     },
@@ -33,6 +38,7 @@
         "AcceptableDependencies": [
             "MdePkg/MdePkg.dec",
             "MdeModulePkg/MdeModulePkg.dec",
+            "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",
             "SecurityPkg/SecurityPkg.dec",
             "StandaloneMmPkg/StandaloneMmPkg.dec",
             "CryptoPkg/CryptoPkg.dec"
@@ -47,6 +53,11 @@
         "DscPath": "SecurityPkg.dsc",
         "IgnoreInf": []
     },
+    ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
+    "HostUnitTestDscCompleteCheck": {
+        "IgnoreInf": [""],
+        "DscPath": "Test/SecurityPkgHostTest.dsc"
+    },
     "GuidCheck": {
         "IgnoreGuidName": [],
         "IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],
diff --git a/SecurityPkg/Test/SecurityPkgHostTest.dsc b/SecurityPkg/Test/Se=
curityPkgHostTest.dsc
new file mode 100644
index 000000000000..c4df01fe1b73
--- /dev/null
+++ b/SecurityPkg/Test/SecurityPkgHostTest.dsc
@@ -0,0 +1,38 @@
+## @file
+# SecurityPkg DSC file used to build host-based unit tests.
+#
+# Copyright (C) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  PLATFORM_NAME           =3D SecurityPkgHostTest
+  PLATFORM_GUID           =3D 9D78A9B4-00CD-477E-A5BF-90CC793EEFB0
+  PLATFORM_VERSION        =3D 0.1
+  DSC_SPECIFICATION       =3D 0x00010005
+  OUTPUT_DIRECTORY        =3D Build/SecurityPkg/HostTest
+  SUPPORTED_ARCHITECTURES =3D IA32|X64
+  BUILD_TARGETS           =3D NOOPT
+  SKUID_IDENTIFIER        =3D DEFAULT
+
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+
+[LibraryClasses]
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+
+[Components]
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServic=
esTableLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtect=
ionLib.inf
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.inf
+
+  #
+  # Build SecurityPkg HOST_APPLICATION Tests
+  #
+  SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLib=
UnitTest.inf {
+    <LibraryClasses>
+      SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/Secu=
reBootVariableLib.inf
+      UefiRuntimeServicesTableLib|SecurityPkg/Library/SecureBootVariableLi=
b/UnitTest/MockUefiRuntimeServicesTableLib.inf
+      PlatformPKProtectionLib|SecurityPkg/Library/SecureBootVariableLib/Un=
itTest/MockPlatformPKProtectionLib.inf
+      UefiLib|SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiL=
ib.inf
+  }
--=20
2.35.1.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90500): https://edk2.groups.io/g/devel/message/90500
Mute This Topic: https://groups.io/mt/91735878/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-