From 700a1c41ff5a0d538feea8251e38bad6eba0e6b8 Mon Sep 17 00:00:00 2001 From: SteveL-MSFT Date: Wed, 26 Jul 2017 15:03:02 -0700 Subject: [PATCH] [Feature] fix Get-ComputerInfo return of status for DeviceGuard fix corresponding tests --- .../management/GetComputerInfoCommand.cs | 8 +++- .../Get-ComputerInfo.Tests.ps1 | 42 +++++++++++++++++-- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/src/Microsoft.PowerShell.Commands.Management/commands/management/GetComputerInfoCommand.cs b/src/Microsoft.PowerShell.Commands.Management/commands/management/GetComputerInfoCommand.cs index 4e925a30b..65b8f5569 100644 --- a/src/Microsoft.PowerShell.Commands.Management/commands/management/GetComputerInfoCommand.cs +++ b/src/Microsoft.PowerShell.Commands.Management/commands/management/GetComputerInfoCommand.cs @@ -436,8 +436,14 @@ namespace Microsoft.PowerShell.Commands var wmiGuard = session.GetFirst(CIMHelper.DeviceGuardNamespace, CIMHelper.ClassNames.DeviceGuard); - if (wmiGuard != null) + if (wmiGuard != null) { + var smartStatus = EnumConverter.Convert((int?)wmiGuard.VirtualizationBasedSecurityStatus ?? 0); + if (smartStatus != null) + { + status = (DeviceGuardSmartStatus)smartStatus; + } guard = wmiGuard.AsOutputType; + } } return new DeviceGuardInfo diff --git a/test/powershell/Modules/Microsoft.PowerShell.Management/Get-ComputerInfo.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Management/Get-ComputerInfo.Tests.ps1 index 31bb33c4e..5cb57199d 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Management/Get-ComputerInfo.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Management/Get-ComputerInfo.Tests.ps1 @@ -23,6 +23,23 @@ function Get-ComputerInfoForTest } } +function Get-StringValuesFromValueMap +{ + param([string[]] $values, [hashtable] $valuemap) + + [string] $stringValues = [string]::Empty + + foreach ($value in $values) + { + if ($stringValues -ne [string]::Empty) + { + $stringValues += "," + } + $stringValues += $valuemap[$value] + } + $stringValues +} + function Get-PropertyNamesForComputerInfoTest { $propertyNames = @() @@ -1346,11 +1363,30 @@ try { else { $deviceGuard = Get-DeviceGuard - $observed.DeviceGuardSmartStatus | Should Be $deviceGuard.SmartStatus - $observed.DeviceGuardRequiredSecurityProperties | Should Be $deviceGuard.RequiredSecurityProperties + # can't get amended qualifiers using cim cmdlets so we define them here + $requiredSecurityPropertiesValues = @{ + "1" = "BaseVirtualizationSupport" + "2" = "SecureBoot" + "3" = "DMAProtection" + "4" = "SecureMemoryOverwrite" + "5" = "UEFICodeReadonly" + "6" = "SMMSecurityMitigations1.0" + } + $smartStatusValues = @{ + "0" = "Off" + "1" = "Enabled" + "2" = "Running" + } + $securityServicesRunningValues = @{ + "0" = "0" + "1" = "CredentialGuard" + "2" = "HypervisorEnforcedCodeIntegrity" + } + $observed.DeviceGuardSmartStatus | Should Be (Get-StringValuesFromValueMap -valuemap $smartStatusValues -values $deviceGuard.SmartStatus) + [string]::Join(",", $observed.DeviceGuardRequiredSecurityProperties) | Should Be (Get-StringValuesFromValueMap -valuemap $requiredSecurityPropertiesValues -values $deviceGuard.RequiredSecurityProperties) $observed.DeviceGuardAvailableSecurityProperties | Should Be $deviceGuard.AvailableSecurityProperties $observed.DeviceGuardSecurityServicesConfigured | Should Be $deviceGuard.SecurityServicesConfigured - $observed.DeviceGuardSecurityServicesRunning | Should Be $deviceGuard.SecurityServicesRunning + [string]::Join(",", $observed.DeviceGuardSecurityServicesRunning) | Should Be (Get-StringValuesFromValueMap -valuemap $securityServicesRunningValues -values $deviceGuard.SecurityServicesRunning) $observed.DeviceGuardCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.CodeIntegrityPolicyEnforcementStatus $observed.DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.UserModeCodeIntegrityPolicyEnforcementStatus }