1
2
3
4
5
6
7
8#include <charset.h>
9#include <common.h>
10#include <command.h>
11#include <efi_loader.h>
12#include <efi_variable.h>
13#include <env.h>
14#include <exports.h>
15#include <hexdump.h>
16#include <malloc.h>
17#include <mapmem.h>
18#include <rtc.h>
19#include <uuid.h>
20#include <linux/kernel.h>
21
22
23
24
25
26
27
28
29
30static const struct {
31 u32 mask;
32 char *text;
33} efi_var_attrs[] = {
34 {EFI_VARIABLE_NON_VOLATILE, "NV"},
35 {EFI_VARIABLE_BOOTSERVICE_ACCESS, "BS"},
36 {EFI_VARIABLE_RUNTIME_ACCESS, "RT"},
37 {EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, "AW"},
38 {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"},
39 {EFI_VARIABLE_READ_ONLY, "RO"},
40};
41
42static const struct {
43 efi_guid_t guid;
44 char *text;
45} efi_guid_text[] = {
46
47 {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"},
48 {EFI_IMAGE_SECURITY_DATABASE_GUID, "EFI_IMAGE_SECURITY_DATABASE_GUID"},
49
50 {EFI_CERT_SHA256_GUID, "EFI_CERT_SHA256_GUID"},
51 {EFI_CERT_X509_GUID, "EFI_CERT_X509_GUID"},
52 {EFI_CERT_TYPE_PKCS7_GUID, "EFI_CERT_TYPE_PKCS7_GUID"},
53};
54
55static const char unknown_guid[] = "";
56
57
58
59
60
61
62
63
64
65static const char *efi_guid_to_str(const efi_guid_t *guid)
66{
67 int i;
68
69 for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++)
70 if (!guidcmp(guid, &efi_guid_text[i].guid))
71 return efi_guid_text[i].text;
72
73 return unknown_guid;
74}
75
76
77
78
79
80
81
82
83
84
85static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose)
86{
87 u32 attributes;
88 u8 *data;
89 u64 time;
90 struct rtc_time tm;
91 efi_uintn_t size;
92 int count, i;
93 efi_status_t ret;
94
95 data = NULL;
96 size = 0;
97 ret = efi_get_variable_int(name, guid, &attributes, &size, data, &time);
98 if (ret == EFI_BUFFER_TOO_SMALL) {
99 data = malloc(size);
100 if (!data)
101 goto out;
102
103 ret = efi_get_variable_int(name, guid, &attributes, &size,
104 data, &time);
105 }
106 if (ret == EFI_NOT_FOUND) {
107 printf("Error: \"%ls\" not defined\n", name);
108 goto out;
109 }
110 if (ret != EFI_SUCCESS)
111 goto out;
112
113 rtc_to_tm(time, &tm);
114 printf("%ls:\n %pUl %s\n", name, guid, efi_guid_to_str(guid));
115 if (attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
116 printf(" %04d-%02d-%02d %02d:%02d:%02d\n", tm.tm_year,
117 tm.tm_mon, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec);
118 printf(" ");
119 for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++)
120 if (attributes & efi_var_attrs[i].mask) {
121 if (count)
122 putc('|');
123 count++;
124 puts(efi_var_attrs[i].text);
125 }
126 printf(", DataSize = 0x%zx\n", size);
127 if (verbose)
128 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
129 data, size, true);
130
131out:
132 free(data);
133}
134
135static bool match_name(int argc, char *const argv[], u16 *var_name16)
136{
137 char *buf, *p;
138 size_t buflen;
139 int i;
140 bool result = false;
141
142 buflen = utf16_utf8_strlen(var_name16) + 1;
143 buf = calloc(1, buflen);
144 if (!buf)
145 return result;
146
147 p = buf;
148 utf16_utf8_strcpy(&p, var_name16);
149
150 for (i = 0; i < argc; argc--, argv++) {
151 if (!strcmp(buf, argv[i])) {
152 result = true;
153 goto out;
154 }
155 }
156
157out:
158 free(buf);
159
160 return result;
161}
162
163
164
165
166
167
168
169
170
171
172
173static int efi_dump_var_all(int argc, char *const argv[],
174 const efi_guid_t *guid_p, bool verbose)
175{
176 u16 *var_name16, *p;
177 efi_uintn_t buf_size, size;
178 efi_guid_t guid;
179 efi_status_t ret;
180 bool match = false;
181
182 buf_size = 128;
183 var_name16 = malloc(buf_size);
184 if (!var_name16)
185 return CMD_RET_FAILURE;
186
187 var_name16[0] = 0;
188 for (;;) {
189 size = buf_size;
190 ret = efi_get_next_variable_name_int(&size, var_name16,
191 &guid);
192 if (ret == EFI_NOT_FOUND)
193 break;
194 if (ret == EFI_BUFFER_TOO_SMALL) {
195 buf_size = size;
196 p = realloc(var_name16, buf_size);
197 if (!p) {
198 free(var_name16);
199 return CMD_RET_FAILURE;
200 }
201 var_name16 = p;
202 ret = efi_get_next_variable_name_int(&size, var_name16,
203 &guid);
204 }
205 if (ret != EFI_SUCCESS) {
206 free(var_name16);
207 return CMD_RET_FAILURE;
208 }
209
210 if (guid_p && guidcmp(guid_p, &guid))
211 continue;
212 if (!argc || match_name(argc, argv, var_name16)) {
213 match = true;
214 efi_dump_single_var(var_name16, &guid, verbose);
215 }
216 }
217 free(var_name16);
218
219 if (!match && argc == 1)
220 printf("Error: \"%s\" not defined\n", argv[0]);
221
222 return CMD_RET_SUCCESS;
223}
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239int do_env_print_efi(struct cmd_tbl *cmdtp, int flag, int argc,
240 char *const argv[])
241{
242 const efi_guid_t *guid_p = NULL;
243 efi_guid_t guid;
244 bool verbose = true;
245 efi_status_t ret;
246
247
248 ret = efi_init_obj_list();
249 if (ret != EFI_SUCCESS) {
250 printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
251 ret & ~EFI_ERROR_MASK);
252 return CMD_RET_FAILURE;
253 }
254
255 for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
256 if (!strcmp(argv[0], "-guid")) {
257 if (argc == 1)
258 return CMD_RET_USAGE;
259 argc--;
260 argv++;
261 if (uuid_str_to_bin(argv[0], guid.b,
262 UUID_STR_FORMAT_GUID))
263 return CMD_RET_USAGE;
264 guid_p = (const efi_guid_t *)guid.b;
265 } else if (!strcmp(argv[0], "-n")) {
266 verbose = false;
267 } else {
268 return CMD_RET_USAGE;
269 }
270 }
271
272
273 return efi_dump_var_all(argc, argv, guid_p, verbose);
274}
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292static int append_value(char **bufp, size_t *sizep, char *data)
293{
294 char *tmp_buf = NULL, *new_buf = NULL, *value;
295 unsigned long len = 0;
296
297 if (!strncmp(data, "=0x", 2)) {
298 union {
299 u8 u8;
300 u16 u16;
301 u32 u32;
302 u64 u64;
303 } tmp_data;
304 unsigned long hex_value;
305 void *hex_ptr;
306
307 data += 3;
308 len = strlen(data);
309 if ((len & 0x1))
310 return -1;
311
312 len /= 2;
313 if (len > 8)
314 return -1;
315 else if (len > 4)
316 len = 8;
317 else if (len > 2)
318 len = 4;
319
320
321 if (strict_strtoul(data, 16, &hex_value) < 0)
322 return -1;
323
324 tmp_buf = malloc(len);
325 if (!tmp_buf)
326 return -1;
327
328 if (len == 1) {
329 tmp_data.u8 = hex_value;
330 hex_ptr = &tmp_data.u8;
331 } else if (len == 2) {
332 tmp_data.u16 = hex_value;
333 hex_ptr = &tmp_data.u16;
334 } else if (len == 4) {
335 tmp_data.u32 = hex_value;
336 hex_ptr = &tmp_data.u32;
337 } else {
338 tmp_data.u64 = hex_value;
339 hex_ptr = &tmp_data.u64;
340 }
341 memcpy(tmp_buf, hex_ptr, len);
342 value = tmp_buf;
343
344 } else if (!strncmp(data, "=H", 2)) {
345 data += 2;
346 len = strlen(data);
347 if (len & 0x1)
348 return -1;
349
350 len /= 2;
351 tmp_buf = malloc(len);
352 if (!tmp_buf)
353 return -1;
354
355 if (hex2bin((u8 *)tmp_buf, data, len) < 0) {
356 printf("Error: illegal hexadecimal string\n");
357 free(tmp_buf);
358 return -1;
359 }
360
361 value = tmp_buf;
362 } else {
363 if (!strncmp(data, "=\"", 2) || !strncmp(data, "=S\"", 3)) {
364 if (data[1] == '"')
365 data += 2;
366 else
367 data += 3;
368 value = data;
369 len = strlen(data) - 1;
370 if (data[len] != '"')
371 return -1;
372 } else {
373 value = data;
374 len = strlen(data);
375 }
376 }
377
378 new_buf = realloc(*bufp, *sizep + len);
379 if (!new_buf)
380 goto out;
381
382 memcpy(new_buf + *sizep, value, len);
383 *bufp = new_buf;
384 *sizep += len;
385
386out:
387 free(tmp_buf);
388
389 return 0;
390}
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,
409 char *const argv[])
410{
411 char *var_name, *value, *ep;
412 ulong addr;
413 efi_uintn_t size;
414 efi_guid_t guid;
415 u32 attributes;
416 bool default_guid, verbose, value_on_memory;
417 u16 *var_name16 = NULL, *p;
418 size_t len;
419 efi_status_t ret;
420
421 if (argc == 1)
422 return CMD_RET_USAGE;
423
424
425 ret = efi_init_obj_list();
426 if (ret != EFI_SUCCESS) {
427 printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
428 ret & ~EFI_ERROR_MASK);
429 return CMD_RET_FAILURE;
430 }
431
432
433
434
435
436 value = NULL;
437 size = 0;
438 attributes = 0;
439 guid = efi_global_variable_guid;
440 default_guid = true;
441 verbose = false;
442 value_on_memory = false;
443 for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
444 if (!strcmp(argv[0], "-guid")) {
445 if (argc == 1)
446 return CMD_RET_USAGE;
447
448 argc--;
449 argv++;
450 if (uuid_str_to_bin(argv[0], guid.b,
451 UUID_STR_FORMAT_GUID)) {
452 return CMD_RET_USAGE;
453 }
454 default_guid = false;
455 } else if (!strcmp(argv[0], "-bs")) {
456 attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS;
457 } else if (!strcmp(argv[0], "-rt")) {
458 attributes |= EFI_VARIABLE_RUNTIME_ACCESS;
459 } else if (!strcmp(argv[0], "-nv")) {
460 attributes |= EFI_VARIABLE_NON_VOLATILE;
461 } else if (!strcmp(argv[0], "-at")) {
462 attributes |=
463 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
464 } else if (!strcmp(argv[0], "-a")) {
465 attributes |= EFI_VARIABLE_APPEND_WRITE;
466 } else if (!strcmp(argv[0], "-i")) {
467
468 if (argc == 1)
469 return CMD_RET_USAGE;
470
471 argc--;
472 argv++;
473 addr = hextoul(argv[0], &ep);
474 if (*ep != ':')
475 return CMD_RET_USAGE;
476
477
478 size = hextoul(++ep, NULL);
479
480 value_on_memory = true;
481 } else if (!strcmp(argv[0], "-v")) {
482 verbose = true;
483 } else {
484 return CMD_RET_USAGE;
485 }
486 }
487 if (!argc)
488 return CMD_RET_USAGE;
489
490 var_name = argv[0];
491 if (default_guid) {
492 if (!strcmp(var_name, "db") || !strcmp(var_name, "dbx") ||
493 !strcmp(var_name, "dbt"))
494 guid = efi_guid_image_security_database;
495 else
496 guid = efi_global_variable_guid;
497 }
498
499 if (verbose) {
500 printf("GUID: %pUl %s\n", &guid,
501 efi_guid_to_str((const efi_guid_t *)&guid));
502 printf("Attributes: 0x%x\n", attributes);
503 }
504
505
506 if (value_on_memory)
507 value = map_sysmem(addr, 0);
508 else if (argc > 1)
509 for (argc--, argv++; argc > 0; argc--, argv++)
510 if (append_value(&value, &size, argv[0]) < 0) {
511 printf("## Failed to process an argument, %s\n",
512 argv[0]);
513 ret = CMD_RET_FAILURE;
514 goto out;
515 }
516
517 if (size && verbose) {
518 printf("Value:\n");
519 print_hex_dump(" ", DUMP_PREFIX_OFFSET,
520 16, 1, value, size, true);
521 }
522
523 len = utf8_utf16_strnlen(var_name, strlen(var_name));
524 var_name16 = malloc((len + 1) * 2);
525 if (!var_name16) {
526 printf("## Out of memory\n");
527 ret = CMD_RET_FAILURE;
528 goto out;
529 }
530 p = var_name16;
531 utf8_utf16_strncpy(&p, var_name, len + 1);
532
533 ret = efi_set_variable_int(var_name16, &guid, attributes, size, value,
534 true);
535 unmap_sysmem(value);
536 if (ret == EFI_SUCCESS) {
537 ret = CMD_RET_SUCCESS;
538 } else {
539 const char *msg;
540
541 switch (ret) {
542 case EFI_NOT_FOUND:
543 msg = " (not found)";
544 break;
545 case EFI_WRITE_PROTECTED:
546 msg = " (read only)";
547 break;
548 case EFI_INVALID_PARAMETER:
549 msg = " (invalid parameter)";
550 break;
551 case EFI_SECURITY_VIOLATION:
552 msg = " (validation failed)";
553 break;
554 case EFI_OUT_OF_RESOURCES:
555 msg = " (out of memory)";
556 break;
557 default:
558 msg = "";
559 break;
560 }
561 printf("## Failed to set EFI variable%s\n", msg);
562 ret = CMD_RET_FAILURE;
563 }
564out:
565 if (value_on_memory)
566 unmap_sysmem(value);
567 else
568 free(value);
569 free(var_name16);
570
571 return ret;
572}
573