LXR uboot/cmd/nvedit

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *  Integrate UEFI variables to u-boot env interface
   4 *
   5 *  Copyright (c) 2018 AKASHI Takahiro, Linaro Limited
   6 */
   7
   8#include <charset.h>
   9#include <common.h>
  10#include <command.h>
  11#include <efi_loader.h>
  12#include <efi_variable.h>
  13#include <env.h>
  14#include <exports.h>
  15#include <hexdump.h>
  16#include <malloc.h>
  17#include <mapmem.h>
  18#include <rtc.h>
  19#include <uuid.h>
  20#include <linux/kernel.h>
  21
  22/*
  23 * From efi_variable.c,
  24 *
  25 * Mapping between UEFI variables and u-boot variables:
  26 *
  27 *   efi_$guid_$varname = {attributes}(type)value
  28 */
  29
  30static const struct {
  31        u32 mask;
  32        char *text;
  33} efi_var_attrs[] = {
  34        {EFI_VARIABLE_NON_VOLATILE, "NV"},
  35        {EFI_VARIABLE_BOOTSERVICE_ACCESS, "BS"},
  36        {EFI_VARIABLE_RUNTIME_ACCESS, "RT"},
  37        {EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, "AW"},
  38        {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"},
  39        {EFI_VARIABLE_READ_ONLY, "RO"},
  40};
  41
  42static const struct {
  43        efi_guid_t guid;
  44        char *text;
  45} efi_guid_text[] = {
  46        /* signature database */
  47        {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"},
  48        {EFI_IMAGE_SECURITY_DATABASE_GUID, "EFI_IMAGE_SECURITY_DATABASE_GUID"},
  49        /* certificate type */
  50        {EFI_CERT_SHA256_GUID, "EFI_CERT_SHA256_GUID"},
  51        {EFI_CERT_X509_GUID, "EFI_CERT_X509_GUID"},
  52        {EFI_CERT_TYPE_PKCS7_GUID, "EFI_CERT_TYPE_PKCS7_GUID"},
  53};
  54
  55static const char unknown_guid[] = "";
  56
  57/**
  58 * efi_guid_to_str() - convert guid to readable name
  59 *
  60 * @guid:       GUID
  61 * Return:      string for GUID
  62 *
  63 * convert guid to readable name
  64 */
  65static const char *efi_guid_to_str(const efi_guid_t *guid)
  66{
  67        int i;
  68
  69        for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++)
  70                if (!guidcmp(guid, &efi_guid_text[i].guid))
  71                        return efi_guid_text[i].text;
  72
  73        return unknown_guid;
  74}
  75
  76/**
  77 * efi_dump_single_var() - show information about a UEFI variable
  78 *
  79 * @name:       Name of the variable
  80 * @guid:       Vendor GUID
  81 * @verbose:    if true, dump data
  82 *
  83 * Show information encoded in one UEFI variable
  84 */
  85static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose)
  86{
  87        u32 attributes;
  88        u8 *data;
  89        u64 time;
  90        struct rtc_time tm;
  91        efi_uintn_t size;
  92        int count, i;
  93        efi_status_t ret;
  94
  95        data = NULL;
  96        size = 0;
  97        ret = efi_get_variable_int(name, guid, &attributes, &size, data, &time);
  98        if (ret == EFI_BUFFER_TOO_SMALL) {
  99                data = malloc(size);
 100                if (!data)
 101                        goto out;
 102
 103                ret = efi_get_variable_int(name, guid, &attributes, &size,
 104                                           data, &time);
 105        }
 106        if (ret == EFI_NOT_FOUND) {
 107                printf("Error: \"%ls\" not defined\n", name);
 108                goto out;
 109        }
 110        if (ret != EFI_SUCCESS)
 111                goto out;
 112
 113        rtc_to_tm(time, &tm);
 114        printf("%ls:\n    %pUl %s\n", name, guid, efi_guid_to_str(guid));
 115        if (attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
 116                printf("    %04d-%02d-%02d %02d:%02d:%02d\n", tm.tm_year,
 117                       tm.tm_mon, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec);
 118        printf("    ");
 119        for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++)
 120                if (attributes & efi_var_attrs[i].mask) {
 121                        if (count)
 122                                putc('|');
 123                        count++;
 124                        puts(efi_var_attrs[i].text);
 125                }
 126        printf(", DataSize = 0x%zx\n", size);
 127        if (verbose)
 128                print_hex_dump("    ", DUMP_PREFIX_OFFSET, 16, 1,
 129                               data, size, true);
 130
 131out:
 132        free(data);
 133}
 134
 135static bool match_name(int argc, char *const argv[], u16 *var_name16)
 136{
 137        char *buf, *p;
 138        size_t buflen;
 139        int i;
 140        bool result = false;
 141
 142        buflen = utf16_utf8_strlen(var_name16) + 1;
 143        buf = calloc(1, buflen);
 144        if (!buf)
 145                return result;
 146
 147        p = buf;
 148        utf16_utf8_strcpy(&p, var_name16);
 149
 150        for (i = 0; i < argc; argc--, argv++) {
 151                if (!strcmp(buf, argv[i])) {
 152                        result = true;
 153                        goto out;
 154                }
 155        }
 156
 157out:
 158        free(buf);
 159
 160        return result;
 161}
 162
 163/**
 164 * efi_dump_var_all() - show information about all the UEFI variables
 165 *
 166 * @argc:       Number of arguments (variables)
 167 * @argv:       Argument (variable name) array
 168 * @verbose:    if true, dump data
 169 * Return:      CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
 170 *
 171 * Show information encoded in all the UEFI variables
 172 */
 173static int efi_dump_var_all(int argc,  char *const argv[],
 174                            const efi_guid_t *guid_p, bool verbose)
 175{
 176        u16 *var_name16, *p;
 177        efi_uintn_t buf_size, size;
 178        efi_guid_t guid;
 179        efi_status_t ret;
 180        bool match = false;
 181
 182        buf_size = 128;
 183        var_name16 = malloc(buf_size);
 184        if (!var_name16)
 185                return CMD_RET_FAILURE;
 186
 187        var_name16[0] = 0;
 188        for (;;) {
 189                size = buf_size;
 190                ret = efi_get_next_variable_name_int(&size, var_name16,
 191                                                     &guid);
 192                if (ret == EFI_NOT_FOUND)
 193                        break;
 194                if (ret == EFI_BUFFER_TOO_SMALL) {
 195                        buf_size = size;
 196                        p = realloc(var_name16, buf_size);
 197                        if (!p) {
 198                                free(var_name16);
 199                                return CMD_RET_FAILURE;
 200                        }
 201                        var_name16 = p;
 202                        ret = efi_get_next_variable_name_int(&size, var_name16,
 203                                                             &guid);
 204                }
 205                if (ret != EFI_SUCCESS) {
 206                        free(var_name16);
 207                        return CMD_RET_FAILURE;
 208                }
 209
 210                if (guid_p && guidcmp(guid_p, &guid))
 211                        continue;
 212                if (!argc || match_name(argc, argv, var_name16)) {
 213                        match = true;
 214                        efi_dump_single_var(var_name16, &guid, verbose);
 215                }
 216        }
 217        free(var_name16);
 218
 219        if (!match && argc == 1)
 220                printf("Error: \"%s\" not defined\n", argv[0]);
 221
 222        return CMD_RET_SUCCESS;
 223}
 224
 225/**
 226 * do_env_print_efi() - show information about UEFI variables
 227 *
 228 * @cmdtp:      Command table
 229 * @flag:       Command flag
 230 * @argc:       Number of arguments
 231 * @argv:       Argument array
 232 * Return:      CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
 233 *
 234 * This function is for "env print -e" or "printenv -e" command:
 235 *   => env print -e [-n] [-guid <guid> | -all] [var [...]]
 236 * If one or more variable names are specified, show information
 237 * named UEFI variables, otherwise show all the UEFI variables.
 238 */
 239int do_env_print_efi(struct cmd_tbl *cmdtp, int flag, int argc,
 240                     char *const argv[])
 241{
 242        const efi_guid_t *guid_p = NULL;
 243        efi_guid_t guid;
 244        bool verbose = true;
 245        efi_status_t ret;
 246
 247        /* Initialize EFI drivers */
 248        ret = efi_init_obj_list();
 249        if (ret != EFI_SUCCESS) {
 250                printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
 251                       ret & ~EFI_ERROR_MASK);
 252                return CMD_RET_FAILURE;
 253        }
 254
 255        for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
 256                if (!strcmp(argv[0], "-guid")) {
 257                        if (argc == 1)
 258                                return CMD_RET_USAGE;
 259                        argc--;
 260                        argv++;
 261                        if (uuid_str_to_bin(argv[0], guid.b,
 262                                            UUID_STR_FORMAT_GUID))
 263                                return CMD_RET_USAGE;
 264                        guid_p = (const efi_guid_t *)guid.b;
 265                } else if (!strcmp(argv[0], "-n")) {
 266                        verbose = false;
 267                } else {
 268                        return CMD_RET_USAGE;
 269                }
 270        }
 271
 272        /* enumerate and show all UEFI variables */
 273        return efi_dump_var_all(argc, argv, guid_p, verbose);
 274}
 275
 276/**
 277 * append_value() - encode UEFI variable's value
 278 * @bufp:       Buffer of encoded UEFI variable's value
 279 * @sizep:      Size of buffer
 280 * @data:       data to be encoded into the value
 281 * Return:      0 on success, -1 otherwise
 282 *
 283 * Interpret a given data string and append it to buffer.
 284 * Buffer will be realloc'ed if necessary.
 285 *
 286 * Currently supported formats are:
 287 *   =0x0123...:                Hexadecimal number
 288 *   =H0123...:                 Hexadecimal-byte array
 289 *   ="...", =S"..." or <string>:
 290 *                              String
 291 */
 292static int append_value(char **bufp, size_t *sizep, char *data)
 293{
 294        char *tmp_buf = NULL, *new_buf = NULL, *value;
 295        unsigned long len = 0;
 296
 297        if (!strncmp(data, "=0x", 2)) { /* hexadecimal number */
 298                union {
 299                        u8 u8;
 300                        u16 u16;
 301                        u32 u32;
 302                        u64 u64;
 303                } tmp_data;
 304                unsigned long hex_value;
 305                void *hex_ptr;
 306
 307                data += 3;
 308                len = strlen(data);
 309                if ((len & 0x1)) /* not multiple of two */
 310                        return -1;
 311
 312                len /= 2;
 313                if (len > 8)
 314                        return -1;
 315                else if (len > 4)
 316                        len = 8;
 317                else if (len > 2)
 318                        len = 4;
 319
 320                /* convert hex hexadecimal number */
 321                if (strict_strtoul(data, 16, &hex_value) < 0)
 322                        return -1;
 323
 324                tmp_buf = malloc(len);
 325                if (!tmp_buf)
 326                        return -1;
 327
 328                if (len == 1) {
 329                        tmp_data.u8 = hex_value;
 330                        hex_ptr = &tmp_data.u8;
 331                } else if (len == 2) {
 332                        tmp_data.u16 = hex_value;
 333                        hex_ptr = &tmp_data.u16;
 334                } else if (len == 4) {
 335                        tmp_data.u32 = hex_value;
 336                        hex_ptr = &tmp_data.u32;
 337                } else {
 338                        tmp_data.u64 = hex_value;
 339                        hex_ptr = &tmp_data.u64;
 340                }
 341                memcpy(tmp_buf, hex_ptr, len);
 342                value = tmp_buf;
 343
 344        } else if (!strncmp(data, "=H", 2)) { /* hexadecimal-byte array */
 345                data += 2;
 346                len = strlen(data);
 347                if (len & 0x1) /* not multiple of two */
 348                        return -1;
 349
 350                len /= 2;
 351                tmp_buf = malloc(len);
 352                if (!tmp_buf)
 353                        return -1;
 354
 355                if (hex2bin((u8 *)tmp_buf, data, len) < 0) {
 356                        printf("Error: illegal hexadecimal string\n");
 357                        free(tmp_buf);
 358                        return -1;
 359                }
 360
 361                value = tmp_buf;
 362        } else { /* string */
 363                if (!strncmp(data, "=\"", 2) || !strncmp(data, "=S\"", 3)) {
 364                        if (data[1] == '"')
 365                                data += 2;
 366                        else
 367                                data += 3;
 368                        value = data;
 369                        len = strlen(data) - 1;
 370                        if (data[len] != '"')
 371                                return -1;
 372                } else {
 373                        value = data;
 374                        len = strlen(data);
 375                }
 376        }
 377
 378        new_buf = realloc(*bufp, *sizep + len);
 379        if (!new_buf)
 380                goto out;
 381
 382        memcpy(new_buf + *sizep, value, len);
 383        *bufp = new_buf;
 384        *sizep += len;
 385
 386out:
 387        free(tmp_buf);
 388
 389        return 0;
 390}
 391
 392/**
 393 * do_env_set_efi() - set UEFI variable
 394 *
 395 * @cmdtp:      Command table
 396 * @flag:       Command flag
 397 * @argc:       Number of arguments
 398 * @argv:       Argument array
 399 * Return:      CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
 400 *
 401 * This function is for "env set -e" or "setenv -e" command:
 402 *   => env set -e [-guid guid][-nv][-bs][-rt][-at][-a][-v]
 403 *                 [-i address,size] var, or
 404 *                 var [value ...]
 405 * Encode values specified and set given UEFI variable.
 406 * If no value is specified, delete the variable.
 407 */
 408int do_env_set_efi(struct cmd_tbl *cmdtp, int flag, int argc,
 409                   char *const argv[])
 410{
 411        char *var_name, *value, *ep;
 412        ulong addr;
 413        efi_uintn_t size;
 414        efi_guid_t guid;
 415        u32 attributes;
 416        bool default_guid, verbose, value_on_memory;
 417        u16 *var_name16 = NULL, *p;
 418        size_t len;
 419        efi_status_t ret;
 420
 421        if (argc == 1)
 422                return CMD_RET_USAGE;
 423
 424        /* Initialize EFI drivers */
 425        ret = efi_init_obj_list();
 426        if (ret != EFI_SUCCESS) {
 427                printf("Error: Cannot initialize UEFI sub-system, r = %lu\n",
 428                       ret & ~EFI_ERROR_MASK);
 429                return CMD_RET_FAILURE;
 430        }
 431
 432        /*
 433         * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
 434         *           EFI_VARIABLE_RUNTIME_ACCESS;
 435         */
 436        value = NULL;
 437        size = 0;
 438        attributes = 0;
 439        guid = efi_global_variable_guid;
 440        default_guid = true;
 441        verbose = false;
 442        value_on_memory = false;
 443        for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
 444                if (!strcmp(argv[0], "-guid")) {
 445                        if (argc == 1)
 446                                return CMD_RET_USAGE;
 447
 448                        argc--;
 449                        argv++;
 450                        if (uuid_str_to_bin(argv[0], guid.b,
 451                                            UUID_STR_FORMAT_GUID)) {
 452                                return CMD_RET_USAGE;
 453                        }
 454                        default_guid = false;
 455                } else if (!strcmp(argv[0], "-bs")) {
 456                        attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS;
 457                } else if (!strcmp(argv[0], "-rt")) {
 458                        attributes |= EFI_VARIABLE_RUNTIME_ACCESS;
 459                } else if (!strcmp(argv[0], "-nv")) {
 460                        attributes |= EFI_VARIABLE_NON_VOLATILE;
 461                } else if (!strcmp(argv[0], "-at")) {
 462                        attributes |=
 463                          EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
 464                } else if (!strcmp(argv[0], "-a")) {
 465                        attributes |= EFI_VARIABLE_APPEND_WRITE;
 466                } else if (!strcmp(argv[0], "-i")) {
 467                        /* data comes from memory */
 468                        if (argc == 1)
 469                                return CMD_RET_USAGE;
 470
 471                        argc--;
 472                        argv++;
 473                        addr = hextoul(argv[0], &ep);
 474                        if (*ep != ':')
 475                                return CMD_RET_USAGE;
 476
 477                        /* 0 should be allowed for delete */
 478                        size = hextoul(++ep, NULL);
 479
 480                        value_on_memory = true;
 481                } else if (!strcmp(argv[0], "-v")) {
 482                        verbose = true;
 483                } else {
 484                        return CMD_RET_USAGE;
 485                }
 486        }
 487        if (!argc)
 488                return CMD_RET_USAGE;
 489
 490        var_name = argv[0];
 491        if (default_guid) {
 492                if (!strcmp(var_name, "db") || !strcmp(var_name, "dbx") ||
 493                    !strcmp(var_name, "dbt"))
 494                        guid = efi_guid_image_security_database;
 495                else
 496                        guid = efi_global_variable_guid;
 497        }
 498
 499        if (verbose) {
 500                printf("GUID: %pUl %s\n", &guid,
 501                       efi_guid_to_str((const efi_guid_t *)&guid));
 502                printf("Attributes: 0x%x\n", attributes);
 503        }
 504
 505        /* for value */
 506        if (value_on_memory)
 507                value = map_sysmem(addr, 0);
 508        else if (argc > 1)
 509                for (argc--, argv++; argc > 0; argc--, argv++)
 510                        if (append_value(&value, &size, argv[0]) < 0) {
 511                                printf("## Failed to process an argument, %s\n",
 512                                       argv[0]);
 513                                ret = CMD_RET_FAILURE;
 514                                goto out;
 515                        }
 516
 517        if (size && verbose) {
 518                printf("Value:\n");
 519                print_hex_dump("    ", DUMP_PREFIX_OFFSET,
 520                               16, 1, value, size, true);
 521        }
 522
 523        len = utf8_utf16_strnlen(var_name, strlen(var_name));
 524        var_name16 = malloc((len + 1) * 2);
 525        if (!var_name16) {
 526                printf("## Out of memory\n");
 527                ret = CMD_RET_FAILURE;
 528                goto out;
 529        }
 530        p = var_name16;
 531        utf8_utf16_strncpy(&p, var_name, len + 1);
 532
 533        ret = efi_set_variable_int(var_name16, &guid, attributes, size, value,
 534                                   true);
 535        unmap_sysmem(value);
 536        if (ret == EFI_SUCCESS) {
 537                ret = CMD_RET_SUCCESS;
 538        } else {
 539                const char *msg;
 540
 541                switch (ret) {
 542                case EFI_NOT_FOUND:
 543                        msg = " (not found)";
 544                        break;
 545                case EFI_WRITE_PROTECTED:
 546                        msg = " (read only)";
 547                        break;
 548                case EFI_INVALID_PARAMETER:
 549                        msg = " (invalid parameter)";
 550                        break;
 551                case EFI_SECURITY_VIOLATION:
 552                        msg = " (validation failed)";
 553                        break;
 554                case EFI_OUT_OF_RESOURCES:
 555                        msg = " (out of memory)";
 556                        break;
 557                default:
 558                        msg = "";
 559                        break;
 560                }
 561                printf("## Failed to set EFI variable%s\n", msg);
 562                ret = CMD_RET_FAILURE;
 563        }
 564out:
 565        if (value_on_memory)
 566                unmap_sysmem(value);
 567        else
 568                free(value);
 569        free(var_name16);
 570
 571        return ret;
 572}
 573