1/* SPDX-License-Identifier: GPL-2.0+ */ 2/* 3 * Copyright (c) 2020, Heinrich Schuchardt <xypron.glpk@gmx.de> 4 */ 5 6#ifndef _EFI_VARIABLE_H 7#define _EFI_VARIABLE_H 8 9#include <linux/bitops.h> 10 11#define EFI_VARIABLE_READ_ONLY BIT(31) 12 13enum efi_auth_var_type { 14 EFI_AUTH_VAR_NONE = 0, 15 EFI_AUTH_MODE, 16 EFI_AUTH_VAR_PK, 17 EFI_AUTH_VAR_KEK, 18 EFI_AUTH_VAR_DB, 19 EFI_AUTH_VAR_DBX, 20 EFI_AUTH_VAR_DBT, 21 EFI_AUTH_VAR_DBR, 22}; 23 24/** 25 * efi_get_variable() - retrieve value of a UEFI variable 26 * 27 * @variable_name: name of the variable 28 * @vendor: vendor GUID 29 * @attributes: attributes of the variable 30 * @data_size: size of the buffer to which the variable value is copied 31 * @data: buffer to which the variable value is copied 32 * @timep: authentication time (seconds since start of epoch) 33 * Return: status code 34 */ 35efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, 36 u32 *attributes, efi_uintn_t *data_size, 37 void *data, u64 *timep); 38 39/** 40 * efi_set_variable() - set value of a UEFI variable 41 * 42 * @variable_name: name of the variable 43 * @vendor: vendor GUID 44 * @attributes: attributes of the variable 45 * @data_size: size of the buffer with the variable value 46 * @data: buffer with the variable value 47 * @ro_check: check the read only read only bit in attributes 48 * Return: status code 49 */ 50efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, 51 u32 attributes, efi_uintn_t data_size, 52 const void *data, bool ro_check); 53 54/** 55 * efi_get_next_variable_name_int() - enumerate the current variable names 56 * 57 * @variable_name_size: size of variable_name buffer in byte 58 * @variable_name: name of uefi variable's name in u16 59 * @vendor: vendor's guid 60 * 61 * See the Unified Extensible Firmware Interface (UEFI) specification for 62 * details. 63 * 64 * Return: status code 65 */ 66efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size, 67 u16 *variable_name, 68 efi_guid_t *vendor); 69 70/** 71 * efi_query_variable_info_int() - get information about EFI variables 72 * 73 * This function implements the QueryVariableInfo() runtime service. 74 * 75 * See the Unified Extensible Firmware Interface (UEFI) specification for 76 * details. 77 * 78 * @attributes: bitmask to select variables to be 79 * queried 80 * @maximum_variable_storage_size: maximum size of storage area for the 81 * selected variable types 82 * @remaining_variable_storage_size: remaining size of storage are for the 83 * selected variable types 84 * @maximum_variable_size: maximum size of a variable of the 85 * selected type 86 * Returns: status code 87 */ 88efi_status_t efi_query_variable_info_int(u32 attributes, 89 u64 *maximum_variable_storage_size, 90 u64 *remaining_variable_storage_size, 91 u64 *maximum_variable_size); 92 93#define EFI_VAR_FILE_NAME "ubootefi.var" 94 95#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE 96 97/* 98 * This constant identifies the file format for storing UEFI variables in 99 * struct efi_var_file. 100 */ 101#define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */ 102 103/** 104 * struct efi_var_entry - UEFI variable file entry 105 * 106 * @length: length of enty, multiple of 8 107 * @attr: variable attributes 108 * @time: authentication time (seconds since start of epoch) 109 * @guid: vendor GUID 110 * @name: UTF16 variable name 111 */ 112struct efi_var_entry { 113 u32 length; 114 u32 attr; 115 u64 time; 116 efi_guid_t guid; 117 u16 name[]; 118}; 119 120/** 121 * struct efi_var_file - file for storing UEFI variables 122 * 123 * @reserved: unused, may be overwritten by memory probing 124 * @magic: identifies file format, takes value %EFI_VAR_FILE_MAGIC 125 * @length: length including header 126 * @crc32: CRC32 without header 127 * @var: variables 128 */ 129struct efi_var_file { 130 u64 reserved; 131 u64 magic; 132 u32 length; 133 u32 crc32; 134 struct efi_var_entry var[]; 135}; 136 137/** 138 * efi_var_to_file() - save non-volatile variables as file 139 * 140 * File ubootefi.var is created on the EFI system partion. 141 * 142 * Return: status code 143 */ 144efi_status_t efi_var_to_file(void); 145 146/** 147 * efi_var_collect() - collect variables in buffer 148 * 149 * A buffer is allocated and filled with variables in a format ready to be 150 * written to disk. 151 * 152 * @bufp: pointer to pointer of buffer with collected variables 153 * @lenp: pointer to length of buffer 154 * @check_attr_mask: bitmask with required attributes of variables to be collected. 155 * variables are only collected if all of the required 156 * attributes are set. 157 * Return: status code 158 */ 159efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp, 160 u32 check_attr_mask); 161 162/** 163 * efi_var_restore() - restore EFI variables from buffer 164 * 165 * Only if @safe is set secure boot related variables will be restored. 166 * 167 * @buf: buffer 168 * @safe: restoring from tamper-resistant storage 169 * Return: status code 170 */ 171efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe); 172 173/** 174 * efi_var_from_file() - read variables from file 175 * 176 * File ubootefi.var is read from the EFI system partitions and the variables 177 * stored in the file are created. 178 * 179 * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS 180 * is returned. 181 * 182 * Return: status code 183 */ 184efi_status_t efi_var_from_file(void); 185 186/** 187 * efi_var_mem_init() - set-up variable list 188 * 189 * Return: status code 190 */ 191efi_status_t efi_var_mem_init(void); 192 193/** 194 * efi_var_mem_find() - find a variable in the list 195 * 196 * @guid: GUID of the variable 197 * @name: name of the variable 198 * @next: on exit pointer to the next variable after the found one 199 * Return: found variable 200 */ 201struct efi_var_entry *efi_var_mem_find(const efi_guid_t *guid, const u16 *name, 202 struct efi_var_entry **next); 203 204/** 205 * efi_var_mem_del() - delete a variable from the list of variables 206 * 207 * @var: variable to delete 208 */ 209void efi_var_mem_del(struct efi_var_entry *var); 210 211/** 212 * efi_var_mem_ins() - append a variable to the list of variables 213 * 214 * The variable is appended without checking if a variable of the same name 215 * already exists. The two data buffers are concatenated. 216 * 217 * @variable_name: variable name 218 * @vendor: GUID 219 * @attributes: variable attributes 220 * @size1: size of the first data buffer 221 * @data1: first data buffer 222 * @size2: size of the second data field 223 * @data2: second data buffer 224 * @time: time of authentication (as seconds since start of epoch) 225 * Result: status code 226 */ 227efi_status_t efi_var_mem_ins(u16 *variable_name, 228 const efi_guid_t *vendor, u32 attributes, 229 const efi_uintn_t size1, const void *data1, 230 const efi_uintn_t size2, const void *data2, 231 const u64 time); 232 233/** 234 * efi_var_mem_free() - determine free memory for variables 235 * 236 * Return: maximum data size plus variable name size 237 */ 238u64 efi_var_mem_free(void); 239 240/** 241 * efi_init_secure_state - initialize secure boot state 242 * 243 * Return: status code 244 */ 245efi_status_t efi_init_secure_state(void); 246 247/** 248 * efi_auth_var_get_type() - convert variable name and guid to enum 249 * 250 * @name: name of UEFI variable 251 * @guid: guid of UEFI variable 252 * Return: identifier for authentication related variables 253 */ 254enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid); 255 256/** 257 * efi_get_next_variable_name_mem() - Runtime common code across efi variable 258 * implementations for GetNextVariable() 259 * from the cached memory copy 260 * @variable_name_size: size of variable_name buffer in byte 261 * @variable_name: name of uefi variable's name in u16 262 * @vendor: vendor's guid 263 * 264 * Return: status code 265 */ 266efi_status_t __efi_runtime 267efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name, 268 efi_guid_t *vendor); 269/** 270 * efi_get_variable_mem() - Runtime common code across efi variable 271 * implementations for GetVariable() from 272 * the cached memory copy 273 * 274 * @variable_name: name of the variable 275 * @vendor: vendor GUID 276 * @attributes: attributes of the variable 277 * @data_size: size of the buffer to which the variable value is copied 278 * @data: buffer to which the variable value is copied 279 * @timep: authentication time (seconds since start of epoch) 280 * Return: status code 281 */ 282efi_status_t __efi_runtime 283efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, 284 efi_uintn_t *data_size, void *data, u64 *timep); 285 286/** 287 * efi_get_variable_runtime() - runtime implementation of GetVariable() 288 * 289 * @variable_name: name of the variable 290 * @guid: vendor GUID 291 * @attributes: attributes of the variable 292 * @data_size: size of the buffer to which the variable value is copied 293 * @data: buffer to which the variable value is copied 294 * Return: status code 295 */ 296efi_status_t __efi_runtime EFIAPI 297efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid, 298 u32 *attributes, efi_uintn_t *data_size, void *data); 299 300/** 301 * efi_get_next_variable_name_runtime() - runtime implementation of 302 * GetNextVariable() 303 * 304 * @variable_name_size: size of variable_name buffer in byte 305 * @variable_name: name of uefi variable's name in u16 306 * @guid: vendor's guid 307 * Return: status code 308 */ 309efi_status_t __efi_runtime EFIAPI 310efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, 311 u16 *variable_name, efi_guid_t *guid); 312 313/** 314 * efi_var_buf_update() - udpate memory buffer for variables 315 * 316 * @var_buf: source buffer 317 * 318 * This function copies to the memory buffer for UEFI variables. Call this 319 * function in ExitBootServices() if memory backed variables are only used 320 * at runtime to fill the buffer. 321 */ 322void efi_var_buf_update(struct efi_var_file *var_buf); 323 324#endif 325