]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/boot/bootctl.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tree-wide: beautify remaining copyright statements
[thirdparty/systemd.git] / src / boot / bootctl.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1+ */
2/***
3 Copyright © 2013-2015 Kay Sievers
4***/
5
6#include <blkid.h>
7#include <ctype.h>
8#include <dirent.h>
9#include <errno.h>
10#include <ftw.h>
11#include <getopt.h>
12#include <limits.h>
13#include <linux/magic.h>
14#include <stdbool.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <string.h>
18#include <sys/mman.h>
19#include <sys/stat.h>
20#include <sys/statfs.h>
21#include <unistd.h>
22
23#include "sd-id128.h"
24
25#include "alloc-util.h"
26#include "blkid-util.h"
27#include "bootspec.h"
28#include "copy.h"
29#include "dirent-util.h"
30#include "efivars.h"
31#include "fd-util.h"
32#include "fileio.h"
33#include "fs-util.h"
34#include "locale-util.h"
35#include "parse-util.h"
36#include "rm-rf.h"
37#include "stat-util.h"
38#include "string-util.h"
39#include "strv.h"
40#include "terminal-util.h"
41#include "umask-util.h"
42#include "util.h"
43#include "verbs.h"
44#include "virt.h"
45
46static char *arg_path = NULL;
47static bool arg_print_path = false;
48static bool arg_touch_variables = true;
49
50static int acquire_esp(
51 bool unprivileged_mode,
52 uint32_t *ret_part,
53 uint64_t *ret_pstart,
54 uint64_t *ret_psize,
55 sd_id128_t *ret_uuid) {
56
57 char *np;
58 int r;
59
60 /* Find the ESP, and log about errors. Note that find_esp_and_warn() will log in all error cases on its own,
61 * except for ENOKEY (which is good, we want to show our own message in that case, suggesting use of --path=)
62 * and EACCESS (only when we request unprivileged mode; in this case we simply eat up the error here, so that
63 * --list and --status work too, without noise about this). */
64
65 r = find_esp_and_warn(arg_path, unprivileged_mode, &np, ret_part, ret_pstart, ret_psize, ret_uuid);
66 if (r == -ENOKEY)
67 return log_error_errno(r,
68 "Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.\n"
69 "Alternatively, use --path= to specify path to mount point.");
70 if (r < 0)
71 return r;
72
73 free_and_replace(arg_path, np);
74
75 log_debug("Using EFI System Partition at %s.", arg_path);
76
77 return 0;
78}
79
80/* search for "#### LoaderInfo: systemd-boot 218 ####" string inside the binary */
81static int get_file_version(int fd, char **v) {
82 struct stat st;
83 char *buf;
84 const char *s, *e;
85 char *x = NULL;
86 int r = 0;
87
88 assert(fd >= 0);
89 assert(v);
90
91 if (fstat(fd, &st) < 0)
92 return log_error_errno(errno, "Failed to stat EFI binary: %m");
93
94 if (st.st_size < 27) {
95 *v = NULL;
96 return 0;
97 }
98
99 buf = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
100 if (buf == MAP_FAILED)
101 return log_error_errno(errno, "Failed to memory map EFI binary: %m");
102
103 s = memmem(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
104 if (!s)
105 goto finish;
106 s += 17;
107
108 e = memmem(s, st.st_size - (s - buf), " ####", 5);
109 if (!e || e - s < 3) {
110 log_error("Malformed version string.");
111 r = -EINVAL;
112 goto finish;
113 }
114
115 x = strndup(s, e - s);
116 if (!x) {
117 r = log_oom();
118 goto finish;
119 }
120 r = 1;
121
122finish:
123 (void) munmap(buf, st.st_size);
124 *v = x;
125 return r;
126}
127
128static int enumerate_binaries(const char *esp_path, const char *path, const char *prefix) {
129 char *p;
130 _cleanup_closedir_ DIR *d = NULL;
131 struct dirent *de;
132 int r = 0, c = 0;
133
134 p = strjoina(esp_path, "/", path);
135 d = opendir(p);
136 if (!d) {
137 if (errno == ENOENT)
138 return 0;
139
140 return log_error_errno(errno, "Failed to read \"%s\": %m", p);
141 }
142
143 FOREACH_DIRENT(de, d, break) {
144 _cleanup_close_ int fd = -1;
145 _cleanup_free_ char *v = NULL;
146
147 if (!endswith_no_case(de->d_name, ".efi"))
148 continue;
149
150 if (prefix && !startswith_no_case(de->d_name, prefix))
151 continue;
152
153 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
154 if (fd < 0)
155 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
156
157 r = get_file_version(fd, &v);
158 if (r < 0)
159 return r;
160 if (r > 0)
161 printf(" File: %s/%s/%s (%s)\n", special_glyph(TREE_RIGHT), path, de->d_name, v);
162 else
163 printf(" File: %s/%s/%s\n", special_glyph(TREE_RIGHT), path, de->d_name);
164 c++;
165 }
166
167 return c;
168}
169
170static int status_binaries(const char *esp_path, sd_id128_t partition) {
171 int r;
172
173 printf("Boot Loader Binaries:\n");
174
175 if (!esp_path) {
176 printf(" ESP: Cannot find or access mount point of ESP.\n\n");
177 return -ENOENT;
178 }
179
180 printf(" ESP: %s", esp_path);
181 if (!sd_id128_is_null(partition))
182 printf(" (/dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x)", SD_ID128_FORMAT_VAL(partition));
183 printf("\n");
184
185 r = enumerate_binaries(esp_path, "EFI/systemd", NULL);
186 if (r == 0)
187 log_error("systemd-boot not installed in ESP.");
188 else if (r < 0)
189 return r;
190
191 r = enumerate_binaries(esp_path, "EFI/BOOT", "boot");
192 if (r == 0)
193 log_error("No default/fallback boot loader installed in ESP.");
194 else if (r < 0)
195 return r;
196
197 printf("\n");
198
199 return 0;
200}
201
202static int print_efi_option(uint16_t id, bool in_order) {
203 _cleanup_free_ char *title = NULL;
204 _cleanup_free_ char *path = NULL;
205 sd_id128_t partition;
206 bool active;
207 int r = 0;
208
209 r = efi_get_boot_option(id, &title, &partition, &path, &active);
210 if (r < 0)
211 return r;
212
213 /* print only configured entries with partition information */
214 if (!path || sd_id128_is_null(partition))
215 return 0;
216
217 efi_tilt_backslashes(path);
218
219 printf(" Title: %s\n", strna(title));
220 printf(" ID: 0x%04X\n", id);
221 printf(" Status: %sactive%s\n", active ? "" : "in", in_order ? ", boot-order" : "");
222 printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", SD_ID128_FORMAT_VAL(partition));
223 printf(" File: %s%s\n", special_glyph(TREE_RIGHT), path);
224 printf("\n");
225
226 return 0;
227}
228
229static int status_variables(void) {
230 int n_options, n_order;
231 _cleanup_free_ uint16_t *options = NULL, *order = NULL;
232 int i;
233
234 n_options = efi_get_boot_options(&options);
235 if (n_options == -ENOENT)
236 return log_error_errno(n_options,
237 "Failed to access EFI variables, efivarfs"
238 " needs to be available at /sys/firmware/efi/efivars/.");
239 if (n_options < 0)
240 return log_error_errno(n_options, "Failed to read EFI boot entries: %m");
241
242 n_order = efi_get_boot_order(&order);
243 if (n_order == -ENOENT)
244 n_order = 0;
245 else if (n_order < 0)
246 return log_error_errno(n_order, "Failed to read EFI boot order.");
247
248 /* print entries in BootOrder first */
249 printf("Boot Loader Entries in EFI Variables:\n");
250 for (i = 0; i < n_order; i++)
251 print_efi_option(order[i], true);
252
253 /* print remaining entries */
254 for (i = 0; i < n_options; i++) {
255 int j;
256
257 for (j = 0; j < n_order; j++)
258 if (options[i] == order[j])
259 goto next_option;
260
261 print_efi_option(options[i], false);
262
263 next_option:
264 continue;
265 }
266
267 return 0;
268}
269
270static int status_entries(const char *esp_path, sd_id128_t partition) {
271 int r;
272
273 _cleanup_(boot_config_free) BootConfig config = {};
274
275 printf("Default Boot Entry:\n");
276
277 r = boot_entries_load_config(esp_path, &config);
278 if (r < 0)
279 return log_error_errno(r, "Failed to load bootspec config from \"%s/loader\": %m",
280 esp_path);
281
282 if (config.default_entry < 0)
283 printf("%zu entries, no entry suitable as default\n", config.n_entries);
284 else {
285 const BootEntry *e = &config.entries[config.default_entry];
286
287 printf(" title: %s\n", boot_entry_title(e));
288 if (e->version)
289 printf(" version: %s\n", e->version);
290 if (e->kernel)
291 printf(" linux: %s\n", e->kernel);
292 if (!strv_isempty(e->initrd)) {
293 _cleanup_free_ char *t;
294
295 t = strv_join(e->initrd, " ");
296 if (!t)
297 return log_oom();
298
299 printf(" initrd: %s\n", t);
300 }
301 if (!strv_isempty(e->options)) {
302 _cleanup_free_ char *t;
303
304 t = strv_join(e->options, " ");
305 if (!t)
306 return log_oom();
307
308 printf(" options: %s\n", t);
309 }
310 if (e->device_tree)
311 printf(" devicetree: %s\n", e->device_tree);
312 puts("");
313 }
314
315 return 0;
316}
317
318static int compare_product(const char *a, const char *b) {
319 size_t x, y;
320
321 assert(a);
322 assert(b);
323
324 x = strcspn(a, " ");
325 y = strcspn(b, " ");
326 if (x != y)
327 return x < y ? -1 : x > y ? 1 : 0;
328
329 return strncmp(a, b, x);
330}
331
332static int compare_version(const char *a, const char *b) {
333 assert(a);
334 assert(b);
335
336 a += strcspn(a, " ");
337 a += strspn(a, " ");
338 b += strcspn(b, " ");
339 b += strspn(b, " ");
340
341 return strverscmp(a, b);
342}
343
344static int version_check(int fd_from, const char *from, int fd_to, const char *to) {
345 _cleanup_free_ char *a = NULL, *b = NULL;
346 int r;
347
348 assert(fd_from >= 0);
349 assert(from);
350 assert(fd_to >= 0);
351 assert(to);
352
353 r = get_file_version(fd_from, &a);
354 if (r < 0)
355 return r;
356 if (r == 0) {
357 log_error("Source file \"%s\" does not carry version information!", from);
358 return -EINVAL;
359 }
360
361 r = get_file_version(fd_to, &b);
362 if (r < 0)
363 return r;
364 if (r == 0 || compare_product(a, b) != 0) {
365 log_notice("Skipping \"%s\", since it's owned by another boot loader.", to);
366 return -EEXIST;
367 }
368
369 if (compare_version(a, b) < 0) {
370 log_warning("Skipping \"%s\", since a newer boot loader version exists already.", to);
371 return -ESTALE;
372 }
373
374 return 0;
375}
376
377static int copy_file_with_version_check(const char *from, const char *to, bool force) {
378 _cleanup_close_ int fd_from = -1, fd_to = -1;
379 _cleanup_free_ char *t = NULL;
380 int r;
381
382 fd_from = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY);
383 if (fd_from < 0)
384 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", from);
385
386 if (!force) {
387 fd_to = open(to, O_RDONLY|O_CLOEXEC|O_NOCTTY);
388 if (fd_to < 0) {
389 if (errno != -ENOENT)
390 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", to);
391 } else {
392 r = version_check(fd_from, from, fd_to, to);
393 if (r < 0)
394 return r;
395
396 if (lseek(fd_from, 0, SEEK_SET) == (off_t) -1)
397 return log_error_errno(errno, "Failed to seek in \"%s\": %m", from);
398
399 fd_to = safe_close(fd_to);
400 }
401 }
402
403 r = tempfn_random(to, NULL, &t);
404 if (r < 0)
405 return log_oom();
406
407 RUN_WITH_UMASK(0000) {
408 fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644);
409 if (fd_to < 0)
410 return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t);
411 }
412
413 r = copy_bytes(fd_from, fd_to, (uint64_t) -1, COPY_REFLINK);
414 if (r < 0) {
415 (void) unlink(t);
416 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
417 }
418
419 (void) copy_times(fd_from, fd_to);
420
421 if (fsync(fd_to) < 0) {
422 (void) unlink_noerrno(t);
423 return log_error_errno(errno, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
424 }
425
426 (void) fsync_directory_of_file(fd_to);
427
428 if (renameat(AT_FDCWD, t, AT_FDCWD, to) < 0) {
429 (void) unlink_noerrno(t);
430 return log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", t, to);
431 }
432
433 log_info("Copied \"%s\" to \"%s\".", from, to);
434
435 return 0;
436}
437
438static int mkdir_one(const char *prefix, const char *suffix) {
439 char *p;
440
441 p = strjoina(prefix, "/", suffix);
442 if (mkdir(p, 0700) < 0) {
443 if (errno != EEXIST)
444 return log_error_errno(errno, "Failed to create \"%s\": %m", p);
445 } else
446 log_info("Created \"%s\".", p);
447
448 return 0;
449}
450
451static const char *efi_subdirs[] = {
452 "EFI",
453 "EFI/systemd",
454 "EFI/BOOT",
455 "loader",
456 "loader/entries",
457 NULL
458};
459
460static int create_dirs(const char *esp_path) {
461 const char **i;
462 int r;
463
464 STRV_FOREACH(i, efi_subdirs) {
465 r = mkdir_one(esp_path, *i);
466 if (r < 0)
467 return r;
468 }
469
470 return 0;
471}
472
473static int copy_one_file(const char *esp_path, const char *name, bool force) {
474 char *p, *q;
475 int r;
476
477 p = strjoina(BOOTLIBDIR "/", name);
478 q = strjoina(esp_path, "/EFI/systemd/", name);
479 r = copy_file_with_version_check(p, q, force);
480
481 if (startswith(name, "systemd-boot")) {
482 int k;
483 char *v;
484
485 /* Create the EFI default boot loader name (specified for removable devices) */
486 v = strjoina(esp_path, "/EFI/BOOT/BOOT",
487 name + STRLEN("systemd-boot"));
488 ascii_strupper(strrchr(v, '/') + 1);
489
490 k = copy_file_with_version_check(p, v, force);
491 if (k < 0 && r == 0)
492 r = k;
493 }
494
495 return r;
496}
497
498static int install_binaries(const char *esp_path, bool force) {
499 struct dirent *de;
500 _cleanup_closedir_ DIR *d = NULL;
501 int r = 0;
502
503 if (force) {
504 /* Don't create any of these directories when we are
505 * just updating. When we update we'll drop-in our
506 * files (unless there are newer ones already), but we
507 * won't create the directories for them in the first
508 * place. */
509 r = create_dirs(esp_path);
510 if (r < 0)
511 return r;
512 }
513
514 d = opendir(BOOTLIBDIR);
515 if (!d)
516 return log_error_errno(errno, "Failed to open \""BOOTLIBDIR"\": %m");
517
518 FOREACH_DIRENT(de, d, break) {
519 int k;
520
521 if (!endswith_no_case(de->d_name, ".efi"))
522 continue;
523
524 k = copy_one_file(esp_path, de->d_name, force);
525 if (k < 0 && r == 0)
526 r = k;
527 }
528
529 return r;
530}
531
532static bool same_entry(uint16_t id, const sd_id128_t uuid, const char *path) {
533 _cleanup_free_ char *opath = NULL;
534 sd_id128_t ouuid;
535 int r;
536
537 r = efi_get_boot_option(id, NULL, &ouuid, &opath, NULL);
538 if (r < 0)
539 return false;
540 if (!sd_id128_equal(uuid, ouuid))
541 return false;
542 if (!streq_ptr(path, opath))
543 return false;
544
545 return true;
546}
547
548static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) {
549 _cleanup_free_ uint16_t *options = NULL;
550 int n, i;
551
552 n = efi_get_boot_options(&options);
553 if (n < 0)
554 return n;
555
556 /* find already existing systemd-boot entry */
557 for (i = 0; i < n; i++)
558 if (same_entry(options[i], uuid, path)) {
559 *id = options[i];
560 return 1;
561 }
562
563 /* find free slot in the sorted BootXXXX variable list */
564 for (i = 0; i < n; i++)
565 if (i != options[i]) {
566 *id = i;
567 return 1;
568 }
569
570 /* use the next one */
571 if (i == 0xffff)
572 return -ENOSPC;
573 *id = i;
574 return 0;
575}
576
577static int insert_into_order(uint16_t slot, bool first) {
578 _cleanup_free_ uint16_t *order = NULL;
579 uint16_t *t;
580 int n, i;
581
582 n = efi_get_boot_order(&order);
583 if (n <= 0)
584 /* no entry, add us */
585 return efi_set_boot_order(&slot, 1);
586
587 /* are we the first and only one? */
588 if (n == 1 && order[0] == slot)
589 return 0;
590
591 /* are we already in the boot order? */
592 for (i = 0; i < n; i++) {
593 if (order[i] != slot)
594 continue;
595
596 /* we do not require to be the first one, all is fine */
597 if (!first)
598 return 0;
599
600 /* move us to the first slot */
601 memmove(order + 1, order, i * sizeof(uint16_t));
602 order[0] = slot;
603 return efi_set_boot_order(order, n);
604 }
605
606 /* extend array */
607 t = realloc(order, (n + 1) * sizeof(uint16_t));
608 if (!t)
609 return -ENOMEM;
610 order = t;
611
612 /* add us to the top or end of the list */
613 if (first) {
614 memmove(order + 1, order, n * sizeof(uint16_t));
615 order[0] = slot;
616 } else
617 order[n] = slot;
618
619 return efi_set_boot_order(order, n + 1);
620}
621
622static int remove_from_order(uint16_t slot) {
623 _cleanup_free_ uint16_t *order = NULL;
624 int n, i;
625
626 n = efi_get_boot_order(&order);
627 if (n <= 0)
628 return n;
629
630 for (i = 0; i < n; i++) {
631 if (order[i] != slot)
632 continue;
633
634 if (i + 1 < n)
635 memmove(order + i, order + i+1, (n - i) * sizeof(uint16_t));
636 return efi_set_boot_order(order, n - 1);
637 }
638
639 return 0;
640}
641
642static int install_variables(const char *esp_path,
643 uint32_t part, uint64_t pstart, uint64_t psize,
644 sd_id128_t uuid, const char *path,
645 bool first) {
646 char *p;
647 uint16_t slot;
648 int r;
649
650 if (!is_efi_boot()) {
651 log_warning("Not booted with EFI, skipping EFI variable setup.");
652 return 0;
653 }
654
655 p = strjoina(esp_path, path);
656 if (access(p, F_OK) < 0) {
657 if (errno == ENOENT)
658 return 0;
659
660 return log_error_errno(errno, "Cannot access \"%s\": %m", p);
661 }
662
663 r = find_slot(uuid, path, &slot);
664 if (r < 0)
665 return log_error_errno(r,
666 r == -ENOENT ?
667 "Failed to access EFI variables. Is the \"efivarfs\" filesystem mounted?" :
668 "Failed to determine current boot order: %m");
669
670 if (first || r == 0) {
671 r = efi_add_boot_option(slot, "Linux Boot Manager",
672 part, pstart, psize,
673 uuid, path);
674 if (r < 0)
675 return log_error_errno(r, "Failed to create EFI Boot variable entry: %m");
676
677 log_info("Created EFI boot entry \"Linux Boot Manager\".");
678 }
679
680 return insert_into_order(slot, first);
681}
682
683static int remove_boot_efi(const char *esp_path) {
684 char *p;
685 _cleanup_closedir_ DIR *d = NULL;
686 struct dirent *de;
687 int r, c = 0;
688
689 p = strjoina(esp_path, "/EFI/BOOT");
690 d = opendir(p);
691 if (!d) {
692 if (errno == ENOENT)
693 return 0;
694
695 return log_error_errno(errno, "Failed to open directory \"%s\": %m", p);
696 }
697
698 FOREACH_DIRENT(de, d, break) {
699 _cleanup_close_ int fd = -1;
700 _cleanup_free_ char *v = NULL;
701
702 if (!endswith_no_case(de->d_name, ".efi"))
703 continue;
704
705 if (!startswith_no_case(de->d_name, "boot"))
706 continue;
707
708 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
709 if (fd < 0)
710 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
711
712 r = get_file_version(fd, &v);
713 if (r < 0)
714 return r;
715 if (r > 0 && startswith(v, "systemd-boot ")) {
716 r = unlinkat(dirfd(d), de->d_name, 0);
717 if (r < 0)
718 return log_error_errno(errno, "Failed to remove \"%s/%s\": %m", p, de->d_name);
719
720 log_info("Removed \"%s/%s\".", p, de->d_name);
721 }
722
723 c++;
724 }
725
726 return c;
727}
728
729static int rmdir_one(const char *prefix, const char *suffix) {
730 char *p;
731
732 p = strjoina(prefix, "/", suffix);
733 if (rmdir(p) < 0) {
734 if (!IN_SET(errno, ENOENT, ENOTEMPTY))
735 return log_error_errno(errno, "Failed to remove \"%s\": %m", p);
736 } else
737 log_info("Removed \"%s\".", p);
738
739 return 0;
740}
741
742static int remove_binaries(const char *esp_path) {
743 char *p;
744 int r, q;
745 unsigned i;
746
747 p = strjoina(esp_path, "/EFI/systemd");
748 r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
749
750 q = remove_boot_efi(esp_path);
751 if (q < 0 && r == 0)
752 r = q;
753
754 for (i = ELEMENTSOF(efi_subdirs)-1; i > 0; i--) {
755 q = rmdir_one(esp_path, efi_subdirs[i-1]);
756 if (q < 0 && r == 0)
757 r = q;
758 }
759
760 return r;
761}
762
763static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
764 uint16_t slot;
765 int r;
766
767 if (!is_efi_boot())
768 return 0;
769
770 r = find_slot(uuid, path, &slot);
771 if (r != 1)
772 return 0;
773
774 r = efi_remove_boot_option(slot);
775 if (r < 0)
776 return r;
777
778 if (in_order)
779 return remove_from_order(slot);
780
781 return 0;
782}
783
784static int install_loader_config(const char *esp_path) {
785
786 char machine_string[SD_ID128_STRING_MAX];
787 _cleanup_(unlink_and_freep) char *t = NULL;
788 _cleanup_fclose_ FILE *f = NULL;
789 sd_id128_t machine_id;
790 const char *p;
791 int r, fd;
792
793 r = sd_id128_get_machine(&machine_id);
794 if (r < 0)
795 return log_error_errno(r, "Failed to get machine id: %m");
796
797 p = strjoina(esp_path, "/loader/loader.conf");
798
799 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
800 return 0;
801
802 fd = open_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t);
803 if (fd < 0)
804 return log_error_errno(fd, "Failed to open \"%s\" for writing: %m", p);
805
806 f = fdopen(fd, "we");
807 if (!f) {
808 safe_close(fd);
809 return log_oom();
810 }
811
812 fprintf(f, "#timeout 3\n");
813 fprintf(f, "#console-mode keep\n");
814 fprintf(f, "default %s-*\n", sd_id128_to_string(machine_id, machine_string));
815
816 r = fflush_sync_and_check(f);
817 if (r < 0)
818 return log_error_errno(r, "Failed to write \"%s\": %m", p);
819
820 r = link_tmpfile(fd, t, p);
821 if (r == -EEXIST)
822 return 0; /* Silently skip creation if the file exists now (recheck) */
823 if (r < 0)
824 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
825
826 t = mfree(t);
827
828 return 1;
829}
830
831static int help(int argc, char *argv[], void *userdata) {
832
833 printf("%s [COMMAND] [OPTIONS...]\n"
834 "\n"
835 "Install, update or remove the systemd-boot EFI boot manager.\n\n"
836 " -h --help Show this help\n"
837 " --version Print version\n"
838 " --path=PATH Path to the EFI System Partition (ESP)\n"
839 " -p --print-path Print path to the EFI partition\n"
840 " --no-variables Don't touch EFI variables\n"
841 "\n"
842 "Commands:\n"
843 " status Show status of installed systemd-boot and EFI variables\n"
844 " list List boot entries\n"
845 " install Install systemd-boot to the ESP and EFI variables\n"
846 " update Update systemd-boot in the ESP and EFI variables\n"
847 " remove Remove systemd-boot from the ESP and EFI variables\n",
848 program_invocation_short_name);
849
850 return 0;
851}
852
853static int parse_argv(int argc, char *argv[]) {
854 enum {
855 ARG_PATH = 0x100,
856 ARG_VERSION,
857 ARG_NO_VARIABLES,
858 };
859
860 static const struct option options[] = {
861 { "help", no_argument, NULL, 'h' },
862 { "version", no_argument, NULL, ARG_VERSION },
863 { "path", required_argument, NULL, ARG_PATH },
864 { "print-path", no_argument, NULL, 'p' },
865 { "no-variables", no_argument, NULL, ARG_NO_VARIABLES },
866 { NULL, 0, NULL, 0 }
867 };
868
869 int c, r;
870
871 assert(argc >= 0);
872 assert(argv);
873
874 while ((c = getopt_long(argc, argv, "hp", options, NULL)) >= 0)
875 switch (c) {
876
877 case 'h':
878 help(0, NULL, NULL);
879 return 0;
880
881 case ARG_VERSION:
882 return version();
883
884 case ARG_PATH:
885 r = free_and_strdup(&arg_path, optarg);
886 if (r < 0)
887 return log_oom();
888 break;
889
890 case 'p':
891 arg_print_path = true;
892 break;
893
894 case ARG_NO_VARIABLES:
895 arg_touch_variables = false;
896 break;
897
898 case '?':
899 return -EINVAL;
900
901 default:
902 assert_not_reached("Unknown option");
903 }
904
905 return 1;
906}
907
908static void read_loader_efi_var(const char *name, char **var) {
909 int r;
910
911 r = efi_get_variable_string(EFI_VENDOR_LOADER, name, var);
912 if (r < 0 && r != -ENOENT)
913 log_warning_errno(r, "Failed to read EFI variable %s: %m", name);
914}
915
916static int verb_status(int argc, char *argv[], void *userdata) {
917
918 sd_id128_t uuid = SD_ID128_NULL;
919 int r, k;
920
921 r = acquire_esp(geteuid() != 0, NULL, NULL, NULL, &uuid);
922
923 if (arg_print_path) {
924 if (r == -EACCES) /* If we couldn't acquire the ESP path, log about access errors (which is the only
925 * error the find_esp_and_warn() won't log on its own) */
926 return log_error_errno(r, "Failed to determine ESP: %m");
927 if (r < 0)
928 return r;
929
930 puts(arg_path);
931 return 0;
932 }
933
934 r = 0; /* If we couldn't determine the path, then don't consider that a problem from here on, just show what we
935 * can show */
936
937 if (is_efi_boot()) {
938 _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL;
939 sd_id128_t loader_part_uuid = SD_ID128_NULL;
940
941 read_loader_efi_var("LoaderFirmwareType", &fw_type);
942 read_loader_efi_var("LoaderFirmwareInfo", &fw_info);
943 read_loader_efi_var("LoaderInfo", &loader);
944 read_loader_efi_var("StubInfo", &stub);
945 read_loader_efi_var("LoaderImageIdentifier", &loader_path);
946
947 if (loader_path)
948 efi_tilt_backslashes(loader_path);
949
950 k = efi_loader_get_device_part_uuid(&loader_part_uuid);
951 if (k < 0 && k != -ENOENT)
952 r = log_warning_errno(k, "Failed to read EFI variable LoaderDevicePartUUID: %m");
953
954 printf("System:\n");
955 printf(" Firmware: %s (%s)\n", strna(fw_type), strna(fw_info));
956
957 k = is_efi_secure_boot();
958 if (k < 0)
959 r = log_warning_errno(k, "Failed to query secure boot status: %m");
960 else
961 printf(" Secure Boot: %sd\n", enable_disable(k));
962
963 k = is_efi_secure_boot_setup_mode();
964 if (k < 0)
965 r = log_warning_errno(k, "Failed to query secure boot mode: %m");
966 else
967 printf(" Setup Mode: %s\n", k ? "setup" : "user");
968 printf("\n");
969
970 printf("Current Loader:\n");
971 printf(" Product: %s\n", strna(loader));
972 if (stub)
973 printf(" Stub: %s\n", stub);
974 if (!sd_id128_is_null(loader_part_uuid))
975 printf(" ESP: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
976 SD_ID128_FORMAT_VAL(loader_part_uuid));
977 else
978 printf(" ESP: n/a\n");
979 printf(" File: %s%s\n", special_glyph(TREE_RIGHT), strna(loader_path));
980 printf("\n");
981 } else
982 printf("System:\n Not booted with EFI\n\n");
983
984 if (arg_path) {
985 k = status_binaries(arg_path, uuid);
986 if (k < 0)
987 r = k;
988 }
989
990 if (is_efi_boot()) {
991 k = status_variables();
992 if (k < 0)
993 r = k;
994 }
995
996 if (arg_path) {
997 k = status_entries(arg_path, uuid);
998 if (k < 0)
999 r = k;
1000 }
1001
1002 return r;
1003}
1004
1005static int verb_list(int argc, char *argv[], void *userdata) {
1006 _cleanup_(boot_config_free) BootConfig config = {};
1007 sd_id128_t uuid = SD_ID128_NULL;
1008 unsigned n;
1009 int r;
1010
1011 /* If we lack privileges we invoke find_esp_and_warn() in "unprivileged mode" here, which does two things: turn
1012 * off logging about access errors and turn off potentially privileged device probing. Here we're interested in
1013 * the latter but not the former, hence request the mode, and log about EACCES. */
1014
1015 r = acquire_esp(geteuid() != 0, NULL, NULL, NULL, &uuid);
1016 if (r == -EACCES) /* We really need the ESP path for this call, hence also log about access errors */
1017 return log_error_errno(r, "Failed to determine ESP: %m");
1018 if (r < 0)
1019 return r;
1020
1021 r = boot_entries_load_config(arg_path, &config);
1022 if (r < 0)
1023 return log_error_errno(r, "Failed to load bootspec config from \"%s/loader\": %m",
1024 arg_path);
1025
1026 printf("Available boot entries:\n");
1027
1028 for (n = 0; n < config.n_entries; n++) {
1029 const BootEntry *e = &config.entries[n];
1030
1031 printf(" title: %s%s%s%s%s%s\n",
1032 ansi_highlight(),
1033 boot_entry_title(e),
1034 ansi_normal(),
1035 ansi_highlight_green(),
1036 n == (unsigned) config.default_entry ? " (default)" : "",
1037 ansi_normal());
1038 if (e->version)
1039 printf(" version: %s\n", e->version);
1040 if (e->machine_id)
1041 printf(" machine-id: %s\n", e->machine_id);
1042 if (e->architecture)
1043 printf(" architecture: %s\n", e->architecture);
1044 if (e->kernel)
1045 printf(" linux: %s\n", e->kernel);
1046 if (!strv_isempty(e->initrd)) {
1047 _cleanup_free_ char *t;
1048
1049 t = strv_join(e->initrd, " ");
1050 if (!t)
1051 return log_oom();
1052
1053 printf(" initrd: %s\n", t);
1054 }
1055 if (!strv_isempty(e->options)) {
1056 _cleanup_free_ char *t;
1057
1058 t = strv_join(e->options, " ");
1059 if (!t)
1060 return log_oom();
1061
1062 printf(" options: %s\n", t);
1063 }
1064 if (e->device_tree)
1065 printf(" devicetree: %s\n", e->device_tree);
1066
1067 puts("");
1068 }
1069
1070 return 0;
1071}
1072
1073static int verb_install(int argc, char *argv[], void *userdata) {
1074
1075 sd_id128_t uuid = SD_ID128_NULL;
1076 uint64_t pstart = 0, psize = 0;
1077 uint32_t part = 0;
1078 bool install;
1079 int r;
1080
1081 r = acquire_esp(false, &part, &pstart, &psize, &uuid);
1082 if (r < 0)
1083 return r;
1084
1085 install = streq(argv[0], "install");
1086
1087 RUN_WITH_UMASK(0002) {
1088 r = install_binaries(arg_path, install);
1089 if (r < 0)
1090 return r;
1091
1092 if (install) {
1093 r = install_loader_config(arg_path);
1094 if (r < 0)
1095 return r;
1096 }
1097 }
1098
1099 if (arg_touch_variables)
1100 r = install_variables(arg_path,
1101 part, pstart, psize, uuid,
1102 "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi",
1103 install);
1104
1105 return r;
1106}
1107
1108static int verb_remove(int argc, char *argv[], void *userdata) {
1109 sd_id128_t uuid = SD_ID128_NULL;
1110 int r;
1111
1112 r = acquire_esp(false, NULL, NULL, NULL, &uuid);
1113 if (r < 0)
1114 return r;
1115
1116 r = remove_binaries(arg_path);
1117
1118 if (arg_touch_variables) {
1119 int q;
1120
1121 q = remove_variables(uuid, "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi", true);
1122 if (q < 0 && r == 0)
1123 r = q;
1124 }
1125
1126 return r;
1127}
1128
1129static int bootctl_main(int argc, char *argv[]) {
1130
1131 static const Verb verbs[] = {
1132 { "help", VERB_ANY, VERB_ANY, 0, help },
1133 { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status },
1134 { "list", VERB_ANY, 1, 0, verb_list },
1135 { "install", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install },
1136 { "update", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install },
1137 { "remove", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_remove },
1138 {}
1139 };
1140
1141 return dispatch_verb(argc, argv, verbs, NULL);
1142}
1143
1144int main(int argc, char *argv[]) {
1145 int r;
1146
1147 log_parse_environment();
1148 log_open();
1149
1150 /* If we run in a container, automatically turn of EFI file system access */
1151 if (detect_container() > 0)
1152 arg_touch_variables = false;
1153
1154 r = parse_argv(argc, argv);
1155 if (r <= 0)
1156 goto finish;
1157
1158 r = bootctl_main(argc, argv);
1159
1160 finish:
1161 free(arg_path);
1162 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1163}
Unnamed repository; edit this file 'description' to name the repository.