]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ | |
2 | /*** | |
3 | Copyright © 2013-2015 Kay Sievers | |
4 | ***/ | |
5 | ||
6 | #include <blkid.h> | |
7 | #include <ctype.h> | |
8 | #include <dirent.h> | |
9 | #include <errno.h> | |
10 | #include <ftw.h> | |
11 | #include <getopt.h> | |
12 | #include <limits.h> | |
13 | #include <linux/magic.h> | |
14 | #include <stdbool.h> | |
15 | #include <stdio.h> | |
16 | #include <stdlib.h> | |
17 | #include <string.h> | |
18 | #include <sys/mman.h> | |
19 | #include <sys/stat.h> | |
20 | #include <sys/statfs.h> | |
21 | #include <unistd.h> | |
22 | ||
23 | #include "sd-id128.h" | |
24 | ||
25 | #include "alloc-util.h" | |
26 | #include "blkid-util.h" | |
27 | #include "bootspec.h" | |
28 | #include "copy.h" | |
29 | #include "dirent-util.h" | |
30 | #include "efivars.h" | |
31 | #include "fd-util.h" | |
32 | #include "fileio.h" | |
33 | #include "fs-util.h" | |
34 | #include "locale-util.h" | |
35 | #include "parse-util.h" | |
36 | #include "rm-rf.h" | |
37 | #include "stat-util.h" | |
38 | #include "string-util.h" | |
39 | #include "strv.h" | |
40 | #include "terminal-util.h" | |
41 | #include "umask-util.h" | |
42 | #include "util.h" | |
43 | #include "verbs.h" | |
44 | #include "virt.h" | |
45 | ||
46 | static char *arg_path = NULL; | |
47 | static bool arg_print_path = false; | |
48 | static bool arg_touch_variables = true; | |
49 | ||
50 | static int acquire_esp( | |
51 | bool unprivileged_mode, | |
52 | uint32_t *ret_part, | |
53 | uint64_t *ret_pstart, | |
54 | uint64_t *ret_psize, | |
55 | sd_id128_t *ret_uuid) { | |
56 | ||
57 | char *np; | |
58 | int r; | |
59 | ||
60 | /* Find the ESP, and log about errors. Note that find_esp_and_warn() will log in all error cases on its own, | |
61 | * except for ENOKEY (which is good, we want to show our own message in that case, suggesting use of --path=) | |
62 | * and EACCESS (only when we request unprivileged mode; in this case we simply eat up the error here, so that | |
63 | * --list and --status work too, without noise about this). */ | |
64 | ||
65 | r = find_esp_and_warn(arg_path, unprivileged_mode, &np, ret_part, ret_pstart, ret_psize, ret_uuid); | |
66 | if (r == -ENOKEY) | |
67 | return log_error_errno(r, | |
68 | "Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.\n" | |
69 | "Alternatively, use --path= to specify path to mount point."); | |
70 | if (r < 0) | |
71 | return r; | |
72 | ||
73 | free_and_replace(arg_path, np); | |
74 | ||
75 | log_debug("Using EFI System Partition at %s.", arg_path); | |
76 | ||
77 | return 0; | |
78 | } | |
79 | ||
80 | /* search for "#### LoaderInfo: systemd-boot 218 ####" string inside the binary */ | |
81 | static int get_file_version(int fd, char **v) { | |
82 | struct stat st; | |
83 | char *buf; | |
84 | const char *s, *e; | |
85 | char *x = NULL; | |
86 | int r = 0; | |
87 | ||
88 | assert(fd >= 0); | |
89 | assert(v); | |
90 | ||
91 | if (fstat(fd, &st) < 0) | |
92 | return log_error_errno(errno, "Failed to stat EFI binary: %m"); | |
93 | ||
94 | if (st.st_size < 27) { | |
95 | *v = NULL; | |
96 | return 0; | |
97 | } | |
98 | ||
99 | buf = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); | |
100 | if (buf == MAP_FAILED) | |
101 | return log_error_errno(errno, "Failed to memory map EFI binary: %m"); | |
102 | ||
103 | s = memmem(buf, st.st_size - 8, "#### LoaderInfo: ", 17); | |
104 | if (!s) | |
105 | goto finish; | |
106 | s += 17; | |
107 | ||
108 | e = memmem(s, st.st_size - (s - buf), " ####", 5); | |
109 | if (!e || e - s < 3) { | |
110 | log_error("Malformed version string."); | |
111 | r = -EINVAL; | |
112 | goto finish; | |
113 | } | |
114 | ||
115 | x = strndup(s, e - s); | |
116 | if (!x) { | |
117 | r = log_oom(); | |
118 | goto finish; | |
119 | } | |
120 | r = 1; | |
121 | ||
122 | finish: | |
123 | (void) munmap(buf, st.st_size); | |
124 | *v = x; | |
125 | return r; | |
126 | } | |
127 | ||
128 | static int enumerate_binaries(const char *esp_path, const char *path, const char *prefix) { | |
129 | char *p; | |
130 | _cleanup_closedir_ DIR *d = NULL; | |
131 | struct dirent *de; | |
132 | int r = 0, c = 0; | |
133 | ||
134 | p = strjoina(esp_path, "/", path); | |
135 | d = opendir(p); | |
136 | if (!d) { | |
137 | if (errno == ENOENT) | |
138 | return 0; | |
139 | ||
140 | return log_error_errno(errno, "Failed to read \"%s\": %m", p); | |
141 | } | |
142 | ||
143 | FOREACH_DIRENT(de, d, break) { | |
144 | _cleanup_close_ int fd = -1; | |
145 | _cleanup_free_ char *v = NULL; | |
146 | ||
147 | if (!endswith_no_case(de->d_name, ".efi")) | |
148 | continue; | |
149 | ||
150 | if (prefix && !startswith_no_case(de->d_name, prefix)) | |
151 | continue; | |
152 | ||
153 | fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); | |
154 | if (fd < 0) | |
155 | return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); | |
156 | ||
157 | r = get_file_version(fd, &v); | |
158 | if (r < 0) | |
159 | return r; | |
160 | if (r > 0) | |
161 | printf(" File: %s/%s/%s (%s)\n", special_glyph(TREE_RIGHT), path, de->d_name, v); | |
162 | else | |
163 | printf(" File: %s/%s/%s\n", special_glyph(TREE_RIGHT), path, de->d_name); | |
164 | c++; | |
165 | } | |
166 | ||
167 | return c; | |
168 | } | |
169 | ||
170 | static int status_binaries(const char *esp_path, sd_id128_t partition) { | |
171 | int r; | |
172 | ||
173 | printf("Boot Loader Binaries:\n"); | |
174 | ||
175 | if (!esp_path) { | |
176 | printf(" ESP: Cannot find or access mount point of ESP.\n\n"); | |
177 | return -ENOENT; | |
178 | } | |
179 | ||
180 | printf(" ESP: %s", esp_path); | |
181 | if (!sd_id128_is_null(partition)) | |
182 | printf(" (/dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x)", SD_ID128_FORMAT_VAL(partition)); | |
183 | printf("\n"); | |
184 | ||
185 | r = enumerate_binaries(esp_path, "EFI/systemd", NULL); | |
186 | if (r == 0) | |
187 | log_error("systemd-boot not installed in ESP."); | |
188 | else if (r < 0) | |
189 | return r; | |
190 | ||
191 | r = enumerate_binaries(esp_path, "EFI/BOOT", "boot"); | |
192 | if (r == 0) | |
193 | log_error("No default/fallback boot loader installed in ESP."); | |
194 | else if (r < 0) | |
195 | return r; | |
196 | ||
197 | printf("\n"); | |
198 | ||
199 | return 0; | |
200 | } | |
201 | ||
202 | static int print_efi_option(uint16_t id, bool in_order) { | |
203 | _cleanup_free_ char *title = NULL; | |
204 | _cleanup_free_ char *path = NULL; | |
205 | sd_id128_t partition; | |
206 | bool active; | |
207 | int r = 0; | |
208 | ||
209 | r = efi_get_boot_option(id, &title, &partition, &path, &active); | |
210 | if (r < 0) | |
211 | return r; | |
212 | ||
213 | /* print only configured entries with partition information */ | |
214 | if (!path || sd_id128_is_null(partition)) | |
215 | return 0; | |
216 | ||
217 | efi_tilt_backslashes(path); | |
218 | ||
219 | printf(" Title: %s\n", strna(title)); | |
220 | printf(" ID: 0x%04X\n", id); | |
221 | printf(" Status: %sactive%s\n", active ? "" : "in", in_order ? ", boot-order" : ""); | |
222 | printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", SD_ID128_FORMAT_VAL(partition)); | |
223 | printf(" File: %s%s\n", special_glyph(TREE_RIGHT), path); | |
224 | printf("\n"); | |
225 | ||
226 | return 0; | |
227 | } | |
228 | ||
229 | static int status_variables(void) { | |
230 | int n_options, n_order; | |
231 | _cleanup_free_ uint16_t *options = NULL, *order = NULL; | |
232 | int i; | |
233 | ||
234 | n_options = efi_get_boot_options(&options); | |
235 | if (n_options == -ENOENT) | |
236 | return log_error_errno(n_options, | |
237 | "Failed to access EFI variables, efivarfs" | |
238 | " needs to be available at /sys/firmware/efi/efivars/."); | |
239 | if (n_options < 0) | |
240 | return log_error_errno(n_options, "Failed to read EFI boot entries: %m"); | |
241 | ||
242 | n_order = efi_get_boot_order(&order); | |
243 | if (n_order == -ENOENT) | |
244 | n_order = 0; | |
245 | else if (n_order < 0) | |
246 | return log_error_errno(n_order, "Failed to read EFI boot order."); | |
247 | ||
248 | /* print entries in BootOrder first */ | |
249 | printf("Boot Loader Entries in EFI Variables:\n"); | |
250 | for (i = 0; i < n_order; i++) | |
251 | print_efi_option(order[i], true); | |
252 | ||
253 | /* print remaining entries */ | |
254 | for (i = 0; i < n_options; i++) { | |
255 | int j; | |
256 | ||
257 | for (j = 0; j < n_order; j++) | |
258 | if (options[i] == order[j]) | |
259 | goto next_option; | |
260 | ||
261 | print_efi_option(options[i], false); | |
262 | ||
263 | next_option: | |
264 | continue; | |
265 | } | |
266 | ||
267 | return 0; | |
268 | } | |
269 | ||
270 | static int status_entries(const char *esp_path, sd_id128_t partition) { | |
271 | int r; | |
272 | ||
273 | _cleanup_(boot_config_free) BootConfig config = {}; | |
274 | ||
275 | printf("Default Boot Entry:\n"); | |
276 | ||
277 | r = boot_entries_load_config(esp_path, &config); | |
278 | if (r < 0) | |
279 | return log_error_errno(r, "Failed to load bootspec config from \"%s/loader\": %m", | |
280 | esp_path); | |
281 | ||
282 | if (config.default_entry < 0) | |
283 | printf("%zu entries, no entry suitable as default\n", config.n_entries); | |
284 | else { | |
285 | const BootEntry *e = &config.entries[config.default_entry]; | |
286 | ||
287 | printf(" title: %s\n", boot_entry_title(e)); | |
288 | if (e->version) | |
289 | printf(" version: %s\n", e->version); | |
290 | if (e->kernel) | |
291 | printf(" linux: %s\n", e->kernel); | |
292 | if (!strv_isempty(e->initrd)) { | |
293 | _cleanup_free_ char *t; | |
294 | ||
295 | t = strv_join(e->initrd, " "); | |
296 | if (!t) | |
297 | return log_oom(); | |
298 | ||
299 | printf(" initrd: %s\n", t); | |
300 | } | |
301 | if (!strv_isempty(e->options)) { | |
302 | _cleanup_free_ char *t; | |
303 | ||
304 | t = strv_join(e->options, " "); | |
305 | if (!t) | |
306 | return log_oom(); | |
307 | ||
308 | printf(" options: %s\n", t); | |
309 | } | |
310 | if (e->device_tree) | |
311 | printf(" devicetree: %s\n", e->device_tree); | |
312 | puts(""); | |
313 | } | |
314 | ||
315 | return 0; | |
316 | } | |
317 | ||
318 | static int compare_product(const char *a, const char *b) { | |
319 | size_t x, y; | |
320 | ||
321 | assert(a); | |
322 | assert(b); | |
323 | ||
324 | x = strcspn(a, " "); | |
325 | y = strcspn(b, " "); | |
326 | if (x != y) | |
327 | return x < y ? -1 : x > y ? 1 : 0; | |
328 | ||
329 | return strncmp(a, b, x); | |
330 | } | |
331 | ||
332 | static int compare_version(const char *a, const char *b) { | |
333 | assert(a); | |
334 | assert(b); | |
335 | ||
336 | a += strcspn(a, " "); | |
337 | a += strspn(a, " "); | |
338 | b += strcspn(b, " "); | |
339 | b += strspn(b, " "); | |
340 | ||
341 | return strverscmp(a, b); | |
342 | } | |
343 | ||
344 | static int version_check(int fd_from, const char *from, int fd_to, const char *to) { | |
345 | _cleanup_free_ char *a = NULL, *b = NULL; | |
346 | int r; | |
347 | ||
348 | assert(fd_from >= 0); | |
349 | assert(from); | |
350 | assert(fd_to >= 0); | |
351 | assert(to); | |
352 | ||
353 | r = get_file_version(fd_from, &a); | |
354 | if (r < 0) | |
355 | return r; | |
356 | if (r == 0) { | |
357 | log_error("Source file \"%s\" does not carry version information!", from); | |
358 | return -EINVAL; | |
359 | } | |
360 | ||
361 | r = get_file_version(fd_to, &b); | |
362 | if (r < 0) | |
363 | return r; | |
364 | if (r == 0 || compare_product(a, b) != 0) { | |
365 | log_notice("Skipping \"%s\", since it's owned by another boot loader.", to); | |
366 | return -EEXIST; | |
367 | } | |
368 | ||
369 | if (compare_version(a, b) < 0) { | |
370 | log_warning("Skipping \"%s\", since a newer boot loader version exists already.", to); | |
371 | return -ESTALE; | |
372 | } | |
373 | ||
374 | return 0; | |
375 | } | |
376 | ||
377 | static int copy_file_with_version_check(const char *from, const char *to, bool force) { | |
378 | _cleanup_close_ int fd_from = -1, fd_to = -1; | |
379 | _cleanup_free_ char *t = NULL; | |
380 | int r; | |
381 | ||
382 | fd_from = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY); | |
383 | if (fd_from < 0) | |
384 | return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", from); | |
385 | ||
386 | if (!force) { | |
387 | fd_to = open(to, O_RDONLY|O_CLOEXEC|O_NOCTTY); | |
388 | if (fd_to < 0) { | |
389 | if (errno != -ENOENT) | |
390 | return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", to); | |
391 | } else { | |
392 | r = version_check(fd_from, from, fd_to, to); | |
393 | if (r < 0) | |
394 | return r; | |
395 | ||
396 | if (lseek(fd_from, 0, SEEK_SET) == (off_t) -1) | |
397 | return log_error_errno(errno, "Failed to seek in \"%s\": %m", from); | |
398 | ||
399 | fd_to = safe_close(fd_to); | |
400 | } | |
401 | } | |
402 | ||
403 | r = tempfn_random(to, NULL, &t); | |
404 | if (r < 0) | |
405 | return log_oom(); | |
406 | ||
407 | RUN_WITH_UMASK(0000) { | |
408 | fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644); | |
409 | if (fd_to < 0) | |
410 | return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t); | |
411 | } | |
412 | ||
413 | r = copy_bytes(fd_from, fd_to, (uint64_t) -1, COPY_REFLINK); | |
414 | if (r < 0) { | |
415 | (void) unlink(t); | |
416 | return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t); | |
417 | } | |
418 | ||
419 | (void) copy_times(fd_from, fd_to); | |
420 | ||
421 | if (fsync(fd_to) < 0) { | |
422 | (void) unlink_noerrno(t); | |
423 | return log_error_errno(errno, "Failed to copy data from \"%s\" to \"%s\": %m", from, t); | |
424 | } | |
425 | ||
426 | (void) fsync_directory_of_file(fd_to); | |
427 | ||
428 | if (renameat(AT_FDCWD, t, AT_FDCWD, to) < 0) { | |
429 | (void) unlink_noerrno(t); | |
430 | return log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", t, to); | |
431 | } | |
432 | ||
433 | log_info("Copied \"%s\" to \"%s\".", from, to); | |
434 | ||
435 | return 0; | |
436 | } | |
437 | ||
438 | static int mkdir_one(const char *prefix, const char *suffix) { | |
439 | char *p; | |
440 | ||
441 | p = strjoina(prefix, "/", suffix); | |
442 | if (mkdir(p, 0700) < 0) { | |
443 | if (errno != EEXIST) | |
444 | return log_error_errno(errno, "Failed to create \"%s\": %m", p); | |
445 | } else | |
446 | log_info("Created \"%s\".", p); | |
447 | ||
448 | return 0; | |
449 | } | |
450 | ||
451 | static const char *efi_subdirs[] = { | |
452 | "EFI", | |
453 | "EFI/systemd", | |
454 | "EFI/BOOT", | |
455 | "loader", | |
456 | "loader/entries", | |
457 | NULL | |
458 | }; | |
459 | ||
460 | static int create_dirs(const char *esp_path) { | |
461 | const char **i; | |
462 | int r; | |
463 | ||
464 | STRV_FOREACH(i, efi_subdirs) { | |
465 | r = mkdir_one(esp_path, *i); | |
466 | if (r < 0) | |
467 | return r; | |
468 | } | |
469 | ||
470 | return 0; | |
471 | } | |
472 | ||
473 | static int copy_one_file(const char *esp_path, const char *name, bool force) { | |
474 | char *p, *q; | |
475 | int r; | |
476 | ||
477 | p = strjoina(BOOTLIBDIR "/", name); | |
478 | q = strjoina(esp_path, "/EFI/systemd/", name); | |
479 | r = copy_file_with_version_check(p, q, force); | |
480 | ||
481 | if (startswith(name, "systemd-boot")) { | |
482 | int k; | |
483 | char *v; | |
484 | ||
485 | /* Create the EFI default boot loader name (specified for removable devices) */ | |
486 | v = strjoina(esp_path, "/EFI/BOOT/BOOT", | |
487 | name + STRLEN("systemd-boot")); | |
488 | ascii_strupper(strrchr(v, '/') + 1); | |
489 | ||
490 | k = copy_file_with_version_check(p, v, force); | |
491 | if (k < 0 && r == 0) | |
492 | r = k; | |
493 | } | |
494 | ||
495 | return r; | |
496 | } | |
497 | ||
498 | static int install_binaries(const char *esp_path, bool force) { | |
499 | struct dirent *de; | |
500 | _cleanup_closedir_ DIR *d = NULL; | |
501 | int r = 0; | |
502 | ||
503 | if (force) { | |
504 | /* Don't create any of these directories when we are | |
505 | * just updating. When we update we'll drop-in our | |
506 | * files (unless there are newer ones already), but we | |
507 | * won't create the directories for them in the first | |
508 | * place. */ | |
509 | r = create_dirs(esp_path); | |
510 | if (r < 0) | |
511 | return r; | |
512 | } | |
513 | ||
514 | d = opendir(BOOTLIBDIR); | |
515 | if (!d) | |
516 | return log_error_errno(errno, "Failed to open \""BOOTLIBDIR"\": %m"); | |
517 | ||
518 | FOREACH_DIRENT(de, d, break) { | |
519 | int k; | |
520 | ||
521 | if (!endswith_no_case(de->d_name, ".efi")) | |
522 | continue; | |
523 | ||
524 | k = copy_one_file(esp_path, de->d_name, force); | |
525 | if (k < 0 && r == 0) | |
526 | r = k; | |
527 | } | |
528 | ||
529 | return r; | |
530 | } | |
531 | ||
532 | static bool same_entry(uint16_t id, const sd_id128_t uuid, const char *path) { | |
533 | _cleanup_free_ char *opath = NULL; | |
534 | sd_id128_t ouuid; | |
535 | int r; | |
536 | ||
537 | r = efi_get_boot_option(id, NULL, &ouuid, &opath, NULL); | |
538 | if (r < 0) | |
539 | return false; | |
540 | if (!sd_id128_equal(uuid, ouuid)) | |
541 | return false; | |
542 | if (!streq_ptr(path, opath)) | |
543 | return false; | |
544 | ||
545 | return true; | |
546 | } | |
547 | ||
548 | static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) { | |
549 | _cleanup_free_ uint16_t *options = NULL; | |
550 | int n, i; | |
551 | ||
552 | n = efi_get_boot_options(&options); | |
553 | if (n < 0) | |
554 | return n; | |
555 | ||
556 | /* find already existing systemd-boot entry */ | |
557 | for (i = 0; i < n; i++) | |
558 | if (same_entry(options[i], uuid, path)) { | |
559 | *id = options[i]; | |
560 | return 1; | |
561 | } | |
562 | ||
563 | /* find free slot in the sorted BootXXXX variable list */ | |
564 | for (i = 0; i < n; i++) | |
565 | if (i != options[i]) { | |
566 | *id = i; | |
567 | return 1; | |
568 | } | |
569 | ||
570 | /* use the next one */ | |
571 | if (i == 0xffff) | |
572 | return -ENOSPC; | |
573 | *id = i; | |
574 | return 0; | |
575 | } | |
576 | ||
577 | static int insert_into_order(uint16_t slot, bool first) { | |
578 | _cleanup_free_ uint16_t *order = NULL; | |
579 | uint16_t *t; | |
580 | int n, i; | |
581 | ||
582 | n = efi_get_boot_order(&order); | |
583 | if (n <= 0) | |
584 | /* no entry, add us */ | |
585 | return efi_set_boot_order(&slot, 1); | |
586 | ||
587 | /* are we the first and only one? */ | |
588 | if (n == 1 && order[0] == slot) | |
589 | return 0; | |
590 | ||
591 | /* are we already in the boot order? */ | |
592 | for (i = 0; i < n; i++) { | |
593 | if (order[i] != slot) | |
594 | continue; | |
595 | ||
596 | /* we do not require to be the first one, all is fine */ | |
597 | if (!first) | |
598 | return 0; | |
599 | ||
600 | /* move us to the first slot */ | |
601 | memmove(order + 1, order, i * sizeof(uint16_t)); | |
602 | order[0] = slot; | |
603 | return efi_set_boot_order(order, n); | |
604 | } | |
605 | ||
606 | /* extend array */ | |
607 | t = realloc(order, (n + 1) * sizeof(uint16_t)); | |
608 | if (!t) | |
609 | return -ENOMEM; | |
610 | order = t; | |
611 | ||
612 | /* add us to the top or end of the list */ | |
613 | if (first) { | |
614 | memmove(order + 1, order, n * sizeof(uint16_t)); | |
615 | order[0] = slot; | |
616 | } else | |
617 | order[n] = slot; | |
618 | ||
619 | return efi_set_boot_order(order, n + 1); | |
620 | } | |
621 | ||
622 | static int remove_from_order(uint16_t slot) { | |
623 | _cleanup_free_ uint16_t *order = NULL; | |
624 | int n, i; | |
625 | ||
626 | n = efi_get_boot_order(&order); | |
627 | if (n <= 0) | |
628 | return n; | |
629 | ||
630 | for (i = 0; i < n; i++) { | |
631 | if (order[i] != slot) | |
632 | continue; | |
633 | ||
634 | if (i + 1 < n) | |
635 | memmove(order + i, order + i+1, (n - i) * sizeof(uint16_t)); | |
636 | return efi_set_boot_order(order, n - 1); | |
637 | } | |
638 | ||
639 | return 0; | |
640 | } | |
641 | ||
642 | static int install_variables(const char *esp_path, | |
643 | uint32_t part, uint64_t pstart, uint64_t psize, | |
644 | sd_id128_t uuid, const char *path, | |
645 | bool first) { | |
646 | char *p; | |
647 | uint16_t slot; | |
648 | int r; | |
649 | ||
650 | if (!is_efi_boot()) { | |
651 | log_warning("Not booted with EFI, skipping EFI variable setup."); | |
652 | return 0; | |
653 | } | |
654 | ||
655 | p = strjoina(esp_path, path); | |
656 | if (access(p, F_OK) < 0) { | |
657 | if (errno == ENOENT) | |
658 | return 0; | |
659 | ||
660 | return log_error_errno(errno, "Cannot access \"%s\": %m", p); | |
661 | } | |
662 | ||
663 | r = find_slot(uuid, path, &slot); | |
664 | if (r < 0) | |
665 | return log_error_errno(r, | |
666 | r == -ENOENT ? | |
667 | "Failed to access EFI variables. Is the \"efivarfs\" filesystem mounted?" : | |
668 | "Failed to determine current boot order: %m"); | |
669 | ||
670 | if (first || r == 0) { | |
671 | r = efi_add_boot_option(slot, "Linux Boot Manager", | |
672 | part, pstart, psize, | |
673 | uuid, path); | |
674 | if (r < 0) | |
675 | return log_error_errno(r, "Failed to create EFI Boot variable entry: %m"); | |
676 | ||
677 | log_info("Created EFI boot entry \"Linux Boot Manager\"."); | |
678 | } | |
679 | ||
680 | return insert_into_order(slot, first); | |
681 | } | |
682 | ||
683 | static int remove_boot_efi(const char *esp_path) { | |
684 | char *p; | |
685 | _cleanup_closedir_ DIR *d = NULL; | |
686 | struct dirent *de; | |
687 | int r, c = 0; | |
688 | ||
689 | p = strjoina(esp_path, "/EFI/BOOT"); | |
690 | d = opendir(p); | |
691 | if (!d) { | |
692 | if (errno == ENOENT) | |
693 | return 0; | |
694 | ||
695 | return log_error_errno(errno, "Failed to open directory \"%s\": %m", p); | |
696 | } | |
697 | ||
698 | FOREACH_DIRENT(de, d, break) { | |
699 | _cleanup_close_ int fd = -1; | |
700 | _cleanup_free_ char *v = NULL; | |
701 | ||
702 | if (!endswith_no_case(de->d_name, ".efi")) | |
703 | continue; | |
704 | ||
705 | if (!startswith_no_case(de->d_name, "boot")) | |
706 | continue; | |
707 | ||
708 | fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC); | |
709 | if (fd < 0) | |
710 | return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name); | |
711 | ||
712 | r = get_file_version(fd, &v); | |
713 | if (r < 0) | |
714 | return r; | |
715 | if (r > 0 && startswith(v, "systemd-boot ")) { | |
716 | r = unlinkat(dirfd(d), de->d_name, 0); | |
717 | if (r < 0) | |
718 | return log_error_errno(errno, "Failed to remove \"%s/%s\": %m", p, de->d_name); | |
719 | ||
720 | log_info("Removed \"%s/%s\".", p, de->d_name); | |
721 | } | |
722 | ||
723 | c++; | |
724 | } | |
725 | ||
726 | return c; | |
727 | } | |
728 | ||
729 | static int rmdir_one(const char *prefix, const char *suffix) { | |
730 | char *p; | |
731 | ||
732 | p = strjoina(prefix, "/", suffix); | |
733 | if (rmdir(p) < 0) { | |
734 | if (!IN_SET(errno, ENOENT, ENOTEMPTY)) | |
735 | return log_error_errno(errno, "Failed to remove \"%s\": %m", p); | |
736 | } else | |
737 | log_info("Removed \"%s\".", p); | |
738 | ||
739 | return 0; | |
740 | } | |
741 | ||
742 | static int remove_binaries(const char *esp_path) { | |
743 | char *p; | |
744 | int r, q; | |
745 | unsigned i; | |
746 | ||
747 | p = strjoina(esp_path, "/EFI/systemd"); | |
748 | r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL); | |
749 | ||
750 | q = remove_boot_efi(esp_path); | |
751 | if (q < 0 && r == 0) | |
752 | r = q; | |
753 | ||
754 | for (i = ELEMENTSOF(efi_subdirs)-1; i > 0; i--) { | |
755 | q = rmdir_one(esp_path, efi_subdirs[i-1]); | |
756 | if (q < 0 && r == 0) | |
757 | r = q; | |
758 | } | |
759 | ||
760 | return r; | |
761 | } | |
762 | ||
763 | static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) { | |
764 | uint16_t slot; | |
765 | int r; | |
766 | ||
767 | if (!is_efi_boot()) | |
768 | return 0; | |
769 | ||
770 | r = find_slot(uuid, path, &slot); | |
771 | if (r != 1) | |
772 | return 0; | |
773 | ||
774 | r = efi_remove_boot_option(slot); | |
775 | if (r < 0) | |
776 | return r; | |
777 | ||
778 | if (in_order) | |
779 | return remove_from_order(slot); | |
780 | ||
781 | return 0; | |
782 | } | |
783 | ||
784 | static int install_loader_config(const char *esp_path) { | |
785 | ||
786 | char machine_string[SD_ID128_STRING_MAX]; | |
787 | _cleanup_(unlink_and_freep) char *t = NULL; | |
788 | _cleanup_fclose_ FILE *f = NULL; | |
789 | sd_id128_t machine_id; | |
790 | const char *p; | |
791 | int r, fd; | |
792 | ||
793 | r = sd_id128_get_machine(&machine_id); | |
794 | if (r < 0) | |
795 | return log_error_errno(r, "Failed to get machine id: %m"); | |
796 | ||
797 | p = strjoina(esp_path, "/loader/loader.conf"); | |
798 | ||
799 | if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */ | |
800 | return 0; | |
801 | ||
802 | fd = open_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t); | |
803 | if (fd < 0) | |
804 | return log_error_errno(fd, "Failed to open \"%s\" for writing: %m", p); | |
805 | ||
806 | f = fdopen(fd, "we"); | |
807 | if (!f) { | |
808 | safe_close(fd); | |
809 | return log_oom(); | |
810 | } | |
811 | ||
812 | fprintf(f, "#timeout 3\n"); | |
813 | fprintf(f, "#console-mode keep\n"); | |
814 | fprintf(f, "default %s-*\n", sd_id128_to_string(machine_id, machine_string)); | |
815 | ||
816 | r = fflush_sync_and_check(f); | |
817 | if (r < 0) | |
818 | return log_error_errno(r, "Failed to write \"%s\": %m", p); | |
819 | ||
820 | r = link_tmpfile(fd, t, p); | |
821 | if (r == -EEXIST) | |
822 | return 0; /* Silently skip creation if the file exists now (recheck) */ | |
823 | if (r < 0) | |
824 | return log_error_errno(r, "Failed to move \"%s\" into place: %m", p); | |
825 | ||
826 | t = mfree(t); | |
827 | ||
828 | return 1; | |
829 | } | |
830 | ||
831 | static int help(int argc, char *argv[], void *userdata) { | |
832 | ||
833 | printf("%s [COMMAND] [OPTIONS...]\n" | |
834 | "\n" | |
835 | "Install, update or remove the systemd-boot EFI boot manager.\n\n" | |
836 | " -h --help Show this help\n" | |
837 | " --version Print version\n" | |
838 | " --path=PATH Path to the EFI System Partition (ESP)\n" | |
839 | " -p --print-path Print path to the EFI partition\n" | |
840 | " --no-variables Don't touch EFI variables\n" | |
841 | "\n" | |
842 | "Commands:\n" | |
843 | " status Show status of installed systemd-boot and EFI variables\n" | |
844 | " list List boot entries\n" | |
845 | " install Install systemd-boot to the ESP and EFI variables\n" | |
846 | " update Update systemd-boot in the ESP and EFI variables\n" | |
847 | " remove Remove systemd-boot from the ESP and EFI variables\n", | |
848 | program_invocation_short_name); | |
849 | ||
850 | return 0; | |
851 | } | |
852 | ||
853 | static int parse_argv(int argc, char *argv[]) { | |
854 | enum { | |
855 | ARG_PATH = 0x100, | |
856 | ARG_VERSION, | |
857 | ARG_NO_VARIABLES, | |
858 | }; | |
859 | ||
860 | static const struct option options[] = { | |
861 | { "help", no_argument, NULL, 'h' }, | |
862 | { "version", no_argument, NULL, ARG_VERSION }, | |
863 | { "path", required_argument, NULL, ARG_PATH }, | |
864 | { "print-path", no_argument, NULL, 'p' }, | |
865 | { "no-variables", no_argument, NULL, ARG_NO_VARIABLES }, | |
866 | { NULL, 0, NULL, 0 } | |
867 | }; | |
868 | ||
869 | int c, r; | |
870 | ||
871 | assert(argc >= 0); | |
872 | assert(argv); | |
873 | ||
874 | while ((c = getopt_long(argc, argv, "hp", options, NULL)) >= 0) | |
875 | switch (c) { | |
876 | ||
877 | case 'h': | |
878 | help(0, NULL, NULL); | |
879 | return 0; | |
880 | ||
881 | case ARG_VERSION: | |
882 | return version(); | |
883 | ||
884 | case ARG_PATH: | |
885 | r = free_and_strdup(&arg_path, optarg); | |
886 | if (r < 0) | |
887 | return log_oom(); | |
888 | break; | |
889 | ||
890 | case 'p': | |
891 | arg_print_path = true; | |
892 | break; | |
893 | ||
894 | case ARG_NO_VARIABLES: | |
895 | arg_touch_variables = false; | |
896 | break; | |
897 | ||
898 | case '?': | |
899 | return -EINVAL; | |
900 | ||
901 | default: | |
902 | assert_not_reached("Unknown option"); | |
903 | } | |
904 | ||
905 | return 1; | |
906 | } | |
907 | ||
908 | static void read_loader_efi_var(const char *name, char **var) { | |
909 | int r; | |
910 | ||
911 | r = efi_get_variable_string(EFI_VENDOR_LOADER, name, var); | |
912 | if (r < 0 && r != -ENOENT) | |
913 | log_warning_errno(r, "Failed to read EFI variable %s: %m", name); | |
914 | } | |
915 | ||
916 | static int verb_status(int argc, char *argv[], void *userdata) { | |
917 | ||
918 | sd_id128_t uuid = SD_ID128_NULL; | |
919 | int r, k; | |
920 | ||
921 | r = acquire_esp(geteuid() != 0, NULL, NULL, NULL, &uuid); | |
922 | ||
923 | if (arg_print_path) { | |
924 | if (r == -EACCES) /* If we couldn't acquire the ESP path, log about access errors (which is the only | |
925 | * error the find_esp_and_warn() won't log on its own) */ | |
926 | return log_error_errno(r, "Failed to determine ESP: %m"); | |
927 | if (r < 0) | |
928 | return r; | |
929 | ||
930 | puts(arg_path); | |
931 | return 0; | |
932 | } | |
933 | ||
934 | r = 0; /* If we couldn't determine the path, then don't consider that a problem from here on, just show what we | |
935 | * can show */ | |
936 | ||
937 | if (is_efi_boot()) { | |
938 | _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL; | |
939 | sd_id128_t loader_part_uuid = SD_ID128_NULL; | |
940 | ||
941 | read_loader_efi_var("LoaderFirmwareType", &fw_type); | |
942 | read_loader_efi_var("LoaderFirmwareInfo", &fw_info); | |
943 | read_loader_efi_var("LoaderInfo", &loader); | |
944 | read_loader_efi_var("StubInfo", &stub); | |
945 | read_loader_efi_var("LoaderImageIdentifier", &loader_path); | |
946 | ||
947 | if (loader_path) | |
948 | efi_tilt_backslashes(loader_path); | |
949 | ||
950 | k = efi_loader_get_device_part_uuid(&loader_part_uuid); | |
951 | if (k < 0 && k != -ENOENT) | |
952 | r = log_warning_errno(k, "Failed to read EFI variable LoaderDevicePartUUID: %m"); | |
953 | ||
954 | printf("System:\n"); | |
955 | printf(" Firmware: %s (%s)\n", strna(fw_type), strna(fw_info)); | |
956 | ||
957 | k = is_efi_secure_boot(); | |
958 | if (k < 0) | |
959 | r = log_warning_errno(k, "Failed to query secure boot status: %m"); | |
960 | else | |
961 | printf(" Secure Boot: %sd\n", enable_disable(k)); | |
962 | ||
963 | k = is_efi_secure_boot_setup_mode(); | |
964 | if (k < 0) | |
965 | r = log_warning_errno(k, "Failed to query secure boot mode: %m"); | |
966 | else | |
967 | printf(" Setup Mode: %s\n", k ? "setup" : "user"); | |
968 | printf("\n"); | |
969 | ||
970 | printf("Current Loader:\n"); | |
971 | printf(" Product: %s\n", strna(loader)); | |
972 | if (stub) | |
973 | printf(" Stub: %s\n", stub); | |
974 | if (!sd_id128_is_null(loader_part_uuid)) | |
975 | printf(" ESP: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", | |
976 | SD_ID128_FORMAT_VAL(loader_part_uuid)); | |
977 | else | |
978 | printf(" ESP: n/a\n"); | |
979 | printf(" File: %s%s\n", special_glyph(TREE_RIGHT), strna(loader_path)); | |
980 | printf("\n"); | |
981 | } else | |
982 | printf("System:\n Not booted with EFI\n\n"); | |
983 | ||
984 | if (arg_path) { | |
985 | k = status_binaries(arg_path, uuid); | |
986 | if (k < 0) | |
987 | r = k; | |
988 | } | |
989 | ||
990 | if (is_efi_boot()) { | |
991 | k = status_variables(); | |
992 | if (k < 0) | |
993 | r = k; | |
994 | } | |
995 | ||
996 | if (arg_path) { | |
997 | k = status_entries(arg_path, uuid); | |
998 | if (k < 0) | |
999 | r = k; | |
1000 | } | |
1001 | ||
1002 | return r; | |
1003 | } | |
1004 | ||
1005 | static int verb_list(int argc, char *argv[], void *userdata) { | |
1006 | _cleanup_(boot_config_free) BootConfig config = {}; | |
1007 | sd_id128_t uuid = SD_ID128_NULL; | |
1008 | unsigned n; | |
1009 | int r; | |
1010 | ||
1011 | /* If we lack privileges we invoke find_esp_and_warn() in "unprivileged mode" here, which does two things: turn | |
1012 | * off logging about access errors and turn off potentially privileged device probing. Here we're interested in | |
1013 | * the latter but not the former, hence request the mode, and log about EACCES. */ | |
1014 | ||
1015 | r = acquire_esp(geteuid() != 0, NULL, NULL, NULL, &uuid); | |
1016 | if (r == -EACCES) /* We really need the ESP path for this call, hence also log about access errors */ | |
1017 | return log_error_errno(r, "Failed to determine ESP: %m"); | |
1018 | if (r < 0) | |
1019 | return r; | |
1020 | ||
1021 | r = boot_entries_load_config(arg_path, &config); | |
1022 | if (r < 0) | |
1023 | return log_error_errno(r, "Failed to load bootspec config from \"%s/loader\": %m", | |
1024 | arg_path); | |
1025 | ||
1026 | printf("Available boot entries:\n"); | |
1027 | ||
1028 | for (n = 0; n < config.n_entries; n++) { | |
1029 | const BootEntry *e = &config.entries[n]; | |
1030 | ||
1031 | printf(" title: %s%s%s%s%s%s\n", | |
1032 | ansi_highlight(), | |
1033 | boot_entry_title(e), | |
1034 | ansi_normal(), | |
1035 | ansi_highlight_green(), | |
1036 | n == (unsigned) config.default_entry ? " (default)" : "", | |
1037 | ansi_normal()); | |
1038 | if (e->version) | |
1039 | printf(" version: %s\n", e->version); | |
1040 | if (e->machine_id) | |
1041 | printf(" machine-id: %s\n", e->machine_id); | |
1042 | if (e->architecture) | |
1043 | printf(" architecture: %s\n", e->architecture); | |
1044 | if (e->kernel) | |
1045 | printf(" linux: %s\n", e->kernel); | |
1046 | if (!strv_isempty(e->initrd)) { | |
1047 | _cleanup_free_ char *t; | |
1048 | ||
1049 | t = strv_join(e->initrd, " "); | |
1050 | if (!t) | |
1051 | return log_oom(); | |
1052 | ||
1053 | printf(" initrd: %s\n", t); | |
1054 | } | |
1055 | if (!strv_isempty(e->options)) { | |
1056 | _cleanup_free_ char *t; | |
1057 | ||
1058 | t = strv_join(e->options, " "); | |
1059 | if (!t) | |
1060 | return log_oom(); | |
1061 | ||
1062 | printf(" options: %s\n", t); | |
1063 | } | |
1064 | if (e->device_tree) | |
1065 | printf(" devicetree: %s\n", e->device_tree); | |
1066 | ||
1067 | puts(""); | |
1068 | } | |
1069 | ||
1070 | return 0; | |
1071 | } | |
1072 | ||
1073 | static int verb_install(int argc, char *argv[], void *userdata) { | |
1074 | ||
1075 | sd_id128_t uuid = SD_ID128_NULL; | |
1076 | uint64_t pstart = 0, psize = 0; | |
1077 | uint32_t part = 0; | |
1078 | bool install; | |
1079 | int r; | |
1080 | ||
1081 | r = acquire_esp(false, &part, &pstart, &psize, &uuid); | |
1082 | if (r < 0) | |
1083 | return r; | |
1084 | ||
1085 | install = streq(argv[0], "install"); | |
1086 | ||
1087 | RUN_WITH_UMASK(0002) { | |
1088 | r = install_binaries(arg_path, install); | |
1089 | if (r < 0) | |
1090 | return r; | |
1091 | ||
1092 | if (install) { | |
1093 | r = install_loader_config(arg_path); | |
1094 | if (r < 0) | |
1095 | return r; | |
1096 | } | |
1097 | } | |
1098 | ||
1099 | if (arg_touch_variables) | |
1100 | r = install_variables(arg_path, | |
1101 | part, pstart, psize, uuid, | |
1102 | "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi", | |
1103 | install); | |
1104 | ||
1105 | return r; | |
1106 | } | |
1107 | ||
1108 | static int verb_remove(int argc, char *argv[], void *userdata) { | |
1109 | sd_id128_t uuid = SD_ID128_NULL; | |
1110 | int r; | |
1111 | ||
1112 | r = acquire_esp(false, NULL, NULL, NULL, &uuid); | |
1113 | if (r < 0) | |
1114 | return r; | |
1115 | ||
1116 | r = remove_binaries(arg_path); | |
1117 | ||
1118 | if (arg_touch_variables) { | |
1119 | int q; | |
1120 | ||
1121 | q = remove_variables(uuid, "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi", true); | |
1122 | if (q < 0 && r == 0) | |
1123 | r = q; | |
1124 | } | |
1125 | ||
1126 | return r; | |
1127 | } | |
1128 | ||
1129 | static int bootctl_main(int argc, char *argv[]) { | |
1130 | ||
1131 | static const Verb verbs[] = { | |
1132 | { "help", VERB_ANY, VERB_ANY, 0, help }, | |
1133 | { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status }, | |
1134 | { "list", VERB_ANY, 1, 0, verb_list }, | |
1135 | { "install", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install }, | |
1136 | { "update", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_install }, | |
1137 | { "remove", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_remove }, | |
1138 | {} | |
1139 | }; | |
1140 | ||
1141 | return dispatch_verb(argc, argv, verbs, NULL); | |
1142 | } | |
1143 | ||
1144 | int main(int argc, char *argv[]) { | |
1145 | int r; | |
1146 | ||
1147 | log_parse_environment(); | |
1148 | log_open(); | |
1149 | ||
1150 | /* If we run in a container, automatically turn of EFI file system access */ | |
1151 | if (detect_container() > 0) | |
1152 | arg_touch_variables = false; | |
1153 | ||
1154 | r = parse_argv(argc, argv); | |
1155 | if (r <= 0) | |
1156 | goto finish; | |
1157 | ||
1158 | r = bootctl_main(argc, argv); | |
1159 | ||
1160 | finish: | |
1161 | free(arg_path); | |
1162 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
1163 | } |