]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/boot/bootctl.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #24054 from keszybz/initrd-no-reload
[thirdparty/systemd.git] / src / boot / bootctl.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <ctype.h>
4 #include <errno.h>
5 #include <getopt.h>
6 #include <limits.h>
7 #include <linux/magic.h>
8 #include <stdbool.h>
9 #include <stdlib.h>
10 #include <sys/mman.h>
11 #include <unistd.h>
12
13 #include "sd-id128.h"
14
15 #include "alloc-util.h"
16 #include "blkid-util.h"
17 #include "bootspec.h"
18 #include "chase-symlinks.h"
19 #include "copy.h"
20 #include "devnum-util.h"
21 #include "dirent-util.h"
22 #include "dissect-image.h"
23 #include "efi-api.h"
24 #include "efi-loader.h"
25 #include "efivars.h"
26 #include "env-file.h"
27 #include "env-util.h"
28 #include "escape.h"
29 #include "fd-util.h"
30 #include "fileio.h"
31 #include "find-esp.h"
32 #include "fs-util.h"
33 #include "glyph-util.h"
34 #include "main-func.h"
35 #include "mkdir.h"
36 #include "mount-util.h"
37 #include "os-util.h"
38 #include "pager.h"
39 #include "parse-argument.h"
40 #include "parse-util.h"
41 #include "pretty-print.h"
42 #include "random-util.h"
43 #include "rm-rf.h"
44 #include "stat-util.h"
45 #include "stdio-util.h"
46 #include "string-table.h"
47 #include "string-util.h"
48 #include "strv.h"
49 #include "sync-util.h"
50 #include "terminal-util.h"
51 #include "tmpfile-util.h"
52 #include "tmpfile-util-label.h"
53 #include "tpm2-util.h"
54 #include "umask-util.h"
55 #include "utf8.h"
56 #include "util.h"
57 #include "verbs.h"
58 #include "virt.h"
59
60 static char *arg_esp_path = NULL;
61 static char *arg_xbootldr_path = NULL;
62 static bool arg_print_esp_path = false;
63 static bool arg_print_dollar_boot_path = false;
64 static bool arg_touch_variables = true;
65 static PagerFlags arg_pager_flags = 0;
66 static bool arg_graceful = false;
67 static bool arg_quiet = false;
68 static int arg_make_entry_directory = false; /* tri-state: < 0 for automatic logic */
69 static sd_id128_t arg_machine_id = SD_ID128_NULL;
70 static char *arg_install_layout = NULL;
71 static enum {
72 ARG_ENTRY_TOKEN_MACHINE_ID,
73 ARG_ENTRY_TOKEN_OS_IMAGE_ID,
74 ARG_ENTRY_TOKEN_OS_ID,
75 ARG_ENTRY_TOKEN_LITERAL,
76 ARG_ENTRY_TOKEN_AUTO,
77 } arg_entry_token_type = ARG_ENTRY_TOKEN_AUTO;
78 static char *arg_entry_token = NULL;
79 static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
80 static bool arg_arch_all = false;
81 static char *arg_root = NULL;
82 static char *arg_image = NULL;
83 static enum {
84 ARG_INSTALL_SOURCE_IMAGE,
85 ARG_INSTALL_SOURCE_HOST,
86 ARG_INSTALL_SOURCE_AUTO,
87 } arg_install_source = ARG_INSTALL_SOURCE_AUTO;
88
89 STATIC_DESTRUCTOR_REGISTER(arg_esp_path, freep);
90 STATIC_DESTRUCTOR_REGISTER(arg_xbootldr_path, freep);
91 STATIC_DESTRUCTOR_REGISTER(arg_install_layout, freep);
92 STATIC_DESTRUCTOR_REGISTER(arg_entry_token, freep);
93 STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
94 STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
95
96 static const char *arg_dollar_boot_path(void) {
97 /* $BOOT shall be the XBOOTLDR partition if it exists, and otherwise the ESP */
98 return arg_xbootldr_path ?: arg_esp_path;
99 }
100
101 static int acquire_esp(
102 bool unprivileged_mode,
103 bool graceful,
104 uint32_t *ret_part,
105 uint64_t *ret_pstart,
106 uint64_t *ret_psize,
107 sd_id128_t *ret_uuid,
108 dev_t *ret_devid) {
109
110 char *np;
111 int r;
112
113 /* Find the ESP, and log about errors. Note that find_esp_and_warn() will log in all error cases on
114 * its own, except for ENOKEY (which is good, we want to show our own message in that case,
115 * suggesting use of --esp-path=) and EACCESS (only when we request unprivileged mode; in this case
116 * we simply eat up the error here, so that --list and --status work too, without noise about
117 * this). */
118
119 r = find_esp_and_warn(arg_root, arg_esp_path, unprivileged_mode, &np, ret_part, ret_pstart, ret_psize, ret_uuid, ret_devid);
120 if (r == -ENOKEY) {
121 if (graceful)
122 return log_full_errno(arg_quiet ? LOG_DEBUG : LOG_INFO, r,
123 "Couldn't find EFI system partition, skipping.");
124
125 return log_error_errno(r,
126 "Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.\n"
127 "Alternatively, use --esp-path= to specify path to mount point.");
128 }
129 if (r < 0)
130 return r;
131
132 free_and_replace(arg_esp_path, np);
133 log_debug("Using EFI System Partition at %s.", arg_esp_path);
134
135 return 0;
136 }
137
138 static int acquire_xbootldr(
139 bool unprivileged_mode,
140 sd_id128_t *ret_uuid,
141 dev_t *ret_devid) {
142
143 char *np;
144 int r;
145
146 r = find_xbootldr_and_warn(arg_root, arg_xbootldr_path, unprivileged_mode, &np, ret_uuid, ret_devid);
147 if (r == -ENOKEY) {
148 log_debug_errno(r, "Didn't find an XBOOTLDR partition, using the ESP as $BOOT.");
149 arg_xbootldr_path = mfree(arg_xbootldr_path);
150
151 if (ret_uuid)
152 *ret_uuid = SD_ID128_NULL;
153 if (ret_devid)
154 *ret_devid = 0;
155 return 0;
156 }
157 if (r < 0)
158 return r;
159
160 free_and_replace(arg_xbootldr_path, np);
161 log_debug("Using XBOOTLDR partition at %s as $BOOT.", arg_xbootldr_path);
162
163 return 1;
164 }
165
166 static int load_etc_machine_id(void) {
167 int r;
168
169 r = sd_id128_get_machine(&arg_machine_id);
170 if (IN_SET(r, -ENOENT, -ENOMEDIUM)) /* Not set or empty */
171 return 0;
172 if (r < 0)
173 return log_error_errno(r, "Failed to get machine-id: %m");
174
175 log_debug("Loaded machine ID %s from /etc/machine-id.", SD_ID128_TO_STRING(arg_machine_id));
176 return 0;
177 }
178
179 static int load_etc_machine_info(void) {
180 /* systemd v250 added support to store the kernel-install layout setting and the machine ID to use
181 * for setting up the ESP in /etc/machine-info. The newer /etc/kernel/entry-token file, as well as
182 * the $layout field in /etc/kernel/install.conf are better replacements for this though, hence this
183 * has been deprecated and is only returned for compatibility. */
184 _cleanup_free_ char *s = NULL, *layout = NULL;
185 int r;
186
187 r = parse_env_file(NULL, "/etc/machine-info",
188 "KERNEL_INSTALL_LAYOUT", &layout,
189 "KERNEL_INSTALL_MACHINE_ID", &s);
190 if (r == -ENOENT)
191 return 0;
192 if (r < 0)
193 return log_error_errno(r, "Failed to parse /etc/machine-info: %m");
194
195 if (!isempty(s)) {
196 if (!arg_quiet)
197 log_notice("Read $KERNEL_INSTALL_MACHINE_ID from /etc/machine-info. "
198 "Please move it to /etc/kernel/entry-token.");
199
200 r = sd_id128_from_string(s, &arg_machine_id);
201 if (r < 0)
202 return log_error_errno(r, "Failed to parse KERNEL_INSTALL_MACHINE_ID=%s in /etc/machine-info: %m", s);
203
204 log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from KERNEL_INSTALL_MACHINE_ID in /etc/machine-info.",
205 SD_ID128_TO_STRING(arg_machine_id));
206 }
207
208 if (!isempty(layout)) {
209 if (!arg_quiet)
210 log_notice("Read $KERNEL_INSTALL_LAYOUT from /etc/machine-info. "
211 "Please move it to the layout= setting of /etc/kernel/install.conf.");
212
213 log_debug("KERNEL_INSTALL_LAYOUT=%s is specified in /etc/machine-info.", layout);
214 free_and_replace(arg_install_layout, layout);
215 }
216
217 return 0;
218 }
219
220 static int load_etc_kernel_install_conf(void) {
221 _cleanup_free_ char *layout = NULL;
222 int r;
223
224 r = parse_env_file(NULL, "/etc/kernel/install.conf",
225 "layout", &layout);
226 if (r == -ENOENT)
227 return 0;
228 if (r < 0)
229 return log_error_errno(r, "Failed to parse /etc/kernel/install.conf: %m");
230
231 if (!isempty(layout)) {
232 log_debug("layout=%s is specified in /etc/machine-info.", layout);
233 free_and_replace(arg_install_layout, layout);
234 }
235
236 return 0;
237 }
238
239 static int settle_entry_token(void) {
240 int r;
241
242 switch (arg_entry_token_type) {
243
244 case ARG_ENTRY_TOKEN_AUTO: {
245 _cleanup_free_ char *buf = NULL;
246 r = read_one_line_file("/etc/kernel/entry-token", &buf);
247 if (r < 0 && r != -ENOENT)
248 return log_error_errno(r, "Failed to read /etc/kernel/entry-token: %m");
249
250 if (!isempty(buf)) {
251 free_and_replace(arg_entry_token, buf);
252 arg_entry_token_type = ARG_ENTRY_TOKEN_LITERAL;
253 } else if (sd_id128_is_null(arg_machine_id)) {
254 _cleanup_free_ char *id = NULL, *image_id = NULL;
255
256 r = parse_os_release(NULL,
257 "IMAGE_ID", &image_id,
258 "ID", &id);
259 if (r < 0)
260 return log_error_errno(r, "Failed to load /etc/os-release: %m");
261
262 if (!isempty(image_id)) {
263 free_and_replace(arg_entry_token, image_id);
264 arg_entry_token_type = ARG_ENTRY_TOKEN_OS_IMAGE_ID;
265 } else if (!isempty(id)) {
266 free_and_replace(arg_entry_token, id);
267 arg_entry_token_type = ARG_ENTRY_TOKEN_OS_ID;
268 } else
269 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No machine ID set, and /etc/os-release carries no ID=/IMAGE_ID= fields.");
270 } else {
271 r = free_and_strdup_warn(&arg_entry_token, SD_ID128_TO_STRING(arg_machine_id));
272 if (r < 0)
273 return r;
274
275 arg_entry_token_type = ARG_ENTRY_TOKEN_MACHINE_ID;
276 }
277
278 break;
279 }
280
281 case ARG_ENTRY_TOKEN_MACHINE_ID:
282 if (sd_id128_is_null(arg_machine_id))
283 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No machine ID set.");
284
285 r = free_and_strdup_warn(&arg_entry_token, SD_ID128_TO_STRING(arg_machine_id));
286 if (r < 0)
287 return r;
288
289 break;
290
291 case ARG_ENTRY_TOKEN_OS_IMAGE_ID: {
292 _cleanup_free_ char *buf = NULL;
293
294 r = parse_os_release(NULL, "IMAGE_ID", &buf);
295 if (r < 0)
296 return log_error_errno(r, "Failed to load /etc/os-release: %m");
297
298 if (isempty(buf))
299 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "IMAGE_ID= field not set in /etc/os-release.");
300
301 free_and_replace(arg_entry_token, buf);
302 break;
303 }
304
305 case ARG_ENTRY_TOKEN_OS_ID: {
306 _cleanup_free_ char *buf = NULL;
307
308 r = parse_os_release(NULL, "ID", &buf);
309 if (r < 0)
310 return log_error_errno(r, "Failed to load /etc/os-release: %m");
311
312 if (isempty(buf))
313 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "ID= field not set in /etc/os-release.");
314
315 free_and_replace(arg_entry_token, buf);
316 break;
317 }
318
319 case ARG_ENTRY_TOKEN_LITERAL:
320 assert(!isempty(arg_entry_token)); /* already filled in by command line parser */
321 break;
322 }
323
324 if (isempty(arg_entry_token) || !string_is_safe(arg_entry_token))
325 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Selected entry token not valid: %s", arg_entry_token);
326
327 log_debug("Using entry token: %s", arg_entry_token);
328 return 0;
329 }
330
331 static bool use_boot_loader_spec_type1(void) {
332 /* If the layout is not specified, or if it is set explicitly to "bls" we assume Boot Loader
333 * Specification Type #1 is the chosen format for our boot loader entries */
334 return !arg_install_layout || streq(arg_install_layout, "bls");
335 }
336
337 static int settle_make_entry_directory(void) {
338 int r;
339
340 r = load_etc_machine_id();
341 if (r < 0)
342 return r;
343
344 r = load_etc_machine_info();
345 if (r < 0)
346 return r;
347
348 r = load_etc_kernel_install_conf();
349 if (r < 0)
350 return r;
351
352 r = settle_entry_token();
353 if (r < 0)
354 return r;
355
356 bool layout_type1 = use_boot_loader_spec_type1();
357 if (arg_make_entry_directory < 0) { /* Automatic mode */
358 if (layout_type1) {
359 if (arg_entry_token == ARG_ENTRY_TOKEN_MACHINE_ID) {
360 r = path_is_temporary_fs("/etc/machine-id");
361 if (r < 0)
362 return log_debug_errno(r, "Couldn't determine whether /etc/machine-id is on a temporary file system: %m");
363
364 arg_make_entry_directory = r == 0;
365 } else
366 arg_make_entry_directory = true;
367 } else
368 arg_make_entry_directory = false;
369 }
370
371 if (arg_make_entry_directory > 0 && !layout_type1)
372 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
373 "KERNEL_INSTALL_LAYOUT=%s is configured, but Boot Loader Specification Type #1 entry directory creation was requested.",
374 arg_install_layout);
375
376 return 0;
377 }
378
379 /* search for "#### LoaderInfo: systemd-boot 218 ####" string inside the binary */
380 static int get_file_version(int fd, char **v) {
381 struct stat st;
382 char *buf;
383 const char *s, *e;
384 char *x = NULL;
385 int r;
386
387 assert(fd >= 0);
388 assert(v);
389
390 if (fstat(fd, &st) < 0)
391 return log_error_errno(errno, "Failed to stat EFI binary: %m");
392
393 r = stat_verify_regular(&st);
394 if (r < 0)
395 return log_error_errno(r, "EFI binary is not a regular file: %m");
396
397 if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) {
398 *v = NULL;
399 return 0;
400 }
401
402 buf = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
403 if (buf == MAP_FAILED)
404 return log_error_errno(errno, "Failed to memory map EFI binary: %m");
405
406 s = mempmem_safe(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
407 if (!s)
408 goto finish;
409
410 e = memmem_safe(s, st.st_size - (s - buf), " ####", 5);
411 if (!e || e - s < 3) {
412 r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed version string.");
413 goto finish;
414 }
415
416 x = strndup(s, e - s);
417 if (!x) {
418 r = log_oom();
419 goto finish;
420 }
421 r = 1;
422
423 finish:
424 (void) munmap(buf, st.st_size);
425 *v = x;
426 return r;
427 }
428
429 static const char *get_efi_arch(void) {
430 /* Detect EFI firmware architecture of the running system. On mixed mode systems, it could be 32bit
431 * while the kernel is running in 64bit. */
432
433 #ifdef __x86_64__
434 _cleanup_free_ char *platform_size = NULL;
435 int r;
436
437 r = read_one_line_file("/sys/firmware/efi/fw_platform_size", &platform_size);
438 if (r == -ENOENT)
439 return EFI_MACHINE_TYPE_NAME;
440 if (r < 0) {
441 log_warning_errno(r, "Error reading EFI firmware word size, assuming '%u': %m", __WORDSIZE);
442 return EFI_MACHINE_TYPE_NAME;
443 }
444
445 if (streq(platform_size, "64"))
446 return EFI_MACHINE_TYPE_NAME;
447 if (streq(platform_size, "32"))
448 return "ia32";
449
450 log_warning(
451 "Unknown EFI firmware word size '%s', using default word size '%u' instead.",
452 platform_size,
453 __WORDSIZE);
454 #endif
455
456 return EFI_MACHINE_TYPE_NAME;
457 }
458
459 static int enumerate_binaries(
460 const char *esp_path,
461 const char *path,
462 const char *prefix,
463 char **previous,
464 bool *is_first) {
465
466 _cleanup_closedir_ DIR *d = NULL;
467 const char *p;
468 int c = 0, r;
469
470 assert(esp_path);
471 assert(path);
472 assert(previous);
473 assert(is_first);
474
475 p = prefix_roota(esp_path, path);
476 d = opendir(p);
477 if (!d) {
478 if (errno == ENOENT)
479 return 0;
480
481 return log_error_errno(errno, "Failed to read \"%s\": %m", p);
482 }
483
484 FOREACH_DIRENT(de, d, break) {
485 _cleanup_free_ char *v = NULL;
486 _cleanup_close_ int fd = -1;
487
488 if (!endswith_no_case(de->d_name, ".efi"))
489 continue;
490
491 if (prefix && !startswith_no_case(de->d_name, prefix))
492 continue;
493
494 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
495 if (fd < 0)
496 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
497
498 r = get_file_version(fd, &v);
499 if (r < 0)
500 return r;
501
502 if (*previous) { /* let's output the previous entry now, since now we know that there will be one more, and can draw the tree glyph properly */
503 printf(" %s %s%s\n",
504 *is_first ? "File:" : " ",
505 special_glyph(SPECIAL_GLYPH_TREE_BRANCH), *previous);
506 *is_first = false;
507 *previous = mfree(*previous);
508 }
509
510 /* Do not output this entry immediately, but store what should be printed in a state
511 * variable, because we only will know the tree glyph to print (branch or final edge) once we
512 * read one more entry */
513 if (r > 0)
514 r = asprintf(previous, "/%s/%s (%s%s%s)", path, de->d_name, ansi_highlight(), v, ansi_normal());
515 else
516 r = asprintf(previous, "/%s/%s", path, de->d_name);
517 if (r < 0)
518 return log_oom();
519
520 c++;
521 }
522
523 return c;
524 }
525
526 static int status_binaries(const char *esp_path, sd_id128_t partition) {
527 _cleanup_free_ char *last = NULL;
528 bool is_first = true;
529 int r, k;
530
531 printf("%sAvailable Boot Loaders on ESP:%s\n", ansi_underline(), ansi_normal());
532
533 if (!esp_path) {
534 printf(" ESP: Cannot find or access mount point of ESP.\n\n");
535 return -ENOENT;
536 }
537
538 printf(" ESP: %s", esp_path);
539 if (!sd_id128_is_null(partition))
540 printf(" (/dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR ")", SD_ID128_FORMAT_VAL(partition));
541 printf("\n");
542
543 r = enumerate_binaries(esp_path, "EFI/systemd", NULL, &last, &is_first);
544 if (r < 0) {
545 printf("\n");
546 return r;
547 }
548
549 k = enumerate_binaries(esp_path, "EFI/BOOT", "boot", &last, &is_first);
550 if (k < 0) {
551 printf("\n");
552 return k;
553 }
554
555 if (last) /* let's output the last entry now, since now we know that there will be no more, and can draw the tree glyph properly */
556 printf(" %s %s%s\n",
557 is_first ? "File:" : " ",
558 special_glyph(SPECIAL_GLYPH_TREE_RIGHT), last);
559
560 if (r == 0 && !arg_quiet)
561 log_info("systemd-boot not installed in ESP.");
562 if (k == 0 && !arg_quiet)
563 log_info("No default/fallback boot loader installed in ESP.");
564
565 printf("\n");
566 return 0;
567 }
568
569 static int print_efi_option(uint16_t id, int *n_printed, bool in_order) {
570 _cleanup_free_ char *title = NULL;
571 _cleanup_free_ char *path = NULL;
572 sd_id128_t partition;
573 bool active;
574 int r;
575
576 assert(n_printed);
577
578 r = efi_get_boot_option(id, &title, &partition, &path, &active);
579 if (r < 0)
580 return log_error_errno(r, "Failed to read boot option %u: %m", id);
581
582 /* print only configured entries with partition information */
583 if (!path || sd_id128_is_null(partition)) {
584 log_debug("Ignoring boot entry %u without partition information.", id);
585 return 0;
586 }
587
588 efi_tilt_backslashes(path);
589
590 if (*n_printed == 0) /* Print section title before first entry */
591 printf("%sBoot Loaders Listed in EFI Variables:%s\n", ansi_underline(), ansi_normal());
592
593 printf(" Title: %s%s%s\n", ansi_highlight(), strna(title), ansi_normal());
594 printf(" ID: 0x%04X\n", id);
595 printf(" Status: %sactive%s\n", active ? "" : "in", in_order ? ", boot-order" : "");
596 printf(" Partition: /dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR "\n",
597 SD_ID128_FORMAT_VAL(partition));
598 printf(" File: %s%s\n", special_glyph(SPECIAL_GLYPH_TREE_RIGHT), path);
599 printf("\n");
600
601 (*n_printed)++;
602 return 1;
603 }
604
605 static int status_variables(void) {
606 _cleanup_free_ uint16_t *options = NULL, *order = NULL;
607 int n_options, n_order, n_printed = 0;
608
609 n_options = efi_get_boot_options(&options);
610 if (n_options == -ENOENT)
611 return log_error_errno(n_options,
612 "Failed to access EFI variables, efivarfs"
613 " needs to be available at /sys/firmware/efi/efivars/.");
614 if (n_options < 0)
615 return log_error_errno(n_options, "Failed to read EFI boot entries: %m");
616
617 n_order = efi_get_boot_order(&order);
618 if (n_order == -ENOENT)
619 n_order = 0;
620 else if (n_order < 0)
621 return log_error_errno(n_order, "Failed to read EFI boot order: %m");
622
623 /* print entries in BootOrder first */
624 for (int i = 0; i < n_order; i++)
625 (void) print_efi_option(order[i], &n_printed, /* in_order= */ true);
626
627 /* print remaining entries */
628 for (int i = 0; i < n_options; i++) {
629 for (int j = 0; j < n_order; j++)
630 if (options[i] == order[j])
631 goto next_option;
632
633 (void) print_efi_option(options[i], &n_printed, /* in_order= */ false);
634
635 next_option:
636 continue;
637 }
638
639 if (n_printed == 0)
640 printf("No boot loaders listed in EFI Variables.\n\n");
641
642 return 0;
643 }
644
645 static int boot_config_load_and_select(
646 BootConfig *config,
647 const char *esp_path,
648 dev_t esp_devid,
649 const char *xbootldr_path,
650 dev_t xbootldr_devid) {
651
652 int r;
653
654 /* If XBOOTLDR and ESP actually refer to the same block device, suppress XBOOTLDR, since it would
655 * find the same entries twice. */
656 bool same = esp_path && xbootldr_path && devnum_set_and_equal(esp_devid, xbootldr_devid);
657
658 r = boot_config_load(config, esp_path, same ? NULL : xbootldr_path);
659 if (r < 0)
660 return r;
661
662 if (!arg_root) {
663 _cleanup_strv_free_ char **efi_entries = NULL;
664
665 r = efi_loader_get_entries(&efi_entries);
666 if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r))
667 log_debug_errno(r, "Boot loader reported no entries.");
668 else if (r < 0)
669 log_warning_errno(r, "Failed to determine entries reported by boot loader, ignoring: %m");
670 else
671 (void) boot_config_augment_from_loader(config, efi_entries, /* only_auto= */ false);
672 }
673
674 return boot_config_select_special_entries(config, /* skip_efivars= */ !!arg_root);
675 }
676
677 static int status_entries(
678 const BootConfig *config,
679 const char *esp_path,
680 sd_id128_t esp_partition_uuid,
681 const char *xbootldr_path,
682 sd_id128_t xbootldr_partition_uuid) {
683
684 sd_id128_t dollar_boot_partition_uuid;
685 const char *dollar_boot_path;
686 int r;
687
688 assert(config);
689 assert(esp_path || xbootldr_path);
690
691 if (xbootldr_path) {
692 dollar_boot_path = xbootldr_path;
693 dollar_boot_partition_uuid = xbootldr_partition_uuid;
694 } else {
695 dollar_boot_path = esp_path;
696 dollar_boot_partition_uuid = esp_partition_uuid;
697 }
698
699 printf("%sBoot Loader Entries:%s\n"
700 " $BOOT: %s", ansi_underline(), ansi_normal(), dollar_boot_path);
701 if (!sd_id128_is_null(dollar_boot_partition_uuid))
702 printf(" (/dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR ")",
703 SD_ID128_FORMAT_VAL(dollar_boot_partition_uuid));
704 printf("\n\n");
705
706 if (config->default_entry < 0)
707 printf("%zu entries, no entry could be determined as default.\n", config->n_entries);
708 else {
709 printf("%sDefault Boot Loader Entry:%s\n", ansi_underline(), ansi_normal());
710
711 r = show_boot_entry(
712 boot_config_default_entry(config),
713 /* show_as_default= */ false,
714 /* show_as_selected= */ false,
715 /* show_discovered= */ false);
716 if (r > 0)
717 /* < 0 is already logged by the function itself, let's just emit an extra warning if
718 the default entry is broken */
719 printf("\nWARNING: default boot entry is broken\n");
720 }
721
722 return 0;
723 }
724
725 static int compare_product(const char *a, const char *b) {
726 size_t x, y;
727
728 assert(a);
729 assert(b);
730
731 x = strcspn(a, " ");
732 y = strcspn(b, " ");
733 if (x != y)
734 return x < y ? -1 : x > y ? 1 : 0;
735
736 return strncmp(a, b, x);
737 }
738
739 static int compare_version(const char *a, const char *b) {
740 assert(a);
741 assert(b);
742
743 a += strcspn(a, " ");
744 a += strspn(a, " ");
745 b += strcspn(b, " ");
746 b += strspn(b, " ");
747
748 return strverscmp_improved(a, b);
749 }
750
751 static int version_check(int fd_from, const char *from, int fd_to, const char *to) {
752 _cleanup_free_ char *a = NULL, *b = NULL;
753 int r;
754
755 assert(fd_from >= 0);
756 assert(from);
757 assert(fd_to >= 0);
758 assert(to);
759
760 r = get_file_version(fd_from, &a);
761 if (r < 0)
762 return r;
763 if (r == 0)
764 return log_notice_errno(SYNTHETIC_ERRNO(EREMOTE),
765 "Source file \"%s\" does not carry version information!",
766 from);
767
768 r = get_file_version(fd_to, &b);
769 if (r < 0)
770 return r;
771 if (r == 0 || compare_product(a, b) != 0)
772 return log_notice_errno(SYNTHETIC_ERRNO(EREMOTE),
773 "Skipping \"%s\", since it's owned by another boot loader.",
774 to);
775
776 r = compare_version(a, b);
777 log_debug("Comparing versions: \"%s\" %s \"%s", a, comparison_operator(r), b);
778 if (r < 0)
779 return log_warning_errno(SYNTHETIC_ERRNO(ESTALE),
780 "Skipping \"%s\", since newer boot loader version in place already.", to);
781 if (r == 0)
782 return log_info_errno(SYNTHETIC_ERRNO(ESTALE),
783 "Skipping \"%s\", since same boot loader version in place already.", to);
784
785 return 0;
786 }
787
788 static int copy_file_with_version_check(const char *from, const char *to, bool force) {
789 _cleanup_close_ int fd_from = -1, fd_to = -1;
790 _cleanup_free_ char *t = NULL;
791 int r;
792
793 fd_from = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY);
794 if (fd_from < 0)
795 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", from);
796
797 if (!force) {
798 fd_to = open(to, O_RDONLY|O_CLOEXEC|O_NOCTTY);
799 if (fd_to < 0) {
800 if (errno != ENOENT)
801 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", to);
802 } else {
803 r = version_check(fd_from, from, fd_to, to);
804 if (r < 0)
805 return r;
806
807 if (lseek(fd_from, 0, SEEK_SET) == (off_t) -1)
808 return log_error_errno(errno, "Failed to seek in \"%s\": %m", from);
809
810 fd_to = safe_close(fd_to);
811 }
812 }
813
814 r = tempfn_random(to, NULL, &t);
815 if (r < 0)
816 return log_oom();
817
818 RUN_WITH_UMASK(0000) {
819 fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644);
820 if (fd_to < 0)
821 return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t);
822 }
823
824 r = copy_bytes(fd_from, fd_to, UINT64_MAX, COPY_REFLINK);
825 if (r < 0) {
826 (void) unlink(t);
827 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
828 }
829
830 (void) copy_times(fd_from, fd_to, 0);
831
832 r = fsync_full(fd_to);
833 if (r < 0) {
834 (void) unlink_noerrno(t);
835 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
836 }
837
838 if (renameat(AT_FDCWD, t, AT_FDCWD, to) < 0) {
839 (void) unlink_noerrno(t);
840 return log_error_errno(errno, "Failed to rename \"%s\" to \"%s\": %m", t, to);
841 }
842
843 log_info("Copied \"%s\" to \"%s\".", from, to);
844
845 return 0;
846 }
847
848 static int mkdir_one(const char *prefix, const char *suffix) {
849 _cleanup_free_ char *p = NULL;
850
851 p = path_join(prefix, suffix);
852 if (mkdir(p, 0700) < 0) {
853 if (errno != EEXIST)
854 return log_error_errno(errno, "Failed to create \"%s\": %m", p);
855 } else
856 log_info("Created \"%s\".", p);
857
858 return 0;
859 }
860
861 static const char *const esp_subdirs[] = {
862 /* The directories to place in the ESP */
863 "EFI",
864 "EFI/systemd",
865 "EFI/BOOT",
866 "loader",
867 NULL
868 };
869
870 static const char *const dollar_boot_subdirs[] = {
871 /* The directories to place in the XBOOTLDR partition or the ESP, depending what exists */
872 "loader",
873 "loader/entries", /* Type #1 entries */
874 "EFI",
875 "EFI/Linux", /* Type #2 entries */
876 NULL
877 };
878
879 static int create_subdirs(const char *root, const char * const *subdirs) {
880 int r;
881
882 STRV_FOREACH(i, subdirs) {
883 r = mkdir_one(root, *i);
884 if (r < 0)
885 return r;
886 }
887
888 return 0;
889 }
890
891 static int copy_one_file(const char *esp_path, const char *name, bool force) {
892 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
893 _cleanup_free_ char *source_path = NULL, *dest_path = NULL, *p = NULL, *q = NULL;
894 const char *e;
895 char *dest_name, *s;
896 int r, ret;
897
898 dest_name = strdupa_safe(name);
899 s = endswith_no_case(dest_name, ".signed");
900 if (s)
901 *s = 0;
902
903 p = path_join(BOOTLIBDIR, name);
904 if (!p)
905 return log_oom();
906
907 r = chase_symlinks(p, root, CHASE_PREFIX_ROOT, &source_path, NULL);
908 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
909 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
910 r = chase_symlinks(p, NULL, CHASE_PREFIX_ROOT, &source_path, NULL);
911 if (r < 0)
912 return log_error_errno(r,
913 "Failed to resolve path %s%s%s: %m",
914 p,
915 root ? " under directory " : "",
916 strempty(root));
917
918 q = path_join("/EFI/systemd/", dest_name);
919 if (!q)
920 return log_oom();
921
922 r = chase_symlinks(q, esp_path, CHASE_PREFIX_ROOT | CHASE_NONEXISTENT, &dest_path, NULL);
923 if (r < 0)
924 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", q, esp_path);
925
926 /* Note that if this fails we do the second copy anyway, but return this error code,
927 * so we stash it away in a separate variable. */
928 ret = copy_file_with_version_check(source_path, dest_path, force);
929
930 e = startswith(dest_name, "systemd-boot");
931 if (e) {
932 _cleanup_free_ char *default_dest_path = NULL;
933 char *v;
934
935 /* Create the EFI default boot loader name (specified for removable devices) */
936 v = strjoina("/EFI/BOOT/BOOT", e);
937 ascii_strupper(strrchr(v, '/') + 1);
938
939 r = chase_symlinks(v, esp_path, CHASE_PREFIX_ROOT | CHASE_NONEXISTENT, &default_dest_path, NULL);
940 if (r < 0)
941 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", v, esp_path);
942
943 r = copy_file_with_version_check(source_path, default_dest_path, force);
944 if (r < 0 && ret == 0)
945 ret = r;
946 }
947
948 return ret;
949 }
950
951 static int install_binaries(const char *esp_path, const char *arch, bool force) {
952 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
953 _cleanup_closedir_ DIR *d = NULL;
954 _cleanup_free_ char *path = NULL;
955 int r;
956
957 r = chase_symlinks_and_opendir(BOOTLIBDIR, root, CHASE_PREFIX_ROOT, &path, &d);
958 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
959 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
960 r = chase_symlinks_and_opendir(BOOTLIBDIR, NULL, CHASE_PREFIX_ROOT, &path, &d);
961 if (r < 0)
962 return log_error_errno(r, "Failed to open boot loader directory %s%s: %m", strempty(root), BOOTLIBDIR);
963
964 const char *suffix = strjoina(arch, ".efi");
965 const char *suffix_signed = strjoina(arch, ".efi.signed");
966
967 FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read \"%s\": %m", path)) {
968 int k;
969
970 if (!endswith_no_case(de->d_name, suffix) && !endswith_no_case(de->d_name, suffix_signed))
971 continue;
972
973 /* skip the .efi file, if there's a .signed version of it */
974 if (endswith_no_case(de->d_name, ".efi")) {
975 _cleanup_free_ const char *s = strjoin(de->d_name, ".signed");
976 if (!s)
977 return log_oom();
978 if (faccessat(dirfd(d), s, F_OK, 0) >= 0)
979 continue;
980 }
981
982 k = copy_one_file(esp_path, de->d_name, force);
983 /* Don't propagate an error code if no update necessary, installed version already equal or
984 * newer version, or other boot loader in place. */
985 if (arg_graceful && IN_SET(k, -ESTALE, -EREMOTE))
986 continue;
987 if (k < 0 && r == 0)
988 r = k;
989 }
990
991 return r;
992 }
993
994 static bool same_entry(uint16_t id, sd_id128_t uuid, const char *path) {
995 _cleanup_free_ char *opath = NULL;
996 sd_id128_t ouuid;
997 int r;
998
999 r = efi_get_boot_option(id, NULL, &ouuid, &opath, NULL);
1000 if (r < 0)
1001 return false;
1002 if (!sd_id128_equal(uuid, ouuid))
1003 return false;
1004
1005 /* Some motherboards convert the path to uppercase under certain circumstances
1006 * (e.g. after booting into the Boot Menu in the ASUS ROG STRIX B350-F GAMING),
1007 * so use case-insensitive checking */
1008 if (!strcaseeq_ptr(path, opath))
1009 return false;
1010
1011 return true;
1012 }
1013
1014 static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) {
1015 _cleanup_free_ uint16_t *options = NULL;
1016
1017 int n = efi_get_boot_options(&options);
1018 if (n < 0)
1019 return n;
1020
1021 /* find already existing systemd-boot entry */
1022 for (int i = 0; i < n; i++)
1023 if (same_entry(options[i], uuid, path)) {
1024 *id = options[i];
1025 return 1;
1026 }
1027
1028 /* find free slot in the sorted BootXXXX variable list */
1029 for (int i = 0; i < n; i++)
1030 if (i != options[i]) {
1031 *id = i;
1032 return 0;
1033 }
1034
1035 /* use the next one */
1036 if (n == 0xffff)
1037 return -ENOSPC;
1038 *id = n;
1039 return 0;
1040 }
1041
1042 static int insert_into_order(uint16_t slot, bool first) {
1043 _cleanup_free_ uint16_t *order = NULL;
1044 uint16_t *t;
1045 int n;
1046
1047 n = efi_get_boot_order(&order);
1048 if (n <= 0)
1049 /* no entry, add us */
1050 return efi_set_boot_order(&slot, 1);
1051
1052 /* are we the first and only one? */
1053 if (n == 1 && order[0] == slot)
1054 return 0;
1055
1056 /* are we already in the boot order? */
1057 for (int i = 0; i < n; i++) {
1058 if (order[i] != slot)
1059 continue;
1060
1061 /* we do not require to be the first one, all is fine */
1062 if (!first)
1063 return 0;
1064
1065 /* move us to the first slot */
1066 memmove(order + 1, order, i * sizeof(uint16_t));
1067 order[0] = slot;
1068 return efi_set_boot_order(order, n);
1069 }
1070
1071 /* extend array */
1072 t = reallocarray(order, n + 1, sizeof(uint16_t));
1073 if (!t)
1074 return -ENOMEM;
1075 order = t;
1076
1077 /* add us to the top or end of the list */
1078 if (first) {
1079 memmove(order + 1, order, n * sizeof(uint16_t));
1080 order[0] = slot;
1081 } else
1082 order[n] = slot;
1083
1084 return efi_set_boot_order(order, n + 1);
1085 }
1086
1087 static int remove_from_order(uint16_t slot) {
1088 _cleanup_free_ uint16_t *order = NULL;
1089 int n;
1090
1091 n = efi_get_boot_order(&order);
1092 if (n <= 0)
1093 return n;
1094
1095 for (int i = 0; i < n; i++) {
1096 if (order[i] != slot)
1097 continue;
1098
1099 if (i + 1 < n)
1100 memmove(order + i, order + i+1, (n - i) * sizeof(uint16_t));
1101 return efi_set_boot_order(order, n - 1);
1102 }
1103
1104 return 0;
1105 }
1106
1107 static int install_variables(const char *esp_path,
1108 uint32_t part, uint64_t pstart, uint64_t psize,
1109 sd_id128_t uuid, const char *path,
1110 bool first) {
1111 const char *p;
1112 uint16_t slot;
1113 int r;
1114
1115 if (arg_root) {
1116 log_info("Acting on %s, skipping EFI variable setup.",
1117 arg_image ? "image" : "root directory");
1118 return 0;
1119 }
1120
1121 if (!is_efi_boot()) {
1122 log_warning("Not booted with EFI, skipping EFI variable setup.");
1123 return 0;
1124 }
1125
1126 p = prefix_roota(esp_path, path);
1127 if (access(p, F_OK) < 0) {
1128 if (errno == ENOENT)
1129 return 0;
1130
1131 return log_error_errno(errno, "Cannot access \"%s\": %m", p);
1132 }
1133
1134 r = find_slot(uuid, path, &slot);
1135 if (r < 0)
1136 return log_error_errno(r,
1137 r == -ENOENT ?
1138 "Failed to access EFI variables. Is the \"efivarfs\" filesystem mounted?" :
1139 "Failed to determine current boot order: %m");
1140
1141 if (first || r == 0) {
1142 r = efi_add_boot_option(slot, "Linux Boot Manager",
1143 part, pstart, psize,
1144 uuid, path);
1145 if (r < 0)
1146 return log_error_errno(r, "Failed to create EFI Boot variable entry: %m");
1147
1148 log_info("Created EFI boot entry \"Linux Boot Manager\".");
1149 }
1150
1151 return insert_into_order(slot, first);
1152 }
1153
1154 static int remove_boot_efi(const char *esp_path) {
1155 _cleanup_closedir_ DIR *d = NULL;
1156 const char *p;
1157 int r, c = 0;
1158
1159 p = prefix_roota(esp_path, "/EFI/BOOT");
1160 d = opendir(p);
1161 if (!d) {
1162 if (errno == ENOENT)
1163 return 0;
1164
1165 return log_error_errno(errno, "Failed to open directory \"%s\": %m", p);
1166 }
1167
1168 FOREACH_DIRENT(de, d, break) {
1169 _cleanup_close_ int fd = -1;
1170 _cleanup_free_ char *v = NULL;
1171
1172 if (!endswith_no_case(de->d_name, ".efi"))
1173 continue;
1174
1175 if (!startswith_no_case(de->d_name, "boot"))
1176 continue;
1177
1178 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
1179 if (fd < 0)
1180 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
1181
1182 r = get_file_version(fd, &v);
1183 if (r < 0)
1184 return r;
1185 if (r > 0 && startswith(v, "systemd-boot ")) {
1186 r = unlinkat(dirfd(d), de->d_name, 0);
1187 if (r < 0)
1188 return log_error_errno(errno, "Failed to remove \"%s/%s\": %m", p, de->d_name);
1189
1190 log_info("Removed \"%s/%s\".", p, de->d_name);
1191 }
1192
1193 c++;
1194 }
1195
1196 return c;
1197 }
1198
1199 static int rmdir_one(const char *prefix, const char *suffix) {
1200 const char *p;
1201
1202 p = prefix_roota(prefix, suffix);
1203 if (rmdir(p) < 0) {
1204 bool ignore = IN_SET(errno, ENOENT, ENOTEMPTY);
1205
1206 log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, errno,
1207 "Failed to remove directory \"%s\": %m", p);
1208 if (!ignore)
1209 return -errno;
1210 } else
1211 log_info("Removed \"%s\".", p);
1212
1213 return 0;
1214 }
1215
1216 static int remove_subdirs(const char *root, const char *const *subdirs) {
1217 int r, q;
1218
1219 /* We use recursion here to destroy the directories in reverse order. Which should be safe given how
1220 * short the array is. */
1221
1222 if (!subdirs[0]) /* A the end of the list */
1223 return 0;
1224
1225 r = remove_subdirs(root, subdirs + 1);
1226 q = rmdir_one(root, subdirs[0]);
1227
1228 return r < 0 ? r : q;
1229 }
1230
1231 static int remove_entry_directory(const char *root) {
1232 assert(root);
1233 assert(arg_make_entry_directory >= 0);
1234
1235 if (!arg_make_entry_directory || !arg_entry_token)
1236 return 0;
1237
1238 return rmdir_one(root, arg_entry_token);
1239 }
1240
1241 static int remove_binaries(const char *esp_path) {
1242 const char *p;
1243 int r, q;
1244
1245 p = prefix_roota(esp_path, "/EFI/systemd");
1246 r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
1247
1248 q = remove_boot_efi(esp_path);
1249 if (q < 0 && r == 0)
1250 r = q;
1251
1252 return r;
1253 }
1254
1255 static int remove_file(const char *root, const char *file) {
1256 const char *p;
1257
1258 assert(root);
1259 assert(file);
1260
1261 p = prefix_roota(root, file);
1262 if (unlink(p) < 0) {
1263 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
1264 "Failed to unlink file \"%s\": %m", p);
1265
1266 return errno == ENOENT ? 0 : -errno;
1267 }
1268
1269 log_info("Removed \"%s\".", p);
1270 return 1;
1271 }
1272
1273 static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
1274 uint16_t slot;
1275 int r;
1276
1277 if (arg_root || !is_efi_boot())
1278 return 0;
1279
1280 r = find_slot(uuid, path, &slot);
1281 if (r != 1)
1282 return 0;
1283
1284 r = efi_remove_boot_option(slot);
1285 if (r < 0)
1286 return r;
1287
1288 if (in_order)
1289 return remove_from_order(slot);
1290
1291 return 0;
1292 }
1293
1294 static int remove_loader_variables(void) {
1295 int r = 0;
1296
1297 /* Remove all persistent loader variables we define */
1298
1299 FOREACH_STRING(var,
1300 EFI_LOADER_VARIABLE(LoaderConfigTimeout),
1301 EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot),
1302 EFI_LOADER_VARIABLE(LoaderEntryDefault),
1303 EFI_LOADER_VARIABLE(LoaderEntryOneShot),
1304 EFI_LOADER_VARIABLE(LoaderSystemToken)){
1305
1306 int q;
1307
1308 q = efi_set_variable(var, NULL, 0);
1309 if (q == -ENOENT)
1310 continue;
1311 if (q < 0) {
1312 log_warning_errno(q, "Failed to remove EFI variable %s: %m", var);
1313 if (r >= 0)
1314 r = q;
1315 } else
1316 log_info("Removed EFI variable %s.", var);
1317 }
1318
1319 return r;
1320 }
1321
1322 static int install_loader_config(const char *esp_path) {
1323 _cleanup_(unlink_and_freep) char *t = NULL;
1324 _cleanup_fclose_ FILE *f = NULL;
1325 const char *p;
1326 int r;
1327
1328 assert(arg_make_entry_directory >= 0);
1329
1330 p = prefix_roota(esp_path, "/loader/loader.conf");
1331 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
1332 return 0;
1333
1334 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
1335 if (r < 0)
1336 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
1337
1338 fprintf(f, "#timeout 3\n"
1339 "#console-mode keep\n");
1340
1341 if (arg_make_entry_directory) {
1342 assert(arg_entry_token);
1343 fprintf(f, "default %s-*\n", arg_entry_token);
1344 }
1345
1346 r = flink_tmpfile(f, t, p);
1347 if (r == -EEXIST)
1348 return 0; /* Silently skip creation if the file exists now (recheck) */
1349 if (r < 0)
1350 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
1351
1352 t = mfree(t);
1353 return 1;
1354 }
1355
1356 static int install_loader_specification(const char *root) {
1357 _cleanup_(unlink_and_freep) char *t = NULL;
1358 _cleanup_fclose_ FILE *f = NULL;
1359 _cleanup_free_ char *p = NULL;
1360 int r;
1361
1362 p = path_join(root, "/loader/entries.srel");
1363 if (!p)
1364 return log_oom();
1365
1366 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
1367 return 0;
1368
1369 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
1370 if (r < 0)
1371 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
1372
1373 fprintf(f, "type1\n");
1374
1375 r = flink_tmpfile(f, t, p);
1376 if (r == -EEXIST)
1377 return 0; /* Silently skip creation if the file exists now (recheck) */
1378 if (r < 0)
1379 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
1380
1381 t = mfree(t);
1382 return 1;
1383 }
1384
1385 static int install_entry_directory(const char *root) {
1386 assert(root);
1387 assert(arg_make_entry_directory >= 0);
1388
1389 if (!arg_make_entry_directory)
1390 return 0;
1391
1392 assert(arg_entry_token);
1393 return mkdir_one(root, arg_entry_token);
1394 }
1395
1396 static int install_entry_token(void) {
1397 int r;
1398
1399 assert(arg_make_entry_directory >= 0);
1400 assert(arg_entry_token);
1401
1402 /* Let's save the used entry token in /etc/kernel/entry-token if we used it to create the entry
1403 * directory, or if anything else but the machine ID */
1404
1405 if (!arg_make_entry_directory && arg_entry_token_type == ARG_ENTRY_TOKEN_MACHINE_ID)
1406 return 0;
1407
1408 r = write_string_file("/etc/kernel/entry-token", arg_entry_token, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_MKDIR_0755);
1409 if (r < 0)
1410 return log_error_errno(r, "Failed to write entry token '%s' to /etc/kernel/entry-token", arg_entry_token);
1411
1412 return 0;
1413 }
1414
1415 static int help(int argc, char *argv[], void *userdata) {
1416 _cleanup_free_ char *link = NULL;
1417 int r;
1418
1419 r = terminal_urlify_man("bootctl", "1", &link);
1420 if (r < 0)
1421 return log_oom();
1422
1423 printf("%1$s [OPTIONS...] COMMAND ...\n"
1424 "\n%5$sControl EFI firmware boot settings and manage boot loader.%6$s\n"
1425 "\n%3$sGeneric EFI Firmware/Boot Loader Commands:%4$s\n"
1426 " status Show status of installed boot loader and EFI variables\n"
1427 " reboot-to-firmware [BOOL]\n"
1428 " Query or set reboot-to-firmware EFI flag\n"
1429 " systemd-efi-options [STRING]\n"
1430 " Query or set system options string in EFI variable\n"
1431 "\n%3$sBoot Loader Specification Commands:%4$s\n"
1432 " list List boot loader entries\n"
1433 " set-default ID Set default boot loader entry\n"
1434 " set-oneshot ID Set default boot loader entry, for next boot only\n"
1435 " set-timeout SECONDS Set the menu timeout\n"
1436 " set-timeout-oneshot SECONDS\n"
1437 " Set the menu timeout for the next boot only\n"
1438 "\n%3$ssystemd-boot Commands:%4$s\n"
1439 " install Install systemd-boot to the ESP and EFI variables\n"
1440 " update Update systemd-boot in the ESP and EFI variables\n"
1441 " remove Remove systemd-boot from the ESP and EFI variables\n"
1442 " is-installed Test whether systemd-boot is installed in the ESP\n"
1443 " random-seed Initialize random seed in ESP and EFI variables\n"
1444 "\n%3$sOptions:%4$s\n"
1445 " -h --help Show this help\n"
1446 " --version Print version\n"
1447 " --esp-path=PATH Path to the EFI System Partition (ESP)\n"
1448 " --boot-path=PATH Path to the $BOOT partition\n"
1449 " --root=PATH Operate on an alternate filesystem root\n"
1450 " --image=PATH Operate on disk image as filesystem root\n"
1451 " --install-source=auto|image|host\n"
1452 " Where to pick files when using --root=/--image=\n"
1453 " -p --print-esp-path Print path to the EFI System Partition\n"
1454 " -x --print-boot-path Print path to the $BOOT partition\n"
1455 " --no-variables Don't touch EFI variables\n"
1456 " --no-pager Do not pipe output into a pager\n"
1457 " --graceful Don't fail when the ESP cannot be found or EFI\n"
1458 " variables cannot be written\n"
1459 " -q --quiet Suppress output\n"
1460 " --make-entry-directory=yes|no|auto\n"
1461 " Create $BOOT/ENTRY-TOKEN/ directory\n"
1462 " --entry-token=machine-id|os-id|os-image-id|auto|literal:…\n"
1463 " Entry token to use for this installation\n"
1464 " --json=pretty|short|off\n"
1465 " Generate JSON output\n"
1466 " --all-architectures\n"
1467 " Install all supported EFI architectures\n"
1468 "\nSee the %2$s for details.\n",
1469 program_invocation_short_name,
1470 link,
1471 ansi_underline(),
1472 ansi_normal(),
1473 ansi_highlight(),
1474 ansi_normal());
1475
1476 return 0;
1477 }
1478
1479 static int parse_argv(int argc, char *argv[]) {
1480 enum {
1481 ARG_ESP_PATH = 0x100,
1482 ARG_BOOT_PATH,
1483 ARG_ROOT,
1484 ARG_IMAGE,
1485 ARG_INSTALL_SOURCE,
1486 ARG_VERSION,
1487 ARG_NO_VARIABLES,
1488 ARG_NO_PAGER,
1489 ARG_GRACEFUL,
1490 ARG_MAKE_ENTRY_DIRECTORY,
1491 ARG_ENTRY_TOKEN,
1492 ARG_JSON,
1493 ARG_ARCH_ALL,
1494 };
1495
1496 static const struct option options[] = {
1497 { "help", no_argument, NULL, 'h' },
1498 { "version", no_argument, NULL, ARG_VERSION },
1499 { "esp-path", required_argument, NULL, ARG_ESP_PATH },
1500 { "path", required_argument, NULL, ARG_ESP_PATH }, /* Compatibility alias */
1501 { "boot-path", required_argument, NULL, ARG_BOOT_PATH },
1502 { "root", required_argument, NULL, ARG_ROOT },
1503 { "image", required_argument, NULL, ARG_IMAGE },
1504 { "install-source", required_argument, NULL, ARG_INSTALL_SOURCE },
1505 { "print-esp-path", no_argument, NULL, 'p' },
1506 { "print-path", no_argument, NULL, 'p' }, /* Compatibility alias */
1507 { "print-boot-path", no_argument, NULL, 'x' },
1508 { "no-variables", no_argument, NULL, ARG_NO_VARIABLES },
1509 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
1510 { "graceful", no_argument, NULL, ARG_GRACEFUL },
1511 { "quiet", no_argument, NULL, 'q' },
1512 { "make-entry-directory", required_argument, NULL, ARG_MAKE_ENTRY_DIRECTORY },
1513 { "make-machine-id-directory", required_argument, NULL, ARG_MAKE_ENTRY_DIRECTORY }, /* Compatibility alias */
1514 { "entry-token", required_argument, NULL, ARG_ENTRY_TOKEN },
1515 { "json", required_argument, NULL, ARG_JSON },
1516 { "all-architectures", no_argument, NULL, ARG_ARCH_ALL },
1517 {}
1518 };
1519
1520 int c, r;
1521 bool b;
1522
1523 assert(argc >= 0);
1524 assert(argv);
1525
1526 while ((c = getopt_long(argc, argv, "hpx", options, NULL)) >= 0)
1527 switch (c) {
1528
1529 case 'h':
1530 help(0, NULL, NULL);
1531 return 0;
1532
1533 case ARG_VERSION:
1534 return version();
1535
1536 case ARG_ESP_PATH:
1537 r = free_and_strdup(&arg_esp_path, optarg);
1538 if (r < 0)
1539 return log_oom();
1540 break;
1541
1542 case ARG_BOOT_PATH:
1543 r = free_and_strdup(&arg_xbootldr_path, optarg);
1544 if (r < 0)
1545 return log_oom();
1546 break;
1547
1548 case ARG_ROOT:
1549 r = parse_path_argument(optarg, /* suppress_root= */ true, &arg_root);
1550 if (r < 0)
1551 return r;
1552 break;
1553
1554 case ARG_IMAGE:
1555 r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_image);
1556 if (r < 0)
1557 return r;
1558 break;
1559
1560 case ARG_INSTALL_SOURCE:
1561 if (streq(optarg, "auto"))
1562 arg_install_source = ARG_INSTALL_SOURCE_AUTO;
1563 else if (streq(optarg, "image"))
1564 arg_install_source = ARG_INSTALL_SOURCE_IMAGE;
1565 else if (streq(optarg, "host"))
1566 arg_install_source = ARG_INSTALL_SOURCE_HOST;
1567 else
1568 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1569 "Unexpected parameter for --install-source=: %s", optarg);
1570
1571 break;
1572
1573 case 'p':
1574 if (arg_print_dollar_boot_path)
1575 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1576 "--print-boot-path/-x cannot be combined with --print-esp-path/-p");
1577 arg_print_esp_path = true;
1578 break;
1579
1580 case 'x':
1581 if (arg_print_esp_path)
1582 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1583 "--print-boot-path/-x cannot be combined with --print-esp-path/-p");
1584 arg_print_dollar_boot_path = true;
1585 break;
1586
1587 case ARG_NO_VARIABLES:
1588 arg_touch_variables = false;
1589 break;
1590
1591 case ARG_NO_PAGER:
1592 arg_pager_flags |= PAGER_DISABLE;
1593 break;
1594
1595 case ARG_GRACEFUL:
1596 arg_graceful = true;
1597 break;
1598
1599 case 'q':
1600 arg_quiet = true;
1601 break;
1602
1603 case ARG_ENTRY_TOKEN: {
1604 const char *e;
1605
1606 if (streq(optarg, "machine-id")) {
1607 arg_entry_token_type = ARG_ENTRY_TOKEN_MACHINE_ID;
1608 arg_entry_token = mfree(arg_entry_token);
1609 } else if (streq(optarg, "os-image-id")) {
1610 arg_entry_token_type = ARG_ENTRY_TOKEN_OS_IMAGE_ID;
1611 arg_entry_token = mfree(arg_entry_token);
1612 } else if (streq(optarg, "os-id")) {
1613 arg_entry_token_type = ARG_ENTRY_TOKEN_OS_ID;
1614 arg_entry_token = mfree(arg_entry_token);
1615 } else if ((e = startswith(optarg, "literal:"))) {
1616 arg_entry_token_type = ARG_ENTRY_TOKEN_LITERAL;
1617
1618 r = free_and_strdup_warn(&arg_entry_token, e);
1619 if (r < 0)
1620 return r;
1621 } else
1622 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1623 "Unexpected parameter for --entry-token=: %s", optarg);
1624
1625 break;
1626 }
1627
1628 case ARG_MAKE_ENTRY_DIRECTORY:
1629 if (streq(optarg, "auto")) /* retained for backwards compatibility */
1630 arg_make_entry_directory = -1; /* yes if machine-id is permanent */
1631 else {
1632 r = parse_boolean_argument("--make-entry-directory=", optarg, &b);
1633 if (r < 0)
1634 return r;
1635
1636 arg_make_entry_directory = b;
1637 }
1638 break;
1639
1640 case ARG_JSON:
1641 r = parse_json_argument(optarg, &arg_json_format_flags);
1642 if (r <= 0)
1643 return r;
1644 break;
1645
1646 case ARG_ARCH_ALL:
1647 arg_arch_all = true;
1648 break;
1649
1650 case '?':
1651 return -EINVAL;
1652
1653 default:
1654 assert_not_reached();
1655 }
1656
1657 if ((arg_root || arg_image) && argv[optind] && !STR_IN_SET(argv[optind], "status", "list",
1658 "install", "update", "remove", "is-installed", "random-seed"))
1659 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1660 "Options --root= and --image= are not supported with verb %s.",
1661 argv[optind]);
1662
1663 if (arg_root && arg_image)
1664 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
1665
1666 if (arg_install_source != ARG_INSTALL_SOURCE_AUTO && !arg_root && !arg_image)
1667 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--install-from-host is only supported with --root= or --image=.");
1668
1669 return 1;
1670 }
1671
1672 static void read_efi_var(const char *variable, char **ret) {
1673 int r;
1674
1675 r = efi_get_variable_string(variable, ret);
1676 if (r < 0 && r != -ENOENT)
1677 log_warning_errno(r, "Failed to read EFI variable %s: %m", variable);
1678 }
1679
1680 static void print_yes_no_line(bool first, bool good, const char *name) {
1681 printf("%s%s %s\n",
1682 first ? " Features: " : " ",
1683 COLOR_MARK_BOOL(good),
1684 name);
1685 }
1686
1687 static int are_we_installed(const char *esp_path) {
1688 int r;
1689
1690 /* Tests whether systemd-boot is installed. It's not obvious what to use as check here: we could
1691 * check EFI variables, we could check what binary /EFI/BOOT/BOOT*.EFI points to, or whether the
1692 * loader entries directory exists. Here we opted to check whether /EFI/systemd/ is non-empty, which
1693 * should be a suitable and very minimal check for a number of reasons:
1694 *
1695 * → The check is architecture independent (i.e. we check if any systemd-boot loader is installed,
1696 * not a specific one.)
1697 *
1698 * → It doesn't assume we are the only boot loader (i.e doesn't check if we own the main
1699 * /EFI/BOOT/BOOT*.EFI fallback binary.
1700 *
1701 * → It specifically checks for systemd-boot, not for other boot loaders (which a check for
1702 * /boot/loader/entries would do). */
1703
1704 _cleanup_free_ char *p = path_join(esp_path, "/EFI/systemd/");
1705 if (!p)
1706 return log_oom();
1707
1708 log_debug("Checking whether %s contains any files%s", p, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
1709 r = dir_is_empty(p, /* ignore_hidden_or_backup= */ false);
1710 if (r < 0 && r != -ENOENT)
1711 return log_error_errno(r, "Failed to check whether %s contains any files: %m", p);
1712
1713 return r == 0;
1714 }
1715
1716 static int verb_status(int argc, char *argv[], void *userdata) {
1717 sd_id128_t esp_uuid = SD_ID128_NULL, xbootldr_uuid = SD_ID128_NULL;
1718 dev_t esp_devid = 0, xbootldr_devid = 0;
1719 int r, k;
1720
1721 r = acquire_esp(/* unprivileged_mode= */ geteuid() != 0, /* graceful= */ false, NULL, NULL, NULL, &esp_uuid, &esp_devid);
1722 if (arg_print_esp_path) {
1723 if (r == -EACCES) /* If we couldn't acquire the ESP path, log about access errors (which is the only
1724 * error the find_esp_and_warn() won't log on its own) */
1725 return log_error_errno(r, "Failed to determine ESP location: %m");
1726 if (r < 0)
1727 return r;
1728
1729 puts(arg_esp_path);
1730 }
1731
1732 r = acquire_xbootldr(/* unprivileged_mode= */ geteuid() != 0, &xbootldr_uuid, &xbootldr_devid);
1733 if (arg_print_dollar_boot_path) {
1734 if (r == -EACCES)
1735 return log_error_errno(r, "Failed to determine XBOOTLDR partition: %m");
1736 if (r < 0)
1737 return r;
1738
1739 const char *path = arg_dollar_boot_path();
1740 if (!path)
1741 return log_error_errno(SYNTHETIC_ERRNO(EACCES), "Failed to determine XBOOTLDR location: %m");
1742
1743 puts(path);
1744 }
1745
1746 if (arg_print_esp_path || arg_print_dollar_boot_path)
1747 return 0;
1748
1749 r = 0; /* If we couldn't determine the path, then don't consider that a problem from here on, just
1750 * show what we can show */
1751
1752 pager_open(arg_pager_flags);
1753
1754 if (!arg_root && is_efi_boot()) {
1755 static const struct {
1756 uint64_t flag;
1757 const char *name;
1758 } loader_flags[] = {
1759 { EFI_LOADER_FEATURE_BOOT_COUNTING, "Boot counting" },
1760 { EFI_LOADER_FEATURE_CONFIG_TIMEOUT, "Menu timeout control" },
1761 { EFI_LOADER_FEATURE_CONFIG_TIMEOUT_ONE_SHOT, "One-shot menu timeout control" },
1762 { EFI_LOADER_FEATURE_ENTRY_DEFAULT, "Default entry control" },
1763 { EFI_LOADER_FEATURE_ENTRY_ONESHOT, "One-shot entry control" },
1764 { EFI_LOADER_FEATURE_XBOOTLDR, "Support for XBOOTLDR partition" },
1765 { EFI_LOADER_FEATURE_RANDOM_SEED, "Support for passing random seed to OS" },
1766 { EFI_LOADER_FEATURE_LOAD_DRIVER, "Load drop-in drivers" },
1767 { EFI_LOADER_FEATURE_SORT_KEY, "Support Type #1 sort-key field" },
1768 { EFI_LOADER_FEATURE_SAVED_ENTRY, "Support @saved pseudo-entry" },
1769 { EFI_LOADER_FEATURE_DEVICETREE, "Support Type #1 devicetree field" },
1770 };
1771 static const struct {
1772 uint64_t flag;
1773 const char *name;
1774 } stub_flags[] = {
1775 { EFI_STUB_FEATURE_REPORT_BOOT_PARTITION, "Stub sets ESP information" },
1776 { EFI_STUB_FEATURE_PICK_UP_CREDENTIALS, "Picks up credentials from boot partition" },
1777 { EFI_STUB_FEATURE_PICK_UP_SYSEXTS, "Picks up system extension images from boot partition" },
1778 { EFI_STUB_FEATURE_THREE_PCRS, "Measures kernel+command line+sysexts" },
1779 };
1780 _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL;
1781 sd_id128_t loader_part_uuid = SD_ID128_NULL;
1782 uint64_t loader_features = 0, stub_features = 0;
1783 Tpm2Support s;
1784 int have;
1785
1786 read_efi_var(EFI_LOADER_VARIABLE(LoaderFirmwareType), &fw_type);
1787 read_efi_var(EFI_LOADER_VARIABLE(LoaderFirmwareInfo), &fw_info);
1788 read_efi_var(EFI_LOADER_VARIABLE(LoaderInfo), &loader);
1789 read_efi_var(EFI_LOADER_VARIABLE(StubInfo), &stub);
1790 read_efi_var(EFI_LOADER_VARIABLE(LoaderImageIdentifier), &loader_path);
1791 (void) efi_loader_get_features(&loader_features);
1792 (void) efi_stub_get_features(&stub_features);
1793
1794 if (loader_path)
1795 efi_tilt_backslashes(loader_path);
1796
1797 k = efi_loader_get_device_part_uuid(&loader_part_uuid);
1798 if (k < 0 && k != -ENOENT)
1799 r = log_warning_errno(k, "Failed to read EFI variable LoaderDevicePartUUID: %m");
1800
1801 SecureBootMode secure = efi_get_secure_boot_mode();
1802 printf("%sSystem:%s\n", ansi_underline(), ansi_normal());
1803 printf(" Firmware: %s%s (%s)%s\n", ansi_highlight(), strna(fw_type), strna(fw_info), ansi_normal());
1804 printf(" Firmware Arch: %s\n", get_efi_arch());
1805 printf(" Secure Boot: %sd (%s)\n",
1806 enable_disable(IN_SET(secure, SECURE_BOOT_USER, SECURE_BOOT_DEPLOYED)),
1807 secure_boot_mode_to_string(secure));
1808
1809 s = tpm2_support();
1810 printf(" TPM2 Support: %s%s%s\n",
1811 FLAGS_SET(s, TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER) ? ansi_highlight_green() :
1812 (s & (TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER)) != 0 ? ansi_highlight_red() : ansi_highlight_yellow(),
1813 FLAGS_SET(s, TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER) ? "yes" :
1814 (s & TPM2_SUPPORT_FIRMWARE) ? "firmware only, driver unavailable" :
1815 (s & TPM2_SUPPORT_DRIVER) ? "driver only, firmware unavailable" : "no",
1816 ansi_normal());
1817
1818 k = efi_get_reboot_to_firmware();
1819 if (k > 0)
1820 printf(" Boot into FW: %sactive%s\n", ansi_highlight_yellow(), ansi_normal());
1821 else if (k == 0)
1822 printf(" Boot into FW: supported\n");
1823 else if (k == -EOPNOTSUPP)
1824 printf(" Boot into FW: not supported\n");
1825 else {
1826 errno = -k;
1827 printf(" Boot into FW: %sfailed%s (%m)\n", ansi_highlight_red(), ansi_normal());
1828 }
1829 printf("\n");
1830
1831 printf("%sCurrent Boot Loader:%s\n", ansi_underline(), ansi_normal());
1832 printf(" Product: %s%s%s\n", ansi_highlight(), strna(loader), ansi_normal());
1833
1834 for (size_t i = 0; i < ELEMENTSOF(loader_flags); i++)
1835 print_yes_no_line(i == 0, FLAGS_SET(loader_features, loader_flags[i].flag), loader_flags[i].name);
1836
1837 sd_id128_t bootloader_esp_uuid;
1838 bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0;
1839
1840 print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information");
1841 if (have_bootloader_esp_uuid && !sd_id128_is_null(esp_uuid) &&
1842 !sd_id128_equal(esp_uuid, bootloader_esp_uuid))
1843 printf("WARNING: The boot loader reports a different ESP UUID than detected ("SD_ID128_UUID_FORMAT_STR" vs. "SD_ID128_UUID_FORMAT_STR")!\n",
1844 SD_ID128_FORMAT_VAL(bootloader_esp_uuid),
1845 SD_ID128_FORMAT_VAL(esp_uuid));
1846
1847 if (stub) {
1848 printf(" Stub: %s\n", stub);
1849 for (size_t i = 0; i < ELEMENTSOF(stub_flags); i++)
1850 print_yes_no_line(i == 0, FLAGS_SET(stub_features, stub_flags[i].flag), stub_flags[i].name);
1851 }
1852 if (!sd_id128_is_null(loader_part_uuid))
1853 printf(" ESP: /dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR "\n",
1854 SD_ID128_FORMAT_VAL(loader_part_uuid));
1855 else
1856 printf(" ESP: n/a\n");
1857 printf(" File: %s%s\n", special_glyph(SPECIAL_GLYPH_TREE_RIGHT), strna(loader_path));
1858 printf("\n");
1859
1860 printf("%sRandom Seed:%s\n", ansi_underline(), ansi_normal());
1861 have = access(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderRandomSeed)), F_OK) >= 0;
1862 printf(" Passed to OS: %s\n", yes_no(have));
1863 have = access(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderSystemToken)), F_OK) >= 0;
1864 printf(" System Token: %s\n", have ? "set" : "not set");
1865
1866 if (arg_esp_path) {
1867 _cleanup_free_ char *p = NULL;
1868
1869 p = path_join(arg_esp_path, "/loader/random-seed");
1870 if (!p)
1871 return log_oom();
1872
1873 have = access(p, F_OK) >= 0;
1874 printf(" Exists: %s\n", yes_no(have));
1875 }
1876
1877 printf("\n");
1878 } else
1879 printf("%sSystem:%s\n"
1880 "Not booted with EFI\n\n",
1881 ansi_underline(), ansi_normal());
1882
1883 if (arg_esp_path) {
1884 k = status_binaries(arg_esp_path, esp_uuid);
1885 if (k < 0)
1886 r = k;
1887 }
1888
1889 if (!arg_root && is_efi_boot()) {
1890 k = status_variables();
1891 if (k < 0)
1892 r = k;
1893 }
1894
1895 if (arg_esp_path || arg_xbootldr_path) {
1896 _cleanup_(boot_config_free) BootConfig config = BOOT_CONFIG_NULL;
1897
1898 k = boot_config_load_and_select(&config,
1899 arg_esp_path, esp_devid,
1900 arg_xbootldr_path, xbootldr_devid);
1901 if (k < 0)
1902 r = k;
1903 else {
1904 k = status_entries(&config,
1905 arg_esp_path, esp_uuid,
1906 arg_xbootldr_path, xbootldr_uuid);
1907 if (k < 0)
1908 r = k;
1909 }
1910 }
1911
1912 return r;
1913 }
1914
1915 static int verb_list(int argc, char *argv[], void *userdata) {
1916 _cleanup_(boot_config_free) BootConfig config = BOOT_CONFIG_NULL;
1917 dev_t esp_devid = 0, xbootldr_devid = 0;
1918 int r;
1919
1920 /* If we lack privileges we invoke find_esp_and_warn() in "unprivileged mode" here, which does two
1921 * things: turn off logging about access errors and turn off potentially privileged device probing.
1922 * Here we're interested in the latter but not the former, hence request the mode, and log about
1923 * EACCES. */
1924
1925 r = acquire_esp(/* unprivileged_mode= */ geteuid() != 0, /* graceful= */ false, NULL, NULL, NULL, NULL, &esp_devid);
1926 if (r == -EACCES) /* We really need the ESP path for this call, hence also log about access errors */
1927 return log_error_errno(r, "Failed to determine ESP location: %m");
1928 if (r < 0)
1929 return r;
1930
1931 r = acquire_xbootldr(/* unprivileged_mode= */ geteuid() != 0, NULL, &xbootldr_devid);
1932 if (r == -EACCES)
1933 return log_error_errno(r, "Failed to determine XBOOTLDR partition: %m");
1934 if (r < 0)
1935 return r;
1936
1937 r = boot_config_load_and_select(&config, arg_esp_path, esp_devid, arg_xbootldr_path, xbootldr_devid);
1938 if (r < 0)
1939 return r;
1940
1941 if (config.n_entries == 0 && FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) {
1942 log_info("No boot loader entries found.");
1943 return 0;
1944 }
1945
1946 pager_open(arg_pager_flags);
1947 return show_boot_entries(&config, arg_json_format_flags);
1948 }
1949
1950 static int install_random_seed(const char *esp) {
1951 _cleanup_(unlink_and_freep) char *tmp = NULL;
1952 _cleanup_free_ void *buffer = NULL;
1953 _cleanup_free_ char *path = NULL;
1954 _cleanup_close_ int fd = -1;
1955 size_t sz, token_size;
1956 ssize_t n;
1957 int r;
1958
1959 assert(esp);
1960
1961 path = path_join(esp, "/loader/random-seed");
1962 if (!path)
1963 return log_oom();
1964
1965 sz = random_pool_size();
1966
1967 buffer = malloc(sz);
1968 if (!buffer)
1969 return log_oom();
1970
1971 r = crypto_random_bytes(buffer, sz);
1972 if (r < 0)
1973 return log_error_errno(r, "Failed to acquire random seed: %m");
1974
1975 /* Normally create_subdirs() should already have created everything we need, but in case "bootctl
1976 * random-seed" is called we want to just create the minimum we need for it, and not the full
1977 * list. */
1978 r = mkdir_parents(path, 0755);
1979 if (r < 0)
1980 return log_error_errno(r, "Failed to create parent directory for %s: %m", path);
1981
1982 r = tempfn_random(path, "bootctl", &tmp);
1983 if (r < 0)
1984 return log_oom();
1985
1986 fd = open(tmp, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
1987 if (fd < 0) {
1988 tmp = mfree(tmp);
1989 return log_error_errno(fd, "Failed to open random seed file for writing: %m");
1990 }
1991
1992 n = write(fd, buffer, sz);
1993 if (n < 0)
1994 return log_error_errno(errno, "Failed to write random seed file: %m");
1995 if ((size_t) n != sz)
1996 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Short write while writing random seed file.");
1997
1998 if (rename(tmp, path) < 0)
1999 return log_error_errno(r, "Failed to move random seed file into place: %m");
2000
2001 tmp = mfree(tmp);
2002
2003 log_info("Random seed file %s successfully written (%zu bytes).", path, sz);
2004
2005 if (!arg_touch_variables)
2006 return 0;
2007
2008 if (!is_efi_boot()) {
2009 log_notice("Not booted with EFI, skipping EFI variable setup.");
2010 return 0;
2011 }
2012
2013 if (arg_root) {
2014 log_warning("Acting on %s, skipping EFI variable setup.",
2015 arg_image ? "image" : "root directory");
2016 return 0;
2017 }
2018
2019 r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
2020 if (r < 0) {
2021 if (r != -ENXIO)
2022 log_warning_errno(r, "Failed to parse $SYSTEMD_WRITE_SYSTEM_TOKEN, ignoring.");
2023
2024 if (detect_vm() > 0) {
2025 /* Let's not write a system token if we detect we are running in a VM
2026 * environment. Why? Our default security model for the random seed uses the system
2027 * token as a mechanism to ensure we are not vulnerable to golden master sloppiness
2028 * issues, i.e. that people initialize the random seed file, then copy the image to
2029 * many systems and end up with the same random seed in each that is assumed to be
2030 * valid but in reality is the same for all machines. By storing a system token in
2031 * the EFI variable space we can make sure that even though the random seeds on disk
2032 * are all the same they will be different on each system under the assumption that
2033 * the EFI variable space is maintained separate from the random seed storage. That
2034 * is generally the case on physical systems, as the ESP is stored on persistent
2035 * storage, and the EFI variables in NVRAM. However in virtualized environments this
2036 * is generally not true: the EFI variable set is typically stored along with the
2037 * disk image itself. For example, using the OVMF EFI firmware the EFI variables are
2038 * stored in a file in the ESP itself. */
2039
2040 log_notice("Not installing system token, since we are running in a virtualized environment.");
2041 return 0;
2042 }
2043 } else if (r == 0) {
2044 log_notice("Not writing system token, because $SYSTEMD_WRITE_SYSTEM_TOKEN is set to false.");
2045 return 0;
2046 }
2047
2048 r = efi_get_variable(EFI_LOADER_VARIABLE(LoaderSystemToken), NULL, NULL, &token_size);
2049 if (r == -ENODATA)
2050 log_debug_errno(r, "LoaderSystemToken EFI variable is invalid (too short?), replacing.");
2051 else if (r < 0) {
2052 if (r != -ENOENT)
2053 return log_error_errno(r, "Failed to test system token validity: %m");
2054 } else {
2055 if (token_size >= sz) {
2056 /* Let's avoid writes if we can, and initialize this only once. */
2057 log_debug("System token already written, not updating.");
2058 return 0;
2059 }
2060
2061 log_debug("Existing system token size (%zu) does not match our expectations (%zu), replacing.", token_size, sz);
2062 }
2063
2064 r = crypto_random_bytes(buffer, sz);
2065 if (r < 0)
2066 return log_error_errno(r, "Failed to acquire random seed: %m");
2067
2068 /* Let's write this variable with an umask in effect, so that unprivileged users can't see the token
2069 * and possibly get identification information or too much insight into the kernel's entropy pool
2070 * state. */
2071 RUN_WITH_UMASK(0077) {
2072 r = efi_set_variable(EFI_LOADER_VARIABLE(LoaderSystemToken), buffer, sz);
2073 if (r < 0) {
2074 if (!arg_graceful)
2075 return log_error_errno(r, "Failed to write 'LoaderSystemToken' EFI variable: %m");
2076
2077 if (r == -EINVAL)
2078 log_warning_errno(r, "Unable to write 'LoaderSystemToken' EFI variable (firmware problem?), ignoring: %m");
2079 else
2080 log_warning_errno(r, "Unable to write 'LoaderSystemToken' EFI variable, ignoring: %m");
2081 } else
2082 log_info("Successfully initialized system token in EFI variable with %zu bytes.", sz);
2083 }
2084
2085 return 0;
2086 }
2087
2088 static int sync_everything(void) {
2089 int ret = 0, k;
2090
2091 if (arg_esp_path) {
2092 k = syncfs_path(AT_FDCWD, arg_esp_path);
2093 if (k < 0)
2094 ret = log_error_errno(k, "Failed to synchronize the ESP '%s': %m", arg_esp_path);
2095 }
2096
2097 if (arg_xbootldr_path) {
2098 k = syncfs_path(AT_FDCWD, arg_xbootldr_path);
2099 if (k < 0)
2100 ret = log_error_errno(k, "Failed to synchronize $BOOT '%s': %m", arg_xbootldr_path);
2101 }
2102
2103 return ret;
2104 }
2105
2106 static int verb_install(int argc, char *argv[], void *userdata) {
2107 sd_id128_t uuid = SD_ID128_NULL;
2108 uint64_t pstart = 0, psize = 0;
2109 uint32_t part = 0;
2110 bool install, graceful;
2111 int r;
2112
2113 /* Invoked for both "update" and "install" */
2114
2115 install = streq(argv[0], "install");
2116 graceful = !install && arg_graceful; /* support graceful mode for updates */
2117
2118 r = acquire_esp(/* unprivileged_mode= */ false, graceful, &part, &pstart, &psize, &uuid, NULL);
2119 if (graceful && r == -ENOKEY)
2120 return 0; /* If --graceful is specified and we can't find an ESP, handle this cleanly */
2121 if (r < 0)
2122 return r;
2123
2124 if (!install) {
2125 /* If we are updating, don't do anything if sd-boot wasn't actually installed. */
2126 r = are_we_installed(arg_esp_path);
2127 if (r < 0)
2128 return r;
2129 if (r == 0) {
2130 log_debug("Skipping update because sd-boot is not installed in the ESP.");
2131 return 0;
2132 }
2133 }
2134
2135 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
2136 if (r < 0)
2137 return r;
2138
2139 r = settle_make_entry_directory();
2140 if (r < 0)
2141 return r;
2142
2143 const char *arch = arg_arch_all ? "" : get_efi_arch();
2144
2145 RUN_WITH_UMASK(0002) {
2146 if (install) {
2147 /* Don't create any of these directories when we are just updating. When we update
2148 * we'll drop-in our files (unless there are newer ones already), but we won't create
2149 * the directories for them in the first place. */
2150 r = create_subdirs(arg_esp_path, esp_subdirs);
2151 if (r < 0)
2152 return r;
2153
2154 r = create_subdirs(arg_dollar_boot_path(), dollar_boot_subdirs);
2155 if (r < 0)
2156 return r;
2157 }
2158
2159 r = install_binaries(arg_esp_path, arch, install);
2160 if (r < 0)
2161 return r;
2162
2163 if (install) {
2164 r = install_loader_config(arg_esp_path);
2165 if (r < 0)
2166 return r;
2167
2168 r = install_entry_directory(arg_dollar_boot_path());
2169 if (r < 0)
2170 return r;
2171
2172 r = install_entry_token();
2173 if (r < 0)
2174 return r;
2175
2176 r = install_random_seed(arg_esp_path);
2177 if (r < 0)
2178 return r;
2179 }
2180
2181 r = install_loader_specification(arg_dollar_boot_path());
2182 if (r < 0)
2183 return r;
2184 }
2185
2186 (void) sync_everything();
2187
2188 if (!arg_touch_variables)
2189 return 0;
2190
2191 if (arg_arch_all) {
2192 log_info("Not changing EFI variables with --all-architectures.");
2193 return 0;
2194 }
2195
2196 char *path = strjoina("/EFI/systemd/systemd-boot", arch, ".efi");
2197 return install_variables(arg_esp_path, part, pstart, psize, uuid, path, install);
2198 }
2199
2200 static int verb_remove(int argc, char *argv[], void *userdata) {
2201 sd_id128_t uuid = SD_ID128_NULL;
2202 int r, q;
2203
2204 r = acquire_esp(/* unprivileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, &uuid, NULL);
2205 if (r < 0)
2206 return r;
2207
2208 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
2209 if (r < 0)
2210 return r;
2211
2212 r = settle_make_entry_directory();
2213 if (r < 0)
2214 return r;
2215
2216 r = remove_binaries(arg_esp_path);
2217
2218 q = remove_file(arg_esp_path, "/loader/loader.conf");
2219 if (q < 0 && r >= 0)
2220 r = q;
2221
2222 q = remove_file(arg_esp_path, "/loader/random-seed");
2223 if (q < 0 && r >= 0)
2224 r = q;
2225
2226 q = remove_file(arg_esp_path, "/loader/entries.srel");
2227 if (q < 0 && r >= 0)
2228 r = q;
2229
2230 q = remove_subdirs(arg_esp_path, esp_subdirs);
2231 if (q < 0 && r >= 0)
2232 r = q;
2233
2234 q = remove_subdirs(arg_esp_path, dollar_boot_subdirs);
2235 if (q < 0 && r >= 0)
2236 r = q;
2237
2238 q = remove_entry_directory(arg_esp_path);
2239 if (q < 0 && r >= 0)
2240 r = q;
2241
2242 if (arg_xbootldr_path) {
2243 /* Remove a subset of these also from the XBOOTLDR partition if it exists */
2244
2245 q = remove_file(arg_xbootldr_path, "/loader/entries.srel");
2246 if (q < 0 && r >= 0)
2247 r = q;
2248
2249 q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
2250 if (q < 0 && r >= 0)
2251 r = q;
2252
2253 q = remove_entry_directory(arg_xbootldr_path);
2254 if (q < 0 && r >= 0)
2255 r = q;
2256 }
2257
2258 (void) sync_everything();
2259
2260 if (!arg_touch_variables)
2261 return r;
2262
2263 if (arg_arch_all) {
2264 log_info("Not changing EFI variables with --all-architectures.");
2265 return r;
2266 }
2267
2268 char *path = strjoina("/EFI/systemd/systemd-boot", get_efi_arch(), ".efi");
2269 q = remove_variables(uuid, path, true);
2270 if (q < 0 && r >= 0)
2271 r = q;
2272
2273 q = remove_loader_variables();
2274 if (q < 0 && r >= 0)
2275 r = q;
2276
2277 return r;
2278 }
2279
2280 static int verb_is_installed(int argc, char *argv[], void *userdata) {
2281 int r;
2282
2283 r = acquire_esp(/* privileged_mode= */ false,
2284 /* graceful= */ arg_graceful,
2285 NULL, NULL, NULL, NULL, NULL);
2286 if (r < 0)
2287 return r;
2288
2289 r = are_we_installed(arg_esp_path);
2290 if (r < 0)
2291 return r;
2292
2293 if (r > 0) {
2294 if (!arg_quiet)
2295 puts("yes");
2296 return EXIT_SUCCESS;
2297 } else {
2298 if (!arg_quiet)
2299 puts("no");
2300 return EXIT_FAILURE;
2301 }
2302 }
2303
2304 static int parse_timeout(const char *arg1, char16_t **ret_timeout, size_t *ret_timeout_size) {
2305 char utf8[DECIMAL_STR_MAX(usec_t)];
2306 char16_t *encoded;
2307 usec_t timeout;
2308 int r;
2309
2310 assert(arg1);
2311 assert(ret_timeout);
2312 assert(ret_timeout_size);
2313
2314 if (streq(arg1, "menu-force"))
2315 timeout = USEC_INFINITY;
2316 else if (streq(arg1, "menu-hidden"))
2317 timeout = 0;
2318 else {
2319 r = parse_time(arg1, &timeout, USEC_PER_SEC);
2320 if (r < 0)
2321 return log_error_errno(r, "Failed to parse timeout '%s': %m", arg1);
2322 if (timeout != USEC_INFINITY && timeout > UINT32_MAX * USEC_PER_SEC)
2323 log_warning("Timeout is too long and will be treated as 'menu-force' instead.");
2324 }
2325
2326 xsprintf(utf8, USEC_FMT, MIN(timeout / USEC_PER_SEC, UINT32_MAX));
2327
2328 encoded = utf8_to_utf16(utf8, strlen(utf8));
2329 if (!encoded)
2330 return log_oom();
2331
2332 *ret_timeout = encoded;
2333 *ret_timeout_size = char16_strlen(encoded) * 2 + 2;
2334 return 0;
2335 }
2336
2337 static int parse_loader_entry_target_arg(const char *arg1, char16_t **ret_target, size_t *ret_target_size) {
2338 char16_t *encoded = NULL;
2339 int r;
2340
2341 assert(arg1);
2342 assert(ret_target);
2343 assert(ret_target_size);
2344
2345 if (streq(arg1, "@current")) {
2346 r = efi_get_variable(EFI_LOADER_VARIABLE(LoaderEntrySelected), NULL, (void *) ret_target, ret_target_size);
2347 if (r < 0)
2348 return log_error_errno(r, "Failed to get EFI variable 'LoaderEntrySelected': %m");
2349
2350 } else if (streq(arg1, "@oneshot")) {
2351 r = efi_get_variable(EFI_LOADER_VARIABLE(LoaderEntryOneShot), NULL, (void *) ret_target, ret_target_size);
2352 if (r < 0)
2353 return log_error_errno(r, "Failed to get EFI variable 'LoaderEntryOneShot': %m");
2354
2355 } else if (streq(arg1, "@default")) {
2356 r = efi_get_variable(EFI_LOADER_VARIABLE(LoaderEntryDefault), NULL, (void *) ret_target, ret_target_size);
2357 if (r < 0)
2358 return log_error_errno(r, "Failed to get EFI variable 'LoaderEntryDefault': %m");
2359
2360 } else if (arg1[0] == '@' && !streq(arg1, "@saved"))
2361 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unsupported special entry identifier: %s", arg1);
2362 else {
2363 encoded = utf8_to_utf16(arg1, strlen(arg1));
2364 if (!encoded)
2365 return log_oom();
2366
2367 *ret_target = encoded;
2368 *ret_target_size = char16_strlen(encoded) * 2 + 2;
2369 }
2370
2371 return 0;
2372 }
2373
2374 static int verb_set_efivar(int argc, char *argv[], void *userdata) {
2375 int r;
2376
2377 if (arg_root)
2378 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2379 "Acting on %s, skipping EFI variable setup.",
2380 arg_image ? "image" : "root directory");
2381
2382 if (!is_efi_boot())
2383 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2384 "Not booted with UEFI.");
2385
2386 if (access(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderInfo)), F_OK) < 0) {
2387 if (errno == ENOENT) {
2388 log_error_errno(errno, "Not booted with a supported boot loader.");
2389 return -EOPNOTSUPP;
2390 }
2391
2392 return log_error_errno(errno, "Failed to detect whether boot loader supports '%s' operation: %m", argv[0]);
2393 }
2394
2395 if (detect_container() > 0)
2396 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2397 "'%s' operation not supported in a container.",
2398 argv[0]);
2399
2400 if (!arg_touch_variables)
2401 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2402 "'%s' operation cannot be combined with --no-variables.",
2403 argv[0]);
2404
2405 const char *variable;
2406 int (* arg_parser)(const char *, char16_t **, size_t *);
2407
2408 if (streq(argv[0], "set-default")) {
2409 variable = EFI_LOADER_VARIABLE(LoaderEntryDefault);
2410 arg_parser = parse_loader_entry_target_arg;
2411 } else if (streq(argv[0], "set-oneshot")) {
2412 variable = EFI_LOADER_VARIABLE(LoaderEntryOneShot);
2413 arg_parser = parse_loader_entry_target_arg;
2414 } else if (streq(argv[0], "set-timeout")) {
2415 variable = EFI_LOADER_VARIABLE(LoaderConfigTimeout);
2416 arg_parser = parse_timeout;
2417 } else if (streq(argv[0], "set-timeout-oneshot")) {
2418 variable = EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot);
2419 arg_parser = parse_timeout;
2420 } else
2421 assert_not_reached();
2422
2423 if (isempty(argv[1])) {
2424 r = efi_set_variable(variable, NULL, 0);
2425 if (r < 0 && r != -ENOENT)
2426 return log_error_errno(r, "Failed to remove EFI variable '%s': %m", variable);
2427 } else {
2428 _cleanup_free_ char16_t *value = NULL;
2429 size_t value_size = 0;
2430
2431 r = arg_parser(argv[1], &value, &value_size);
2432 if (r < 0)
2433 return r;
2434 r = efi_set_variable(variable, value, value_size);
2435 if (r < 0)
2436 return log_error_errno(r, "Failed to update EFI variable '%s': %m", variable);
2437 }
2438
2439 return 0;
2440 }
2441
2442 static int verb_random_seed(int argc, char *argv[], void *userdata) {
2443 int r;
2444
2445 r = find_esp_and_warn(arg_root, arg_esp_path, false, &arg_esp_path, NULL, NULL, NULL, NULL, NULL);
2446 if (r == -ENOKEY) {
2447 /* find_esp_and_warn() doesn't warn about ENOKEY, so let's do that on our own */
2448 if (!arg_graceful)
2449 return log_error_errno(r, "Unable to find ESP.");
2450
2451 log_notice("No ESP found, not initializing random seed.");
2452 return 0;
2453 }
2454 if (r < 0)
2455 return r;
2456
2457 r = install_random_seed(arg_esp_path);
2458 if (r < 0)
2459 return r;
2460
2461 (void) sync_everything();
2462 return 0;
2463 }
2464
2465 static int verb_systemd_efi_options(int argc, char *argv[], void *userdata) {
2466 int r;
2467
2468 if (argc == 1) {
2469 _cleanup_free_ char *line = NULL, *new = NULL;
2470
2471 r = systemd_efi_options_variable(&line);
2472 if (r == -ENODATA)
2473 log_debug("No SystemdOptions EFI variable present in cache.");
2474 else if (r < 0)
2475 return log_error_errno(r, "Failed to read SystemdOptions EFI variable from cache: %m");
2476 else
2477 puts(line);
2478
2479 r = systemd_efi_options_efivarfs_if_newer(&new);
2480 if (r == -ENODATA) {
2481 if (line)
2482 log_notice("Note: SystemdOptions EFI variable has been removed since boot.");
2483 } else if (r < 0)
2484 log_warning_errno(r, "Failed to check SystemdOptions EFI variable in efivarfs, ignoring: %m");
2485 else if (new && !streq_ptr(line, new))
2486 log_notice("Note: SystemdOptions EFI variable has been modified since boot. New value: %s",
2487 new);
2488 } else {
2489 r = efi_set_variable_string(EFI_SYSTEMD_VARIABLE(SystemdOptions), argv[1]);
2490 if (r < 0)
2491 return log_error_errno(r, "Failed to set SystemdOptions EFI variable: %m");
2492 }
2493
2494 return 0;
2495 }
2496
2497 static int verb_reboot_to_firmware(int argc, char *argv[], void *userdata) {
2498 int r;
2499
2500 if (argc < 2) {
2501 r = efi_get_reboot_to_firmware();
2502 if (r > 0) {
2503 puts("active");
2504 return EXIT_SUCCESS; /* success */
2505 }
2506 if (r == 0) {
2507 puts("supported");
2508 return 1; /* recognizable error #1 */
2509 }
2510 if (r == -EOPNOTSUPP) {
2511 puts("not supported");
2512 return 2; /* recognizable error #2 */
2513 }
2514
2515 log_error_errno(r, "Failed to query reboot-to-firmware state: %m");
2516 return 3; /* other kind of error */
2517 } else {
2518 r = parse_boolean(argv[1]);
2519 if (r < 0)
2520 return log_error_errno(r, "Failed to parse argument: %s", argv[1]);
2521
2522 r = efi_set_reboot_to_firmware(r);
2523 if (r < 0)
2524 return log_error_errno(r, "Failed to set reboot-to-firmware option: %m");
2525
2526 return 0;
2527 }
2528 }
2529
2530 static int bootctl_main(int argc, char *argv[]) {
2531 static const Verb verbs[] = {
2532 { "help", VERB_ANY, VERB_ANY, 0, help },
2533 { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status },
2534 { "install", VERB_ANY, 1, 0, verb_install },
2535 { "update", VERB_ANY, 1, 0, verb_install },
2536 { "remove", VERB_ANY, 1, 0, verb_remove },
2537 { "is-installed", VERB_ANY, 1, 0, verb_is_installed },
2538 { "list", VERB_ANY, 1, 0, verb_list },
2539 { "set-default", 2, 2, 0, verb_set_efivar },
2540 { "set-oneshot", 2, 2, 0, verb_set_efivar },
2541 { "set-timeout", 2, 2, 0, verb_set_efivar },
2542 { "set-timeout-oneshot", 2, 2, 0, verb_set_efivar },
2543 { "random-seed", VERB_ANY, 1, 0, verb_random_seed },
2544 { "systemd-efi-options", VERB_ANY, 2, 0, verb_systemd_efi_options },
2545 { "reboot-to-firmware", VERB_ANY, 2, 0, verb_reboot_to_firmware },
2546 {}
2547 };
2548
2549 return dispatch_verb(argc, argv, verbs, NULL);
2550 }
2551
2552 static int run(int argc, char *argv[]) {
2553 _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
2554 _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
2555 _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
2556 int r;
2557
2558 log_parse_environment();
2559 log_open();
2560
2561 /* If we run in a container, automatically turn off EFI file system access */
2562 if (detect_container() > 0)
2563 arg_touch_variables = false;
2564
2565 r = parse_argv(argc, argv);
2566 if (r <= 0)
2567 return r;
2568
2569 /* Open up and mount the image */
2570 if (arg_image) {
2571 assert(!arg_root);
2572
2573 r = mount_image_privately_interactively(
2574 arg_image,
2575 DISSECT_IMAGE_GENERIC_ROOT |
2576 DISSECT_IMAGE_RELAX_VAR_CHECK,
2577 &unlink_dir,
2578 &loop_device,
2579 &decrypted_image);
2580 if (r < 0)
2581 return r;
2582
2583 arg_root = strdup(unlink_dir);
2584 if (!arg_root)
2585 return log_oom();
2586 }
2587
2588 return bootctl_main(argc, argv);
2589 }
2590
2591 DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
Unnamed repository; edit this file 'description' to name the repository.