1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "alloc-util.h"
5 #include "efi-loader.h"
7 #include "parse-util.h"
16 static int read_usec(const char *variable
, usec_t
*ret
) {
17 _cleanup_free_
char *j
= NULL
;
24 r
= efi_get_variable_string(variable
, &j
);
28 r
= safe_atou64(j
, &x
);
36 int efi_loader_get_boot_usec(usec_t
*ret_firmware
, usec_t
*ret_loader
) {
46 r
= read_usec(EFI_LOADER_VARIABLE(LoaderTimeInitUSec
), &x
);
48 return log_debug_errno(r
, "Failed to read LoaderTimeInitUSec: %m");
50 r
= read_usec(EFI_LOADER_VARIABLE(LoaderTimeExecUSec
), &y
);
52 return log_debug_errno(r
, "Failed to read LoaderTimeExecUSec: %m");
54 if (y
== 0 || y
< x
|| y
- x
> USEC_PER_HOUR
)
55 return log_debug_errno(SYNTHETIC_ERRNO(EIO
),
56 "Bad LoaderTimeInitUSec=%"PRIu64
", LoaderTimeExecUSec=%" PRIu64
"; refusing.",
64 int efi_loader_get_device_part_uuid(sd_id128_t
*ret
) {
65 _cleanup_free_
char *p
= NULL
;
72 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderDevicePartUUID
), &p
);
76 if (sscanf(p
, SD_ID128_UUID_FORMAT_STR
,
77 &parsed
[0], &parsed
[1], &parsed
[2], &parsed
[3],
78 &parsed
[4], &parsed
[5], &parsed
[6], &parsed
[7],
79 &parsed
[8], &parsed
[9], &parsed
[10], &parsed
[11],
80 &parsed
[12], &parsed
[13], &parsed
[14], &parsed
[15]) != 16)
84 for (unsigned i
= 0; i
< ELEMENTSOF(parsed
); i
++)
85 ret
->bytes
[i
] = parsed
[i
];
90 int efi_loader_get_entries(char ***ret
) {
91 _cleanup_free_ char16_t
*entries
= NULL
;
92 _cleanup_strv_free_
char **l
= NULL
;
101 r
= efi_get_variable(EFI_LOADER_VARIABLE(LoaderEntries
), NULL
, (void**) &entries
, &size
);
105 /* The variable contains a series of individually NUL terminated UTF-16 strings. We gracefully
106 * consider the final NUL byte optional (i.e. the last string may or may not end in a NUL byte).*/
108 for (size_t i
= 0, start
= 0;; i
++) {
109 _cleanup_free_
char *decoded
= NULL
;
112 /* Is this the end of the variable's data? */
113 end
= i
* sizeof(char16_t
) >= size
;
115 /* Are we in the middle of a string? (i.e. not at the end of the variable, nor at a NUL terminator?) If
116 * so, let's go to the next entry. */
117 if (!end
&& entries
[i
] != 0)
120 /* Empty string at the end of variable? That's the trailer, we are done (i.e. we have a final
121 * NUL terminator). */
122 if (end
&& start
== i
)
125 /* We reached the end of a string, let's decode it into UTF-8 */
126 decoded
= utf16_to_utf8(entries
+ start
, (i
- start
) * sizeof(char16_t
));
130 if (efi_loader_entry_name_valid(decoded
)) {
131 r
= strv_consume(&l
, TAKE_PTR(decoded
));
135 log_debug("Ignoring invalid loader entry '%s'.", decoded
);
137 /* Exit the loop if we reached the end of the variable (i.e. we do not have a final NUL
142 /* Continue after the NUL byte */
150 int efi_loader_get_features(uint64_t *ret
) {
151 _cleanup_free_
void *v
= NULL
;
157 if (!is_efi_boot()) {
162 r
= efi_get_variable(EFI_LOADER_VARIABLE(LoaderFeatures
), NULL
, &v
, &s
);
164 _cleanup_free_
char *info
= NULL
;
166 /* The new (v240+) LoaderFeatures variable is not supported, let's see if it's systemd-boot at all */
167 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderInfo
), &info
);
172 /* Variable not set, definitely means not systemd-boot */
174 } else if (first_word(info
, "systemd-boot")) {
176 /* An older systemd-boot version. Let's hardcode the feature set, since it was pretty
177 * static in all its versions. */
179 *ret
= EFI_LOADER_FEATURE_CONFIG_TIMEOUT
|
180 EFI_LOADER_FEATURE_ENTRY_DEFAULT
|
181 EFI_LOADER_FEATURE_ENTRY_ONESHOT
;
186 /* No features supported */
193 if (s
!= sizeof(uint64_t))
194 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
195 "LoaderFeatures EFI variable doesn't have the right size.");
197 memcpy(ret
, v
, sizeof(uint64_t));
201 int efi_stub_get_features(uint64_t *ret
) {
202 _cleanup_free_
void *v
= NULL
;
208 if (!is_efi_boot()) {
213 r
= efi_get_variable(EFI_LOADER_VARIABLE(StubFeatures
), NULL
, &v
, &s
);
215 _cleanup_free_
char *info
= NULL
;
217 /* The new (v252+) StubFeatures variable is not supported, let's see if it's systemd-stub at all */
218 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(StubInfo
), &info
);
223 /* Variable not set, definitely means not systemd-stub */
225 } else if (first_word(info
, "systemd-stub")) {
227 /* An older systemd-stub version. Let's hardcode the feature set, since it was pretty
228 * static in all its versions. */
230 *ret
= EFI_STUB_FEATURE_REPORT_BOOT_PARTITION
;
234 /* No features supported */
241 if (s
!= sizeof(uint64_t))
242 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
243 "StubFeatures EFI variable doesn't have the right size.");
245 memcpy(ret
, v
, sizeof(uint64_t));
249 int efi_measured_uki(int log_level
) {
250 _cleanup_free_
char *pcr_string
= NULL
;
251 static int cached
= -1;
258 /* Checks if we are booted on a kernel with sd-stub which measured the kernel into PCR 11 on a TPM2
259 * chip. Or in other words, if we are running on a TPM enabled UKI. (TPM 1.2 situations are ignored.)
261 * Returns == 0 and > 0 depending on the result of the test. Returns -EREMOTE if we detected a stub
262 * being used, but it measured things into a different PCR than we are configured for in
263 * userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */
265 r
= secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
266 * for debugging purposes */
270 log_debug_errno(r
, "Failed to parse $SYSTEMD_FORCE_MEASURE, ignoring: %m");
275 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(StubPcrKernelImage
), &pcr_string
);
279 return log_full_errno(log_level
, r
,
280 "Failed to get StubPcrKernelImage EFI variable: %m");
282 r
= safe_atou(pcr_string
, &pcr_nr
);
284 return log_full_errno(log_level
, r
,
285 "Failed to parse StubPcrKernelImage EFI variable: %s", pcr_string
);
286 if (pcr_nr
!= TPM2_PCR_KERNEL_BOOT
)
287 return log_full_errno(log_level
, SYNTHETIC_ERRNO(EREMOTE
),
288 "Kernel stub measured kernel image into PCR %u, which is different than expected %i.",
289 pcr_nr
, TPM2_PCR_KERNEL_BOOT
);
294 int efi_loader_get_config_timeout_one_shot(usec_t
*ret
) {
295 _cleanup_free_
char *v
= NULL
;
296 static struct stat cache_stat
= {};
297 struct stat new_stat
;
304 /* stat() the EFI variable, to see if the mtime changed. If it did, we need to cache again. */
305 if (stat(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot
)), &new_stat
) < 0)
308 if (stat_inode_unmodified(&new_stat
, &cache_stat
)) {
313 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot
), &v
);
317 r
= safe_atou64(v
, &sec
);
320 if (sec
> USEC_INFINITY
/ USEC_PER_SEC
)
323 cache_stat
= new_stat
;
324 *ret
= cache
= sec
* USEC_PER_SEC
; /* return in μs */
328 int efi_loader_update_entry_one_shot_cache(char **cache
, struct stat
*cache_stat
) {
329 _cleanup_free_
char *v
= NULL
;
330 struct stat new_stat
;
336 /* stat() the EFI variable, to see if the mtime changed. If it did we need to cache again. */
337 if (stat(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderEntryOneShot
)), &new_stat
) < 0)
340 if (stat_inode_unmodified(&new_stat
, cache_stat
))
343 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderEntryOneShot
), &v
);
347 if (!efi_loader_entry_name_valid(v
))
350 *cache_stat
= new_stat
;
351 free_and_replace(*cache
, v
);
358 bool efi_loader_entry_name_valid(const char *s
) {
359 if (!filename_is_valid(s
)) /* Make sure entry names fit in filenames */
362 return in_charset(s
, ALPHANUMERICAL
"+-_.");