1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "alloc-util.h"
5 #include "efi-loader.h"
7 #include "parse-util.h"
16 static int read_usec(const char *variable
, usec_t
*ret
) {
17 _cleanup_free_
char *j
= NULL
;
24 r
= efi_get_variable_string(variable
, &j
);
28 r
= safe_atou64(j
, &x
);
36 int efi_loader_get_boot_usec(usec_t
*ret_firmware
, usec_t
*ret_loader
) {
46 r
= read_usec(EFI_LOADER_VARIABLE(LoaderTimeInitUSec
), &x
);
48 return log_debug_errno(r
, "Failed to read LoaderTimeInitUSec: %m");
50 r
= read_usec(EFI_LOADER_VARIABLE(LoaderTimeExecUSec
), &y
);
52 return log_debug_errno(r
, "Failed to read LoaderTimeExecUSec: %m");
54 if (y
== 0 || y
< x
|| y
- x
> USEC_PER_HOUR
)
55 return log_debug_errno(SYNTHETIC_ERRNO(EIO
),
56 "Bad LoaderTimeInitUSec=%"PRIu64
", LoaderTimeExecUSec=%" PRIu64
"; refusing.",
64 static int get_device_part_uuid(const char *variable
, sd_id128_t
*ret
) {
68 return efi_get_variable_id128(variable
, ret
);
71 int efi_loader_get_device_part_uuid(sd_id128_t
*ret
) {
72 return get_device_part_uuid(EFI_LOADER_VARIABLE(LoaderDevicePartUUID
), ret
);
75 int efi_stub_get_device_part_uuid(sd_id128_t
*ret
) {
76 return get_device_part_uuid(EFI_LOADER_VARIABLE(StubDevicePartUUID
), ret
);
79 int efi_loader_get_entries(char ***ret
) {
80 _cleanup_free_ char16_t
*entries
= NULL
;
81 _cleanup_strv_free_
char **l
= NULL
;
90 r
= efi_get_variable(EFI_LOADER_VARIABLE(LoaderEntries
), NULL
, (void**) &entries
, &size
);
94 /* The variable contains a series of individually NUL terminated UTF-16 strings. We gracefully
95 * consider the final NUL byte optional (i.e. the last string may or may not end in a NUL byte).*/
97 for (size_t i
= 0, start
= 0;; i
++) {
98 _cleanup_free_
char *decoded
= NULL
;
101 /* Is this the end of the variable's data? */
102 end
= i
* sizeof(char16_t
) >= size
;
104 /* Are we in the middle of a string? (i.e. not at the end of the variable, nor at a NUL terminator?) If
105 * so, let's go to the next entry. */
106 if (!end
&& entries
[i
] != 0)
109 /* Empty string at the end of variable? That's the trailer, we are done (i.e. we have a final
110 * NUL terminator). */
111 if (end
&& start
== i
)
114 /* We reached the end of a string, let's decode it into UTF-8 */
115 decoded
= utf16_to_utf8(entries
+ start
, (i
- start
) * sizeof(char16_t
));
119 if (efi_loader_entry_name_valid(decoded
)) {
120 r
= strv_consume(&l
, TAKE_PTR(decoded
));
124 log_debug("Ignoring invalid loader entry '%s'.", decoded
);
126 /* Exit the loop if we reached the end of the variable (i.e. we do not have a final NUL
131 /* Continue after the NUL byte */
139 int efi_loader_get_features(uint64_t *ret
) {
140 _cleanup_free_
void *v
= NULL
;
146 if (!is_efi_boot()) {
151 r
= efi_get_variable(EFI_LOADER_VARIABLE(LoaderFeatures
), NULL
, &v
, &s
);
153 _cleanup_free_
char *info
= NULL
;
155 /* The new (v240+) LoaderFeatures variable is not supported, let's see if it's systemd-boot at all */
156 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderInfo
), &info
);
161 /* Variable not set, definitely means not systemd-boot */
163 } else if (first_word(info
, "systemd-boot")) {
165 /* An older systemd-boot version. Let's hardcode the feature set, since it was pretty
166 * static in all its versions. */
168 *ret
= EFI_LOADER_FEATURE_CONFIG_TIMEOUT
|
169 EFI_LOADER_FEATURE_ENTRY_DEFAULT
|
170 EFI_LOADER_FEATURE_ENTRY_ONESHOT
;
175 /* No features supported */
182 if (s
!= sizeof(uint64_t))
183 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
184 "LoaderFeatures EFI variable doesn't have the right size.");
186 memcpy(ret
, v
, sizeof(uint64_t));
190 int efi_stub_get_features(uint64_t *ret
) {
191 _cleanup_free_
void *v
= NULL
;
197 if (!is_efi_boot()) {
202 r
= efi_get_variable(EFI_LOADER_VARIABLE(StubFeatures
), NULL
, &v
, &s
);
204 _cleanup_free_
char *info
= NULL
;
206 /* The new (v252+) StubFeatures variable is not supported, let's see if it's systemd-stub at all */
207 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(StubInfo
), &info
);
212 /* Variable not set, definitely means not systemd-stub */
214 } else if (first_word(info
, "systemd-stub")) {
216 /* An older systemd-stub version. Let's hardcode the feature set, since it was pretty
217 * static in all its versions. */
219 *ret
= EFI_STUB_FEATURE_REPORT_BOOT_PARTITION
;
223 /* No features supported */
230 if (s
!= sizeof(uint64_t))
231 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL
),
232 "StubFeatures EFI variable doesn't have the right size.");
234 memcpy(ret
, v
, sizeof(uint64_t));
238 int efi_measured_uki(int log_level
) {
239 _cleanup_free_
char *pcr_string
= NULL
;
240 static int cached
= -1;
247 /* Checks if we are booted on a kernel with sd-stub which measured the kernel into PCR 11 on a TPM2
248 * chip. Or in other words, if we are running on a TPM enabled UKI. (TPM 1.2 situations are ignored.)
250 * Returns == 0 and > 0 depending on the result of the test. Returns -EREMOTE if we detected a stub
251 * being used, but it measured things into a different PCR than we are configured for in
252 * userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */
254 r
= secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
255 * for debugging purposes */
259 log_debug_errno(r
, "Failed to parse $SYSTEMD_FORCE_MEASURE, ignoring: %m");
264 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(StubPcrKernelImage
), &pcr_string
);
268 return log_full_errno(log_level
, r
,
269 "Failed to get StubPcrKernelImage EFI variable: %m");
271 r
= safe_atou(pcr_string
, &pcr_nr
);
273 return log_full_errno(log_level
, r
,
274 "Failed to parse StubPcrKernelImage EFI variable: %s", pcr_string
);
275 if (pcr_nr
!= TPM2_PCR_KERNEL_BOOT
)
276 return log_full_errno(log_level
, SYNTHETIC_ERRNO(EREMOTE
),
277 "Kernel stub measured kernel image into PCR %u, which is different than expected %i.",
278 pcr_nr
, TPM2_PCR_KERNEL_BOOT
);
283 int efi_loader_get_config_timeout_one_shot(usec_t
*ret
) {
284 _cleanup_free_
char *v
= NULL
;
285 static struct stat cache_stat
= {};
286 struct stat new_stat
;
293 /* stat() the EFI variable, to see if the mtime changed. If it did, we need to cache again. */
294 if (stat(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot
)), &new_stat
) < 0)
297 if (stat_inode_unmodified(&new_stat
, &cache_stat
)) {
302 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot
), &v
);
306 r
= safe_atou64(v
, &sec
);
309 if (sec
> USEC_INFINITY
/ USEC_PER_SEC
)
312 cache_stat
= new_stat
;
313 *ret
= cache
= sec
* USEC_PER_SEC
; /* return in μs */
317 int efi_loader_update_entry_one_shot_cache(char **cache
, struct stat
*cache_stat
) {
318 _cleanup_free_
char *v
= NULL
;
319 struct stat new_stat
;
325 /* stat() the EFI variable, to see if the mtime changed. If it did we need to cache again. */
326 if (stat(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderEntryOneShot
)), &new_stat
) < 0)
329 if (stat_inode_unmodified(&new_stat
, cache_stat
))
332 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderEntryOneShot
), &v
);
336 if (!efi_loader_entry_name_valid(v
))
339 *cache_stat
= new_stat
;
340 free_and_replace(*cache
, v
);
345 int efi_get_variable_id128(const char *variable
, sd_id128_t
*ret
) {
350 /* This is placed here (rather than in basic/efivars.c) because code in basic/ is not allowed to link
351 * against libsystemd.so */
353 _cleanup_free_
char *p
= NULL
;
354 r
= efi_get_variable_string(variable
, &p
);
358 return sd_id128_from_string(p
, ret
);
363 bool efi_loader_entry_name_valid(const char *s
) {
364 if (!filename_is_valid(s
)) /* Make sure entry names fit in filenames */
367 return in_charset(s
, ALPHANUMERICAL
"+-_.");