]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/efivars.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: use TAKE_PTR() and TAKE_FD() macros
[thirdparty/systemd.git] / src / shared / efivars.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2013 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <dirent.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <limits.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/stat.h>
29 #include <unistd.h>
30
31 #include "sd-id128.h"
32
33 #include "alloc-util.h"
34 #include "dirent-util.h"
35 #include "efivars.h"
36 #include "fd-util.h"
37 #include "io-util.h"
38 #include "macro.h"
39 #include "parse-util.h"
40 #include "stdio-util.h"
41 #include "time-util.h"
42 #include "utf8.h"
43 #include "util.h"
44 #include "virt.h"
45
46 #if ENABLE_EFI
47
48 #define LOAD_OPTION_ACTIVE 0x00000001
49 #define MEDIA_DEVICE_PATH 0x04
50 #define MEDIA_HARDDRIVE_DP 0x01
51 #define MEDIA_FILEPATH_DP 0x04
52 #define SIGNATURE_TYPE_GUID 0x02
53 #define MBR_TYPE_EFI_PARTITION_TABLE_HEADER 0x02
54 #define END_DEVICE_PATH_TYPE 0x7f
55 #define END_ENTIRE_DEVICE_PATH_SUBTYPE 0xff
56 #define EFI_OS_INDICATIONS_BOOT_TO_FW_UI 0x0000000000000001
57
58 struct boot_option {
59 uint32_t attr;
60 uint16_t path_len;
61 uint16_t title[];
62 } _packed_;
63
64 struct drive_path {
65 uint32_t part_nr;
66 uint64_t part_start;
67 uint64_t part_size;
68 char signature[16];
69 uint8_t mbr_type;
70 uint8_t signature_type;
71 } _packed_;
72
73 struct device_path {
74 uint8_t type;
75 uint8_t sub_type;
76 uint16_t length;
77 union {
78 uint16_t path[0];
79 struct drive_path drive;
80 };
81 } _packed_;
82
83 bool is_efi_boot(void) {
84 return access("/sys/firmware/efi", F_OK) >= 0;
85 }
86
87 static int read_flag(const char *varname) {
88 _cleanup_free_ void *v = NULL;
89 uint8_t b;
90 size_t s;
91 int r;
92
93 r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
94 if (r < 0)
95 return r;
96
97 if (s != 1)
98 return -EINVAL;
99
100 b = *(uint8_t *)v;
101 return b > 0;
102 }
103
104 bool is_efi_secure_boot(void) {
105 return read_flag("SecureBoot") > 0;
106 }
107
108 bool is_efi_secure_boot_setup_mode(void) {
109 return read_flag("SetupMode") > 0;
110 }
111
112 int efi_reboot_to_firmware_supported(void) {
113 _cleanup_free_ void *v = NULL;
114 uint64_t b;
115 size_t s;
116 int r;
117
118 if (!is_efi_boot() || detect_container() > 0)
119 return -EOPNOTSUPP;
120
121 r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndicationsSupported", NULL, &v, &s);
122 if (r == -ENOENT) /* variable doesn't exist? it's not supported then */
123 return -EOPNOTSUPP;
124 if (r < 0)
125 return r;
126 if (s != sizeof(uint64_t))
127 return -EINVAL;
128
129 b = *(uint64_t*) v;
130 if (!(b & EFI_OS_INDICATIONS_BOOT_TO_FW_UI))
131 return -EOPNOTSUPP; /* bit unset? it's not supported then */
132
133 return 0;
134 }
135
136 static int get_os_indications(uint64_t *os_indication) {
137 _cleanup_free_ void *v = NULL;
138 size_t s;
139 int r;
140
141 r = efi_reboot_to_firmware_supported();
142 if (r < 0)
143 return r;
144
145 r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndications", NULL, &v, &s);
146 if (r == -ENOENT) {
147 /* Some firmware implementations that do support
148 * OsIndications and report that with
149 * OsIndicationsSupported will remove the
150 * OsIndications variable when it is unset. Let's
151 * pretend it's 0 then, to hide this implementation
152 * detail. Note that this call will return -ENOENT
153 * then only if the support for OsIndications is
154 * missing entirely, as determined by
155 * efi_reboot_to_firmware_supported() above. */
156 *os_indication = 0;
157 return 0;
158 } else if (r < 0)
159 return r;
160 else if (s != sizeof(uint64_t))
161 return -EINVAL;
162
163 *os_indication = *(uint64_t *)v;
164 return 0;
165 }
166
167 int efi_get_reboot_to_firmware(void) {
168 int r;
169 uint64_t b;
170
171 r = get_os_indications(&b);
172 if (r < 0)
173 return r;
174
175 return !!(b & EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
176 }
177
178 int efi_set_reboot_to_firmware(bool value) {
179 int r;
180 uint64_t b, b_new;
181
182 r = get_os_indications(&b);
183 if (r < 0)
184 return r;
185
186 if (value)
187 b_new = b | EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
188 else
189 b_new = b & ~EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
190
191 /* Avoid writing to efi vars store if we can due to firmware bugs. */
192 if (b != b_new)
193 return efi_set_variable(EFI_VENDOR_GLOBAL, "OsIndications", &b_new, sizeof(uint64_t));
194
195 return 0;
196 }
197
198 int efi_get_variable(
199 sd_id128_t vendor,
200 const char *name,
201 uint32_t *attribute,
202 void **value,
203 size_t *size) {
204
205 _cleanup_close_ int fd = -1;
206 _cleanup_free_ char *p = NULL;
207 uint32_t a;
208 ssize_t n;
209 struct stat st;
210 _cleanup_free_ void *buf = NULL;
211
212 assert(name);
213 assert(value);
214 assert(size);
215
216 if (asprintf(&p,
217 "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
218 name, SD_ID128_FORMAT_VAL(vendor)) < 0)
219 return -ENOMEM;
220
221 fd = open(p, O_RDONLY|O_NOCTTY|O_CLOEXEC);
222 if (fd < 0)
223 return -errno;
224
225 if (fstat(fd, &st) < 0)
226 return -errno;
227 if (st.st_size < 4)
228 return -EIO;
229 if (st.st_size > 4*1024*1024 + 4)
230 return -E2BIG;
231
232 n = read(fd, &a, sizeof(a));
233 if (n < 0)
234 return -errno;
235 if (n != sizeof(a))
236 return -EIO;
237
238 buf = malloc(st.st_size - 4 + 2);
239 if (!buf)
240 return -ENOMEM;
241
242 n = read(fd, buf, (size_t) st.st_size - 4);
243 if (n < 0)
244 return -errno;
245 if (n != (ssize_t) st.st_size - 4)
246 return -EIO;
247
248 /* Always NUL terminate (2 bytes, to protect UTF-16) */
249 ((char*) buf)[st.st_size - 4] = 0;
250 ((char*) buf)[st.st_size - 4 + 1] = 0;
251
252 *value = TAKE_PTR(buf);
253 *size = (size_t) st.st_size - 4;
254
255 if (attribute)
256 *attribute = a;
257
258 return 0;
259 }
260
261 int efi_set_variable(
262 sd_id128_t vendor,
263 const char *name,
264 const void *value,
265 size_t size) {
266
267 struct var {
268 uint32_t attr;
269 char buf[];
270 } _packed_ * _cleanup_free_ buf = NULL;
271 _cleanup_free_ char *p = NULL;
272 _cleanup_close_ int fd = -1;
273
274 assert(name);
275 assert(value || size == 0);
276
277 if (asprintf(&p,
278 "/sys/firmware/efi/efivars/%s-%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
279 name, SD_ID128_FORMAT_VAL(vendor)) < 0)
280 return -ENOMEM;
281
282 if (size == 0) {
283 if (unlink(p) < 0)
284 return -errno;
285 return 0;
286 }
287
288 fd = open(p, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0644);
289 if (fd < 0)
290 return -errno;
291
292 buf = malloc(sizeof(uint32_t) + size);
293 if (!buf)
294 return -ENOMEM;
295
296 buf->attr = EFI_VARIABLE_NON_VOLATILE|EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS;
297 memcpy(buf->buf, value, size);
298
299 return loop_write(fd, buf, sizeof(uint32_t) + size, false);
300 }
301
302 int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p) {
303 _cleanup_free_ void *s = NULL;
304 size_t ss = 0;
305 int r;
306 char *x;
307
308 r = efi_get_variable(vendor, name, NULL, &s, &ss);
309 if (r < 0)
310 return r;
311
312 x = utf16_to_utf8(s, ss);
313 if (!x)
314 return -ENOMEM;
315
316 *p = x;
317 return 0;
318 }
319
320 static size_t utf16_size(const uint16_t *s) {
321 size_t l = 0;
322
323 while (s[l] > 0)
324 l++;
325
326 return (l+1) * sizeof(uint16_t);
327 }
328
329 static void efi_guid_to_id128(const void *guid, sd_id128_t *id128) {
330 struct uuid {
331 uint32_t u1;
332 uint16_t u2;
333 uint16_t u3;
334 uint8_t u4[8];
335 } _packed_;
336 const struct uuid *uuid = guid;
337
338 id128->bytes[0] = (uuid->u1 >> 24) & 0xff;
339 id128->bytes[1] = (uuid->u1 >> 16) & 0xff;
340 id128->bytes[2] = (uuid->u1 >> 8) & 0xff;
341 id128->bytes[3] = (uuid->u1) & 0xff;
342 id128->bytes[4] = (uuid->u2 >> 8) & 0xff;
343 id128->bytes[5] = (uuid->u2) & 0xff;
344 id128->bytes[6] = (uuid->u3 >> 8) & 0xff;
345 id128->bytes[7] = (uuid->u3) & 0xff;
346 memcpy(&id128->bytes[8], uuid->u4, sizeof(uuid->u4));
347 }
348
349 int efi_get_boot_option(
350 uint16_t id,
351 char **title,
352 sd_id128_t *part_uuid,
353 char **path,
354 bool *active) {
355
356 char boot_id[9];
357 _cleanup_free_ uint8_t *buf = NULL;
358 size_t l;
359 struct boot_option *header;
360 size_t title_size;
361 _cleanup_free_ char *s = NULL, *p = NULL;
362 sd_id128_t p_uuid = SD_ID128_NULL;
363 int r;
364
365 xsprintf(boot_id, "Boot%04X", id);
366 r = efi_get_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, (void **)&buf, &l);
367 if (r < 0)
368 return r;
369 if (l < sizeof(struct boot_option))
370 return -ENOENT;
371
372 header = (struct boot_option *)buf;
373 title_size = utf16_size(header->title);
374 if (title_size > l - offsetof(struct boot_option, title))
375 return -EINVAL;
376
377 if (title) {
378 s = utf16_to_utf8(header->title, title_size);
379 if (!s)
380 return -ENOMEM;
381 }
382
383 if (header->path_len > 0) {
384 uint8_t *dbuf;
385 size_t dnext;
386
387 dbuf = buf + offsetof(struct boot_option, title) + title_size;
388 dnext = 0;
389 while (dnext < header->path_len) {
390 struct device_path *dpath;
391
392 dpath = (struct device_path *)(dbuf + dnext);
393 if (dpath->length < 4)
394 break;
395
396 /* Type 0x7F – End of Hardware Device Path, Sub-Type 0xFF – End Entire Device Path */
397 if (dpath->type == END_DEVICE_PATH_TYPE && dpath->sub_type == END_ENTIRE_DEVICE_PATH_SUBTYPE)
398 break;
399
400 dnext += dpath->length;
401
402 /* Type 0x04 – Media Device Path */
403 if (dpath->type != MEDIA_DEVICE_PATH)
404 continue;
405
406 /* Sub-Type 1 – Hard Drive */
407 if (dpath->sub_type == MEDIA_HARDDRIVE_DP) {
408 /* 0x02 – GUID Partition Table */
409 if (dpath->drive.mbr_type != MBR_TYPE_EFI_PARTITION_TABLE_HEADER)
410 continue;
411
412 /* 0x02 – GUID signature */
413 if (dpath->drive.signature_type != SIGNATURE_TYPE_GUID)
414 continue;
415
416 if (part_uuid)
417 efi_guid_to_id128(dpath->drive.signature, &p_uuid);
418 continue;
419 }
420
421 /* Sub-Type 4 – File Path */
422 if (dpath->sub_type == MEDIA_FILEPATH_DP && !p && path) {
423 p = utf16_to_utf8(dpath->path, dpath->length-4);
424 efi_tilt_backslashes(p);
425 continue;
426 }
427 }
428 }
429
430 if (title)
431 *title = TAKE_PTR(s);
432 if (part_uuid)
433 *part_uuid = p_uuid;
434 if (path)
435 *path = TAKE_PTR(p);
436 if (active)
437 *active = !!(header->attr & LOAD_OPTION_ACTIVE);
438
439 return 0;
440 }
441
442 static void to_utf16(uint16_t *dest, const char *src) {
443 int i;
444
445 for (i = 0; src[i] != '\0'; i++)
446 dest[i] = src[i];
447 dest[i] = '\0';
448 }
449
450 struct guid {
451 uint32_t u1;
452 uint16_t u2;
453 uint16_t u3;
454 uint8_t u4[8];
455 } _packed_;
456
457 static void id128_to_efi_guid(sd_id128_t id, void *guid) {
458 struct guid *uuid = guid;
459
460 uuid->u1 = id.bytes[0] << 24 | id.bytes[1] << 16 | id.bytes[2] << 8 | id.bytes[3];
461 uuid->u2 = id.bytes[4] << 8 | id.bytes[5];
462 uuid->u3 = id.bytes[6] << 8 | id.bytes[7];
463 memcpy(uuid->u4, id.bytes+8, sizeof(uuid->u4));
464 }
465
466 static uint16_t *tilt_slashes(uint16_t *s) {
467 uint16_t *p;
468
469 for (p = s; *p; p++)
470 if (*p == '/')
471 *p = '\\';
472
473 return s;
474 }
475
476 int efi_add_boot_option(uint16_t id, const char *title,
477 uint32_t part, uint64_t pstart, uint64_t psize,
478 sd_id128_t part_uuid, const char *path) {
479 char boot_id[9];
480 size_t size;
481 size_t title_len;
482 size_t path_len;
483 struct boot_option *option;
484 struct device_path *devicep;
485 _cleanup_free_ char *buf = NULL;
486
487 title_len = (strlen(title)+1) * 2;
488 path_len = (strlen(path)+1) * 2;
489
490 buf = calloc(sizeof(struct boot_option) + title_len +
491 sizeof(struct drive_path) +
492 sizeof(struct device_path) + path_len, 1);
493 if (!buf)
494 return -ENOMEM;
495
496 /* header */
497 option = (struct boot_option *)buf;
498 option->attr = LOAD_OPTION_ACTIVE;
499 option->path_len = offsetof(struct device_path, drive) + sizeof(struct drive_path) +
500 offsetof(struct device_path, path) + path_len +
501 offsetof(struct device_path, path);
502 to_utf16(option->title, title);
503 size = offsetof(struct boot_option, title) + title_len;
504
505 /* partition info */
506 devicep = (struct device_path *)(buf + size);
507 devicep->type = MEDIA_DEVICE_PATH;
508 devicep->sub_type = MEDIA_HARDDRIVE_DP;
509 devicep->length = offsetof(struct device_path, drive) + sizeof(struct drive_path);
510 devicep->drive.part_nr = part;
511 devicep->drive.part_start = pstart;
512 devicep->drive.part_size = psize;
513 devicep->drive.signature_type = SIGNATURE_TYPE_GUID;
514 devicep->drive.mbr_type = MBR_TYPE_EFI_PARTITION_TABLE_HEADER;
515 id128_to_efi_guid(part_uuid, devicep->drive.signature);
516 size += devicep->length;
517
518 /* path to loader */
519 devicep = (struct device_path *)(buf + size);
520 devicep->type = MEDIA_DEVICE_PATH;
521 devicep->sub_type = MEDIA_FILEPATH_DP;
522 devicep->length = offsetof(struct device_path, path) + path_len;
523 to_utf16(devicep->path, path);
524 tilt_slashes(devicep->path);
525 size += devicep->length;
526
527 /* end of path */
528 devicep = (struct device_path *)(buf + size);
529 devicep->type = END_DEVICE_PATH_TYPE;
530 devicep->sub_type = END_ENTIRE_DEVICE_PATH_SUBTYPE;
531 devicep->length = offsetof(struct device_path, path);
532 size += devicep->length;
533
534 xsprintf(boot_id, "Boot%04X", id);
535 return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, buf, size);
536 }
537
538 int efi_remove_boot_option(uint16_t id) {
539 char boot_id[9];
540
541 xsprintf(boot_id, "Boot%04X", id);
542 return efi_set_variable(EFI_VENDOR_GLOBAL, boot_id, NULL, 0);
543 }
544
545 int efi_get_boot_order(uint16_t **order) {
546 _cleanup_free_ void *buf = NULL;
547 size_t l;
548 int r;
549
550 r = efi_get_variable(EFI_VENDOR_GLOBAL, "BootOrder", NULL, &buf, &l);
551 if (r < 0)
552 return r;
553
554 if (l <= 0)
555 return -ENOENT;
556
557 if (l % sizeof(uint16_t) > 0 ||
558 l / sizeof(uint16_t) > INT_MAX)
559 return -EINVAL;
560
561 *order = TAKE_PTR(buf);
562 return (int) (l / sizeof(uint16_t));
563 }
564
565 int efi_set_boot_order(uint16_t *order, size_t n) {
566 return efi_set_variable(EFI_VENDOR_GLOBAL, "BootOrder", order, n * sizeof(uint16_t));
567 }
568
569 static int boot_id_hex(const char s[4]) {
570 int i;
571 int id = 0;
572
573 for (i = 0; i < 4; i++)
574 if (s[i] >= '0' && s[i] <= '9')
575 id |= (s[i] - '0') << (3 - i) * 4;
576 else if (s[i] >= 'A' && s[i] <= 'F')
577 id |= (s[i] - 'A' + 10) << (3 - i) * 4;
578 else
579 return -EINVAL;
580
581 return id;
582 }
583
584 static int cmp_uint16(const void *_a, const void *_b) {
585 const uint16_t *a = _a, *b = _b;
586
587 return (int)*a - (int)*b;
588 }
589
590 int efi_get_boot_options(uint16_t **options) {
591 _cleanup_closedir_ DIR *dir = NULL;
592 struct dirent *de;
593 _cleanup_free_ uint16_t *list = NULL;
594 size_t alloc = 0;
595 int count = 0;
596
597 assert(options);
598
599 dir = opendir("/sys/firmware/efi/efivars/");
600 if (!dir)
601 return -errno;
602
603 FOREACH_DIRENT(de, dir, return -errno) {
604 int id;
605
606 if (strncmp(de->d_name, "Boot", 4) != 0)
607 continue;
608
609 if (strlen(de->d_name) != 45)
610 continue;
611
612 if (strcmp(de->d_name + 8, "-8be4df61-93ca-11d2-aa0d-00e098032b8c") != 0)
613 continue;
614
615 id = boot_id_hex(de->d_name + 4);
616 if (id < 0)
617 continue;
618
619 if (!GREEDY_REALLOC(list, alloc, count + 1))
620 return -ENOMEM;
621
622 list[count++] = id;
623 }
624
625 qsort_safe(list, count, sizeof(uint16_t), cmp_uint16);
626
627 *options = TAKE_PTR(list);
628
629 return count;
630 }
631
632 static int read_usec(sd_id128_t vendor, const char *name, usec_t *u) {
633 _cleanup_free_ char *j = NULL;
634 int r;
635 uint64_t x = 0;
636
637 assert(name);
638 assert(u);
639
640 r = efi_get_variable_string(EFI_VENDOR_LOADER, name, &j);
641 if (r < 0)
642 return r;
643
644 r = safe_atou64(j, &x);
645 if (r < 0)
646 return r;
647
648 *u = x;
649 return 0;
650 }
651
652 int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader) {
653 uint64_t x, y;
654 int r;
655
656 assert(firmware);
657 assert(loader);
658
659 r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeInitUSec", &x);
660 if (r < 0)
661 return r;
662
663 r = read_usec(EFI_VENDOR_LOADER, "LoaderTimeExecUSec", &y);
664 if (r < 0)
665 return r;
666
667 if (y == 0 || y < x)
668 return -EIO;
669
670 if (y > USEC_PER_HOUR)
671 return -EIO;
672
673 *firmware = x;
674 *loader = y;
675
676 return 0;
677 }
678
679 int efi_loader_get_device_part_uuid(sd_id128_t *u) {
680 _cleanup_free_ char *p = NULL;
681 int r, parsed[16];
682
683 r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderDevicePartUUID", &p);
684 if (r < 0)
685 return r;
686
687 if (sscanf(p, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
688 &parsed[0], &parsed[1], &parsed[2], &parsed[3],
689 &parsed[4], &parsed[5], &parsed[6], &parsed[7],
690 &parsed[8], &parsed[9], &parsed[10], &parsed[11],
691 &parsed[12], &parsed[13], &parsed[14], &parsed[15]) != 16)
692 return -EIO;
693
694 if (u) {
695 unsigned i;
696
697 for (i = 0; i < ELEMENTSOF(parsed); i++)
698 u->bytes[i] = parsed[i];
699 }
700
701 return 0;
702 }
703
704 #endif
705
706 char *efi_tilt_backslashes(char *s) {
707 char *p;
708
709 for (p = s; *p; p++)
710 if (*p == '\\')
711 *p = '/';
712
713 return s;
714 }
Unnamed repository; edit this file 'description' to name the repository.