From: Daan De Meyer Date: Wed, 3 Feb 2021 00:24:32 +0000 (+0000) Subject: boot: Replace efivar_set() persistent argument with flags argument X-Git-Tag: v248-rc1~205 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bcea93326b7faf036b74e1c8ce3d7bc0398931ce;p=thirdparty%2Fsystemd.git boot: Replace efivar_set() persistent argument with flags argument To add secure-boot enrolling support, we need to be able to specify the EFI_VARIABLE_APPEND_WRITE flag so let's make the efivar_set() methods more generic so we can set that flag. --- diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index c88a6db9dee..3ba326586b9 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -765,12 +765,12 @@ static BOOLEAN menu_run( LOADER_GUID, L"LoaderEntryDefault", config->entries[idx_highlight]->id, - TRUE); + EFI_VARIABLE_NON_VOLATILE); config->idx_default_efivar = idx_highlight; status = StrDuplicate(L"Default boot entry selected."); } else { /* clear the default entry EFI variable */ - efivar_set(LOADER_GUID, L"LoaderEntryDefault", NULL, TRUE); + efivar_set(LOADER_GUID, L"LoaderEntryDefault", NULL, EFI_VARIABLE_NON_VOLATILE); config->idx_default_efivar = -1; status = StrDuplicate(L"Default boot entry cleared."); } @@ -782,14 +782,18 @@ static BOOLEAN menu_run( if (config->timeout_sec_efivar > 0) { config->timeout_sec_efivar--; efivar_set_uint_string( - LOADER_GUID, L"LoaderConfigTimeout", config->timeout_sec_efivar, TRUE); + LOADER_GUID, + L"LoaderConfigTimeout", + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_efivar > 0) status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); else status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); } else if (config->timeout_sec_efivar <= 0){ config->timeout_sec_efivar = -1; - efivar_set(LOADER_GUID, L"LoaderConfigTimeout", NULL, TRUE); + efivar_set( + LOADER_GUID, L"LoaderConfigTimeout", NULL, EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_config > 0) status = PoolPrint(L"Menu timeout of %d sec is defined by configuration file.", config->timeout_sec_config); @@ -803,7 +807,11 @@ static BOOLEAN menu_run( if (config->timeout_sec_efivar == -1 && config->timeout_sec_config == 0) config->timeout_sec_efivar++; config->timeout_sec_efivar++; - efivar_set_uint_string(LOADER_GUID, L"LoaderConfigTimeout", config->timeout_sec_efivar, TRUE); + efivar_set_uint_string( + LOADER_GUID, + L"LoaderConfigTimeout", + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_efivar > 0) status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); @@ -1295,7 +1303,7 @@ static VOID config_entry_bump_counters( /* Let's tell the OS that we renamed this file, so that it knows what to rename to the counter-less name on * success */ new_path = PoolPrint(L"%s\\%s", entry->path, entry->next_name); - efivar_set(LOADER_GUID, L"LoaderBootCountPath", new_path, FALSE); + efivar_set(LOADER_GUID, L"LoaderBootCountPath", new_path, 0); /* If the file we just renamed is the loader path, then let's update that. */ if (StrCmp(entry->loader, old_path) == 0) { @@ -1470,7 +1478,7 @@ static VOID config_load_defaults(Config *config, EFI_FILE *root_dir) { err = efivar_get_uint_string(LOADER_GUID, L"LoaderConfigTimeoutOneShot", &sec); if (!EFI_ERROR(err)) { /* Unset variable now, after all it's "one shot". */ - (void) efivar_set(LOADER_GUID, L"LoaderConfigTimeoutOneShot", NULL, TRUE); + (void) efivar_set(LOADER_GUID, L"LoaderConfigTimeoutOneShot", NULL, EFI_VARIABLE_NON_VOLATILE); config->timeout_sec = sec; config->force_menu = TRUE; /* force the menu when this is set */ @@ -1592,7 +1600,7 @@ static VOID config_default_entry_select(Config *config) { if (!EFI_ERROR(err)) { config->entry_oneshot = StrDuplicate(entry_oneshot); - efivar_set(LOADER_GUID, L"LoaderEntryOneShot", NULL, TRUE); + efivar_set(LOADER_GUID, L"LoaderEntryOneShot", NULL, EFI_VARIABLE_NON_VOLATILE); i = config_entry_find(config, entry_oneshot); if (i >= 0) { @@ -2276,7 +2284,7 @@ static EFI_STATUS reboot_into_firmware(VOID) { if (!EFI_ERROR(err)) new |= old; - err = efivar_set_uint64_le(EFI_GLOBAL_GUID, L"OsIndications", new, TRUE); + err = efivar_set_uint64_le(EFI_GLOBAL_GUID, L"OsIndications", new, EFI_VARIABLE_NON_VOLATILE); if (EFI_ERROR(err)) return err; @@ -2315,7 +2323,7 @@ static VOID config_write_entries_to_variable(Config *config) { } /* Store the full list of discovered entries. */ - (void) efivar_set_raw(LOADER_GUID, L"LoaderEntries", buffer, (UINT8*) p - (UINT8*) buffer, FALSE); + (void) efivar_set_raw(LOADER_GUID, L"LoaderEntries", buffer, (UINT8 *) p - (UINT8 *) buffer, 0); } EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { @@ -2343,15 +2351,15 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { InitializeLib(image, sys_table); init_usec = time_usec(); efivar_set_time_usec(LOADER_GUID, L"LoaderTimeInitUSec", init_usec); - efivar_set(LOADER_GUID, L"LoaderInfo", L"systemd-boot " GIT_VERSION, FALSE); + efivar_set(LOADER_GUID, L"LoaderInfo", L"systemd-boot " GIT_VERSION, 0); infostr = PoolPrint(L"%s %d.%02d", ST->FirmwareVendor, ST->FirmwareRevision >> 16, ST->FirmwareRevision & 0xffff); - efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", infostr, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", infostr, 0); typestr = PoolPrint(L"UEFI %d.%02d", ST->Hdr.Revision >> 16, ST->Hdr.Revision & 0xffff); - efivar_set(LOADER_GUID, L"LoaderFirmwareType", typestr, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareType", typestr, 0); - (void) efivar_set_uint64_le(LOADER_GUID, L"LoaderFeatures", loader_features, FALSE); + (void) efivar_set_uint64_le(LOADER_GUID, L"LoaderFeatures", loader_features, 0); err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); @@ -2363,7 +2371,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* export the device path this image is started from */ if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, FALSE); + efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); root_dir = LibOpenRoot(loaded_image->DeviceHandle); if (!root_dir) { @@ -2383,7 +2391,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* the filesystem path to this image, to prevent adding ourselves to the menu */ loaded_image_path = DevicePathToStr(loaded_image->FilePath); - efivar_set(LOADER_GUID, L"LoaderImageIdentifier", loaded_image_path, FALSE); + efivar_set(LOADER_GUID, L"LoaderImageIdentifier", loaded_image_path, 0); config_load_defaults(&config, root_dir); @@ -2481,7 +2489,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { config_entry_bump_counters(entry, root_dir); /* Export the selected boot entry to the system */ - (VOID) efivar_set(LOADER_GUID, L"LoaderEntrySelected", entry->id, FALSE); + (VOID) efivar_set(LOADER_GUID, L"LoaderEntrySelected", entry->id, 0); /* Optionally, read a random seed off the ESP and pass it to the OS */ (VOID) process_random_seed(root_dir, config.random_seed_mode); diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c index cd402526078..6de520c0c3b 100644 --- a/src/boot/efi/random-seed.c +++ b/src/boot/efi/random-seed.c @@ -315,7 +315,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { } /* We are good to go */ - err = efivar_set_raw(LOADER_GUID, L"LoaderRandomSeed", for_kernel, size, FALSE); + err = efivar_set_raw(LOADER_GUID, L"LoaderRandomSeed", for_kernel, size, 0); if (EFI_ERROR(err)) { Print(L"Failed to write random seed to EFI variable: %r\n", err); return err; diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index 0bef6b1c44f..f0f302ce8c0 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -82,14 +82,14 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* Export the device path this image is started from, if it's not set yet */ if (efivar_get_raw(LOADER_GUID, L"LoaderDevicePartUUID", NULL, NULL) != EFI_SUCCESS) if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, FALSE); + efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); /* if LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from UEFI */ if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS) { _cleanup_freepool_ CHAR16 *s; s = DevicePathToStr(loaded_image->FilePath); - efivar_set(LOADER_GUID, L"LoaderImageIdentifier", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderImageIdentifier", s, 0); } /* if LoaderFirmwareInfo is not set, let's set it */ @@ -97,7 +97,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { _cleanup_freepool_ CHAR16 *s; s = PoolPrint(L"%s %d.%02d", ST->FirmwareVendor, ST->FirmwareRevision >> 16, ST->FirmwareRevision & 0xffff); - efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", s, 0); } /* ditto for LoaderFirmwareType */ @@ -105,12 +105,12 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { _cleanup_freepool_ CHAR16 *s; s = PoolPrint(L"UEFI %d.%02d", ST->Hdr.Revision >> 16, ST->Hdr.Revision & 0xffff); - efivar_set(LOADER_GUID, L"LoaderFirmwareType", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareType", s, 0); } /* add StubInfo */ if (efivar_get_raw(LOADER_GUID, L"StubInfo", NULL, NULL) != EFI_SUCCESS) - efivar_set(LOADER_GUID, L"StubInfo", L"systemd-stub " GIT_VERSION, FALSE); + efivar_set(LOADER_GUID, L"StubInfo", L"systemd-stub " GIT_VERSION, 0); if (szs[3] > 0) graphics_splash((UINT8 *)((UINTN)loaded_image->ImageBase + addrs[3]), szs[3], NULL); diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 8adf3f5fe45..74dc8de9c8a 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -75,29 +75,23 @@ EFI_STATUS parse_boolean(const CHAR8 *v, BOOLEAN *b) { return EFI_INVALID_PARAMETER; } -EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, BOOLEAN persistent) { - UINT32 flags; - - flags = EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS; - if (persistent) - flags |= EFI_VARIABLE_NON_VOLATILE; - +EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, UINT32 flags) { + flags |= EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS; return uefi_call_wrapper(RT->SetVariable, 5, (CHAR16*) name, (EFI_GUID *)vendor, flags, size, (VOID*) buf); } -EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, BOOLEAN persistent) { - return efivar_set_raw( - vendor, name, value, value ? (StrLen(value) + 1) * sizeof(CHAR16) : 0, persistent); +EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, UINT32 flags) { + return efivar_set_raw(vendor, name, value, value ? (StrLen(value) + 1) * sizeof(CHAR16) : 0, flags); } -EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, BOOLEAN persistent) { +EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, UINT32 flags) { CHAR16 str[32]; SPrint(str, 32, L"%u", i); - return efivar_set(vendor, name, str, persistent); + return efivar_set(vendor, name, str, flags); } -EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *name, UINT32 value, BOOLEAN persistent) { +EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *name, UINT32 value, UINT32 flags) { UINT8 buf[4]; buf[0] = (UINT8)(value >> 0U & 0xFF); @@ -105,10 +99,10 @@ EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *name, UINT32 val buf[2] = (UINT8)(value >> 16U & 0xFF); buf[3] = (UINT8)(value >> 24U & 0xFF); - return efivar_set_raw(vendor, name, buf, sizeof(buf), persistent); + return efivar_set_raw(vendor, name, buf, sizeof(buf), flags); } -EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, BOOLEAN persistent) { +EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, UINT32 flags) { UINT8 buf[8]; buf[0] = (UINT8)(value >> 0U & 0xFF); @@ -120,7 +114,7 @@ EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 val buf[6] = (UINT8)(value >> 48U & 0xFF); buf[7] = (UINT8)(value >> 56U & 0xFF); - return efivar_set_raw(vendor, name, buf, sizeof(buf), persistent); + return efivar_set_raw(vendor, name, buf, sizeof(buf), flags); } EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value) { @@ -248,7 +242,7 @@ VOID efivar_set_time_usec(const EFI_GUID *vendor, CHAR16 *name, UINT64 usec) { return; SPrint(str, 32, L"%ld", usec); - efivar_set(vendor, name, str, FALSE); + efivar_set(vendor, name, str, 0); } static INTN utf8_to_16(CHAR8 *stra, CHAR16 *c) { diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index f2be857d427..a21e84ecdc6 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -21,11 +21,11 @@ UINT64 ticks_read(void); UINT64 ticks_freq(void); UINT64 time_usec(void); -EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, BOOLEAN persistent); -EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, BOOLEAN persistent); -EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, BOOLEAN persistent); -EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *NAME, UINT32 value, BOOLEAN persistent); -EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, BOOLEAN persistent); +EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, UINT32 flags); +EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, UINT32 flags); +EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, UINT32 flags); +EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *NAME, UINT32 value, UINT32 flags); +EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, UINT32 flags); VOID efivar_set_time_usec(const EFI_GUID *vendor, CHAR16 *name, UINT64 usec); EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value);