Message ID | 20191015014234.17023-1-takahiro.akashi@linaro.org |
---|---|
State | Superseded |
Delegated to: | Heinrich Schuchardt |
Headers | show |
Series | [U-Boot,v5] cmd: env: extend "env [set|print] -e" to manage UEFI variables | expand |
On 10/15/19 3:42 AM, AKASHI Takahiro wrote: > With this patch, when setting UEFI variable with "env set -e" command, > we will be able to > - specify vendor guid with "-guid guid", > - specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, > respectively with "-bs" and "-rt", > - append a value instead of overwriting with "-a", > - use memory as variable's value instead of explicit values given > at the command line with "-i address,size" > > If guid is not explicitly given, default value will be used. > > When "-at" is given, a variable should be authenticated with > appropriate signature database before setting or modifying its value. > (Authentication is not supported yet though.) > > Meanwhile, "env print -e," will be modified so that it will dump > a variable's value only if '-v' (verbose) is specified. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> -rt and -guid make sense to me. I cannot see a benefit in -v. Why should I not want to see the values of the variables? => help printenv printenv -e [-guid guid|-all][-v] [name ...] - print UEFI variable 'name' or all the variables "-v": verbose for signature database What has -v to do with a signature base in the case of UEFI variables? -at does not work. So I would not want to introduce it now. => setenv -e -guid 00000000-0000-0000-0000-000000000000 a b ## "-bs" is required -bs - Why should I want to type it if the flag is always needed? Please, do away with it. -a - I have no clue why it it needed. Do you have a substantial use case? => setenv -e -guid 00000000-0000-0000-0000-00000000 a b ## Guid not specified or in bad format "## Guid not in XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format" would be more helpful. Best regards Heinrich > --- > Changes in v5 (Oct 15, 2019) > * improve a message in case of wrong guid format > * improve a message in case that BOOTSERVICE_ACCESS is required > > Changes in v4 (Oct 7, 2019) > * print usage message if "-guid guid" has a wrong format > * add "-guid guid" and "-all" option to "env print -e" command > to specify a specific guid (or any guids) > > Changes in v3 (Oct 4, 2019) > * add verbose messages when SetVariable() fails > * add "-v" option > > Changes in v2 (Sept 6, 2019) > * remove "-at" option > > --- > cmd/nvedit.c | 19 +++- > cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++------- > 2 files changed, 258 insertions(+), 44 deletions(-) > > diff --git a/cmd/nvedit.c b/cmd/nvedit.c > index 1cb0bc1460b9..cbe6205733de 100644 > --- a/cmd/nvedit.c > +++ b/cmd/nvedit.c > @@ -1387,7 +1387,7 @@ static char env_help_text[] = > #endif > "env print [-a | name ...] - print environment\n" > #if defined(CONFIG_CMD_NVEDIT_EFI) > - "env print -e [name ...] - print UEFI environment\n" > + "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n" > #endif > #if defined(CONFIG_CMD_RUN) > "env run var [...] - run commands in an environment variable\n" > @@ -1399,7 +1399,8 @@ static char env_help_text[] = > #endif > #endif > #if defined(CONFIG_CMD_NVEDIT_EFI) > - "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n" > + "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n" > + " - set UEFI variable; unset if '-i' or 'arg' not specified\n" > #endif > "env set [-f] name [arg ...]\n"; > #endif > @@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( > "print environment variables", > "[-a]\n - print [all] values of all environment variables\n" > #if defined(CONFIG_CMD_NVEDIT_EFI) > - "printenv -e [name ...]\n" > + "printenv -e [-guid guid|-all][-v] [name ...]\n" > " - print UEFI variable 'name' or all the variables\n" > + " \"-v\": verbose for signature database\n" > #endif > "printenv name ...\n" > " - print value of environment variable 'name'", > @@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE( > setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, > "set environment variables", > #if defined(CONFIG_CMD_NVEDIT_EFI) > - "-e [-nv] name [value ...]\n" > + "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n" > + " [-i addr,size name], or [name [value ...]]\n" > " - set UEFI variable 'name' to 'value' ...'\n" > - " 'nv' option makes the variable non-volatile\n" > + " \"-guid\": set vendor guid\n" > + " \"-nv\": set non-volatile attribute\n" > + " \"-bs\": set boot-service attribute\n" > + " \"-rt\": set runtime attribute\n" > + " \"-a\": append-write\n" > + " \"-i addr,size\": use <addr,size> as variable's value\n" > + " \"-v\": verbose print\n" > " - delete UEFI variable 'name' if 'value' not specified\n" > #endif > "setenv [-f] name value ...\n" > diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c > index ed6d09a53046..44ae400a1d45 100644 > --- a/cmd/nvedit_efi.c > +++ b/cmd/nvedit_efi.c > @@ -13,6 +13,7 @@ > #include <exports.h> > #include <hexdump.h> > #include <malloc.h> > +#include <mapmem.h> > #include <linux/kernel.h> > > /* > @@ -34,15 +35,49 @@ static const struct { > {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, > }; > > +static const struct { > + efi_guid_t guid; > + char *text; > +} efi_guid_text[] = { > + /* signature database */ > + {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, > +}; > + > +/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ > +static char unknown_guid[37]; > + > +/** > + * efi_guid_to_str() - convert guid to readable name > + * > + * @guid: GUID > + * Return: string for GUID > + * > + * convert guid to readable name > + */ > +static const char *efi_guid_to_str(const efi_guid_t *guid) > +{ > + int i; > + > + for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) > + if (!guidcmp(guid, &efi_guid_text[i].guid)) > + return efi_guid_text[i].text; > + > + uuid_bin_to_str((unsigned char *)guid->b, unknown_guid, > + UUID_STR_FORMAT_GUID); > + > + return unknown_guid; > +} > + > /** > * efi_dump_single_var() - show information about a UEFI variable > * > * @name: Name of the variable > * @guid: Vendor GUID > + * @verbose: if true, dump data > * > * Show information encoded in one UEFI variable > */ > -static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > +static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose) > { > u32 attributes; > u8 *data; > @@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > if (ret != EFI_SUCCESS) > goto out; > > - printf("%ls:", name); > + printf("%ls:\n %s:", name, efi_guid_to_str(guid)); > for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) > if (attributes & efi_var_attrs[i].mask) { > if (count) > @@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > puts(efi_var_attrs[i].text); > } > printf(", DataSize = 0x%zx\n", size); > - print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); > + if (verbose) > + print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, > + data, size, true); > > out: > free(data); > @@ -90,11 +127,13 @@ out: > * > * @argc: Number of arguments (variables) > * @argv: Argument (variable name) array > + * @verbose: if true, dump data > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > * > * Show information encoded in named UEFI variables > */ > -static int efi_dump_vars(int argc, char * const argv[]) > +static int efi_dump_vars(int argc, char * const argv[], > + const efi_guid_t *guid, bool verbose) > { > u16 *var_name16, *p; > efi_uintn_t buf_size, size; > @@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[]) > p = var_name16; > utf8_utf16_strcpy(&p, argv[0]); > > - efi_dump_single_var(var_name16, > - (efi_guid_t *)&efi_global_variable_guid); > + efi_dump_single_var(var_name16, guid, verbose); > } > > free(var_name16); > @@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[]) > return CMD_RET_SUCCESS; > } > > +static bool match_name(int argc, char * const argv[], u16 *var_name16) > +{ > + char *buf, *p; > + size_t buflen; > + int i; > + bool result = false; > + > + buflen = utf16_utf8_strlen(var_name16) + 1; > + buf = calloc(1, buflen); > + if (!buf) > + return result; > + > + p = buf; > + utf16_utf8_strcpy(&p, var_name16); > + > + for (i = 0; i < argc; argc--, argv++) { > + if (!strcmp(buf, argv[i])) { > + result = true; > + goto out; > + } > + } > + > +out: > + free(buf); > + > + return result; > +} > + > /** > - * efi_dump_vars() - show information about all the UEFI variables > + * efi_dump_var_all() - show information about all the UEFI variables > * > + * @argc: Number of arguments (variables) > + * @argv: Argument (variable name) array > + * @verbose: if true, dump data > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > * > * Show information encoded in all the UEFI variables > */ > -static int efi_dump_var_all(void) > +static int efi_dump_var_all(int argc, char * const argv[], > + const efi_guid_t *guid_p, bool verbose) > { > u16 *var_name16, *p; > efi_uintn_t buf_size, size; > efi_guid_t guid; > efi_status_t ret; > > + if (argc && guid_p) > + /* simplified case */ > + return efi_dump_vars(argc, argv, guid_p, verbose); > + > buf_size = 128; > var_name16 = malloc(buf_size); > if (!var_name16) > @@ -171,7 +245,9 @@ static int efi_dump_var_all(void) > return CMD_RET_FAILURE; > } > > - efi_dump_single_var(var_name16, &guid); > + if ((!guid_p || !guidcmp(guid_p, &guid)) && > + (!argc || match_name(argc, argv, var_name16))) > + efi_dump_single_var(var_name16, &guid, verbose); > } > > free(var_name16); > @@ -189,12 +265,15 @@ static int efi_dump_var_all(void) > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > * > * This function is for "env print -e" or "printenv -e" command: > - * => env print -e [var [...]] > + * => env print -e [-v] [-guid <guid> | -all] [var [...]] > * If one or more variable names are specified, show information > * named UEFI variables, otherwise show all the UEFI variables. > */ > int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > { > + efi_guid_t guid; > + const efi_guid_t *guid_p; > + bool default_guid, guid_any, verbose; > efi_status_t ret; > > /* Initialize EFI drivers */ > @@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > return CMD_RET_FAILURE; > } > > - if (argc > 1) > - /* show specified UEFI variables */ > - return efi_dump_vars(--argc, ++argv); > + default_guid = true; > + guid_any = false; > + verbose = false; > + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > + if (!strcmp(argv[0], "-guid")) { > + if (argc == 1) > + return CMD_RET_USAGE; > + > + /* -a already specified */ > + if (!default_guid & guid_any) > + return CMD_RET_USAGE; > + > + argc--; > + argv++; > + if (uuid_str_to_bin(argv[0], guid.b, > + UUID_STR_FORMAT_GUID)) > + return CMD_RET_USAGE; > + default_guid = false; > + } else if (!strcmp(argv[0], "-all")) { > + /* -guid already specified */ > + if (!default_guid && !guid_any) > + return CMD_RET_USAGE; > + > + guid_any = true; > + default_guid = false; > + } else if (!strcmp(argv[0], "-v")) { > + verbose = true; > + } else { > + return CMD_RET_USAGE; > + } > + } > + > + if (guid_any) > + guid_p = NULL; > + else if (default_guid) > + guid_p = &efi_global_variable_guid; > + else > + guid_p = (const efi_guid_t *)guid.b; > > /* enumerate and show all UEFI variables */ > - return efi_dump_var_all(); > + return efi_dump_var_all(argc, argv, guid_p, verbose); > } > > /** > @@ -339,18 +453,22 @@ out: > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > * > * This function is for "env set -e" or "setenv -e" command: > - * => env set -e var [value ...]] > + * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v] > + * [-i address,size] var, or > + * var [value ...] > * Encode values specified and set given UEFI variable. > * If no value is specified, delete the variable. > */ > int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > { > - char *var_name, *value = NULL; > - efi_uintn_t size = 0; > - u16 *var_name16 = NULL, *p; > - size_t len; > + char *var_name, *value, *ep; > + ulong addr; > + efi_uintn_t size; > efi_guid_t guid; > u32 attributes; > + bool default_guid, verbose, value_on_memory; > + u16 *var_name16 = NULL, *p; > + size_t len; > efi_status_t ret; > > if (argc == 1) > @@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > return CMD_RET_FAILURE; > } > > - attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > - EFI_VARIABLE_RUNTIME_ACCESS; > - if (!strcmp(argv[1], "-nv")) { > - attributes |= EFI_VARIABLE_NON_VOLATILE; > - argc--; > - argv++; > - if (argc == 1) > - return CMD_RET_SUCCESS; > + /* > + * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > + * EFI_VARIABLE_RUNTIME_ACCESS; > + */ > + value = NULL; > + size = 0; > + attributes = 0; > + guid = efi_global_variable_guid; > + default_guid = true; > + verbose = false; > + value_on_memory = false; > + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > + if (!strcmp(argv[0], "-guid")) { > + if (argc == 1) > + return CMD_RET_USAGE; > + > + argc--; > + argv++; > + if (uuid_str_to_bin(argv[0], guid.b, > + UUID_STR_FORMAT_GUID)) { > + printf("## Guid not specified or in bad format\n"); > + return CMD_RET_FAILURE; > + } > + default_guid = false; > + } else if (!strcmp(argv[0], "-bs")) { > + attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; > + } else if (!strcmp(argv[0], "-rt")) { > + attributes |= EFI_VARIABLE_RUNTIME_ACCESS; > + } else if (!strcmp(argv[0], "-nv")) { > + attributes |= EFI_VARIABLE_NON_VOLATILE; > + } else if (!strcmp(argv[0], "-a")) { > + attributes |= EFI_VARIABLE_APPEND_WRITE; > + } else if (!strcmp(argv[0], "-i")) { > + /* data comes from memory */ > + if (argc == 1) > + return CMD_RET_USAGE; > + > + argc--; > + argv++; > + addr = simple_strtoul(argv[0], &ep, 16); > + if (*ep != ',') > + return CMD_RET_USAGE; > + > + size = simple_strtoul(++ep, NULL, 16); > + if (!size) > + return CMD_RET_FAILURE; > + value_on_memory = true; > + } else if (!strcmp(argv[0], "-v")) { > + verbose = true; > + } else { > + return CMD_RET_USAGE; > + } > } > + if (!argc) > + return CMD_RET_USAGE; > > - var_name = argv[1]; > - if (argc == 2) { > - /* delete */ > - value = NULL; > - size = 0; > - } else { /* set */ > - argc -= 2; > - argv += 2; > + var_name = argv[0]; > + if (default_guid) > + guid = efi_global_variable_guid; > > - for ( ; argc > 0; argc--, argv++) > + if (verbose) { > + printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *) > + &guid)); > + printf("Attributes: 0x%x\n", attributes); > + } > + > + /* for value */ > + if (value_on_memory) > + value = map_sysmem(addr, 0); > + else if (argc > 1) > + for (argc--, argv++; argc > 0; argc--, argv++) > if (append_value(&value, &size, argv[0]) < 0) { > printf("## Failed to process an argument, %s\n", > argv[0]); > ret = CMD_RET_FAILURE; > goto out; > } > + > + if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) { > + printf("## \"-bs\" is required\n"); > + ret = CMD_RET_FAILURE; > + goto out; > + } > + > + if (size && verbose) { > + printf("Value:\n"); > + print_hex_dump(" ", DUMP_PREFIX_OFFSET, > + 16, 1, value, size, true); > } > > len = utf8_utf16_strnlen(var_name, strlen(var_name)); > @@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > p = var_name16; > utf8_utf16_strncpy(&p, var_name, len + 1); > > - guid = efi_global_variable_guid; > ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, > size, value)); > + unmap_sysmem(value); > if (ret == EFI_SUCCESS) { > ret = CMD_RET_SUCCESS; > } else { > - printf("## Failed to set EFI variable\n"); > + const char *msg; > + > + switch (ret) { > + case EFI_NOT_FOUND: > + msg = " (not found)"; > + break; > + case EFI_WRITE_PROTECTED: > + msg = " (read only)"; > + break; > + case EFI_INVALID_PARAMETER: > + msg = " (invalid parameter)"; > + break; > + case EFI_SECURITY_VIOLATION: > + msg = " (validation failed)"; > + break; > + case EFI_OUT_OF_RESOURCES: > + msg = " (out of memory)"; > + break; > + default: > + msg = ""; > + break; > + } > + printf("## Failed to set EFI variable%s\n", msg); > ret = CMD_RET_FAILURE; > } > out: > - free(value); > + if (value_on_memory) > + unmap_sysmem(value); > + else > + free(value); > free(var_name16); > > return ret; >
On Tue, Oct 15, 2019 at 07:54:18AM +0200, Heinrich Schuchardt wrote: > On 10/15/19 3:42 AM, AKASHI Takahiro wrote: > >With this patch, when setting UEFI variable with "env set -e" command, > >we will be able to > >- specify vendor guid with "-guid guid", > >- specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, > > respectively with "-bs" and "-rt", > >- append a value instead of overwriting with "-a", > >- use memory as variable's value instead of explicit values given > > at the command line with "-i address,size" > > > >If guid is not explicitly given, default value will be used. > > > >When "-at" is given, a variable should be authenticated with > >appropriate signature database before setting or modifying its value. > >(Authentication is not supported yet though.) > > > >Meanwhile, "env print -e," will be modified so that it will dump > >a variable's value only if '-v' (verbose) is specified. > > > >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > -rt and -guid make sense to me. > > I cannot see a benefit in -v. Why should I not want to see the values of > the variables? I will understand it when you try to "printenv -e" after installing PK/KEK/db. It's quite annoying. > => help printenv > printenv -e [-guid guid|-all][-v] [name ...] > - print UEFI variable 'name' or all the variables > "-v": verbose for signature database > > What has -v to do with a signature base in the case of UEFI variables? Help message should be revised as "-v" now works for all variables. > -at does not work. So I would not want to introduce it now. It doens't exist in the current patch. Will remove the text from commit message. > => setenv -e -guid 00000000-0000-0000-0000-000000000000 a b > ## "-bs" is required > > -bs - Why should I want to type it if the flag is always needed? Please, > do away with it. As I said, I want to mimic Shell's interfaces/syntax so that we can use this command as a simple test for Set/GetVariable APIs. > -a - I have no clue why it it needed. Do you have a substantial use case? As I said, I use "-a" in "UEFI secure boot" patch to handle signature database. > => setenv -e -guid 00000000-0000-0000-0000-00000000 a b > ## Guid not specified or in bad format > > "## Guid not in XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format" would be > more helpful. Okay. -Takahiro Akashi > Best regards > > Heinrich > > > >--- > >Changes in v5 (Oct 15, 2019) > >* improve a message in case of wrong guid format > >* improve a message in case that BOOTSERVICE_ACCESS is required > > > >Changes in v4 (Oct 7, 2019) > >* print usage message if "-guid guid" has a wrong format > >* add "-guid guid" and "-all" option to "env print -e" command > > to specify a specific guid (or any guids) > > > >Changes in v3 (Oct 4, 2019) > >* add verbose messages when SetVariable() fails > >* add "-v" option > > > >Changes in v2 (Sept 6, 2019) > >* remove "-at" option > > > >--- > > cmd/nvedit.c | 19 +++- > > cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++------- > > 2 files changed, 258 insertions(+), 44 deletions(-) > > > >diff --git a/cmd/nvedit.c b/cmd/nvedit.c > >index 1cb0bc1460b9..cbe6205733de 100644 > >--- a/cmd/nvedit.c > >+++ b/cmd/nvedit.c > >@@ -1387,7 +1387,7 @@ static char env_help_text[] = > > #endif > > "env print [-a | name ...] - print environment\n" > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "env print -e [name ...] - print UEFI environment\n" > >+ "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n" > > #endif > > #if defined(CONFIG_CMD_RUN) > > "env run var [...] - run commands in an environment variable\n" > >@@ -1399,7 +1399,8 @@ static char env_help_text[] = > > #endif > > #endif > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n" > >+ "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n" > >+ " - set UEFI variable; unset if '-i' or 'arg' not specified\n" > > #endif > > "env set [-f] name [arg ...]\n"; > > #endif > >@@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( > > "print environment variables", > > "[-a]\n - print [all] values of all environment variables\n" > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "printenv -e [name ...]\n" > >+ "printenv -e [-guid guid|-all][-v] [name ...]\n" > > " - print UEFI variable 'name' or all the variables\n" > >+ " \"-v\": verbose for signature database\n" > > #endif > > "printenv name ...\n" > > " - print value of environment variable 'name'", > >@@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE( > > setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, > > "set environment variables", > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "-e [-nv] name [value ...]\n" > >+ "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n" > >+ " [-i addr,size name], or [name [value ...]]\n" > > " - set UEFI variable 'name' to 'value' ...'\n" > >- " 'nv' option makes the variable non-volatile\n" > >+ " \"-guid\": set vendor guid\n" > >+ " \"-nv\": set non-volatile attribute\n" > >+ " \"-bs\": set boot-service attribute\n" > >+ " \"-rt\": set runtime attribute\n" > >+ " \"-a\": append-write\n" > >+ " \"-i addr,size\": use <addr,size> as variable's value\n" > >+ " \"-v\": verbose print\n" > > " - delete UEFI variable 'name' if 'value' not specified\n" > > #endif > > "setenv [-f] name value ...\n" > >diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c > >index ed6d09a53046..44ae400a1d45 100644 > >--- a/cmd/nvedit_efi.c > >+++ b/cmd/nvedit_efi.c > >@@ -13,6 +13,7 @@ > > #include <exports.h> > > #include <hexdump.h> > > #include <malloc.h> > >+#include <mapmem.h> > > #include <linux/kernel.h> > > > > /* > >@@ -34,15 +35,49 @@ static const struct { > > {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, > > }; > > > >+static const struct { > >+ efi_guid_t guid; > >+ char *text; > >+} efi_guid_text[] = { > >+ /* signature database */ > >+ {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, > >+}; > >+ > >+/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ > >+static char unknown_guid[37]; > >+ > >+/** > >+ * efi_guid_to_str() - convert guid to readable name > >+ * > >+ * @guid: GUID > >+ * Return: string for GUID > >+ * > >+ * convert guid to readable name > >+ */ > >+static const char *efi_guid_to_str(const efi_guid_t *guid) > >+{ > >+ int i; > >+ > >+ for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) > >+ if (!guidcmp(guid, &efi_guid_text[i].guid)) > >+ return efi_guid_text[i].text; > >+ > >+ uuid_bin_to_str((unsigned char *)guid->b, unknown_guid, > >+ UUID_STR_FORMAT_GUID); > >+ > >+ return unknown_guid; > >+} > >+ > > /** > > * efi_dump_single_var() - show information about a UEFI variable > > * > > * @name: Name of the variable > > * @guid: Vendor GUID > >+ * @verbose: if true, dump data > > * > > * Show information encoded in one UEFI variable > > */ > >-static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > >+static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose) > > { > > u32 attributes; > > u8 *data; > >@@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > > if (ret != EFI_SUCCESS) > > goto out; > > > >- printf("%ls:", name); > >+ printf("%ls:\n %s:", name, efi_guid_to_str(guid)); > > for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) > > if (attributes & efi_var_attrs[i].mask) { > > if (count) > >@@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > > puts(efi_var_attrs[i].text); > > } > > printf(", DataSize = 0x%zx\n", size); > >- print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); > >+ if (verbose) > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, > >+ data, size, true); > > > > out: > > free(data); > >@@ -90,11 +127,13 @@ out: > > * > > * @argc: Number of arguments (variables) > > * @argv: Argument (variable name) array > >+ * @verbose: if true, dump data > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * Show information encoded in named UEFI variables > > */ > >-static int efi_dump_vars(int argc, char * const argv[]) > >+static int efi_dump_vars(int argc, char * const argv[], > >+ const efi_guid_t *guid, bool verbose) > > { > > u16 *var_name16, *p; > > efi_uintn_t buf_size, size; > >@@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[]) > > p = var_name16; > > utf8_utf16_strcpy(&p, argv[0]); > > > >- efi_dump_single_var(var_name16, > >- (efi_guid_t *)&efi_global_variable_guid); > >+ efi_dump_single_var(var_name16, guid, verbose); > > } > > > > free(var_name16); > >@@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[]) > > return CMD_RET_SUCCESS; > > } > > > >+static bool match_name(int argc, char * const argv[], u16 *var_name16) > >+{ > >+ char *buf, *p; > >+ size_t buflen; > >+ int i; > >+ bool result = false; > >+ > >+ buflen = utf16_utf8_strlen(var_name16) + 1; > >+ buf = calloc(1, buflen); > >+ if (!buf) > >+ return result; > >+ > >+ p = buf; > >+ utf16_utf8_strcpy(&p, var_name16); > >+ > >+ for (i = 0; i < argc; argc--, argv++) { > >+ if (!strcmp(buf, argv[i])) { > >+ result = true; > >+ goto out; > >+ } > >+ } > >+ > >+out: > >+ free(buf); > >+ > >+ return result; > >+} > >+ > > /** > >- * efi_dump_vars() - show information about all the UEFI variables > >+ * efi_dump_var_all() - show information about all the UEFI variables > > * > >+ * @argc: Number of arguments (variables) > >+ * @argv: Argument (variable name) array > >+ * @verbose: if true, dump data > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * Show information encoded in all the UEFI variables > > */ > >-static int efi_dump_var_all(void) > >+static int efi_dump_var_all(int argc, char * const argv[], > >+ const efi_guid_t *guid_p, bool verbose) > > { > > u16 *var_name16, *p; > > efi_uintn_t buf_size, size; > > efi_guid_t guid; > > efi_status_t ret; > > > >+ if (argc && guid_p) > >+ /* simplified case */ > >+ return efi_dump_vars(argc, argv, guid_p, verbose); > >+ > > buf_size = 128; > > var_name16 = malloc(buf_size); > > if (!var_name16) > >@@ -171,7 +245,9 @@ static int efi_dump_var_all(void) > > return CMD_RET_FAILURE; > > } > > > >- efi_dump_single_var(var_name16, &guid); > >+ if ((!guid_p || !guidcmp(guid_p, &guid)) && > >+ (!argc || match_name(argc, argv, var_name16))) > >+ efi_dump_single_var(var_name16, &guid, verbose); > > } > > > > free(var_name16); > >@@ -189,12 +265,15 @@ static int efi_dump_var_all(void) > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * This function is for "env print -e" or "printenv -e" command: > >- * => env print -e [var [...]] > >+ * => env print -e [-v] [-guid <guid> | -all] [var [...]] > > * If one or more variable names are specified, show information > > * named UEFI variables, otherwise show all the UEFI variables. > > */ > > int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > { > >+ efi_guid_t guid; > >+ const efi_guid_t *guid_p; > >+ bool default_guid, guid_any, verbose; > > efi_status_t ret; > > > > /* Initialize EFI drivers */ > >@@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > return CMD_RET_FAILURE; > > } > > > >- if (argc > 1) > >- /* show specified UEFI variables */ > >- return efi_dump_vars(--argc, ++argv); > >+ default_guid = true; > >+ guid_any = false; > >+ verbose = false; > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > >+ if (!strcmp(argv[0], "-guid")) { > >+ if (argc == 1) > >+ return CMD_RET_USAGE; > >+ > >+ /* -a already specified */ > >+ if (!default_guid & guid_any) > >+ return CMD_RET_USAGE; > >+ > >+ argc--; > >+ argv++; > >+ if (uuid_str_to_bin(argv[0], guid.b, > >+ UUID_STR_FORMAT_GUID)) > >+ return CMD_RET_USAGE; > >+ default_guid = false; > >+ } else if (!strcmp(argv[0], "-all")) { > >+ /* -guid already specified */ > >+ if (!default_guid && !guid_any) > >+ return CMD_RET_USAGE; > >+ > >+ guid_any = true; > >+ default_guid = false; > >+ } else if (!strcmp(argv[0], "-v")) { > >+ verbose = true; > >+ } else { > >+ return CMD_RET_USAGE; > >+ } > >+ } > >+ > >+ if (guid_any) > >+ guid_p = NULL; > >+ else if (default_guid) > >+ guid_p = &efi_global_variable_guid; > >+ else > >+ guid_p = (const efi_guid_t *)guid.b; > > > > /* enumerate and show all UEFI variables */ > >- return efi_dump_var_all(); > >+ return efi_dump_var_all(argc, argv, guid_p, verbose); > > } > > > > /** > >@@ -339,18 +453,22 @@ out: > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * This function is for "env set -e" or "setenv -e" command: > >- * => env set -e var [value ...]] > >+ * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v] > >+ * [-i address,size] var, or > >+ * var [value ...] > > * Encode values specified and set given UEFI variable. > > * If no value is specified, delete the variable. > > */ > > int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > { > >- char *var_name, *value = NULL; > >- efi_uintn_t size = 0; > >- u16 *var_name16 = NULL, *p; > >- size_t len; > >+ char *var_name, *value, *ep; > >+ ulong addr; > >+ efi_uintn_t size; > > efi_guid_t guid; > > u32 attributes; > >+ bool default_guid, verbose, value_on_memory; > >+ u16 *var_name16 = NULL, *p; > >+ size_t len; > > efi_status_t ret; > > > > if (argc == 1) > >@@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > return CMD_RET_FAILURE; > > } > > > >- attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > >- EFI_VARIABLE_RUNTIME_ACCESS; > >- if (!strcmp(argv[1], "-nv")) { > >- attributes |= EFI_VARIABLE_NON_VOLATILE; > >- argc--; > >- argv++; > >- if (argc == 1) > >- return CMD_RET_SUCCESS; > >+ /* > >+ * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > >+ * EFI_VARIABLE_RUNTIME_ACCESS; > >+ */ > >+ value = NULL; > >+ size = 0; > >+ attributes = 0; > >+ guid = efi_global_variable_guid; > >+ default_guid = true; > >+ verbose = false; > >+ value_on_memory = false; > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > >+ if (!strcmp(argv[0], "-guid")) { > >+ if (argc == 1) > >+ return CMD_RET_USAGE; > >+ > >+ argc--; > >+ argv++; > >+ if (uuid_str_to_bin(argv[0], guid.b, > >+ UUID_STR_FORMAT_GUID)) { > >+ printf("## Guid not specified or in bad format\n"); > >+ return CMD_RET_FAILURE; > >+ } > >+ default_guid = false; > >+ } else if (!strcmp(argv[0], "-bs")) { > >+ attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; > >+ } else if (!strcmp(argv[0], "-rt")) { > >+ attributes |= EFI_VARIABLE_RUNTIME_ACCESS; > >+ } else if (!strcmp(argv[0], "-nv")) { > >+ attributes |= EFI_VARIABLE_NON_VOLATILE; > >+ } else if (!strcmp(argv[0], "-a")) { > >+ attributes |= EFI_VARIABLE_APPEND_WRITE; > >+ } else if (!strcmp(argv[0], "-i")) { > >+ /* data comes from memory */ > >+ if (argc == 1) > >+ return CMD_RET_USAGE; > >+ > >+ argc--; > >+ argv++; > >+ addr = simple_strtoul(argv[0], &ep, 16); > >+ if (*ep != ',') > >+ return CMD_RET_USAGE; > >+ > >+ size = simple_strtoul(++ep, NULL, 16); > >+ if (!size) > >+ return CMD_RET_FAILURE; > >+ value_on_memory = true; > >+ } else if (!strcmp(argv[0], "-v")) { > >+ verbose = true; > >+ } else { > >+ return CMD_RET_USAGE; > >+ } > > } > >+ if (!argc) > >+ return CMD_RET_USAGE; > > > >- var_name = argv[1]; > >- if (argc == 2) { > >- /* delete */ > >- value = NULL; > >- size = 0; > >- } else { /* set */ > >- argc -= 2; > >- argv += 2; > >+ var_name = argv[0]; > >+ if (default_guid) > >+ guid = efi_global_variable_guid; > > > >- for ( ; argc > 0; argc--, argv++) > >+ if (verbose) { > >+ printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *) > >+ &guid)); > >+ printf("Attributes: 0x%x\n", attributes); > >+ } > >+ > >+ /* for value */ > >+ if (value_on_memory) > >+ value = map_sysmem(addr, 0); > >+ else if (argc > 1) > >+ for (argc--, argv++; argc > 0; argc--, argv++) > > if (append_value(&value, &size, argv[0]) < 0) { > > printf("## Failed to process an argument, %s\n", > > argv[0]); > > ret = CMD_RET_FAILURE; > > goto out; > > } > >+ > >+ if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) { > >+ printf("## \"-bs\" is required\n"); > >+ ret = CMD_RET_FAILURE; > >+ goto out; > >+ } > >+ > >+ if (size && verbose) { > >+ printf("Value:\n"); > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, > >+ 16, 1, value, size, true); > > } > > > > len = utf8_utf16_strnlen(var_name, strlen(var_name)); > >@@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > p = var_name16; > > utf8_utf16_strncpy(&p, var_name, len + 1); > > > >- guid = efi_global_variable_guid; > > ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, > > size, value)); > >+ unmap_sysmem(value); > > if (ret == EFI_SUCCESS) { > > ret = CMD_RET_SUCCESS; > > } else { > >- printf("## Failed to set EFI variable\n"); > >+ const char *msg; > >+ > >+ switch (ret) { > >+ case EFI_NOT_FOUND: > >+ msg = " (not found)"; > >+ break; > >+ case EFI_WRITE_PROTECTED: > >+ msg = " (read only)"; > >+ break; > >+ case EFI_INVALID_PARAMETER: > >+ msg = " (invalid parameter)"; > >+ break; > >+ case EFI_SECURITY_VIOLATION: > >+ msg = " (validation failed)"; > >+ break; > >+ case EFI_OUT_OF_RESOURCES: > >+ msg = " (out of memory)"; > >+ break; > >+ default: > >+ msg = ""; > >+ break; > >+ } > >+ printf("## Failed to set EFI variable%s\n", msg); > > ret = CMD_RET_FAILURE; > > } > > out: > >- free(value); > >+ if (value_on_memory) > >+ unmap_sysmem(value); > >+ else > >+ free(value); > > free(var_name16); > > > > return ret; > > >
On Tue, Oct 15, 2019 at 06:09:10PM +0900, AKASHI Takahiro wrote: > On Tue, Oct 15, 2019 at 07:54:18AM +0200, Heinrich Schuchardt wrote: > > On 10/15/19 3:42 AM, AKASHI Takahiro wrote: > > >With this patch, when setting UEFI variable with "env set -e" command, > > >we will be able to > > >- specify vendor guid with "-guid guid", > > >- specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, > > > respectively with "-bs" and "-rt", > > >- append a value instead of overwriting with "-a", > > >- use memory as variable's value instead of explicit values given > > > at the command line with "-i address,size" > > > > > >If guid is not explicitly given, default value will be used. > > > > > >When "-at" is given, a variable should be authenticated with > > >appropriate signature database before setting or modifying its value. > > >(Authentication is not supported yet though.) > > > > > >Meanwhile, "env print -e," will be modified so that it will dump > > >a variable's value only if '-v' (verbose) is specified. > > > > > >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > > -rt and -guid make sense to me. > > > > I cannot see a benefit in -v. Why should I not want to see the values of > > the variables? > > I will understand it when you try to "printenv -e" after (Oops) => You will understand ... Please note that UEFI variables are not always human-readable texts, but can be binary. PK/KEK/db are good examples. There is definitely a case where you don't want, at least not need, to see values. But after your comment, I will add "-n" instead of "-v" so that default action will be to dump *data*, while "-n" suppressing it. -Takahiro Akashi > installing PK/KEK/db. It's quite annoying. > > > => help printenv > > printenv -e [-guid guid|-all][-v] [name ...] > > - print UEFI variable 'name' or all the variables > > "-v": verbose for signature database > > > > What has -v to do with a signature base in the case of UEFI variables? > > Help message should be revised as "-v" now works for all variables. > > > -at does not work. So I would not want to introduce it now. > > It doens't exist in the current patch. Will remove the text from > commit message. > > > => setenv -e -guid 00000000-0000-0000-0000-000000000000 a b > > ## "-bs" is required > > > > -bs - Why should I want to type it if the flag is always needed? Please, > > do away with it. > > As I said, I want to mimic Shell's interfaces/syntax > so that we can use this command as a simple test > for Set/GetVariable APIs. > > > -a - I have no clue why it it needed. Do you have a substantial use case? > > As I said, I use "-a" in "UEFI secure boot" patch to handle > signature database. > > > => setenv -e -guid 00000000-0000-0000-0000-00000000 a b > > ## Guid not specified or in bad format > > > > "## Guid not in XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format" would be > > more helpful. > > Okay. > > -Takahiro Akashi > > > Best regards > > > > Heinrich > > > > > > >--- > > >Changes in v5 (Oct 15, 2019) > > >* improve a message in case of wrong guid format > > >* improve a message in case that BOOTSERVICE_ACCESS is required > > > > > >Changes in v4 (Oct 7, 2019) > > >* print usage message if "-guid guid" has a wrong format > > >* add "-guid guid" and "-all" option to "env print -e" command > > > to specify a specific guid (or any guids) > > > > > >Changes in v3 (Oct 4, 2019) > > >* add verbose messages when SetVariable() fails > > >* add "-v" option > > > > > >Changes in v2 (Sept 6, 2019) > > >* remove "-at" option > > > > > >--- > > > cmd/nvedit.c | 19 +++- > > > cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++------- > > > 2 files changed, 258 insertions(+), 44 deletions(-) > > > > > >diff --git a/cmd/nvedit.c b/cmd/nvedit.c > > >index 1cb0bc1460b9..cbe6205733de 100644 > > >--- a/cmd/nvedit.c > > >+++ b/cmd/nvedit.c > > >@@ -1387,7 +1387,7 @@ static char env_help_text[] = > > > #endif > > > "env print [-a | name ...] - print environment\n" > > > #if defined(CONFIG_CMD_NVEDIT_EFI) > > >- "env print -e [name ...] - print UEFI environment\n" > > >+ "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n" > > > #endif > > > #if defined(CONFIG_CMD_RUN) > > > "env run var [...] - run commands in an environment variable\n" > > >@@ -1399,7 +1399,8 @@ static char env_help_text[] = > > > #endif > > > #endif > > > #if defined(CONFIG_CMD_NVEDIT_EFI) > > >- "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n" > > >+ "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n" > > >+ " - set UEFI variable; unset if '-i' or 'arg' not specified\n" > > > #endif > > > "env set [-f] name [arg ...]\n"; > > > #endif > > >@@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( > > > "print environment variables", > > > "[-a]\n - print [all] values of all environment variables\n" > > > #if defined(CONFIG_CMD_NVEDIT_EFI) > > >- "printenv -e [name ...]\n" > > >+ "printenv -e [-guid guid|-all][-v] [name ...]\n" > > > " - print UEFI variable 'name' or all the variables\n" > > >+ " \"-v\": verbose for signature database\n" > > > #endif > > > "printenv name ...\n" > > > " - print value of environment variable 'name'", > > >@@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE( > > > setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, > > > "set environment variables", > > > #if defined(CONFIG_CMD_NVEDIT_EFI) > > >- "-e [-nv] name [value ...]\n" > > >+ "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n" > > >+ " [-i addr,size name], or [name [value ...]]\n" > > > " - set UEFI variable 'name' to 'value' ...'\n" > > >- " 'nv' option makes the variable non-volatile\n" > > >+ " \"-guid\": set vendor guid\n" > > >+ " \"-nv\": set non-volatile attribute\n" > > >+ " \"-bs\": set boot-service attribute\n" > > >+ " \"-rt\": set runtime attribute\n" > > >+ " \"-a\": append-write\n" > > >+ " \"-i addr,size\": use <addr,size> as variable's value\n" > > >+ " \"-v\": verbose print\n" > > > " - delete UEFI variable 'name' if 'value' not specified\n" > > > #endif > > > "setenv [-f] name value ...\n" > > >diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c > > >index ed6d09a53046..44ae400a1d45 100644 > > >--- a/cmd/nvedit_efi.c > > >+++ b/cmd/nvedit_efi.c > > >@@ -13,6 +13,7 @@ > > > #include <exports.h> > > > #include <hexdump.h> > > > #include <malloc.h> > > >+#include <mapmem.h> > > > #include <linux/kernel.h> > > > > > > /* > > >@@ -34,15 +35,49 @@ static const struct { > > > {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, > > > }; > > > > > >+static const struct { > > >+ efi_guid_t guid; > > >+ char *text; > > >+} efi_guid_text[] = { > > >+ /* signature database */ > > >+ {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, > > >+}; > > >+ > > >+/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ > > >+static char unknown_guid[37]; > > >+ > > >+/** > > >+ * efi_guid_to_str() - convert guid to readable name > > >+ * > > >+ * @guid: GUID > > >+ * Return: string for GUID > > >+ * > > >+ * convert guid to readable name > > >+ */ > > >+static const char *efi_guid_to_str(const efi_guid_t *guid) > > >+{ > > >+ int i; > > >+ > > >+ for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) > > >+ if (!guidcmp(guid, &efi_guid_text[i].guid)) > > >+ return efi_guid_text[i].text; > > >+ > > >+ uuid_bin_to_str((unsigned char *)guid->b, unknown_guid, > > >+ UUID_STR_FORMAT_GUID); > > >+ > > >+ return unknown_guid; > > >+} > > >+ > > > /** > > > * efi_dump_single_var() - show information about a UEFI variable > > > * > > > * @name: Name of the variable > > > * @guid: Vendor GUID > > >+ * @verbose: if true, dump data > > > * > > > * Show information encoded in one UEFI variable > > > */ > > >-static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > > >+static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose) > > > { > > > u32 attributes; > > > u8 *data; > > >@@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > > > if (ret != EFI_SUCCESS) > > > goto out; > > > > > >- printf("%ls:", name); > > >+ printf("%ls:\n %s:", name, efi_guid_to_str(guid)); > > > for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) > > > if (attributes & efi_var_attrs[i].mask) { > > > if (count) > > >@@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > > > puts(efi_var_attrs[i].text); > > > } > > > printf(", DataSize = 0x%zx\n", size); > > >- print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); > > >+ if (verbose) > > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, > > >+ data, size, true); > > > > > > out: > > > free(data); > > >@@ -90,11 +127,13 @@ out: > > > * > > > * @argc: Number of arguments (variables) > > > * @argv: Argument (variable name) array > > >+ * @verbose: if true, dump data > > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > > * > > > * Show information encoded in named UEFI variables > > > */ > > >-static int efi_dump_vars(int argc, char * const argv[]) > > >+static int efi_dump_vars(int argc, char * const argv[], > > >+ const efi_guid_t *guid, bool verbose) > > > { > > > u16 *var_name16, *p; > > > efi_uintn_t buf_size, size; > > >@@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[]) > > > p = var_name16; > > > utf8_utf16_strcpy(&p, argv[0]); > > > > > >- efi_dump_single_var(var_name16, > > >- (efi_guid_t *)&efi_global_variable_guid); > > >+ efi_dump_single_var(var_name16, guid, verbose); > > > } > > > > > > free(var_name16); > > >@@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[]) > > > return CMD_RET_SUCCESS; > > > } > > > > > >+static bool match_name(int argc, char * const argv[], u16 *var_name16) > > >+{ > > >+ char *buf, *p; > > >+ size_t buflen; > > >+ int i; > > >+ bool result = false; > > >+ > > >+ buflen = utf16_utf8_strlen(var_name16) + 1; > > >+ buf = calloc(1, buflen); > > >+ if (!buf) > > >+ return result; > > >+ > > >+ p = buf; > > >+ utf16_utf8_strcpy(&p, var_name16); > > >+ > > >+ for (i = 0; i < argc; argc--, argv++) { > > >+ if (!strcmp(buf, argv[i])) { > > >+ result = true; > > >+ goto out; > > >+ } > > >+ } > > >+ > > >+out: > > >+ free(buf); > > >+ > > >+ return result; > > >+} > > >+ > > > /** > > >- * efi_dump_vars() - show information about all the UEFI variables > > >+ * efi_dump_var_all() - show information about all the UEFI variables > > > * > > >+ * @argc: Number of arguments (variables) > > >+ * @argv: Argument (variable name) array > > >+ * @verbose: if true, dump data > > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > > * > > > * Show information encoded in all the UEFI variables > > > */ > > >-static int efi_dump_var_all(void) > > >+static int efi_dump_var_all(int argc, char * const argv[], > > >+ const efi_guid_t *guid_p, bool verbose) > > > { > > > u16 *var_name16, *p; > > > efi_uintn_t buf_size, size; > > > efi_guid_t guid; > > > efi_status_t ret; > > > > > >+ if (argc && guid_p) > > >+ /* simplified case */ > > >+ return efi_dump_vars(argc, argv, guid_p, verbose); > > >+ > > > buf_size = 128; > > > var_name16 = malloc(buf_size); > > > if (!var_name16) > > >@@ -171,7 +245,9 @@ static int efi_dump_var_all(void) > > > return CMD_RET_FAILURE; > > > } > > > > > >- efi_dump_single_var(var_name16, &guid); > > >+ if ((!guid_p || !guidcmp(guid_p, &guid)) && > > >+ (!argc || match_name(argc, argv, var_name16))) > > >+ efi_dump_single_var(var_name16, &guid, verbose); > > > } > > > > > > free(var_name16); > > >@@ -189,12 +265,15 @@ static int efi_dump_var_all(void) > > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > > * > > > * This function is for "env print -e" or "printenv -e" command: > > >- * => env print -e [var [...]] > > >+ * => env print -e [-v] [-guid <guid> | -all] [var [...]] > > > * If one or more variable names are specified, show information > > > * named UEFI variables, otherwise show all the UEFI variables. > > > */ > > > int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > > { > > >+ efi_guid_t guid; > > >+ const efi_guid_t *guid_p; > > >+ bool default_guid, guid_any, verbose; > > > efi_status_t ret; > > > > > > /* Initialize EFI drivers */ > > >@@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > > return CMD_RET_FAILURE; > > > } > > > > > >- if (argc > 1) > > >- /* show specified UEFI variables */ > > >- return efi_dump_vars(--argc, ++argv); > > >+ default_guid = true; > > >+ guid_any = false; > > >+ verbose = false; > > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > > >+ if (!strcmp(argv[0], "-guid")) { > > >+ if (argc == 1) > > >+ return CMD_RET_USAGE; > > >+ > > >+ /* -a already specified */ > > >+ if (!default_guid & guid_any) > > >+ return CMD_RET_USAGE; > > >+ > > >+ argc--; > > >+ argv++; > > >+ if (uuid_str_to_bin(argv[0], guid.b, > > >+ UUID_STR_FORMAT_GUID)) > > >+ return CMD_RET_USAGE; > > >+ default_guid = false; > > >+ } else if (!strcmp(argv[0], "-all")) { > > >+ /* -guid already specified */ > > >+ if (!default_guid && !guid_any) > > >+ return CMD_RET_USAGE; > > >+ > > >+ guid_any = true; > > >+ default_guid = false; > > >+ } else if (!strcmp(argv[0], "-v")) { > > >+ verbose = true; > > >+ } else { > > >+ return CMD_RET_USAGE; > > >+ } > > >+ } > > >+ > > >+ if (guid_any) > > >+ guid_p = NULL; > > >+ else if (default_guid) > > >+ guid_p = &efi_global_variable_guid; > > >+ else > > >+ guid_p = (const efi_guid_t *)guid.b; > > > > > > /* enumerate and show all UEFI variables */ > > >- return efi_dump_var_all(); > > >+ return efi_dump_var_all(argc, argv, guid_p, verbose); > > > } > > > > > > /** > > >@@ -339,18 +453,22 @@ out: > > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > > * > > > * This function is for "env set -e" or "setenv -e" command: > > >- * => env set -e var [value ...]] > > >+ * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v] > > >+ * [-i address,size] var, or > > >+ * var [value ...] > > > * Encode values specified and set given UEFI variable. > > > * If no value is specified, delete the variable. > > > */ > > > int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > > { > > >- char *var_name, *value = NULL; > > >- efi_uintn_t size = 0; > > >- u16 *var_name16 = NULL, *p; > > >- size_t len; > > >+ char *var_name, *value, *ep; > > >+ ulong addr; > > >+ efi_uintn_t size; > > > efi_guid_t guid; > > > u32 attributes; > > >+ bool default_guid, verbose, value_on_memory; > > >+ u16 *var_name16 = NULL, *p; > > >+ size_t len; > > > efi_status_t ret; > > > > > > if (argc == 1) > > >@@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > > return CMD_RET_FAILURE; > > > } > > > > > >- attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > > >- EFI_VARIABLE_RUNTIME_ACCESS; > > >- if (!strcmp(argv[1], "-nv")) { > > >- attributes |= EFI_VARIABLE_NON_VOLATILE; > > >- argc--; > > >- argv++; > > >- if (argc == 1) > > >- return CMD_RET_SUCCESS; > > >+ /* > > >+ * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > > >+ * EFI_VARIABLE_RUNTIME_ACCESS; > > >+ */ > > >+ value = NULL; > > >+ size = 0; > > >+ attributes = 0; > > >+ guid = efi_global_variable_guid; > > >+ default_guid = true; > > >+ verbose = false; > > >+ value_on_memory = false; > > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > > >+ if (!strcmp(argv[0], "-guid")) { > > >+ if (argc == 1) > > >+ return CMD_RET_USAGE; > > >+ > > >+ argc--; > > >+ argv++; > > >+ if (uuid_str_to_bin(argv[0], guid.b, > > >+ UUID_STR_FORMAT_GUID)) { > > >+ printf("## Guid not specified or in bad format\n"); > > >+ return CMD_RET_FAILURE; > > >+ } > > >+ default_guid = false; > > >+ } else if (!strcmp(argv[0], "-bs")) { > > >+ attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; > > >+ } else if (!strcmp(argv[0], "-rt")) { > > >+ attributes |= EFI_VARIABLE_RUNTIME_ACCESS; > > >+ } else if (!strcmp(argv[0], "-nv")) { > > >+ attributes |= EFI_VARIABLE_NON_VOLATILE; > > >+ } else if (!strcmp(argv[0], "-a")) { > > >+ attributes |= EFI_VARIABLE_APPEND_WRITE; > > >+ } else if (!strcmp(argv[0], "-i")) { > > >+ /* data comes from memory */ > > >+ if (argc == 1) > > >+ return CMD_RET_USAGE; > > >+ > > >+ argc--; > > >+ argv++; > > >+ addr = simple_strtoul(argv[0], &ep, 16); > > >+ if (*ep != ',') > > >+ return CMD_RET_USAGE; > > >+ > > >+ size = simple_strtoul(++ep, NULL, 16); > > >+ if (!size) > > >+ return CMD_RET_FAILURE; > > >+ value_on_memory = true; > > >+ } else if (!strcmp(argv[0], "-v")) { > > >+ verbose = true; > > >+ } else { > > >+ return CMD_RET_USAGE; > > >+ } > > > } > > >+ if (!argc) > > >+ return CMD_RET_USAGE; > > > > > >- var_name = argv[1]; > > >- if (argc == 2) { > > >- /* delete */ > > >- value = NULL; > > >- size = 0; > > >- } else { /* set */ > > >- argc -= 2; > > >- argv += 2; > > >+ var_name = argv[0]; > > >+ if (default_guid) > > >+ guid = efi_global_variable_guid; > > > > > >- for ( ; argc > 0; argc--, argv++) > > >+ if (verbose) { > > >+ printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *) > > >+ &guid)); > > >+ printf("Attributes: 0x%x\n", attributes); > > >+ } > > >+ > > >+ /* for value */ > > >+ if (value_on_memory) > > >+ value = map_sysmem(addr, 0); > > >+ else if (argc > 1) > > >+ for (argc--, argv++; argc > 0; argc--, argv++) > > > if (append_value(&value, &size, argv[0]) < 0) { > > > printf("## Failed to process an argument, %s\n", > > > argv[0]); > > > ret = CMD_RET_FAILURE; > > > goto out; > > > } > > >+ > > >+ if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) { > > >+ printf("## \"-bs\" is required\n"); > > >+ ret = CMD_RET_FAILURE; > > >+ goto out; > > >+ } > > >+ > > >+ if (size && verbose) { > > >+ printf("Value:\n"); > > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, > > >+ 16, 1, value, size, true); > > > } > > > > > > len = utf8_utf16_strnlen(var_name, strlen(var_name)); > > >@@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) > > > p = var_name16; > > > utf8_utf16_strncpy(&p, var_name, len + 1); > > > > > >- guid = efi_global_variable_guid; > > > ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, > > > size, value)); > > >+ unmap_sysmem(value); > > > if (ret == EFI_SUCCESS) { > > > ret = CMD_RET_SUCCESS; > > > } else { > > >- printf("## Failed to set EFI variable\n"); > > >+ const char *msg; > > >+ > > >+ switch (ret) { > > >+ case EFI_NOT_FOUND: > > >+ msg = " (not found)"; > > >+ break; > > >+ case EFI_WRITE_PROTECTED: > > >+ msg = " (read only)"; > > >+ break; > > >+ case EFI_INVALID_PARAMETER: > > >+ msg = " (invalid parameter)"; > > >+ break; > > >+ case EFI_SECURITY_VIOLATION: > > >+ msg = " (validation failed)"; > > >+ break; > > >+ case EFI_OUT_OF_RESOURCES: > > >+ msg = " (out of memory)"; > > >+ break; > > >+ default: > > >+ msg = ""; > > >+ break; > > >+ } > > >+ printf("## Failed to set EFI variable%s\n", msg); > > > ret = CMD_RET_FAILURE; > > > } > > > out: > > >- free(value); > > >+ if (value_on_memory) > > >+ unmap_sysmem(value); > > >+ else > > >+ free(value); > > > free(var_name16); > > > > > > return ret; > > > > >
diff --git a/cmd/nvedit.c b/cmd/nvedit.c index 1cb0bc1460b9..cbe6205733de 100644 --- a/cmd/nvedit.c +++ b/cmd/nvedit.c @@ -1387,7 +1387,7 @@ static char env_help_text[] = #endif "env print [-a | name ...] - print environment\n" #if defined(CONFIG_CMD_NVEDIT_EFI) - "env print -e [name ...] - print UEFI environment\n" + "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n" #endif #if defined(CONFIG_CMD_RUN) "env run var [...] - run commands in an environment variable\n" @@ -1399,7 +1399,8 @@ static char env_help_text[] = #endif #endif #if defined(CONFIG_CMD_NVEDIT_EFI) - "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n" + "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n" + " - set UEFI variable; unset if '-i' or 'arg' not specified\n" #endif "env set [-f] name [arg ...]\n"; #endif @@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( "print environment variables", "[-a]\n - print [all] values of all environment variables\n" #if defined(CONFIG_CMD_NVEDIT_EFI) - "printenv -e [name ...]\n" + "printenv -e [-guid guid|-all][-v] [name ...]\n" " - print UEFI variable 'name' or all the variables\n" + " \"-v\": verbose for signature database\n" #endif "printenv name ...\n" " - print value of environment variable 'name'", @@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE( setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, "set environment variables", #if defined(CONFIG_CMD_NVEDIT_EFI) - "-e [-nv] name [value ...]\n" + "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n" + " [-i addr,size name], or [name [value ...]]\n" " - set UEFI variable 'name' to 'value' ...'\n" - " 'nv' option makes the variable non-volatile\n" + " \"-guid\": set vendor guid\n" + " \"-nv\": set non-volatile attribute\n" + " \"-bs\": set boot-service attribute\n" + " \"-rt\": set runtime attribute\n" + " \"-a\": append-write\n" + " \"-i addr,size\": use <addr,size> as variable's value\n" + " \"-v\": verbose print\n" " - delete UEFI variable 'name' if 'value' not specified\n" #endif "setenv [-f] name value ...\n" diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c index ed6d09a53046..44ae400a1d45 100644 --- a/cmd/nvedit_efi.c +++ b/cmd/nvedit_efi.c @@ -13,6 +13,7 @@ #include <exports.h> #include <hexdump.h> #include <malloc.h> +#include <mapmem.h> #include <linux/kernel.h> /* @@ -34,15 +35,49 @@ static const struct { {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, }; +static const struct { + efi_guid_t guid; + char *text; +} efi_guid_text[] = { + /* signature database */ + {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, +}; + +/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ +static char unknown_guid[37]; + +/** + * efi_guid_to_str() - convert guid to readable name + * + * @guid: GUID + * Return: string for GUID + * + * convert guid to readable name + */ +static const char *efi_guid_to_str(const efi_guid_t *guid) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) + if (!guidcmp(guid, &efi_guid_text[i].guid)) + return efi_guid_text[i].text; + + uuid_bin_to_str((unsigned char *)guid->b, unknown_guid, + UUID_STR_FORMAT_GUID); + + return unknown_guid; +} + /** * efi_dump_single_var() - show information about a UEFI variable * * @name: Name of the variable * @guid: Vendor GUID + * @verbose: if true, dump data * * Show information encoded in one UEFI variable */ -static void efi_dump_single_var(u16 *name, efi_guid_t *guid) +static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose) { u32 attributes; u8 *data; @@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) if (ret != EFI_SUCCESS) goto out; - printf("%ls:", name); + printf("%ls:\n %s:", name, efi_guid_to_str(guid)); for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) if (attributes & efi_var_attrs[i].mask) { if (count) @@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) puts(efi_var_attrs[i].text); } printf(", DataSize = 0x%zx\n", size); - print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); + if (verbose) + print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, + data, size, true); out: free(data); @@ -90,11 +127,13 @@ out: * * @argc: Number of arguments (variables) * @argv: Argument (variable name) array + * @verbose: if true, dump data * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * Show information encoded in named UEFI variables */ -static int efi_dump_vars(int argc, char * const argv[]) +static int efi_dump_vars(int argc, char * const argv[], + const efi_guid_t *guid, bool verbose) { u16 *var_name16, *p; efi_uintn_t buf_size, size; @@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[]) p = var_name16; utf8_utf16_strcpy(&p, argv[0]); - efi_dump_single_var(var_name16, - (efi_guid_t *)&efi_global_variable_guid); + efi_dump_single_var(var_name16, guid, verbose); } free(var_name16); @@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[]) return CMD_RET_SUCCESS; } +static bool match_name(int argc, char * const argv[], u16 *var_name16) +{ + char *buf, *p; + size_t buflen; + int i; + bool result = false; + + buflen = utf16_utf8_strlen(var_name16) + 1; + buf = calloc(1, buflen); + if (!buf) + return result; + + p = buf; + utf16_utf8_strcpy(&p, var_name16); + + for (i = 0; i < argc; argc--, argv++) { + if (!strcmp(buf, argv[i])) { + result = true; + goto out; + } + } + +out: + free(buf); + + return result; +} + /** - * efi_dump_vars() - show information about all the UEFI variables + * efi_dump_var_all() - show information about all the UEFI variables * + * @argc: Number of arguments (variables) + * @argv: Argument (variable name) array + * @verbose: if true, dump data * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * Show information encoded in all the UEFI variables */ -static int efi_dump_var_all(void) +static int efi_dump_var_all(int argc, char * const argv[], + const efi_guid_t *guid_p, bool verbose) { u16 *var_name16, *p; efi_uintn_t buf_size, size; efi_guid_t guid; efi_status_t ret; + if (argc && guid_p) + /* simplified case */ + return efi_dump_vars(argc, argv, guid_p, verbose); + buf_size = 128; var_name16 = malloc(buf_size); if (!var_name16) @@ -171,7 +245,9 @@ static int efi_dump_var_all(void) return CMD_RET_FAILURE; } - efi_dump_single_var(var_name16, &guid); + if ((!guid_p || !guidcmp(guid_p, &guid)) && + (!argc || match_name(argc, argv, var_name16))) + efi_dump_single_var(var_name16, &guid, verbose); } free(var_name16); @@ -189,12 +265,15 @@ static int efi_dump_var_all(void) * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * This function is for "env print -e" or "printenv -e" command: - * => env print -e [var [...]] + * => env print -e [-v] [-guid <guid> | -all] [var [...]] * If one or more variable names are specified, show information * named UEFI variables, otherwise show all the UEFI variables. */ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { + efi_guid_t guid; + const efi_guid_t *guid_p; + bool default_guid, guid_any, verbose; efi_status_t ret; /* Initialize EFI drivers */ @@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return CMD_RET_FAILURE; } - if (argc > 1) - /* show specified UEFI variables */ - return efi_dump_vars(--argc, ++argv); + default_guid = true; + guid_any = false; + verbose = false; + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { + if (!strcmp(argv[0], "-guid")) { + if (argc == 1) + return CMD_RET_USAGE; + + /* -a already specified */ + if (!default_guid & guid_any) + return CMD_RET_USAGE; + + argc--; + argv++; + if (uuid_str_to_bin(argv[0], guid.b, + UUID_STR_FORMAT_GUID)) + return CMD_RET_USAGE; + default_guid = false; + } else if (!strcmp(argv[0], "-all")) { + /* -guid already specified */ + if (!default_guid && !guid_any) + return CMD_RET_USAGE; + + guid_any = true; + default_guid = false; + } else if (!strcmp(argv[0], "-v")) { + verbose = true; + } else { + return CMD_RET_USAGE; + } + } + + if (guid_any) + guid_p = NULL; + else if (default_guid) + guid_p = &efi_global_variable_guid; + else + guid_p = (const efi_guid_t *)guid.b; /* enumerate and show all UEFI variables */ - return efi_dump_var_all(); + return efi_dump_var_all(argc, argv, guid_p, verbose); } /** @@ -339,18 +453,22 @@ out: * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * This function is for "env set -e" or "setenv -e" command: - * => env set -e var [value ...]] + * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v] + * [-i address,size] var, or + * var [value ...] * Encode values specified and set given UEFI variable. * If no value is specified, delete the variable. */ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - char *var_name, *value = NULL; - efi_uintn_t size = 0; - u16 *var_name16 = NULL, *p; - size_t len; + char *var_name, *value, *ep; + ulong addr; + efi_uintn_t size; efi_guid_t guid; u32 attributes; + bool default_guid, verbose, value_on_memory; + u16 *var_name16 = NULL, *p; + size_t len; efi_status_t ret; if (argc == 1) @@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return CMD_RET_FAILURE; } - attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | - EFI_VARIABLE_RUNTIME_ACCESS; - if (!strcmp(argv[1], "-nv")) { - attributes |= EFI_VARIABLE_NON_VOLATILE; - argc--; - argv++; - if (argc == 1) - return CMD_RET_SUCCESS; + /* + * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | + * EFI_VARIABLE_RUNTIME_ACCESS; + */ + value = NULL; + size = 0; + attributes = 0; + guid = efi_global_variable_guid; + default_guid = true; + verbose = false; + value_on_memory = false; + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { + if (!strcmp(argv[0], "-guid")) { + if (argc == 1) + return CMD_RET_USAGE; + + argc--; + argv++; + if (uuid_str_to_bin(argv[0], guid.b, + UUID_STR_FORMAT_GUID)) { + printf("## Guid not specified or in bad format\n"); + return CMD_RET_FAILURE; + } + default_guid = false; + } else if (!strcmp(argv[0], "-bs")) { + attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; + } else if (!strcmp(argv[0], "-rt")) { + attributes |= EFI_VARIABLE_RUNTIME_ACCESS; + } else if (!strcmp(argv[0], "-nv")) { + attributes |= EFI_VARIABLE_NON_VOLATILE; + } else if (!strcmp(argv[0], "-a")) { + attributes |= EFI_VARIABLE_APPEND_WRITE; + } else if (!strcmp(argv[0], "-i")) { + /* data comes from memory */ + if (argc == 1) + return CMD_RET_USAGE; + + argc--; + argv++; + addr = simple_strtoul(argv[0], &ep, 16); + if (*ep != ',') + return CMD_RET_USAGE; + + size = simple_strtoul(++ep, NULL, 16); + if (!size) + return CMD_RET_FAILURE; + value_on_memory = true; + } else if (!strcmp(argv[0], "-v")) { + verbose = true; + } else { + return CMD_RET_USAGE; + } } + if (!argc) + return CMD_RET_USAGE; - var_name = argv[1]; - if (argc == 2) { - /* delete */ - value = NULL; - size = 0; - } else { /* set */ - argc -= 2; - argv += 2; + var_name = argv[0]; + if (default_guid) + guid = efi_global_variable_guid; - for ( ; argc > 0; argc--, argv++) + if (verbose) { + printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *) + &guid)); + printf("Attributes: 0x%x\n", attributes); + } + + /* for value */ + if (value_on_memory) + value = map_sysmem(addr, 0); + else if (argc > 1) + for (argc--, argv++; argc > 0; argc--, argv++) if (append_value(&value, &size, argv[0]) < 0) { printf("## Failed to process an argument, %s\n", argv[0]); ret = CMD_RET_FAILURE; goto out; } + + if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) { + printf("## \"-bs\" is required\n"); + ret = CMD_RET_FAILURE; + goto out; + } + + if (size && verbose) { + printf("Value:\n"); + print_hex_dump(" ", DUMP_PREFIX_OFFSET, + 16, 1, value, size, true); } len = utf8_utf16_strnlen(var_name, strlen(var_name)); @@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) p = var_name16; utf8_utf16_strncpy(&p, var_name, len + 1); - guid = efi_global_variable_guid; ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, size, value)); + unmap_sysmem(value); if (ret == EFI_SUCCESS) { ret = CMD_RET_SUCCESS; } else { - printf("## Failed to set EFI variable\n"); + const char *msg; + + switch (ret) { + case EFI_NOT_FOUND: + msg = " (not found)"; + break; + case EFI_WRITE_PROTECTED: + msg = " (read only)"; + break; + case EFI_INVALID_PARAMETER: + msg = " (invalid parameter)"; + break; + case EFI_SECURITY_VIOLATION: + msg = " (validation failed)"; + break; + case EFI_OUT_OF_RESOURCES: + msg = " (out of memory)"; + break; + default: + msg = ""; + break; + } + printf("## Failed to set EFI variable%s\n", msg); ret = CMD_RET_FAILURE; } out: - free(value); + if (value_on_memory) + unmap_sysmem(value); + else + free(value); free(var_name16); return ret;
With this patch, when setting UEFI variable with "env set -e" command, we will be able to - specify vendor guid with "-guid guid", - specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, respectively with "-bs" and "-rt", - append a value instead of overwriting with "-a", - use memory as variable's value instead of explicit values given at the command line with "-i address,size" If guid is not explicitly given, default value will be used. When "-at" is given, a variable should be authenticated with appropriate signature database before setting or modifying its value. (Authentication is not supported yet though.) Meanwhile, "env print -e," will be modified so that it will dump a variable's value only if '-v' (verbose) is specified. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- Changes in v5 (Oct 15, 2019) * improve a message in case of wrong guid format * improve a message in case that BOOTSERVICE_ACCESS is required Changes in v4 (Oct 7, 2019) * print usage message if "-guid guid" has a wrong format * add "-guid guid" and "-all" option to "env print -e" command to specify a specific guid (or any guids) Changes in v3 (Oct 4, 2019) * add verbose messages when SetVariable() fails * add "-v" option Changes in v2 (Sept 6, 2019) * remove "-at" option --- cmd/nvedit.c | 19 +++- cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 258 insertions(+), 44 deletions(-)