From patchwork Tue Oct 15 01:42:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1176722 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="czI6SjuC"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46sdPR5M6mz9sP6 for ; Tue, 15 Oct 2019 12:38:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8B38BC21C93; Tue, 15 Oct 2019 01:38:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 4F0F1C21C4A; Tue, 15 Oct 2019 01:38:40 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 903ABC21C4A; Tue, 15 Oct 2019 01:38:38 +0000 (UTC) Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by lists.denx.de (Postfix) with ESMTPS id B70C7C21BE5 for ; Tue, 15 Oct 2019 01:38:37 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id t10so8776061plr.8 for ; Mon, 14 Oct 2019 18:38:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=NWPaYVQXsKfJHiMJZ39TFbjnryxCzAwPLPUSq9ARYRo=; b=czI6SjuCgHX0iuBtcFOZZUdHFa9b9Ofdp3QQY1bwDko+35WSgCXqEtPDJP0DuJ9ezr 17q47gj5thWTBIUvOiCIaD1LfczxWM6ZnhT4oW860PsSLOuJZ8VHEKWsnLq9YPIDWqzj 9/tdB4EQzcJoJqWPc4Hn+2KXQqQ17nuMuYK/w/t6qSl2B+hu5VYJAY0lCU+6jXzkTw1P viStNCK+2EveAT9d+LaWe1ZVKCKMcRPKYBGyXcJlsFtYFAxMcrdmAmydwsOmMc347N2d IPkKvuWEBJ0H9glbCybpp7rthCMlm0ytBoTGFNEBbN15NJqQ37O6gMJhsXjJz9Gl+VwE xDbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=NWPaYVQXsKfJHiMJZ39TFbjnryxCzAwPLPUSq9ARYRo=; b=IUg47jZrkbU2tYtnRwQSkjJD6s+RlUdiWA90YfsbKqKWf1dKiNGPTSib3E97rg69Au ZIEHLPP4if2CWyD4jpfvtO7k1O95uUEvj3g37liOZmf85mJ2JiVfHeRiYfLXtRoqrLqx 8Z/5FFgz79WEfE4Az1zN7+GObZi/mE547VD+HAGj0t/xXw2cq42bPo7hDJaRLP8VXDPp +OJuFZFD/sZy047DkWrFOaQh2Q25wc95WPIiWypqPPBX7Ja8b3Q2Q3fcjcG5TQCX30l+ cDy+fpMWQxOhzVBwfAWmiVdKdDoszjPEGdmPeJFKqF5HE894ogLqrF5OpCRv7k5ec2pL glig== X-Gm-Message-State: APjAAAULOFr/YAZ7kQWMCyTJ6vJpzeYUkOxXfxpx+jf2exy0qIdTMgCL DsevSFnYl59kCq3dpBcplZIhuw== X-Google-Smtp-Source: APXvYqzrmBwWGnLAtIkV6BUS6Fx45QMVJvrnklyyerXv7SKl+3tGln1CWUMCmcTJ7bLwi9SmUx07XA== X-Received: by 2002:a17:902:a985:: with SMTP id bh5mr32413793plb.184.1571103515808; Mon, 14 Oct 2019 18:38:35 -0700 (PDT) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id ep10sm1467342pjb.2.2019.10.14.18.38.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Oct 2019 18:38:34 -0700 (PDT) From: AKASHI Takahiro To: trini@konsulko.com, xypron.glpk@gmx.de, agraf@csgraf.de Date: Tue, 15 Oct 2019 10:42:34 +0900 Message-Id: <20191015014234.17023-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v5] cmd: env: extend "env [set|print] -e" to manage UEFI variables X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" With this patch, when setting UEFI variable with "env set -e" command, we will be able to - specify vendor guid with "-guid guid", - specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, respectively with "-bs" and "-rt", - append a value instead of overwriting with "-a", - use memory as variable's value instead of explicit values given at the command line with "-i address,size" If guid is not explicitly given, default value will be used. When "-at" is given, a variable should be authenticated with appropriate signature database before setting or modifying its value. (Authentication is not supported yet though.) Meanwhile, "env print -e," will be modified so that it will dump a variable's value only if '-v' (verbose) is specified. Signed-off-by: AKASHI Takahiro --- Changes in v5 (Oct 15, 2019) * improve a message in case of wrong guid format * improve a message in case that BOOTSERVICE_ACCESS is required Changes in v4 (Oct 7, 2019) * print usage message if "-guid guid" has a wrong format * add "-guid guid" and "-all" option to "env print -e" command to specify a specific guid (or any guids) Changes in v3 (Oct 4, 2019) * add verbose messages when SetVariable() fails * add "-v" option Changes in v2 (Sept 6, 2019) * remove "-at" option --- cmd/nvedit.c | 19 +++- cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 258 insertions(+), 44 deletions(-) diff --git a/cmd/nvedit.c b/cmd/nvedit.c index 1cb0bc1460b9..cbe6205733de 100644 --- a/cmd/nvedit.c +++ b/cmd/nvedit.c @@ -1387,7 +1387,7 @@ static char env_help_text[] = #endif "env print [-a | name ...] - print environment\n" #if defined(CONFIG_CMD_NVEDIT_EFI) - "env print -e [name ...] - print UEFI environment\n" + "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n" #endif #if defined(CONFIG_CMD_RUN) "env run var [...] - run commands in an environment variable\n" @@ -1399,7 +1399,8 @@ static char env_help_text[] = #endif #endif #if defined(CONFIG_CMD_NVEDIT_EFI) - "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n" + "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n" + " - set UEFI variable; unset if '-i' or 'arg' not specified\n" #endif "env set [-f] name [arg ...]\n"; #endif @@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( "print environment variables", "[-a]\n - print [all] values of all environment variables\n" #if defined(CONFIG_CMD_NVEDIT_EFI) - "printenv -e [name ...]\n" + "printenv -e [-guid guid|-all][-v] [name ...]\n" " - print UEFI variable 'name' or all the variables\n" + " \"-v\": verbose for signature database\n" #endif "printenv name ...\n" " - print value of environment variable 'name'", @@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE( setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, "set environment variables", #if defined(CONFIG_CMD_NVEDIT_EFI) - "-e [-nv] name [value ...]\n" + "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n" + " [-i addr,size name], or [name [value ...]]\n" " - set UEFI variable 'name' to 'value' ...'\n" - " 'nv' option makes the variable non-volatile\n" + " \"-guid\": set vendor guid\n" + " \"-nv\": set non-volatile attribute\n" + " \"-bs\": set boot-service attribute\n" + " \"-rt\": set runtime attribute\n" + " \"-a\": append-write\n" + " \"-i addr,size\": use as variable's value\n" + " \"-v\": verbose print\n" " - delete UEFI variable 'name' if 'value' not specified\n" #endif "setenv [-f] name value ...\n" diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c index ed6d09a53046..44ae400a1d45 100644 --- a/cmd/nvedit_efi.c +++ b/cmd/nvedit_efi.c @@ -13,6 +13,7 @@ #include #include #include +#include #include /* @@ -34,15 +35,49 @@ static const struct { {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, }; +static const struct { + efi_guid_t guid; + char *text; +} efi_guid_text[] = { + /* signature database */ + {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, +}; + +/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ +static char unknown_guid[37]; + +/** + * efi_guid_to_str() - convert guid to readable name + * + * @guid: GUID + * Return: string for GUID + * + * convert guid to readable name + */ +static const char *efi_guid_to_str(const efi_guid_t *guid) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) + if (!guidcmp(guid, &efi_guid_text[i].guid)) + return efi_guid_text[i].text; + + uuid_bin_to_str((unsigned char *)guid->b, unknown_guid, + UUID_STR_FORMAT_GUID); + + return unknown_guid; +} + /** * efi_dump_single_var() - show information about a UEFI variable * * @name: Name of the variable * @guid: Vendor GUID + * @verbose: if true, dump data * * Show information encoded in one UEFI variable */ -static void efi_dump_single_var(u16 *name, efi_guid_t *guid) +static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose) { u32 attributes; u8 *data; @@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) if (ret != EFI_SUCCESS) goto out; - printf("%ls:", name); + printf("%ls:\n %s:", name, efi_guid_to_str(guid)); for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) if (attributes & efi_var_attrs[i].mask) { if (count) @@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid) puts(efi_var_attrs[i].text); } printf(", DataSize = 0x%zx\n", size); - print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); + if (verbose) + print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, + data, size, true); out: free(data); @@ -90,11 +127,13 @@ out: * * @argc: Number of arguments (variables) * @argv: Argument (variable name) array + * @verbose: if true, dump data * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * Show information encoded in named UEFI variables */ -static int efi_dump_vars(int argc, char * const argv[]) +static int efi_dump_vars(int argc, char * const argv[], + const efi_guid_t *guid, bool verbose) { u16 *var_name16, *p; efi_uintn_t buf_size, size; @@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[]) p = var_name16; utf8_utf16_strcpy(&p, argv[0]); - efi_dump_single_var(var_name16, - (efi_guid_t *)&efi_global_variable_guid); + efi_dump_single_var(var_name16, guid, verbose); } free(var_name16); @@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[]) return CMD_RET_SUCCESS; } +static bool match_name(int argc, char * const argv[], u16 *var_name16) +{ + char *buf, *p; + size_t buflen; + int i; + bool result = false; + + buflen = utf16_utf8_strlen(var_name16) + 1; + buf = calloc(1, buflen); + if (!buf) + return result; + + p = buf; + utf16_utf8_strcpy(&p, var_name16); + + for (i = 0; i < argc; argc--, argv++) { + if (!strcmp(buf, argv[i])) { + result = true; + goto out; + } + } + +out: + free(buf); + + return result; +} + /** - * efi_dump_vars() - show information about all the UEFI variables + * efi_dump_var_all() - show information about all the UEFI variables * + * @argc: Number of arguments (variables) + * @argv: Argument (variable name) array + * @verbose: if true, dump data * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * Show information encoded in all the UEFI variables */ -static int efi_dump_var_all(void) +static int efi_dump_var_all(int argc, char * const argv[], + const efi_guid_t *guid_p, bool verbose) { u16 *var_name16, *p; efi_uintn_t buf_size, size; efi_guid_t guid; efi_status_t ret; + if (argc && guid_p) + /* simplified case */ + return efi_dump_vars(argc, argv, guid_p, verbose); + buf_size = 128; var_name16 = malloc(buf_size); if (!var_name16) @@ -171,7 +245,9 @@ static int efi_dump_var_all(void) return CMD_RET_FAILURE; } - efi_dump_single_var(var_name16, &guid); + if ((!guid_p || !guidcmp(guid_p, &guid)) && + (!argc || match_name(argc, argv, var_name16))) + efi_dump_single_var(var_name16, &guid, verbose); } free(var_name16); @@ -189,12 +265,15 @@ static int efi_dump_var_all(void) * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * This function is for "env print -e" or "printenv -e" command: - * => env print -e [var [...]] + * => env print -e [-v] [-guid | -all] [var [...]] * If one or more variable names are specified, show information * named UEFI variables, otherwise show all the UEFI variables. */ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { + efi_guid_t guid; + const efi_guid_t *guid_p; + bool default_guid, guid_any, verbose; efi_status_t ret; /* Initialize EFI drivers */ @@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return CMD_RET_FAILURE; } - if (argc > 1) - /* show specified UEFI variables */ - return efi_dump_vars(--argc, ++argv); + default_guid = true; + guid_any = false; + verbose = false; + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { + if (!strcmp(argv[0], "-guid")) { + if (argc == 1) + return CMD_RET_USAGE; + + /* -a already specified */ + if (!default_guid & guid_any) + return CMD_RET_USAGE; + + argc--; + argv++; + if (uuid_str_to_bin(argv[0], guid.b, + UUID_STR_FORMAT_GUID)) + return CMD_RET_USAGE; + default_guid = false; + } else if (!strcmp(argv[0], "-all")) { + /* -guid already specified */ + if (!default_guid && !guid_any) + return CMD_RET_USAGE; + + guid_any = true; + default_guid = false; + } else if (!strcmp(argv[0], "-v")) { + verbose = true; + } else { + return CMD_RET_USAGE; + } + } + + if (guid_any) + guid_p = NULL; + else if (default_guid) + guid_p = &efi_global_variable_guid; + else + guid_p = (const efi_guid_t *)guid.b; /* enumerate and show all UEFI variables */ - return efi_dump_var_all(); + return efi_dump_var_all(argc, argv, guid_p, verbose); } /** @@ -339,18 +453,22 @@ out: * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE * * This function is for "env set -e" or "setenv -e" command: - * => env set -e var [value ...]] + * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v] + * [-i address,size] var, or + * var [value ...] * Encode values specified and set given UEFI variable. * If no value is specified, delete the variable. */ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - char *var_name, *value = NULL; - efi_uintn_t size = 0; - u16 *var_name16 = NULL, *p; - size_t len; + char *var_name, *value, *ep; + ulong addr; + efi_uintn_t size; efi_guid_t guid; u32 attributes; + bool default_guid, verbose, value_on_memory; + u16 *var_name16 = NULL, *p; + size_t len; efi_status_t ret; if (argc == 1) @@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return CMD_RET_FAILURE; } - attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | - EFI_VARIABLE_RUNTIME_ACCESS; - if (!strcmp(argv[1], "-nv")) { - attributes |= EFI_VARIABLE_NON_VOLATILE; - argc--; - argv++; - if (argc == 1) - return CMD_RET_SUCCESS; + /* + * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | + * EFI_VARIABLE_RUNTIME_ACCESS; + */ + value = NULL; + size = 0; + attributes = 0; + guid = efi_global_variable_guid; + default_guid = true; + verbose = false; + value_on_memory = false; + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { + if (!strcmp(argv[0], "-guid")) { + if (argc == 1) + return CMD_RET_USAGE; + + argc--; + argv++; + if (uuid_str_to_bin(argv[0], guid.b, + UUID_STR_FORMAT_GUID)) { + printf("## Guid not specified or in bad format\n"); + return CMD_RET_FAILURE; + } + default_guid = false; + } else if (!strcmp(argv[0], "-bs")) { + attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; + } else if (!strcmp(argv[0], "-rt")) { + attributes |= EFI_VARIABLE_RUNTIME_ACCESS; + } else if (!strcmp(argv[0], "-nv")) { + attributes |= EFI_VARIABLE_NON_VOLATILE; + } else if (!strcmp(argv[0], "-a")) { + attributes |= EFI_VARIABLE_APPEND_WRITE; + } else if (!strcmp(argv[0], "-i")) { + /* data comes from memory */ + if (argc == 1) + return CMD_RET_USAGE; + + argc--; + argv++; + addr = simple_strtoul(argv[0], &ep, 16); + if (*ep != ',') + return CMD_RET_USAGE; + + size = simple_strtoul(++ep, NULL, 16); + if (!size) + return CMD_RET_FAILURE; + value_on_memory = true; + } else if (!strcmp(argv[0], "-v")) { + verbose = true; + } else { + return CMD_RET_USAGE; + } } + if (!argc) + return CMD_RET_USAGE; - var_name = argv[1]; - if (argc == 2) { - /* delete */ - value = NULL; - size = 0; - } else { /* set */ - argc -= 2; - argv += 2; + var_name = argv[0]; + if (default_guid) + guid = efi_global_variable_guid; - for ( ; argc > 0; argc--, argv++) + if (verbose) { + printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *) + &guid)); + printf("Attributes: 0x%x\n", attributes); + } + + /* for value */ + if (value_on_memory) + value = map_sysmem(addr, 0); + else if (argc > 1) + for (argc--, argv++; argc > 0; argc--, argv++) if (append_value(&value, &size, argv[0]) < 0) { printf("## Failed to process an argument, %s\n", argv[0]); ret = CMD_RET_FAILURE; goto out; } + + if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) { + printf("## \"-bs\" is required\n"); + ret = CMD_RET_FAILURE; + goto out; + } + + if (size && verbose) { + printf("Value:\n"); + print_hex_dump(" ", DUMP_PREFIX_OFFSET, + 16, 1, value, size, true); } len = utf8_utf16_strnlen(var_name, strlen(var_name)); @@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) p = var_name16; utf8_utf16_strncpy(&p, var_name, len + 1); - guid = efi_global_variable_guid; ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, size, value)); + unmap_sysmem(value); if (ret == EFI_SUCCESS) { ret = CMD_RET_SUCCESS; } else { - printf("## Failed to set EFI variable\n"); + const char *msg; + + switch (ret) { + case EFI_NOT_FOUND: + msg = " (not found)"; + break; + case EFI_WRITE_PROTECTED: + msg = " (read only)"; + break; + case EFI_INVALID_PARAMETER: + msg = " (invalid parameter)"; + break; + case EFI_SECURITY_VIOLATION: + msg = " (validation failed)"; + break; + case EFI_OUT_OF_RESOURCES: + msg = " (out of memory)"; + break; + default: + msg = ""; + break; + } + printf("## Failed to set EFI variable%s\n", msg); ret = CMD_RET_FAILURE; } out: - free(value); + if (value_on_memory) + unmap_sysmem(value); + else + free(value); free(var_name16); return ret;