From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1a8Qzb-00050E-Of for mharc-grub-devel@gnu.org; Mon, 14 Dec 2015 06:08:35 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34318) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a8QzX-0004zZ-8s for grub-devel@gnu.org; Mon, 14 Dec 2015 06:08:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a8QzV-00023H-Je for grub-devel@gnu.org; Mon, 14 Dec 2015 06:08:31 -0500 Received: from mail-qk0-x236.google.com ([2607:f8b0:400d:c09::236]:34278) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a8QzV-00023D-EG for grub-devel@gnu.org; Mon, 14 Dec 2015 06:08:29 -0500 Received: by qkdp187 with SMTP id p187so129080675qkd.1 for ; Mon, 14 Dec 2015 03:08:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1t68FIYVOdMGyZuFsP5+bhLnPqJ9yXe5LS5IYhJOWOc=; b=FTx5QDQCx6FYyOm3nv7W4PMYA3OgZaNoBnDwypClkTD989rxtaLBzEKTLXIn6YZqhN S1+NI3lgZncrpq0gYhi/5vPSIU06+wrHu8tZ6cOb8QqasiUIcew3Q2Zu7/jWgUmxjl6X lFGuSkKyfRQlkXDA5OFCYBpXsbdTFsD2JUmYs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=1t68FIYVOdMGyZuFsP5+bhLnPqJ9yXe5LS5IYhJOWOc=; b=EWwaLpnui0IzPpYVrmi6HMSPZAC5yMBB4/dhOx20wujSOdrGR27kINsftHSzw7N2P0 OUVg/HXv4hTrJtCR72u3u6Sh3rlB9D65KBqcfji1l2wo2XheXLJdVEFFZ2Y06Lef1ISO m7JTDG1CGdcsSlbTgrqutv5LV8f7LvWtrW8ImvDOyMiKgRcORhF4dfSEb9cokUQP9M1c Ie1tPhq66m1zlL/cvtOZaXbkWAHLRAIsQomARILVEHEUExOCX1eSPwvfdt1EwvCoyZME JlfwLT8PUXJB4Gq2YfrCtQNcO4jAoGu/PgcKjD7aCdH/xQq3KGODLyWL4IauvuHTxF7D rAmA== X-Gm-Message-State: ALoCoQm/R1Nux+iPRXoSno/+bo43Bu1jh3LjFW8udj3ZDBuf4La4wcuPa5OW3VmsToE9XgrPVr7XTt1RpQfSsmk2FaC57mmNVjmMXvF/vwt8lh05MmIkYlk= MIME-Version: 1.0 X-Received: by 10.129.158.15 with SMTP id v15mr7458741ywg.236.1450091308864; Mon, 14 Dec 2015 03:08:28 -0800 (PST) Received: by 10.129.73.19 with HTTP; Mon, 14 Dec 2015 03:08:28 -0800 (PST) In-Reply-To: <566BDC9A.2080501@gmail.com> References: <563999B9.7020108@gmail.com> <5643845E.9060204@gmail.com> <5646B275.5040707@gmail.com> <56586384.1030504@gmail.com> <565ABE97.5060109@gmail.com> <56607141.8030209@gmail.com> <566BDC9A.2080501@gmail.com> Date: Mon, 14 Dec 2015 11:08:28 +0000 Message-ID: Subject: Re: Grub get and set efi variables From: Ignat Korchagin To: The development of GNU GRUB Content-Type: text/plain; charset=UTF-8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2607:f8b0:400d:c09::236 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2015 11:08:32 -0000 > Assuming uint8 remains - should not you check that variable size is exactly 1 byte in this case? There are reports of a buggy firmware returning 4 bytes size for uint8 variables, however did not encounter them myself. > Do we really need unit8 at all? "hex" already provides exactly the same functionality, not? Do you think there are cases when uint8 is really required? Well, when checking for SecureBoot variable in grub configuration file hex mode makes it look weird and creates a point of confusion. For example to check if SecureBoot (suppose the result of the our command is stored in secure_boot env variable in hex mode) is enabled one should write: if [ secure_boot = "01" ] ... uint8 just allows to do a more straightforward config if [ secure_boot = 1] - this case would be false for hex mode - possible security breach ... Added goto err in the module as pointed, see patch below. I will do a follow-up patch for documentation once we get this confirmed. diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 0cc40bb..aa7b927 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -735,6 +735,12 @@ module = { }; module = { + name = efivar; + efi = commands/efi/efivar.c; + enable = efi; +}; + +module = { name = blocklist; common = commands/blocklist.c; }; diff --git a/grub-core/commands/efi/efivar.c b/grub-core/commands/efi/efivar.c new file mode 100644 index 0000000..7f5a957 --- /dev/null +++ b/grub-core/commands/efi/efivar.c @@ -0,0 +1,251 @@ +/* efivar.c - Read EFI global variables. */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2015 Free Software Foundation, Inc. + * Copyright (C) 2015 CloudFlare, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +GRUB_MOD_LICENSE ("GPLv3+"); + +static const struct grub_arg_option options[] = { + {"format", 'f', GRUB_ARG_OPTION_OPTIONAL, N_("Parse EFI_VAR in specific format (hex, uint8, ascii, raw, dump). Default: hex."), N_("FORMAT"), ARG_TYPE_STRING}, + {"set", 's', GRUB_ARG_OPTION_OPTIONAL, N_("Save parsed result to environment variable (does not work with dump)."), N_("ENV_VAR"), ARG_TYPE_STRING}, + {0, 0, 0, 0, 0, 0} +}; + +enum efi_var_type + { + EFI_VAR_ASCII = 0, + EFI_VAR_RAW, + EFI_VAR_UINT8, + EFI_VAR_HEX, + EFI_VAR_DUMP, + EFI_VAR_INVALID = -1 + }; + +static enum efi_var_type +parse_efi_var_type (const char *type) +{ + if (!grub_strncmp (type, "ascii", sizeof("ascii"))) + return EFI_VAR_ASCII; + + if (!grub_strncmp (type, "raw", sizeof("raw"))) + return EFI_VAR_ASCII; + + if (!grub_strncmp (type, "uint8", sizeof("uint8"))) + return EFI_VAR_UINT8; + + if (!grub_strncmp (type, "hex", sizeof("hex"))) + return EFI_VAR_HEX; + + if (!grub_strncmp (type, "dump", sizeof("dump"))) + return EFI_VAR_DUMP; + + return EFI_VAR_INVALID; +} + +static int +grub_print_ascii (char *str, char c) +{ + if (grub_iscntrl (c)) + { + switch (c) + { + case '\0': + str[0] = '\\'; + str[1] = '0'; + return 2; + + case '\a': + str[0] = '\\'; + str[1] = 'a'; + return 2; + + case '\b': + str[0] = '\\'; + str[1] = 'b'; + return 2; + + case '\f': + str[0] = '\\'; + str[1] = 'f'; + return 2; + + case '\n': + str[0] = '\\'; + str[1] = 'n'; + return 2; + + case '\r': + str[0] = '\\'; + str[1] = 'r'; + return 2; + + case '\t': + str[0] = '\\'; + str[1] = 't'; + return 2; + + case '\v': + str[0] = '\\'; + str[1] = 'v'; + return 2; + + default: + str[0] = '.'; /* as in hexdump -C */ + return 1; + } + } + + str[0] = c; + return 1; +} + +static grub_err_t +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt, + int argc, char **args) +{ + struct grub_arg_list *state = ctxt->state; + grub_err_t status; + void *efi_var = NULL; + grub_size_t efi_var_size = 0; + enum efi_var_type efi_type = EFI_VAR_HEX; + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; + char *env_var = NULL; + grub_size_t i; + char *ptr; + + if (1 != argc) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + if (state[0].set) + efi_type = parse_efi_var_type (state[0].arg); + + if (EFI_VAR_INVALID == efi_type) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid format specifier")); + + efi_var = grub_efi_get_variable (args[0], &global, &efi_var_size); + if (!efi_var || !efi_var_size) + { + status = grub_error (GRUB_ERR_READ_ERROR, N_("cannot read variable")); + goto err; + } + + switch (efi_type) + { + case EFI_VAR_ASCII: + env_var = grub_malloc (efi_var_size * 2 + 1); + if (!env_var) + { + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto err; + } + + ptr = env_var; + + for (i = 0; i < efi_var_size; i++) + ptr += grub_print_ascii (ptr, ((const char *)efi_var)[i]); + *ptr = '\0'; + break; + + case EFI_VAR_RAW: + env_var = grub_malloc (efi_var_size + 1); + if (!env_var) + { + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto err; + } + grub_memcpy (env_var, efi_var, efi_var_size); + env_var[efi_var_size] = '\0'; + break; + + case EFI_VAR_UINT8: + env_var = grub_malloc (4); + if (!env_var) + { + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto err; + } + grub_snprintf (env_var, 4, "%u", *((grub_uint8_t *)efi_var)); + break; + + case EFI_VAR_HEX: + env_var = grub_malloc (efi_var_size * 2 + 1); + if (!env_var) + { + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto err; + } + for (i = 0; i < efi_var_size; i++) + grub_snprintf (env_var + (i * 2), 3, "%02x", ((grub_uint8_t *)efi_var)[i]); + break; + + case EFI_VAR_DUMP: + if (state[1].set) + status = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set variable with dump format specifier")); + else + { + hexdump (0, (char *)efi_var, efi_var_size); + status = GRUB_ERR_NONE; + } + break; + + default: + status = grub_error (GRUB_ERR_BUG, N_("should not happen (bug in module?)")); + goto err; + } + + if (efi_type != EFI_VAR_DUMP) + { + if (state[1].set) + status = grub_env_set (state[1].arg, env_var); + else + { + grub_printf ("%s\n", (const char *)env_var); + status = GRUB_ERR_NONE; + } + } + +err: + + grub_free (env_var); + grub_free (efi_var); + + return status; +} + +static grub_extcmd_t cmd = NULL; + +GRUB_MOD_INIT (efivar) +{ + cmd = grub_register_extcmd ("get_efivar", grub_cmd_get_efi_var, 0, N_("[-f FORMAT] [-s ENV_VAR] EFI_VAR"), + N_("Read EFI variable and print it or save its contents to environment variable."), options); +} + +GRUB_MOD_FINI (efivar) +{ + if (cmd) + grub_unregister_extcmd (cmd); +}