From: Ignat Korchagin <ignat@cloudflare.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: Grub get and set efi variables
Date: Fri, 29 Jan 2016 16:25:43 +0000 [thread overview]
Message-ID: <CALrw=nH8TrpVg6E=jszTvhq3NL1uC9KZ87c1zNim4NcSZD8R-w@mail.gmail.com> (raw)
In-Reply-To: <CALrw=nEH3679wQMwoATPnsaLnn1jxs6E3D+km1MkJSKnDCCfFw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 16677 bytes --]
Hi. Are we still considering this?
On Mon, Dec 14, 2015 at 11:17 AM, Ignat Korchagin <ignat@cloudflare.com>
wrote:
> Sorry, pasted wrong file. Here is the correct one:
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index 0cc40bb..aa7b927 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -735,6 +735,12 @@ module = {
> };
>
> module = {
> + name = efivar;
> + efi = commands/efi/efivar.c;
> + enable = efi;
> +};
> +
> +module = {
> name = blocklist;
> common = commands/blocklist.c;
> };
> diff --git a/grub-core/commands/efi/efivar.c
> b/grub-core/commands/efi/efivar.c
> new file mode 100644
> index 0000000..7fe7bda
> --- /dev/null
> +++ b/grub-core/commands/efi/efivar.c
> @@ -0,0 +1,236 @@
> +/* efivar.c - Read EFI global variables. */
> +/*
> + * GRUB -- GRand Unified Bootloader
> + * Copyright (C) 2015 Free Software Foundation, Inc.
> + * Copyright (C) 2015 CloudFlare, Inc.
> + *
> + * GRUB is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * GRUB is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/types.h>
> +#include <grub/mm.h>
> +#include <grub/misc.h>
> +#include <grub/efi/api.h>
> +#include <grub/efi/efi.h>
> +#include <grub/extcmd.h>
> +#include <grub/env.h>
> +#include <grub/lib/hexdump.h>
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +static const struct grub_arg_option options[] = {
> + {"format", 'f', GRUB_ARG_OPTION_OPTIONAL, N_("Parse EFI_VAR in
> specific format (hex, uint8, ascii, dump). Default: hex."),
> N_("FORMAT"), ARG_TYPE_STRING},
> + {"set", 's', GRUB_ARG_OPTION_OPTIONAL, N_("Save parsed result to
> environment variable (does not work with dump)."), N_("ENV_VAR"),
> ARG_TYPE_STRING},
> + {0, 0, 0, 0, 0, 0}
> +};
> +
> +enum efi_var_type
> + {
> + EFI_VAR_ASCII = 0,
> + EFI_VAR_UINT8,
> + EFI_VAR_HEX,
> + EFI_VAR_DUMP,
> + EFI_VAR_INVALID = -1
> + };
> +
> +static enum efi_var_type
> +parse_efi_var_type (const char *type)
> +{
> + if (!grub_strcmp (type, "ascii"))
> + return EFI_VAR_ASCII;
> +
> + if (!grub_strcmp (type, "uint8"))
> + return EFI_VAR_UINT8;
> +
> + if (!grub_strcmp (type, "hex"))
> + return EFI_VAR_HEX;
> +
> + if (!grub_strcmp (type, "dump"))
> + return EFI_VAR_DUMP;
> +
> + return EFI_VAR_INVALID;
> +}
> +
> +static int
> +grub_print_ascii (char *str, char c)
> +{
> + if (grub_iscntrl (c))
> + {
> + switch (c)
> + {
> + case '\0':
> + str[0] = '\\';
> + str[1] = '0';
> + return 2;
> +
> + case '\a':
> + str[0] = '\\';
> + str[1] = 'a';
> + return 2;
> +
> + case '\b':
> + str[0] = '\\';
> + str[1] = 'b';
> + return 2;
> +
> + case '\f':
> + str[0] = '\\';
> + str[1] = 'f';
> + return 2;
> +
> + case '\n':
> + str[0] = '\\';
> + str[1] = 'n';
> + return 2;
> +
> + case '\r':
> + str[0] = '\\';
> + str[1] = 'r';
> + return 2;
> +
> + case '\t':
> + str[0] = '\\';
> + str[1] = 't';
> + return 2;
> +
> + case '\v':
> + str[0] = '\\';
> + str[1] = 'v';
> + return 2;
> +
> + default:
> + str[0] = '.'; /* as in hexdump -C */
> + return 1;
> + }
> + }
> +
> + str[0] = c;
> + return 1;
> +}
> +
> +static grub_err_t
> +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,
> + int argc, char **args)
> +{
> + struct grub_arg_list *state = ctxt->state;
> + grub_err_t status;
> + void *efi_var = NULL;
> + grub_size_t efi_var_size = 0;
> + enum efi_var_type efi_type = EFI_VAR_HEX;
> + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
> + char *env_var = NULL;
> + grub_size_t i;
> + char *ptr;
> +
> + if (1 != argc)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument
> expected"));
> +
> + if (state[0].set)
> + efi_type = parse_efi_var_type (state[0].arg);
> +
> + if (EFI_VAR_INVALID == efi_type)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid format
> specifier"));
> +
> + efi_var = grub_efi_get_variable (args[0], &global, &efi_var_size);
> + if (!efi_var || !efi_var_size)
> + {
> + status = grub_error (GRUB_ERR_READ_ERROR, N_("cannot read
> variable"));
> + goto err;
> + }
> +
> + switch (efi_type)
> + {
> + case EFI_VAR_ASCII:
> + env_var = grub_malloc (efi_var_size * 2 + 1);
> + if (!env_var)
> + {
> + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> + goto err;
> + }
> +
> + ptr = env_var;
> +
> + for (i = 0; i < efi_var_size; i++)
> + ptr += grub_print_ascii (ptr, ((const char *)efi_var)[i]);
> + *ptr = '\0';
> + break;
> +
> + case EFI_VAR_UINT8:
> + env_var = grub_malloc (4);
> + if (!env_var)
> + {
> + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> + goto err;
> + }
> + grub_snprintf (env_var, 4, "%u", *((grub_uint8_t *)efi_var));
> + break;
> +
> + case EFI_VAR_HEX:
> + env_var = grub_malloc (efi_var_size * 2 + 1);
> + if (!env_var)
> + {
> + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> + goto err;
> + }
> + for (i = 0; i < efi_var_size; i++)
> + grub_snprintf (env_var + (i * 2), 3, "%02x", ((grub_uint8_t
> *)efi_var)[i]);
> + break;
> +
> + case EFI_VAR_DUMP:
> + if (state[1].set)
> + status = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set
> variable with dump format specifier"));
> + else
> + {
> + hexdump (0, (char *)efi_var, efi_var_size);
> + status = GRUB_ERR_NONE;
> + }
> + break;
> +
> + default:
> + status = grub_error (GRUB_ERR_BUG, N_("should not happen (bug
> in module?)"));
> + goto err;
> + }
> +
> + if (efi_type != EFI_VAR_DUMP)
> + {
> + if (state[1].set)
> + status = grub_env_set (state[1].arg, env_var);
> + else
> + {
> + grub_printf ("%s\n", (const char *)env_var);
> + status = GRUB_ERR_NONE;
> + }
> + }
> +
> +err:
> +
> + grub_free (env_var);
> + grub_free (efi_var);
> +
> + return status;
> +}
> +
> +static grub_extcmd_t cmd = NULL;
> +
> +GRUB_MOD_INIT (efivar)
> +{
> + cmd = grub_register_extcmd ("get_efivar", grub_cmd_get_efi_var, 0,
> N_("[-f FORMAT] [-s ENV_VAR] EFI_VAR"),
> + N_("Read EFI variable and print it or save its contents to
> environment variable."), options);
> +}
> +
> +GRUB_MOD_FINI (efivar)
> +{
> + if (cmd)
> + grub_unregister_extcmd (cmd);
> +}
>
>
> On Mon, Dec 14, 2015 at 11:08 AM, Ignat Korchagin <ignat@cloudflare.com>
> wrote:
> >> Assuming uint8 remains - should not you check that variable size is
> exactly 1 byte in this case?
> > There are reports of a buggy firmware returning 4 bytes size for uint8
> > variables, however did not encounter them myself.
> >
> >> Do we really need unit8 at all? "hex" already provides exactly the same
> functionality, not? Do you think there are cases when uint8 is really
> required?
> > Well, when checking for SecureBoot variable in grub configuration file
> > hex mode makes it look weird and creates a point of confusion. For
> > example to check if SecureBoot (suppose the result of the our command
> > is stored in secure_boot env variable in hex mode) is enabled one
> > should write:
> > if [ secure_boot = "01" ]
> > ...
> > uint8 just allows to do a more straightforward config
> > if [ secure_boot = 1] - this case would be false for hex mode -
> > possible security breach
> > ...
> >
> > Added goto err in the module as pointed, see patch below. I will do a
> > follow-up patch for documentation once we get this confirmed.
> >
> > diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> > index 0cc40bb..aa7b927 100644
> > --- a/grub-core/Makefile.core.def
> > +++ b/grub-core/Makefile.core.def
> > @@ -735,6 +735,12 @@ module = {
> > };
> >
> > module = {
> > + name = efivar;
> > + efi = commands/efi/efivar.c;
> > + enable = efi;
> > +};
> > +
> > +module = {
> > name = blocklist;
> > common = commands/blocklist.c;
> > };
> > diff --git a/grub-core/commands/efi/efivar.c
> b/grub-core/commands/efi/efivar.c
> > new file mode 100644
> > index 0000000..7f5a957
> > --- /dev/null
> > +++ b/grub-core/commands/efi/efivar.c
> > @@ -0,0 +1,251 @@
> > +/* efivar.c - Read EFI global variables. */
> > +/*
> > + * GRUB -- GRand Unified Bootloader
> > + * Copyright (C) 2015 Free Software Foundation, Inc.
> > + * Copyright (C) 2015 CloudFlare, Inc.
> > + *
> > + * GRUB is free software: you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation, either version 3 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * GRUB is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <grub/types.h>
> > +#include <grub/mm.h>
> > +#include <grub/misc.h>
> > +#include <grub/efi/api.h>
> > +#include <grub/efi/efi.h>
> > +#include <grub/extcmd.h>
> > +#include <grub/env.h>
> > +#include <grub/lib/hexdump.h>
> > +
> > +GRUB_MOD_LICENSE ("GPLv3+");
> > +
> > +static const struct grub_arg_option options[] = {
> > + {"format", 'f', GRUB_ARG_OPTION_OPTIONAL, N_("Parse EFI_VAR in
> > specific format (hex, uint8, ascii, raw, dump). Default: hex."),
> > N_("FORMAT"), ARG_TYPE_STRING},
> > + {"set", 's', GRUB_ARG_OPTION_OPTIONAL, N_("Save parsed result to
> > environment variable (does not work with dump)."), N_("ENV_VAR"),
> > ARG_TYPE_STRING},
> > + {0, 0, 0, 0, 0, 0}
> > +};
> > +
> > +enum efi_var_type
> > + {
> > + EFI_VAR_ASCII = 0,
> > + EFI_VAR_RAW,
> > + EFI_VAR_UINT8,
> > + EFI_VAR_HEX,
> > + EFI_VAR_DUMP,
> > + EFI_VAR_INVALID = -1
> > + };
> > +
> > +static enum efi_var_type
> > +parse_efi_var_type (const char *type)
> > +{
> > + if (!grub_strncmp (type, "ascii", sizeof("ascii")))
> > + return EFI_VAR_ASCII;
> > +
> > + if (!grub_strncmp (type, "raw", sizeof("raw")))
> > + return EFI_VAR_ASCII;
> > +
> > + if (!grub_strncmp (type, "uint8", sizeof("uint8")))
> > + return EFI_VAR_UINT8;
> > +
> > + if (!grub_strncmp (type, "hex", sizeof("hex")))
> > + return EFI_VAR_HEX;
> > +
> > + if (!grub_strncmp (type, "dump", sizeof("dump")))
> > + return EFI_VAR_DUMP;
> > +
> > + return EFI_VAR_INVALID;
> > +}
> > +
> > +static int
> > +grub_print_ascii (char *str, char c)
> > +{
> > + if (grub_iscntrl (c))
> > + {
> > + switch (c)
> > + {
> > + case '\0':
> > + str[0] = '\\';
> > + str[1] = '0';
> > + return 2;
> > +
> > + case '\a':
> > + str[0] = '\\';
> > + str[1] = 'a';
> > + return 2;
> > +
> > + case '\b':
> > + str[0] = '\\';
> > + str[1] = 'b';
> > + return 2;
> > +
> > + case '\f':
> > + str[0] = '\\';
> > + str[1] = 'f';
> > + return 2;
> > +
> > + case '\n':
> > + str[0] = '\\';
> > + str[1] = 'n';
> > + return 2;
> > +
> > + case '\r':
> > + str[0] = '\\';
> > + str[1] = 'r';
> > + return 2;
> > +
> > + case '\t':
> > + str[0] = '\\';
> > + str[1] = 't';
> > + return 2;
> > +
> > + case '\v':
> > + str[0] = '\\';
> > + str[1] = 'v';
> > + return 2;
> > +
> > + default:
> > + str[0] = '.'; /* as in hexdump -C */
> > + return 1;
> > + }
> > + }
> > +
> > + str[0] = c;
> > + return 1;
> > +}
> > +
> > +static grub_err_t
> > +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,
> > + int argc, char **args)
> > +{
> > + struct grub_arg_list *state = ctxt->state;
> > + grub_err_t status;
> > + void *efi_var = NULL;
> > + grub_size_t efi_var_size = 0;
> > + enum efi_var_type efi_type = EFI_VAR_HEX;
> > + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
> > + char *env_var = NULL;
> > + grub_size_t i;
> > + char *ptr;
> > +
> > + if (1 != argc)
> > + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument
> expected"));
> > +
> > + if (state[0].set)
> > + efi_type = parse_efi_var_type (state[0].arg);
> > +
> > + if (EFI_VAR_INVALID == efi_type)
> > + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid format
> specifier"));
> > +
> > + efi_var = grub_efi_get_variable (args[0], &global, &efi_var_size);
> > + if (!efi_var || !efi_var_size)
> > + {
> > + status = grub_error (GRUB_ERR_READ_ERROR, N_("cannot read
> variable"));
> > + goto err;
> > + }
> > +
> > + switch (efi_type)
> > + {
> > + case EFI_VAR_ASCII:
> > + env_var = grub_malloc (efi_var_size * 2 + 1);
> > + if (!env_var)
> > + {
> > + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > + goto err;
> > + }
> > +
> > + ptr = env_var;
> > +
> > + for (i = 0; i < efi_var_size; i++)
> > + ptr += grub_print_ascii (ptr, ((const char *)efi_var)[i]);
> > + *ptr = '\0';
> > + break;
> > +
> > + case EFI_VAR_RAW:
> > + env_var = grub_malloc (efi_var_size + 1);
> > + if (!env_var)
> > + {
> > + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > + goto err;
> > + }
> > + grub_memcpy (env_var, efi_var, efi_var_size);
> > + env_var[efi_var_size] = '\0';
> > + break;
> > +
> > + case EFI_VAR_UINT8:
> > + env_var = grub_malloc (4);
> > + if (!env_var)
> > + {
> > + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > + goto err;
> > + }
> > + grub_snprintf (env_var, 4, "%u", *((grub_uint8_t *)efi_var));
> > + break;
> > +
> > + case EFI_VAR_HEX:
> > + env_var = grub_malloc (efi_var_size * 2 + 1);
> > + if (!env_var)
> > + {
> > + status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > + goto err;
> > + }
> > + for (i = 0; i < efi_var_size; i++)
> > + grub_snprintf (env_var + (i * 2), 3, "%02x", ((grub_uint8_t
> > *)efi_var)[i]);
> > + break;
> > +
> > + case EFI_VAR_DUMP:
> > + if (state[1].set)
> > + status = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set
> > variable with dump format specifier"));
> > + else
> > + {
> > + hexdump (0, (char *)efi_var, efi_var_size);
> > + status = GRUB_ERR_NONE;
> > + }
> > + break;
> > +
> > + default:
> > + status = grub_error (GRUB_ERR_BUG, N_("should not happen (bug
> > in module?)"));
> > + goto err;
> > + }
> > +
> > + if (efi_type != EFI_VAR_DUMP)
> > + {
> > + if (state[1].set)
> > + status = grub_env_set (state[1].arg, env_var);
> > + else
> > + {
> > + grub_printf ("%s\n", (const char *)env_var);
> > + status = GRUB_ERR_NONE;
> > + }
> > + }
> > +
> > +err:
> > +
> > + grub_free (env_var);
> > + grub_free (efi_var);
> > +
> > + return status;
> > +}
> > +
> > +static grub_extcmd_t cmd = NULL;
> > +
> > +GRUB_MOD_INIT (efivar)
> > +{
> > + cmd = grub_register_extcmd ("get_efivar", grub_cmd_get_efi_var, 0,
> > N_("[-f FORMAT] [-s ENV_VAR] EFI_VAR"),
> > + N_("Read EFI variable and print it or save its contents to
> > environment variable."), options);
> > +}
> > +
> > +GRUB_MOD_FINI (efivar)
> > +{
> > + if (cmd)
> > + grub_unregister_extcmd (cmd);
> > +}
>
[-- Attachment #2: Type: text/html, Size: 22168 bytes --]
prev parent reply other threads:[~2016-01-29 16:25 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-03 19:39 Grub get and set efi variables Mat Troi
2015-11-03 20:12 ` SevenBits
2015-11-03 23:05 ` Mat Troi
2015-11-04 5:38 ` Andrei Borzenkov
2015-11-05 18:25 ` SevenBits
2015-11-06 2:00 ` Ignat Korchagin
2015-11-11 18:09 ` Andrei Borzenkov
2015-11-13 19:34 ` Ignat Korchagin
2015-11-13 19:42 ` Ignat Korchagin
2015-11-14 4:03 ` Andrei Borzenkov
2015-11-17 11:48 ` Ignat Korchagin
2015-11-29 8:57 ` Andrei Borzenkov
2015-11-24 19:23 ` Mat Troi
2015-11-24 20:48 ` Seth Goldberg
2015-11-27 14:07 ` Vladimir 'φ-coder/phcoder' Serbinenko
2015-11-27 14:25 ` Ignat Korchagin
2015-11-29 9:00 ` Andrei Borzenkov
2015-12-02 12:53 ` Ignat Korchagin
2015-12-02 13:00 ` Andrei Borzenkov
2015-12-02 13:05 ` Vladimir 'phcoder' Serbinenko
2015-12-02 14:52 ` Ignat Korchagin
2015-12-03 16:43 ` Andrei Borzenkov
2015-12-03 17:19 ` Ignat Korchagin
2015-12-09 14:42 ` Ignat Korchagin
2015-12-12 8:36 ` Andrei Borzenkov
2015-12-14 11:08 ` Ignat Korchagin
2015-12-14 11:17 ` Ignat Korchagin
2016-01-29 16:25 ` Ignat Korchagin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALrw=nH8TrpVg6E=jszTvhq3NL1uC9KZ87c1zNim4NcSZD8R-w@mail.gmail.com' \
--to=ignat@cloudflare.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.