From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1aPBrt-0005HR-Hi
	for mharc-grub-devel@gnu.org; Fri, 29 Jan 2016 11:25:53 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57526)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ignat@cloudflare.com>) id 1aPBro-0005HD-78
	for grub-devel@gnu.org; Fri, 29 Jan 2016 11:25:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ignat@cloudflare.com>) id 1aPBrk-0004LM-CW
	for grub-devel@gnu.org; Fri, 29 Jan 2016 11:25:48 -0500
Received: from mail-yk0-x22a.google.com ([2607:f8b0:4002:c07::22a]:35105)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ignat@cloudflare.com>) id 1aPBrk-0004LI-48
	for grub-devel@gnu.org; Fri, 29 Jan 2016 11:25:44 -0500
Received: by mail-yk0-x22a.google.com with SMTP id r207so31071484ykd.2
	for <grub-devel@gnu.org>; Fri, 29 Jan 2016 08:25:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cloudflare.com; s=google;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=9+IvJ+jM+4zCZlMmmE1SYAqkStIqhZtCO6+O5gaa4Ys=;
	b=k1wYyM2sbiww0Eb+53Vcd8BAwQ3d4GRBCg9/Gsw8EKDIxBn3cNOLv3BApArwTojVLc
	0CqjpeHio/Yqa/QnvweKH0kAxK9F98/2kSJPO4zX05w7hM/PjCedY1nl3HNsTpTGxBZq
	1CIL9pYfOnMYiqzNNHpE92lM2w+IQyW6s02Gk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:content-type;
	bh=9+IvJ+jM+4zCZlMmmE1SYAqkStIqhZtCO6+O5gaa4Ys=;
	b=lLqGxxv4Z8fkIpfP1jRffgqiVubGu1BfIhIBpr5lmvbpO/DpU1Xa7tOvTf89MVYkqc
	Ex+YbR6+dKBIQLHEEUrNpbMMMK6x1geJNKhlF9suWtMsVwYOum+fpbWqWTQ7acnIxgka
	PcQG52xzH6CD55hG4knUOoFaR58KUYDJNQgu3Y8lvX8krE53Ukuv6Vtx0VikaNk/rk7T
	hqkcclozYl5dnVKpjNk59tNK9mb6XZvdo02BQENX8rXNDtnGZuR9BRD2F5tcDtNbxeCJ
	AlvcLoGDQkI6X19T/9JQGDc0uTBuIeEi2/Bfv3UFGdjOixwVKVLSg0qDUsnEbW+KEZYy
	Kn9g==
X-Gm-Message-State: AG10YORHR598mF0WMlp1s/780DdjiAFNg0hCTfeUvgNUWJhuSipMg22AstqHkO1edkZkyWyTM/nkVtgSQGq1LPLZ
MIME-Version: 1.0
X-Received: by 10.129.134.69 with SMTP id w66mr5466805ywf.193.1454084743256;
	Fri, 29 Jan 2016 08:25:43 -0800 (PST)
Received: by 10.13.198.71 with HTTP; Fri, 29 Jan 2016 08:25:43 -0800 (PST)
In-Reply-To: <CALrw=nEH3679wQMwoATPnsaLnn1jxs6E3D+km1MkJSKnDCCfFw@mail.gmail.com>
References: <CAA0a8nXjwS-uRZnTsVL4_-k_N=_USkJ+_19SJrv8Wic6HdmWvg@mail.gmail.com>
	<563999B9.7020108@gmail.com>
	<CAKCeAn-6deosYohUDGnwR6JimC7YWhOzFJi=ovyJ=14GJn2QeA@mail.gmail.com>
	<CALrw=nFgzf9Ymbrm2S7LHy2R_2h+xP2X8pibc9CjGZ=VSnd+fw@mail.gmail.com>
	<5643845E.9060204@gmail.com>
	<CALrw=nHa3ZHLeeNd0FzYRAqFDLgD8_R0GQsspTnB-CFHjdDNMQ@mail.gmail.com>
	<CALrw=nE39PP7D1N-E=FceMdKy7K7Z=kfgG2Trcfjg-CQw6DP5A@mail.gmail.com>
	<5646B275.5040707@gmail.com> <56586384.1030504@gmail.com>
	<CALrw=nF5-e62xHQq7NByUUNsPi7iv4EqYc=qUF4VCf=4NJd8nw@mail.gmail.com>
	<565ABE97.5060109@gmail.com>
	<CALrw=nFBWQvSUmKXSLV5HSqtu1xQmbxsZgBk+mYXTgzVQk4aMA@mail.gmail.com>
	<CAA91j0X8f5pcMwha3OmW4ca9gMY53PcuT7szHr088Jt2QKW_0A@mail.gmail.com>
	<CAEaD8JMO4S5oti15hOSu=VyiWkgpLs7Jqfu05WW0-5cybnuVUw@mail.gmail.com>
	<CALrw=nHWeMHCDWknbQU=_K7qNxGQPkEcdA2GOnjSXW-VFqYEfQ@mail.gmail.com>
	<56607141.8030209@gmail.com>
	<CALrw=nE-SJT=+z-TBJ5_+sEwwKX4MbsEtY_QLGvWo03YihgC0g@mail.gmail.com>
	<566BDC9A.2080501@gmail.com>
	<CALrw=nG=kwocgK60UPXz8T7F_8b12ngas_TuSm6vFoZdZJ7p=w@mail.gmail.com>
	<CALrw=nEH3679wQMwoATPnsaLnn1jxs6E3D+km1MkJSKnDCCfFw@mail.gmail.com>
Date: Fri, 29 Jan 2016 16:25:43 +0000
Message-ID: <CALrw=nH8TrpVg6E=jszTvhq3NL1uC9KZ87c1zNim4NcSZD8R-w@mail.gmail.com>
Subject: Re: Grub get and set efi variables
From: Ignat Korchagin <ignat@cloudflare.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Content-Type: multipart/alternative; boundary=001a114f098c988bba052a7b7c7d
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2607:f8b0:4002:c07::22a
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 16:25:51 -0000

--001a114f098c988bba052a7b7c7d
Content-Type: text/plain; charset=UTF-8

Hi. Are we still considering this?

On Mon, Dec 14, 2015 at 11:17 AM, Ignat Korchagin <ignat@cloudflare.com>
wrote:

> Sorry, pasted wrong file. Here is the correct one:
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index 0cc40bb..aa7b927 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -735,6 +735,12 @@ module = {
>  };
>
>  module = {
> +  name = efivar;
> +  efi = commands/efi/efivar.c;
> +  enable = efi;
> +};
> +
> +module = {
>    name = blocklist;
>    common = commands/blocklist.c;
>  };
> diff --git a/grub-core/commands/efi/efivar.c
> b/grub-core/commands/efi/efivar.c
> new file mode 100644
> index 0000000..7fe7bda
> --- /dev/null
> +++ b/grub-core/commands/efi/efivar.c
> @@ -0,0 +1,236 @@
> +/* efivar.c - Read EFI global variables. */
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2015 Free Software Foundation, Inc.
> + *  Copyright (C) 2015 CloudFlare, Inc.
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/types.h>
> +#include <grub/mm.h>
> +#include <grub/misc.h>
> +#include <grub/efi/api.h>
> +#include <grub/efi/efi.h>
> +#include <grub/extcmd.h>
> +#include <grub/env.h>
> +#include <grub/lib/hexdump.h>
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +static const struct grub_arg_option options[] = {
> +  {"format", 'f', GRUB_ARG_OPTION_OPTIONAL, N_("Parse EFI_VAR in
> specific format (hex, uint8, ascii, dump). Default: hex."),
> N_("FORMAT"), ARG_TYPE_STRING},
> +  {"set", 's', GRUB_ARG_OPTION_OPTIONAL, N_("Save parsed result to
> environment variable (does not work with dump)."), N_("ENV_VAR"),
> ARG_TYPE_STRING},
> +  {0, 0, 0, 0, 0, 0}
> +};
> +
> +enum efi_var_type
> +  {
> +    EFI_VAR_ASCII = 0,
> +    EFI_VAR_UINT8,
> +    EFI_VAR_HEX,
> +    EFI_VAR_DUMP,
> +    EFI_VAR_INVALID = -1
> +  };
> +
> +static enum efi_var_type
> +parse_efi_var_type (const char *type)
> +{
> +  if (!grub_strcmp (type, "ascii"))
> +    return EFI_VAR_ASCII;
> +
> +  if (!grub_strcmp (type, "uint8"))
> +    return EFI_VAR_UINT8;
> +
> +  if (!grub_strcmp (type, "hex"))
> +    return EFI_VAR_HEX;
> +
> +  if (!grub_strcmp (type, "dump"))
> +    return EFI_VAR_DUMP;
> +
> +  return EFI_VAR_INVALID;
> +}
> +
> +static int
> +grub_print_ascii (char *str, char c)
> +{
> +  if (grub_iscntrl (c))
> +  {
> +    switch (c)
> +      {
> +        case '\0':
> +          str[0] = '\\';
> +          str[1] = '0';
> +          return 2;
> +
> +        case '\a':
> +          str[0] = '\\';
> +          str[1] = 'a';
> +          return 2;
> +
> +        case '\b':
> +          str[0] = '\\';
> +          str[1] = 'b';
> +          return 2;
> +
> +        case '\f':
> +          str[0] = '\\';
> +          str[1] = 'f';
> +          return 2;
> +
> +        case '\n':
> +          str[0] = '\\';
> +          str[1] = 'n';
> +          return 2;
> +
> +        case '\r':
> +          str[0] = '\\';
> +          str[1] = 'r';
> +          return 2;
> +
> +        case '\t':
> +          str[0] = '\\';
> +          str[1] = 't';
> +          return 2;
> +
> +        case '\v':
> +          str[0] = '\\';
> +          str[1] = 'v';
> +          return 2;
> +
> +        default:
> +          str[0] = '.'; /* as in hexdump -C */
> +          return 1;
> +      }
> +  }
> +
> +  str[0] = c;
> +  return 1;
> +}
> +
> +static grub_err_t
> +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,
> +  int argc, char **args)
> +{
> +  struct grub_arg_list *state = ctxt->state;
> +  grub_err_t status;
> +  void *efi_var = NULL;
> +  grub_size_t efi_var_size = 0;
> +  enum efi_var_type efi_type = EFI_VAR_HEX;
> +  grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
> +  char *env_var = NULL;
> +  grub_size_t i;
> +  char *ptr;
> +
> +  if (1 != argc)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument
> expected"));
> +
> +  if (state[0].set)
> +    efi_type = parse_efi_var_type (state[0].arg);
> +
> +  if (EFI_VAR_INVALID == efi_type)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid format
> specifier"));
> +
> +  efi_var = grub_efi_get_variable (args[0], &global, &efi_var_size);
> +  if (!efi_var || !efi_var_size)
> +    {
> +      status = grub_error (GRUB_ERR_READ_ERROR, N_("cannot read
> variable"));
> +      goto err;
> +    }
> +
> +  switch (efi_type)
> +  {
> +    case EFI_VAR_ASCII:
> +      env_var = grub_malloc (efi_var_size * 2 + 1);
> +      if (!env_var)
> +        {
> +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> +          goto err;
> +        }
> +
> +      ptr = env_var;
> +
> +      for (i = 0; i < efi_var_size; i++)
> +        ptr += grub_print_ascii (ptr, ((const char *)efi_var)[i]);
> +      *ptr = '\0';
> +      break;
> +
> +    case EFI_VAR_UINT8:
> +      env_var = grub_malloc (4);
> +      if (!env_var)
> +        {
> +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> +          goto err;
> +        }
> +      grub_snprintf (env_var, 4, "%u", *((grub_uint8_t *)efi_var));
> +      break;
> +
> +    case EFI_VAR_HEX:
> +      env_var = grub_malloc (efi_var_size * 2 + 1);
> +      if (!env_var)
> +        {
> +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> +          goto err;
> +        }
> +      for (i = 0; i < efi_var_size; i++)
> +        grub_snprintf (env_var + (i * 2), 3, "%02x", ((grub_uint8_t
> *)efi_var)[i]);
> +      break;
> +
> +    case EFI_VAR_DUMP:
> +      if (state[1].set)
> +        status = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set
> variable with dump format specifier"));
> +      else
> +        {
> +          hexdump (0, (char *)efi_var, efi_var_size);
> +          status = GRUB_ERR_NONE;
> +        }
> +      break;
> +
> +    default:
> +      status = grub_error (GRUB_ERR_BUG, N_("should not happen (bug
> in module?)"));
> +      goto err;
> +  }
> +
> +  if (efi_type != EFI_VAR_DUMP)
> +    {
> +      if (state[1].set)
> +        status = grub_env_set (state[1].arg, env_var);
> +      else
> +        {
> +          grub_printf ("%s\n", (const char *)env_var);
> +          status = GRUB_ERR_NONE;
> +        }
> +    }
> +
> +err:
> +
> +  grub_free (env_var);
> +  grub_free (efi_var);
> +
> +  return status;
> +}
> +
> +static grub_extcmd_t cmd = NULL;
> +
> +GRUB_MOD_INIT (efivar)
> +{
> +  cmd = grub_register_extcmd ("get_efivar", grub_cmd_get_efi_var, 0,
> N_("[-f FORMAT] [-s ENV_VAR] EFI_VAR"),
> + N_("Read EFI variable and print it or save its contents to
> environment variable."), options);
> +}
> +
> +GRUB_MOD_FINI (efivar)
> +{
> +  if (cmd)
> +    grub_unregister_extcmd (cmd);
> +}
>
>
> On Mon, Dec 14, 2015 at 11:08 AM, Ignat Korchagin <ignat@cloudflare.com>
> wrote:
> >> Assuming uint8 remains - should not you check that variable size is
> exactly 1 byte in this case?
> > There are reports of a buggy firmware returning 4 bytes size for uint8
> > variables, however did not encounter them myself.
> >
> >> Do we really need unit8 at all? "hex" already provides exactly the same
> functionality, not? Do you think there are cases when uint8 is really
> required?
> > Well, when checking for SecureBoot variable in grub configuration file
> > hex mode makes it look weird and creates a point of confusion. For
> > example to check if SecureBoot (suppose the result of the our command
> > is stored in secure_boot env variable in hex mode) is enabled one
> > should write:
> > if [ secure_boot = "01" ]
> > ...
> > uint8 just allows to do a more straightforward config
> > if [ secure_boot = 1] - this case would be false for hex mode -
> > possible security breach
> > ...
> >
> > Added goto err in the module as pointed, see patch below. I will do a
> > follow-up patch for documentation once we get this confirmed.
> >
> > diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> > index 0cc40bb..aa7b927 100644
> > --- a/grub-core/Makefile.core.def
> > +++ b/grub-core/Makefile.core.def
> > @@ -735,6 +735,12 @@ module = {
> >  };
> >
> >  module = {
> > +  name = efivar;
> > +  efi = commands/efi/efivar.c;
> > +  enable = efi;
> > +};
> > +
> > +module = {
> >    name = blocklist;
> >    common = commands/blocklist.c;
> >  };
> > diff --git a/grub-core/commands/efi/efivar.c
> b/grub-core/commands/efi/efivar.c
> > new file mode 100644
> > index 0000000..7f5a957
> > --- /dev/null
> > +++ b/grub-core/commands/efi/efivar.c
> > @@ -0,0 +1,251 @@
> > +/* efivar.c - Read EFI global variables. */
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2015 Free Software Foundation, Inc.
> > + *  Copyright (C) 2015 CloudFlare, Inc.
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <grub/types.h>
> > +#include <grub/mm.h>
> > +#include <grub/misc.h>
> > +#include <grub/efi/api.h>
> > +#include <grub/efi/efi.h>
> > +#include <grub/extcmd.h>
> > +#include <grub/env.h>
> > +#include <grub/lib/hexdump.h>
> > +
> > +GRUB_MOD_LICENSE ("GPLv3+");
> > +
> > +static const struct grub_arg_option options[] = {
> > +  {"format", 'f', GRUB_ARG_OPTION_OPTIONAL, N_("Parse EFI_VAR in
> > specific format (hex, uint8, ascii, raw, dump). Default: hex."),
> > N_("FORMAT"), ARG_TYPE_STRING},
> > +  {"set", 's', GRUB_ARG_OPTION_OPTIONAL, N_("Save parsed result to
> > environment variable (does not work with dump)."), N_("ENV_VAR"),
> > ARG_TYPE_STRING},
> > +  {0, 0, 0, 0, 0, 0}
> > +};
> > +
> > +enum efi_var_type
> > +  {
> > +    EFI_VAR_ASCII = 0,
> > +    EFI_VAR_RAW,
> > +    EFI_VAR_UINT8,
> > +    EFI_VAR_HEX,
> > +    EFI_VAR_DUMP,
> > +    EFI_VAR_INVALID = -1
> > +  };
> > +
> > +static enum efi_var_type
> > +parse_efi_var_type (const char *type)
> > +{
> > +  if (!grub_strncmp (type, "ascii", sizeof("ascii")))
> > +    return EFI_VAR_ASCII;
> > +
> > +  if (!grub_strncmp (type, "raw", sizeof("raw")))
> > +    return EFI_VAR_ASCII;
> > +
> > +  if (!grub_strncmp (type, "uint8", sizeof("uint8")))
> > +    return EFI_VAR_UINT8;
> > +
> > +  if (!grub_strncmp (type, "hex", sizeof("hex")))
> > +    return EFI_VAR_HEX;
> > +
> > +  if (!grub_strncmp (type, "dump", sizeof("dump")))
> > +    return EFI_VAR_DUMP;
> > +
> > +  return EFI_VAR_INVALID;
> > +}
> > +
> > +static int
> > +grub_print_ascii (char *str, char c)
> > +{
> > +  if (grub_iscntrl (c))
> > +  {
> > +    switch (c)
> > +      {
> > +        case '\0':
> > +          str[0] = '\\';
> > +          str[1] = '0';
> > +          return 2;
> > +
> > +        case '\a':
> > +          str[0] = '\\';
> > +          str[1] = 'a';
> > +          return 2;
> > +
> > +        case '\b':
> > +          str[0] = '\\';
> > +          str[1] = 'b';
> > +          return 2;
> > +
> > +        case '\f':
> > +          str[0] = '\\';
> > +          str[1] = 'f';
> > +          return 2;
> > +
> > +        case '\n':
> > +          str[0] = '\\';
> > +          str[1] = 'n';
> > +          return 2;
> > +
> > +        case '\r':
> > +          str[0] = '\\';
> > +          str[1] = 'r';
> > +          return 2;
> > +
> > +        case '\t':
> > +          str[0] = '\\';
> > +          str[1] = 't';
> > +          return 2;
> > +
> > +        case '\v':
> > +          str[0] = '\\';
> > +          str[1] = 'v';
> > +          return 2;
> > +
> > +        default:
> > +          str[0] = '.'; /* as in hexdump -C */
> > +          return 1;
> > +      }
> > +  }
> > +
> > +  str[0] = c;
> > +  return 1;
> > +}
> > +
> > +static grub_err_t
> > +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,
> > +  int argc, char **args)
> > +{
> > +  struct grub_arg_list *state = ctxt->state;
> > +  grub_err_t status;
> > +  void *efi_var = NULL;
> > +  grub_size_t efi_var_size = 0;
> > +  enum efi_var_type efi_type = EFI_VAR_HEX;
> > +  grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
> > +  char *env_var = NULL;
> > +  grub_size_t i;
> > +  char *ptr;
> > +
> > +  if (1 != argc)
> > +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument
> expected"));
> > +
> > +  if (state[0].set)
> > +    efi_type = parse_efi_var_type (state[0].arg);
> > +
> > +  if (EFI_VAR_INVALID == efi_type)
> > +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid format
> specifier"));
> > +
> > +  efi_var = grub_efi_get_variable (args[0], &global, &efi_var_size);
> > +  if (!efi_var || !efi_var_size)
> > +    {
> > +      status = grub_error (GRUB_ERR_READ_ERROR, N_("cannot read
> variable"));
> > +      goto err;
> > +    }
> > +
> > +  switch (efi_type)
> > +  {
> > +    case EFI_VAR_ASCII:
> > +      env_var = grub_malloc (efi_var_size * 2 + 1);
> > +      if (!env_var)
> > +        {
> > +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > +          goto err;
> > +        }
> > +
> > +      ptr = env_var;
> > +
> > +      for (i = 0; i < efi_var_size; i++)
> > +        ptr += grub_print_ascii (ptr, ((const char *)efi_var)[i]);
> > +      *ptr = '\0';
> > +      break;
> > +
> > +    case EFI_VAR_RAW:
> > +      env_var = grub_malloc (efi_var_size + 1);
> > +      if (!env_var)
> > +        {
> > +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > +          goto err;
> > +        }
> > +      grub_memcpy (env_var, efi_var, efi_var_size);
> > +      env_var[efi_var_size] = '\0';
> > +      break;
> > +
> > +    case EFI_VAR_UINT8:
> > +      env_var = grub_malloc (4);
> > +      if (!env_var)
> > +        {
> > +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > +          goto err;
> > +        }
> > +      grub_snprintf (env_var, 4, "%u", *((grub_uint8_t *)efi_var));
> > +      break;
> > +
> > +    case EFI_VAR_HEX:
> > +      env_var = grub_malloc (efi_var_size * 2 + 1);
> > +      if (!env_var)
> > +        {
> > +          status = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of
> memory"));
> > +          goto err;
> > +        }
> > +      for (i = 0; i < efi_var_size; i++)
> > +        grub_snprintf (env_var + (i * 2), 3, "%02x", ((grub_uint8_t
> > *)efi_var)[i]);
> > +      break;
> > +
> > +    case EFI_VAR_DUMP:
> > +      if (state[1].set)
> > +        status = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("cannot set
> > variable with dump format specifier"));
> > +      else
> > +        {
> > +          hexdump (0, (char *)efi_var, efi_var_size);
> > +          status = GRUB_ERR_NONE;
> > +        }
> > +      break;
> > +
> > +    default:
> > +      status = grub_error (GRUB_ERR_BUG, N_("should not happen (bug
> > in module?)"));
> > +      goto err;
> > +  }
> > +
> > +  if (efi_type != EFI_VAR_DUMP)
> > +    {
> > +      if (state[1].set)
> > +        status = grub_env_set (state[1].arg, env_var);
> > +      else
> > +        {
> > +          grub_printf ("%s\n", (const char *)env_var);
> > +          status = GRUB_ERR_NONE;
> > +        }
> > +    }
> > +
> > +err:
> > +
> > +  grub_free (env_var);
> > +  grub_free (efi_var);
> > +
> > +  return status;
> > +}
> > +
> > +static grub_extcmd_t cmd = NULL;
> > +
> > +GRUB_MOD_INIT (efivar)
> > +{
> > +  cmd = grub_register_extcmd ("get_efivar", grub_cmd_get_efi_var, 0,
> > N_("[-f FORMAT] [-s ENV_VAR] EFI_VAR"),
> > + N_("Read EFI variable and print it or save its contents to
> > environment variable."), options);
> > +}
> > +
> > +GRUB_MOD_FINI (efivar)
> > +{
> > +  if (cmd)
> > +    grub_unregister_extcmd (cmd);
> > +}
>

--001a114f098c988bba052a7b7c7d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi. Are we still considering this?<div class=3D"gmail_extr=
a"><br><div class=3D"gmail_quote">On Mon, Dec 14, 2015 at 11:17 AM, Ignat K=
orchagin <span dir=3D"ltr">&lt;<a href=3D"mailto:ignat@cloudflare.com" targ=
et=3D"_blank">ignat@cloudflare.com</a>&gt;</span> wrote:<br><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa=
dding-left:1ex">Sorry, pasted wrong file. Here is the correct one:<br>
<span class=3D""><br>
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def<br>
index 0cc40bb..aa7b927 100644<br>
--- a/grub-core/Makefile.core.def<br>
+++ b/grub-core/Makefile.core.def<br>
@@ -735,6 +735,12 @@ module =3D {<br>
=C2=A0};<br>
<br>
=C2=A0module =3D {<br>
+=C2=A0 name =3D efivar;<br>
+=C2=A0 efi =3D commands/efi/efivar.c;<br>
+=C2=A0 enable =3D efi;<br>
+};<br>
+<br>
+module =3D {<br>
=C2=A0 =C2=A0name =3D blocklist;<br>
=C2=A0 =C2=A0common =3D commands/blocklist.c;<br>
=C2=A0};<br>
diff --git a/grub-core/commands/efi/efivar.c b/grub-core/commands/efi/efiva=
r.c<br>
new file mode 100644<br>
</span>index 0000000..7fe7bda<br>
--- /dev/null<br>
+++ b/grub-core/commands/efi/efivar.c<br>
@@ -0,0 +1,236 @@<br>
<div><div class=3D"h5">+/* efivar.c - Read EFI global variables. */<br>
+/*<br>
+ *=C2=A0 GRUB=C2=A0 --=C2=A0 GRand Unified Bootloader<br>
+ *=C2=A0 Copyright (C) 2015 Free Software Foundation, Inc.<br>
+ *=C2=A0 Copyright (C) 2015 CloudFlare, Inc.<br>
+ *<br>
+ *=C2=A0 GRUB is free software: you can redistribute it and/or modify<br>
+ *=C2=A0 it under the terms of the GNU General Public License as published=
 by<br>
+ *=C2=A0 the Free Software Foundation, either version 3 of the License, or=
<br>
+ *=C2=A0 (at your option) any later version.<br>
+ *<br>
+ *=C2=A0 GRUB is distributed in the hope that it will be useful,<br>
+ *=C2=A0 but WITHOUT ANY WARRANTY; without even the implied warranty of<br=
>
+ *=C2=A0 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.=C2=A0 See th=
e<br>
+ *=C2=A0 GNU General Public License for more details.<br>
+ *<br>
+ *=C2=A0 You should have received a copy of the GNU General Public License=
<br>
+ *=C2=A0 along with GRUB.=C2=A0 If not, see &lt;<a href=3D"http://www.gnu.=
org/licenses/" rel=3D"noreferrer" target=3D"_blank">http://www.gnu.org/lice=
nses/</a>&gt;.<br>
+ */<br>
+<br>
+#include &lt;grub/types.h&gt;<br>
+#include &lt;grub/mm.h&gt;<br>
+#include &lt;grub/misc.h&gt;<br>
+#include &lt;grub/efi/api.h&gt;<br>
+#include &lt;grub/efi/efi.h&gt;<br>
+#include &lt;grub/extcmd.h&gt;<br>
+#include &lt;grub/env.h&gt;<br>
+#include &lt;grub/lib/hexdump.h&gt;<br>
+<br>
+GRUB_MOD_LICENSE (&quot;GPLv3+&quot;);<br>
+<br>
+static const struct grub_arg_option options[] =3D {<br>
+=C2=A0 {&quot;format&quot;, &#39;f&#39;, GRUB_ARG_OPTION_OPTIONAL, N_(&quo=
t;Parse EFI_VAR in<br>
</div></div>specific format (hex, uint8, ascii, dump). Default: hex.&quot;)=
,<br>
<span class=3D"">N_(&quot;FORMAT&quot;), ARG_TYPE_STRING},<br>
+=C2=A0 {&quot;set&quot;, &#39;s&#39;, GRUB_ARG_OPTION_OPTIONAL, N_(&quot;S=
ave parsed result to<br>
environment variable (does not work with dump).&quot;), N_(&quot;ENV_VAR&qu=
ot;),<br>
ARG_TYPE_STRING},<br>
+=C2=A0 {0, 0, 0, 0, 0, 0}<br>
+};<br>
+<br>
+enum efi_var_type<br>
+=C2=A0 {<br>
+=C2=A0 =C2=A0 EFI_VAR_ASCII =3D 0,<br>
</span><span class=3D"">+=C2=A0 =C2=A0 EFI_VAR_UINT8,<br>
+=C2=A0 =C2=A0 EFI_VAR_HEX,<br>
+=C2=A0 =C2=A0 EFI_VAR_DUMP,<br>
+=C2=A0 =C2=A0 EFI_VAR_INVALID =3D -1<br>
+=C2=A0 };<br>
+<br>
+static enum efi_var_type<br>
+parse_efi_var_type (const char *type)<br>
+{<br>
</span>+=C2=A0 if (!grub_strcmp (type, &quot;ascii&quot;))<br>
+=C2=A0 =C2=A0 return EFI_VAR_ASCII;<br>
+<br>
+=C2=A0 if (!grub_strcmp (type, &quot;uint8&quot;))<br>
+=C2=A0 =C2=A0 return EFI_VAR_UINT8;<br>
+<br>
+=C2=A0 if (!grub_strcmp (type, &quot;hex&quot;))<br>
+=C2=A0 =C2=A0 return EFI_VAR_HEX;<br>
+<br>
+=C2=A0 if (!grub_strcmp (type, &quot;dump&quot;))<br>
<div class=3D"HOEnZb"><div class=3D"h5">+=C2=A0 =C2=A0 return EFI_VAR_DUMP;=
<br>
+<br>
+=C2=A0 return EFI_VAR_INVALID;<br>
+}<br>
+<br>
+static int<br>
+grub_print_ascii (char *str, char c)<br>
+{<br>
+=C2=A0 if (grub_iscntrl (c))<br>
+=C2=A0 {<br>
+=C2=A0 =C2=A0 switch (c)<br>
+=C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\0&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;0&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\a&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;a&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\b&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;b&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\f&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;f&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\n&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;n&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\r&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;r&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\t&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;t&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\v&#39;:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;v&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 default:<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;.&#39;; /* as in hexdum=
p -C */<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 1;<br>
+=C2=A0 =C2=A0 =C2=A0 }<br>
+=C2=A0 }<br>
+<br>
+=C2=A0 str[0] =3D c;<br>
+=C2=A0 return 1;<br>
+}<br>
+<br>
+static grub_err_t<br>
+grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,<br>
+=C2=A0 int argc, char **args)<br>
+{<br>
+=C2=A0 struct grub_arg_list *state =3D ctxt-&gt;state;<br>
+=C2=A0 grub_err_t status;<br>
+=C2=A0 void *efi_var =3D NULL;<br>
+=C2=A0 grub_size_t efi_var_size =3D 0;<br>
+=C2=A0 enum efi_var_type efi_type =3D EFI_VAR_HEX;<br>
+=C2=A0 grub_efi_guid_t global =3D GRUB_EFI_GLOBAL_VARIABLE_GUID;<br>
+=C2=A0 char *env_var =3D NULL;<br>
+=C2=A0 grub_size_t i;<br>
+=C2=A0 char *ptr;<br>
+<br>
+=C2=A0 if (1 !=3D argc)<br>
+=C2=A0 =C2=A0 return grub_error (GRUB_ERR_BAD_ARGUMENT, N_(&quot;one argum=
ent expected&quot;));<br>
+<br>
+=C2=A0 if (state[0].set)<br>
+=C2=A0 =C2=A0 efi_type =3D parse_efi_var_type (state[0].arg);<br>
+<br>
+=C2=A0 if (EFI_VAR_INVALID =3D=3D efi_type)<br>
+=C2=A0 =C2=A0 return grub_error (GRUB_ERR_BAD_ARGUMENT, N_(&quot;invalid f=
ormat specifier&quot;));<br>
+<br>
+=C2=A0 efi_var =3D grub_efi_get_variable (args[0], &amp;global, &amp;efi_v=
ar_size);<br>
+=C2=A0 if (!efi_var || !efi_var_size)<br>
+=C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_READ_ERROR, N_(&quot;=
cannot read variable&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 goto err;<br>
+=C2=A0 =C2=A0 }<br>
+<br>
+=C2=A0 switch (efi_type)<br>
+=C2=A0 {<br>
+=C2=A0 =C2=A0 case EFI_VAR_ASCII:<br>
+=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (efi_var_size * 2 + 1);<br>
+=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OUT_OF_=
MEMORY, N_(&quot;out of memory&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 ptr =3D env_var;<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 for (i =3D 0; i &lt; efi_var_size; i++)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 ptr +=3D grub_print_ascii (ptr, ((const char *=
)efi_var)[i]);<br>
+=C2=A0 =C2=A0 =C2=A0 *ptr =3D &#39;\0&#39;;<br>
+=C2=A0 =C2=A0 =C2=A0 break;<br>
+<br>
</div></div><div class=3D"HOEnZb"><div class=3D"h5">+=C2=A0 =C2=A0 case EFI=
_VAR_UINT8:<br>
+=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (4);<br>
+=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OUT_OF_=
MEMORY, N_(&quot;out of memory&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
+=C2=A0 =C2=A0 =C2=A0 grub_snprintf (env_var, 4, &quot;%u&quot;, *((grub_ui=
nt8_t *)efi_var));<br>
+=C2=A0 =C2=A0 =C2=A0 break;<br>
+<br>
+=C2=A0 =C2=A0 case EFI_VAR_HEX:<br>
+=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (efi_var_size * 2 + 1);<br>
+=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OUT_OF_=
MEMORY, N_(&quot;out of memory&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
+=C2=A0 =C2=A0 =C2=A0 for (i =3D 0; i &lt; efi_var_size; i++)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 grub_snprintf (env_var + (i * 2), 3, &quot;%02=
x&quot;, ((grub_uint8_t<br>
*)efi_var)[i]);<br>
+=C2=A0 =C2=A0 =C2=A0 break;<br>
+<br>
+=C2=A0 =C2=A0 case EFI_VAR_DUMP:<br>
+=C2=A0 =C2=A0 =C2=A0 if (state[1].set)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_BAD_ARGUMENT, =
N_(&quot;cannot set<br>
variable with dump format specifier&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 else<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 hexdump (0, (char *)efi_var, efi_var_si=
ze);<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D GRUB_ERR_NONE;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
+=C2=A0 =C2=A0 =C2=A0 break;<br>
+<br>
+=C2=A0 =C2=A0 default:<br>
+=C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_BUG, N_(&quot;should =
not happen (bug<br>
in module?)&quot;));<br>
+=C2=A0 =C2=A0 =C2=A0 goto err;<br>
+=C2=A0 }<br>
+<br>
+=C2=A0 if (efi_type !=3D EFI_VAR_DUMP)<br>
+=C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 if (state[1].set)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_env_set (state[1].arg, env_var=
);<br>
+=C2=A0 =C2=A0 =C2=A0 else<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 grub_printf (&quot;%s\n&quot;, (const c=
har *)env_var);<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D GRUB_ERR_NONE;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
+=C2=A0 =C2=A0 }<br>
+<br>
+err:<br>
+<br>
+=C2=A0 grub_free (env_var);<br>
+=C2=A0 grub_free (efi_var);<br>
+<br>
+=C2=A0 return status;<br>
+}<br>
+<br>
+static grub_extcmd_t cmd =3D NULL;<br>
+<br>
+GRUB_MOD_INIT (efivar)<br>
+{<br>
+=C2=A0 cmd =3D grub_register_extcmd (&quot;get_efivar&quot;, grub_cmd_get_=
efi_var, 0,<br>
N_(&quot;[-f FORMAT] [-s ENV_VAR] EFI_VAR&quot;),<br>
+ N_(&quot;Read EFI variable and print it or save its contents to<br>
environment variable.&quot;), options);<br>
+}<br>
+<br>
+GRUB_MOD_FINI (efivar)<br>
+{<br>
+=C2=A0 if (cmd)<br>
+=C2=A0 =C2=A0 grub_unregister_extcmd (cmd);<br>
+}<br>
<br>
<br>
</div></div><div class=3D"HOEnZb"><div class=3D"h5">On Mon, Dec 14, 2015 at=
 11:08 AM, Ignat Korchagin &lt;<a href=3D"mailto:ignat@cloudflare.com">igna=
t@cloudflare.com</a>&gt; wrote:<br>
&gt;&gt; Assuming uint8 remains - should not you check that variable size i=
s exactly 1 byte in this case?<br>
&gt; There are reports of a buggy firmware returning 4 bytes size for uint8=
<br>
&gt; variables, however did not encounter them myself.<br>
&gt;<br>
&gt;&gt; Do we really need unit8 at all? &quot;hex&quot; already provides e=
xactly the same functionality, not? Do you think there are cases when uint8=
 is really required?<br>
&gt; Well, when checking for SecureBoot variable in grub configuration file=
<br>
&gt; hex mode makes it look weird and creates a point of confusion. For<br>
&gt; example to check if SecureBoot (suppose the result of the our command<=
br>
&gt; is stored in secure_boot env variable in hex mode) is enabled one<br>
&gt; should write:<br>
&gt; if [ secure_boot =3D &quot;01&quot; ]<br>
&gt; ...<br>
&gt; uint8 just allows to do a more straightforward config<br>
&gt; if [ secure_boot =3D 1] - this case would be false for hex mode -<br>
&gt; possible security breach<br>
&gt; ...<br>
&gt;<br>
&gt; Added goto err in the module as pointed, see patch below. I will do a<=
br>
&gt; follow-up patch for documentation once we get this confirmed.<br>
&gt;<br>
&gt; diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def=
<br>
&gt; index 0cc40bb..aa7b927 100644<br>
&gt; --- a/grub-core/Makefile.core.def<br>
&gt; +++ b/grub-core/Makefile.core.def<br>
&gt; @@ -735,6 +735,12 @@ module =3D {<br>
&gt;=C2=A0 };<br>
&gt;<br>
&gt;=C2=A0 module =3D {<br>
&gt; +=C2=A0 name =3D efivar;<br>
&gt; +=C2=A0 efi =3D commands/efi/efivar.c;<br>
&gt; +=C2=A0 enable =3D efi;<br>
&gt; +};<br>
&gt; +<br>
&gt; +module =3D {<br>
&gt;=C2=A0 =C2=A0 name =3D blocklist;<br>
&gt;=C2=A0 =C2=A0 common =3D commands/blocklist.c;<br>
&gt;=C2=A0 };<br>
&gt; diff --git a/grub-core/commands/efi/efivar.c b/grub-core/commands/efi/=
efivar.c<br>
&gt; new file mode 100644<br>
&gt; index 0000000..7f5a957<br>
&gt; --- /dev/null<br>
&gt; +++ b/grub-core/commands/efi/efivar.c<br>
&gt; @@ -0,0 +1,251 @@<br>
&gt; +/* efivar.c - Read EFI global variables. */<br>
&gt; +/*<br>
&gt; + *=C2=A0 GRUB=C2=A0 --=C2=A0 GRand Unified Bootloader<br>
&gt; + *=C2=A0 Copyright (C) 2015 Free Software Foundation, Inc.<br>
&gt; + *=C2=A0 Copyright (C) 2015 CloudFlare, Inc.<br>
&gt; + *<br>
&gt; + *=C2=A0 GRUB is free software: you can redistribute it and/or modify=
<br>
&gt; + *=C2=A0 it under the terms of the GNU General Public License as publ=
ished by<br>
&gt; + *=C2=A0 the Free Software Foundation, either version 3 of the Licens=
e, or<br>
&gt; + *=C2=A0 (at your option) any later version.<br>
&gt; + *<br>
&gt; + *=C2=A0 GRUB is distributed in the hope that it will be useful,<br>
&gt; + *=C2=A0 but WITHOUT ANY WARRANTY; without even the implied warranty =
of<br>
&gt; + *=C2=A0 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.=C2=A0 S=
ee the<br>
&gt; + *=C2=A0 GNU General Public License for more details.<br>
&gt; + *<br>
&gt; + *=C2=A0 You should have received a copy of the GNU General Public Li=
cense<br>
&gt; + *=C2=A0 along with GRUB.=C2=A0 If not, see &lt;<a href=3D"http://www=
.gnu.org/licenses/" rel=3D"noreferrer" target=3D"_blank">http://www.gnu.org=
/licenses/</a>&gt;.<br>
&gt; + */<br>
&gt; +<br>
&gt; +#include &lt;grub/types.h&gt;<br>
&gt; +#include &lt;grub/mm.h&gt;<br>
&gt; +#include &lt;grub/misc.h&gt;<br>
&gt; +#include &lt;grub/efi/api.h&gt;<br>
&gt; +#include &lt;grub/efi/efi.h&gt;<br>
&gt; +#include &lt;grub/extcmd.h&gt;<br>
&gt; +#include &lt;grub/env.h&gt;<br>
&gt; +#include &lt;grub/lib/hexdump.h&gt;<br>
&gt; +<br>
&gt; +GRUB_MOD_LICENSE (&quot;GPLv3+&quot;);<br>
&gt; +<br>
&gt; +static const struct grub_arg_option options[] =3D {<br>
&gt; +=C2=A0 {&quot;format&quot;, &#39;f&#39;, GRUB_ARG_OPTION_OPTIONAL, N_=
(&quot;Parse EFI_VAR in<br>
&gt; specific format (hex, uint8, ascii, raw, dump). Default: hex.&quot;),<=
br>
&gt; N_(&quot;FORMAT&quot;), ARG_TYPE_STRING},<br>
&gt; +=C2=A0 {&quot;set&quot;, &#39;s&#39;, GRUB_ARG_OPTION_OPTIONAL, N_(&q=
uot;Save parsed result to<br>
&gt; environment variable (does not work with dump).&quot;), N_(&quot;ENV_V=
AR&quot;),<br>
&gt; ARG_TYPE_STRING},<br>
&gt; +=C2=A0 {0, 0, 0, 0, 0, 0}<br>
&gt; +};<br>
&gt; +<br>
&gt; +enum efi_var_type<br>
&gt; +=C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_ASCII =3D 0,<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_RAW,<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_UINT8,<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_HEX,<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_DUMP,<br>
&gt; +=C2=A0 =C2=A0 EFI_VAR_INVALID =3D -1<br>
&gt; +=C2=A0 };<br>
&gt; +<br>
&gt; +static enum efi_var_type<br>
&gt; +parse_efi_var_type (const char *type)<br>
&gt; +{<br>
&gt; +=C2=A0 if (!grub_strncmp (type, &quot;ascii&quot;, sizeof(&quot;ascii=
&quot;)))<br>
&gt; +=C2=A0 =C2=A0 return EFI_VAR_ASCII;<br>
&gt; +<br>
&gt; +=C2=A0 if (!grub_strncmp (type, &quot;raw&quot;, sizeof(&quot;raw&quo=
t;)))<br>
&gt; +=C2=A0 =C2=A0 return EFI_VAR_ASCII;<br>
&gt; +<br>
&gt; +=C2=A0 if (!grub_strncmp (type, &quot;uint8&quot;, sizeof(&quot;uint8=
&quot;)))<br>
&gt; +=C2=A0 =C2=A0 return EFI_VAR_UINT8;<br>
&gt; +<br>
&gt; +=C2=A0 if (!grub_strncmp (type, &quot;hex&quot;, sizeof(&quot;hex&quo=
t;)))<br>
&gt; +=C2=A0 =C2=A0 return EFI_VAR_HEX;<br>
&gt; +<br>
&gt; +=C2=A0 if (!grub_strncmp (type, &quot;dump&quot;, sizeof(&quot;dump&q=
uot;)))<br>
&gt; +=C2=A0 =C2=A0 return EFI_VAR_DUMP;<br>
&gt; +<br>
&gt; +=C2=A0 return EFI_VAR_INVALID;<br>
&gt; +}<br>
&gt; +<br>
&gt; +static int<br>
&gt; +grub_print_ascii (char *str, char c)<br>
&gt; +{<br>
&gt; +=C2=A0 if (grub_iscntrl (c))<br>
&gt; +=C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 switch (c)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\0&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;0&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\a&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;a&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\b&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;b&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\f&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;f&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\n&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;n&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\r&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;r&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\t&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;t&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 case &#39;\v&#39;:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;\\&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[1] =3D &#39;v&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 2;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 default:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 str[0] =3D &#39;.&#39;; /* as in h=
exdump -C */<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 1;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 }<br>
&gt; +<br>
&gt; +=C2=A0 str[0] =3D c;<br>
&gt; +=C2=A0 return 1;<br>
&gt; +}<br>
&gt; +<br>
&gt; +static grub_err_t<br>
&gt; +grub_cmd_get_efi_var (struct grub_extcmd_context *ctxt,<br>
&gt; +=C2=A0 int argc, char **args)<br>
&gt; +{<br>
&gt; +=C2=A0 struct grub_arg_list *state =3D ctxt-&gt;state;<br>
&gt; +=C2=A0 grub_err_t status;<br>
&gt; +=C2=A0 void *efi_var =3D NULL;<br>
&gt; +=C2=A0 grub_size_t efi_var_size =3D 0;<br>
&gt; +=C2=A0 enum efi_var_type efi_type =3D EFI_VAR_HEX;<br>
&gt; +=C2=A0 grub_efi_guid_t global =3D GRUB_EFI_GLOBAL_VARIABLE_GUID;<br>
&gt; +=C2=A0 char *env_var =3D NULL;<br>
&gt; +=C2=A0 grub_size_t i;<br>
&gt; +=C2=A0 char *ptr;<br>
&gt; +<br>
&gt; +=C2=A0 if (1 !=3D argc)<br>
&gt; +=C2=A0 =C2=A0 return grub_error (GRUB_ERR_BAD_ARGUMENT, N_(&quot;one =
argument expected&quot;));<br>
&gt; +<br>
&gt; +=C2=A0 if (state[0].set)<br>
&gt; +=C2=A0 =C2=A0 efi_type =3D parse_efi_var_type (state[0].arg);<br>
&gt; +<br>
&gt; +=C2=A0 if (EFI_VAR_INVALID =3D=3D efi_type)<br>
&gt; +=C2=A0 =C2=A0 return grub_error (GRUB_ERR_BAD_ARGUMENT, N_(&quot;inva=
lid format specifier&quot;));<br>
&gt; +<br>
&gt; +=C2=A0 efi_var =3D grub_efi_get_variable (args[0], &amp;global, &amp;=
efi_var_size);<br>
&gt; +=C2=A0 if (!efi_var || !efi_var_size)<br>
&gt; +=C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_READ_ERROR, N_(&=
quot;cannot read variable&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 =C2=A0 }<br>
&gt; +<br>
&gt; +=C2=A0 switch (efi_type)<br>
&gt; +=C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 case EFI_VAR_ASCII:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (efi_var_size * 2 + 1);<=
br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OU=
T_OF_MEMORY, N_(&quot;out of memory&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 ptr =3D env_var;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 for (i =3D 0; i &lt; efi_var_size; i++)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 ptr +=3D grub_print_ascii (ptr, ((const c=
har *)efi_var)[i]);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 *ptr =3D &#39;\0&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 break;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 case EFI_VAR_RAW:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (efi_var_size + 1);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OU=
T_OF_MEMORY, N_(&quot;out of memory&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 grub_memcpy (env_var, efi_var, efi_var_size);<br=
>
&gt; +=C2=A0 =C2=A0 =C2=A0 env_var[efi_var_size] =3D &#39;\0&#39;;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 break;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 case EFI_VAR_UINT8:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (4);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OU=
T_OF_MEMORY, N_(&quot;out of memory&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 grub_snprintf (env_var, 4, &quot;%u&quot;, *((gr=
ub_uint8_t *)efi_var));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 break;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 case EFI_VAR_HEX:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 env_var =3D grub_malloc (efi_var_size * 2 + 1);<=
br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (!env_var)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_OU=
T_OF_MEMORY, N_(&quot;out of memory&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 for (i =3D 0; i &lt; efi_var_size; i++)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 grub_snprintf (env_var + (i * 2), 3, &quo=
t;%02x&quot;, ((grub_uint8_t<br>
&gt; *)efi_var)[i]);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 break;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 case EFI_VAR_DUMP:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (state[1].set)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_BAD_ARGUM=
ENT, N_(&quot;cannot set<br>
&gt; variable with dump format specifier&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 else<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 hexdump (0, (char *)efi_var, efi_v=
ar_size);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D GRUB_ERR_NONE;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 break;<br>
&gt; +<br>
&gt; +=C2=A0 =C2=A0 default:<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 status =3D grub_error (GRUB_ERR_BUG, N_(&quot;sh=
ould not happen (bug<br>
&gt; in module?)&quot;));<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 goto err;<br>
&gt; +=C2=A0 }<br>
&gt; +<br>
&gt; +=C2=A0 if (efi_type !=3D EFI_VAR_DUMP)<br>
&gt; +=C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 if (state[1].set)<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D grub_env_set (state[1].arg, en=
v_var);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 else<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 {<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 grub_printf (&quot;%s\n&quot;, (co=
nst char *)env_var);<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D GRUB_ERR_NONE;<br>
&gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
&gt; +=C2=A0 =C2=A0 }<br>
&gt; +<br>
&gt; +err:<br>
&gt; +<br>
&gt; +=C2=A0 grub_free (env_var);<br>
&gt; +=C2=A0 grub_free (efi_var);<br>
&gt; +<br>
&gt; +=C2=A0 return status;<br>
&gt; +}<br>
&gt; +<br>
&gt; +static grub_extcmd_t cmd =3D NULL;<br>
&gt; +<br>
&gt; +GRUB_MOD_INIT (efivar)<br>
&gt; +{<br>
&gt; +=C2=A0 cmd =3D grub_register_extcmd (&quot;get_efivar&quot;, grub_cmd=
_get_efi_var, 0,<br>
&gt; N_(&quot;[-f FORMAT] [-s ENV_VAR] EFI_VAR&quot;),<br>
&gt; + N_(&quot;Read EFI variable and print it or save its contents to<br>
&gt; environment variable.&quot;), options);<br>
&gt; +}<br>
&gt; +<br>
&gt; +GRUB_MOD_FINI (efivar)<br>
&gt; +{<br>
&gt; +=C2=A0 if (cmd)<br>
&gt; +=C2=A0 =C2=A0 grub_unregister_extcmd (cmd);<br>
&gt; +}<br>
</div></div></blockquote></div><br></div></div>

--001a114f098c988bba052a7b7c7d--