From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v5] cmd: env: extend "env [set|print] -e" to manage UEFI variables
Date: Tue, 15 Oct 2019 07:54:18 +0200 [thread overview]
Message-ID: <a2eeeee7-b625-d5fb-a309-1e8f2f347356@gmx.de> (raw)
In-Reply-To: <20191015014234.17023-1-takahiro.akashi@linaro.org>
On 10/15/19 3:42 AM, AKASHI Takahiro wrote:
> With this patch, when setting UEFI variable with "env set -e" command,
> we will be able to
> - specify vendor guid with "-guid guid",
> - specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS,
> respectively with "-bs" and "-rt",
> - append a value instead of overwriting with "-a",
> - use memory as variable's value instead of explicit values given
> at the command line with "-i address,size"
>
> If guid is not explicitly given, default value will be used.
>
> When "-at" is given, a variable should be authenticated with
> appropriate signature database before setting or modifying its value.
> (Authentication is not supported yet though.)
>
> Meanwhile, "env print -e," will be modified so that it will dump
> a variable's value only if '-v' (verbose) is specified.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
-rt and -guid make sense to me.
I cannot see a benefit in -v. Why should I not want to see the values of
the variables?
=> help printenv
printenv -e [-guid guid|-all][-v] [name ...]
- print UEFI variable 'name' or all the variables
"-v": verbose for signature database
What has -v to do with a signature base in the case of UEFI variables?
-at does not work. So I would not want to introduce it now.
=> setenv -e -guid 00000000-0000-0000-0000-000000000000 a b
## "-bs" is required
-bs - Why should I want to type it if the flag is always needed? Please,
do away with it.
-a - I have no clue why it it needed. Do you have a substantial use case?
=> setenv -e -guid 00000000-0000-0000-0000-00000000 a b
## Guid not specified or in bad format
"## Guid not in XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format" would be
more helpful.
Best regards
Heinrich
> ---
> Changes in v5 (Oct 15, 2019)
> * improve a message in case of wrong guid format
> * improve a message in case that BOOTSERVICE_ACCESS is required
>
> Changes in v4 (Oct 7, 2019)
> * print usage message if "-guid guid" has a wrong format
> * add "-guid guid" and "-all" option to "env print -e" command
> to specify a specific guid (or any guids)
>
> Changes in v3 (Oct 4, 2019)
> * add verbose messages when SetVariable() fails
> * add "-v" option
>
> Changes in v2 (Sept 6, 2019)
> * remove "-at" option
>
> ---
> cmd/nvedit.c | 19 +++-
> cmd/nvedit_efi.c | 283 ++++++++++++++++++++++++++++++++++++++++-------
> 2 files changed, 258 insertions(+), 44 deletions(-)
>
> diff --git a/cmd/nvedit.c b/cmd/nvedit.c
> index 1cb0bc1460b9..cbe6205733de 100644
> --- a/cmd/nvedit.c
> +++ b/cmd/nvedit.c
> @@ -1387,7 +1387,7 @@ static char env_help_text[] =
> #endif
> "env print [-a | name ...] - print environment\n"
> #if defined(CONFIG_CMD_NVEDIT_EFI)
> - "env print -e [name ...] - print UEFI environment\n"
> + "env print -e [-guid guid|-all][-v] [name ...] - print UEFI environment\n"
> #endif
> #if defined(CONFIG_CMD_RUN)
> "env run var [...] - run commands in an environment variable\n"
> @@ -1399,7 +1399,8 @@ static char env_help_text[] =
> #endif
> #endif
> #if defined(CONFIG_CMD_NVEDIT_EFI)
> - "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n"
> + "env set -e [-nv][-bs][-rt][-a][-i addr,size][-v] name [arg ...]\n"
> + " - set UEFI variable; unset if '-i' or 'arg' not specified\n"
> #endif
> "env set [-f] name [arg ...]\n";
> #endif
> @@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE(
> "print environment variables",
> "[-a]\n - print [all] values of all environment variables\n"
> #if defined(CONFIG_CMD_NVEDIT_EFI)
> - "printenv -e [name ...]\n"
> + "printenv -e [-guid guid|-all][-v] [name ...]\n"
> " - print UEFI variable 'name' or all the variables\n"
> + " \"-v\": verbose for signature database\n"
> #endif
> "printenv name ...\n"
> " - print value of environment variable 'name'",
> @@ -1459,9 +1461,16 @@ U_BOOT_CMD_COMPLETE(
> setenv, CONFIG_SYS_MAXARGS, 0, do_env_set,
> "set environment variables",
> #if defined(CONFIG_CMD_NVEDIT_EFI)
> - "-e [-nv] name [value ...]\n"
> + "-e [-guid guid][-nv][-bs][-rt][-a][-v]\n"
> + " [-i addr,size name], or [name [value ...]]\n"
> " - set UEFI variable 'name' to 'value' ...'\n"
> - " 'nv' option makes the variable non-volatile\n"
> + " \"-guid\": set vendor guid\n"
> + " \"-nv\": set non-volatile attribute\n"
> + " \"-bs\": set boot-service attribute\n"
> + " \"-rt\": set runtime attribute\n"
> + " \"-a\": append-write\n"
> + " \"-i addr,size\": use <addr,size> as variable's value\n"
> + " \"-v\": verbose print\n"
> " - delete UEFI variable 'name' if 'value' not specified\n"
> #endif
> "setenv [-f] name value ...\n"
> diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c
> index ed6d09a53046..44ae400a1d45 100644
> --- a/cmd/nvedit_efi.c
> +++ b/cmd/nvedit_efi.c
> @@ -13,6 +13,7 @@
> #include <exports.h>
> #include <hexdump.h>
> #include <malloc.h>
> +#include <mapmem.h>
> #include <linux/kernel.h>
>
> /*
> @@ -34,15 +35,49 @@ static const struct {
> {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"},
> };
>
> +static const struct {
> + efi_guid_t guid;
> + char *text;
> +} efi_guid_text[] = {
> + /* signature database */
> + {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"},
> +};
> +
> +/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */
> +static char unknown_guid[37];
> +
> +/**
> + * efi_guid_to_str() - convert guid to readable name
> + *
> + * @guid: GUID
> + * Return: string for GUID
> + *
> + * convert guid to readable name
> + */
> +static const char *efi_guid_to_str(const efi_guid_t *guid)
> +{
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++)
> + if (!guidcmp(guid, &efi_guid_text[i].guid))
> + return efi_guid_text[i].text;
> +
> + uuid_bin_to_str((unsigned char *)guid->b, unknown_guid,
> + UUID_STR_FORMAT_GUID);
> +
> + return unknown_guid;
> +}
> +
> /**
> * efi_dump_single_var() - show information about a UEFI variable
> *
> * @name: Name of the variable
> * @guid: Vendor GUID
> + * @verbose: if true, dump data
> *
> * Show information encoded in one UEFI variable
> */
> -static void efi_dump_single_var(u16 *name, efi_guid_t *guid)
> +static void efi_dump_single_var(u16 *name, const efi_guid_t *guid, bool verbose)
> {
> u32 attributes;
> u8 *data;
> @@ -68,7 +103,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid)
> if (ret != EFI_SUCCESS)
> goto out;
>
> - printf("%ls:", name);
> + printf("%ls:\n %s:", name, efi_guid_to_str(guid));
> for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++)
> if (attributes & efi_var_attrs[i].mask) {
> if (count)
> @@ -79,7 +114,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t *guid)
> puts(efi_var_attrs[i].text);
> }
> printf(", DataSize = 0x%zx\n", size);
> - print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true);
> + if (verbose)
> + print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
> + data, size, true);
>
> out:
> free(data);
> @@ -90,11 +127,13 @@ out:
> *
> * @argc: Number of arguments (variables)
> * @argv: Argument (variable name) array
> + * @verbose: if true, dump data
> * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> *
> * Show information encoded in named UEFI variables
> */
> -static int efi_dump_vars(int argc, char * const argv[])
> +static int efi_dump_vars(int argc, char * const argv[],
> + const efi_guid_t *guid, bool verbose)
> {
> u16 *var_name16, *p;
> efi_uintn_t buf_size, size;
> @@ -119,8 +158,7 @@ static int efi_dump_vars(int argc, char * const argv[])
> p = var_name16;
> utf8_utf16_strcpy(&p, argv[0]);
>
> - efi_dump_single_var(var_name16,
> - (efi_guid_t *)&efi_global_variable_guid);
> + efi_dump_single_var(var_name16, guid, verbose);
> }
>
> free(var_name16);
> @@ -128,20 +166,56 @@ static int efi_dump_vars(int argc, char * const argv[])
> return CMD_RET_SUCCESS;
> }
>
> +static bool match_name(int argc, char * const argv[], u16 *var_name16)
> +{
> + char *buf, *p;
> + size_t buflen;
> + int i;
> + bool result = false;
> +
> + buflen = utf16_utf8_strlen(var_name16) + 1;
> + buf = calloc(1, buflen);
> + if (!buf)
> + return result;
> +
> + p = buf;
> + utf16_utf8_strcpy(&p, var_name16);
> +
> + for (i = 0; i < argc; argc--, argv++) {
> + if (!strcmp(buf, argv[i])) {
> + result = true;
> + goto out;
> + }
> + }
> +
> +out:
> + free(buf);
> +
> + return result;
> +}
> +
> /**
> - * efi_dump_vars() - show information about all the UEFI variables
> + * efi_dump_var_all() - show information about all the UEFI variables
> *
> + * @argc: Number of arguments (variables)
> + * @argv: Argument (variable name) array
> + * @verbose: if true, dump data
> * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> *
> * Show information encoded in all the UEFI variables
> */
> -static int efi_dump_var_all(void)
> +static int efi_dump_var_all(int argc, char * const argv[],
> + const efi_guid_t *guid_p, bool verbose)
> {
> u16 *var_name16, *p;
> efi_uintn_t buf_size, size;
> efi_guid_t guid;
> efi_status_t ret;
>
> + if (argc && guid_p)
> + /* simplified case */
> + return efi_dump_vars(argc, argv, guid_p, verbose);
> +
> buf_size = 128;
> var_name16 = malloc(buf_size);
> if (!var_name16)
> @@ -171,7 +245,9 @@ static int efi_dump_var_all(void)
> return CMD_RET_FAILURE;
> }
>
> - efi_dump_single_var(var_name16, &guid);
> + if ((!guid_p || !guidcmp(guid_p, &guid)) &&
> + (!argc || match_name(argc, argv, var_name16)))
> + efi_dump_single_var(var_name16, &guid, verbose);
> }
>
> free(var_name16);
> @@ -189,12 +265,15 @@ static int efi_dump_var_all(void)
> * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> *
> * This function is for "env print -e" or "printenv -e" command:
> - * => env print -e [var [...]]
> + * => env print -e [-v] [-guid <guid> | -all] [var [...]]
> * If one or more variable names are specified, show information
> * named UEFI variables, otherwise show all the UEFI variables.
> */
> int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> {
> + efi_guid_t guid;
> + const efi_guid_t *guid_p;
> + bool default_guid, guid_any, verbose;
> efi_status_t ret;
>
> /* Initialize EFI drivers */
> @@ -205,12 +284,47 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> return CMD_RET_FAILURE;
> }
>
> - if (argc > 1)
> - /* show specified UEFI variables */
> - return efi_dump_vars(--argc, ++argv);
> + default_guid = true;
> + guid_any = false;
> + verbose = false;
> + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
> + if (!strcmp(argv[0], "-guid")) {
> + if (argc == 1)
> + return CMD_RET_USAGE;
> +
> + /* -a already specified */
> + if (!default_guid & guid_any)
> + return CMD_RET_USAGE;
> +
> + argc--;
> + argv++;
> + if (uuid_str_to_bin(argv[0], guid.b,
> + UUID_STR_FORMAT_GUID))
> + return CMD_RET_USAGE;
> + default_guid = false;
> + } else if (!strcmp(argv[0], "-all")) {
> + /* -guid already specified */
> + if (!default_guid && !guid_any)
> + return CMD_RET_USAGE;
> +
> + guid_any = true;
> + default_guid = false;
> + } else if (!strcmp(argv[0], "-v")) {
> + verbose = true;
> + } else {
> + return CMD_RET_USAGE;
> + }
> + }
> +
> + if (guid_any)
> + guid_p = NULL;
> + else if (default_guid)
> + guid_p = &efi_global_variable_guid;
> + else
> + guid_p = (const efi_guid_t *)guid.b;
>
> /* enumerate and show all UEFI variables */
> - return efi_dump_var_all();
> + return efi_dump_var_all(argc, argv, guid_p, verbose);
> }
>
> /**
> @@ -339,18 +453,22 @@ out:
> * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> *
> * This function is for "env set -e" or "setenv -e" command:
> - * => env set -e var [value ...]]
> + * => env set -e [-guid guid][-nv][-bs][-rt][-a][-v]
> + * [-i address,size] var, or
> + * var [value ...]
> * Encode values specified and set given UEFI variable.
> * If no value is specified, delete the variable.
> */
> int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> {
> - char *var_name, *value = NULL;
> - efi_uintn_t size = 0;
> - u16 *var_name16 = NULL, *p;
> - size_t len;
> + char *var_name, *value, *ep;
> + ulong addr;
> + efi_uintn_t size;
> efi_guid_t guid;
> u32 attributes;
> + bool default_guid, verbose, value_on_memory;
> + u16 *var_name16 = NULL, *p;
> + size_t len;
> efi_status_t ret;
>
> if (argc == 1)
> @@ -364,32 +482,94 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> return CMD_RET_FAILURE;
> }
>
> - attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
> - EFI_VARIABLE_RUNTIME_ACCESS;
> - if (!strcmp(argv[1], "-nv")) {
> - attributes |= EFI_VARIABLE_NON_VOLATILE;
> - argc--;
> - argv++;
> - if (argc == 1)
> - return CMD_RET_SUCCESS;
> + /*
> + * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
> + * EFI_VARIABLE_RUNTIME_ACCESS;
> + */
> + value = NULL;
> + size = 0;
> + attributes = 0;
> + guid = efi_global_variable_guid;
> + default_guid = true;
> + verbose = false;
> + value_on_memory = false;
> + for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
> + if (!strcmp(argv[0], "-guid")) {
> + if (argc == 1)
> + return CMD_RET_USAGE;
> +
> + argc--;
> + argv++;
> + if (uuid_str_to_bin(argv[0], guid.b,
> + UUID_STR_FORMAT_GUID)) {
> + printf("## Guid not specified or in bad format\n");
> + return CMD_RET_FAILURE;
> + }
> + default_guid = false;
> + } else if (!strcmp(argv[0], "-bs")) {
> + attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS;
> + } else if (!strcmp(argv[0], "-rt")) {
> + attributes |= EFI_VARIABLE_RUNTIME_ACCESS;
> + } else if (!strcmp(argv[0], "-nv")) {
> + attributes |= EFI_VARIABLE_NON_VOLATILE;
> + } else if (!strcmp(argv[0], "-a")) {
> + attributes |= EFI_VARIABLE_APPEND_WRITE;
> + } else if (!strcmp(argv[0], "-i")) {
> + /* data comes from memory */
> + if (argc == 1)
> + return CMD_RET_USAGE;
> +
> + argc--;
> + argv++;
> + addr = simple_strtoul(argv[0], &ep, 16);
> + if (*ep != ',')
> + return CMD_RET_USAGE;
> +
> + size = simple_strtoul(++ep, NULL, 16);
> + if (!size)
> + return CMD_RET_FAILURE;
> + value_on_memory = true;
> + } else if (!strcmp(argv[0], "-v")) {
> + verbose = true;
> + } else {
> + return CMD_RET_USAGE;
> + }
> }
> + if (!argc)
> + return CMD_RET_USAGE;
>
> - var_name = argv[1];
> - if (argc == 2) {
> - /* delete */
> - value = NULL;
> - size = 0;
> - } else { /* set */
> - argc -= 2;
> - argv += 2;
> + var_name = argv[0];
> + if (default_guid)
> + guid = efi_global_variable_guid;
>
> - for ( ; argc > 0; argc--, argv++)
> + if (verbose) {
> + printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *)
> + &guid));
> + printf("Attributes: 0x%x\n", attributes);
> + }
> +
> + /* for value */
> + if (value_on_memory)
> + value = map_sysmem(addr, 0);
> + else if (argc > 1)
> + for (argc--, argv++; argc > 0; argc--, argv++)
> if (append_value(&value, &size, argv[0]) < 0) {
> printf("## Failed to process an argument, %s\n",
> argv[0]);
> ret = CMD_RET_FAILURE;
> goto out;
> }
> +
> + if (size && !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) {
> + printf("## \"-bs\" is required\n");
> + ret = CMD_RET_FAILURE;
> + goto out;
> + }
> +
> + if (size && verbose) {
> + printf("Value:\n");
> + print_hex_dump(" ", DUMP_PREFIX_OFFSET,
> + 16, 1, value, size, true);
> }
>
> len = utf8_utf16_strnlen(var_name, strlen(var_name));
> @@ -402,17 +582,42 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> p = var_name16;
> utf8_utf16_strncpy(&p, var_name, len + 1);
>
> - guid = efi_global_variable_guid;
> ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes,
> size, value));
> + unmap_sysmem(value);
> if (ret == EFI_SUCCESS) {
> ret = CMD_RET_SUCCESS;
> } else {
> - printf("## Failed to set EFI variable\n");
> + const char *msg;
> +
> + switch (ret) {
> + case EFI_NOT_FOUND:
> + msg = " (not found)";
> + break;
> + case EFI_WRITE_PROTECTED:
> + msg = " (read only)";
> + break;
> + case EFI_INVALID_PARAMETER:
> + msg = " (invalid parameter)";
> + break;
> + case EFI_SECURITY_VIOLATION:
> + msg = " (validation failed)";
> + break;
> + case EFI_OUT_OF_RESOURCES:
> + msg = " (out of memory)";
> + break;
> + default:
> + msg = "";
> + break;
> + }
> + printf("## Failed to set EFI variable%s\n", msg);
> ret = CMD_RET_FAILURE;
> }
> out:
> - free(value);
> + if (value_on_memory)
> + unmap_sysmem(value);
> + else
> + free(value);
> free(var_name16);
>
> return ret;
>
next prev parent reply other threads:[~2019-10-15 5:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 1:42 [U-Boot] [PATCH v5] cmd: env: extend "env [set|print] -e" to manage UEFI variables AKASHI Takahiro
2019-10-15 5:54 ` Heinrich Schuchardt [this message]
2019-10-15 9:09 ` AKASHI Takahiro
2019-10-16 7:39 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a2eeeee7-b625-d5fb-a309-1e8f2f347356@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.