1 /*-
2 * Copyright (c) 2016 Netflix, Inc.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23 * SUCH DAMAGE.
24 */
25
26 #include <efivar.h>
27 #include <sys/efiio.h>
28 #include <sys/param.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <stdbool.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35
36 #include "efichar.h"
37
38 static int efi_fd = -2;
39
40 #define Z { 0 }
41
42 const efi_guid_t efi_guid_empty = Z;
43
44 static struct guid_table guid_tbl [] =
45 {
46 { "00000000-0000-0000-0000-000000000000", "zero", Z },
47 { "093e0fae-a6c4-4f50-9f1b-d41e2b89c19a", "sha512", Z },
48 { "0abba7dc-e516-4167-bbf5-4d9d1c739416", "redhat", Z },
49 { "0b6e5233-a65c-44c9-9407-d9ab83bfc8bd", "sha224", Z },
50 { "126a762d-5758-4fca-8531-201a7f57f850", "lenovo_boot_menu", Z },
51 { "3bd2a492-96c0-4079-b420-fcf98ef103ed", "x509_sha256", Z },
52 { "3c5766e8-269c-4e34-aa14-ed776e85b3b6", "rsa2048", Z },
53 { "3CC24E96-22C7-41D8-8863-8E39DCDCC2CF", "lenovo", Z },
54 { "3f7e615b-0d45-4f80-88dc-26b234958560", "lenovo_diag", Z },
55 { "446dbf63-2502-4cda-bcfa-2465d2b0fe9d", "x509_sha512", Z },
56 { "4aafd29d-68df-49ee-8aa9-347d375665a7", "pkcs7_cert", Z },
57 { "605dab50-e046-4300-abb6-3dd810dd8b23", "shim", Z },
58 { "665d3f60-ad3e-4cad-8e26-db46eee9f1b5", "lenovo_rescue", Z },
59 { "67f8444f-8743-48f1-a328-1eaab8736080", "rsa2048_sha1", Z },
60 { "7076876e-80c2-4ee6-aad2-28b349a6865b", "x509_sha384", Z },
61 { "721c8b66-426c-4e86-8e99-3457c46ab0b9", "lenovo_setup", Z },
62 { "77fa9abd-0359-4d32-bd60-28f4e78f784b", "microsoft", Z },
63 { "7FACC7B6-127F-4E9C-9C5D-080F98994345", "lenovo_2", Z },
64 { "826ca512-cf10-4ac9-b187-be01496631bd", "sha1", Z },
65 { "82988420-7467-4490-9059-feb448dd1963", "lenovo_me_config", Z },
66 { "8be4df61-93ca-11d2-aa0d-00e098032b8c", "global", Z },
67 { "a5c059a1-94e4-4aa7-87b5-ab155c2bf072", "x509_cert", Z },
68 { "a7717414-c616-4977-9420-844712a735bf", "rsa2048_sha256_cert", Z },
69 { "a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380", "lenovo_diag_splash", Z },
70 { "ade9e48f-9cb8-98e6-31af-b4e6009e2fe3", "redhat_2", Z },
71 { "bc7838d2-0f82-4d60-8316-c068ee79d25b", "lenovo_msg", Z },
72 { "c1c41626-504c-4092-aca9-41f936934328", "sha256", Z },
73 { "c57ad6b7-0515-40a8-9d21-551652854e37", "shell", Z },
74 { "d719b2cb-3d3a-4596-a3bc-dad00e67656f", "security", Z },
75 { "e2b36190-879b-4a3d-ad8d-f2e7bba32784", "rsa2048_sha256", Z },
76 { "ff3e5307-9fd0-48c9-85f1-8ad56c701e01", "sha384", Z },
77 { "f46ee6f4-4785-43a3-923d-7f786c3c8479", "lenovo_startup_interrupt", Z },
78 };
79
80 int
efi_str_to_guid(const char * s,efi_guid_t * guid)81 efi_str_to_guid(const char *s, efi_guid_t *guid)
82 {
83 uint32_t status;
84
85 /* knows efi_guid_t is binary compatible with uuid_t */
86 uuid_from_string(s, (uuid_t *)guid, &status);
87
88 return (status == uuid_s_ok ? 0 : -1);
89 }
90
91 static void
efi_guid_tbl_compile(void)92 efi_guid_tbl_compile(void)
93 {
94 size_t i;
95 static bool done = false;
96 struct guid_table *ent;
97
98 if (done)
99 return;
100 for (i = 0; i < nitems(guid_tbl); i++) {
101 ent = &guid_tbl[i];
102 if (efi_str_to_guid(ent->uuid_str, &ent->guid) != 0)
103 fprintf(stderr, "Can't convert %s to a guid for %s\n",
104 ent->uuid_str, ent->name);
105 }
106 done = true;
107 }
108
109 int
efi_known_guid(struct guid_table ** tbl)110 efi_known_guid(struct guid_table **tbl)
111 {
112
113 *tbl = guid_tbl;
114 return (nitems(guid_tbl));
115 }
116
117 static int
efi_open_dev(void)118 efi_open_dev(void)
119 {
120
121 if (efi_fd == -2)
122 efi_fd = open("/dev/efi", O_RDWR);
123 if (efi_fd < 0)
124 efi_fd = -1;
125 else
126 efi_guid_tbl_compile();
127 return (efi_fd);
128 }
129
130 static void
efi_var_reset(struct efi_var_ioctl * var)131 efi_var_reset(struct efi_var_ioctl *var)
132 {
133 var->name = NULL;
134 var->namesize = 0;
135 memset(&var->vendor, 0, sizeof(var->vendor));
136 var->attrib = 0;
137 var->data = NULL;
138 var->datasize = 0;
139 }
140
141 static int
rv_to_linux_rv(int rv)142 rv_to_linux_rv(int rv)
143 {
144 if (rv == 0)
145 rv = 1;
146 else
147 rv = -errno;
148 return (rv);
149 }
150
151 int
efi_append_variable(efi_guid_t guid,const char * name,uint8_t * data,size_t data_size,uint32_t attributes)152 efi_append_variable(efi_guid_t guid, const char *name,
153 uint8_t *data, size_t data_size, uint32_t attributes)
154 {
155
156 return efi_set_variable(guid, name, data, data_size,
157 attributes | EFI_VARIABLE_APPEND_WRITE);
158 }
159
160 int
efi_del_variable(efi_guid_t guid,const char * name)161 efi_del_variable(efi_guid_t guid, const char *name)
162 {
163
164 /* data_size of 0 deletes the variable */
165 return efi_set_variable(guid, name, NULL, 0, 0);
166 }
167
168 int
efi_get_variable(efi_guid_t guid,const char * name,uint8_t ** data,size_t * data_size,uint32_t * attributes)169 efi_get_variable(efi_guid_t guid, const char *name,
170 uint8_t **data, size_t *data_size, uint32_t *attributes)
171 {
172 struct efi_var_ioctl var;
173 int rv;
174 static uint8_t buf[1024*32];
175
176 if (efi_open_dev() == -1)
177 return -1;
178
179 efi_var_reset(&var);
180 rv = utf8_to_ucs2(name, &var.name, &var.namesize);
181 if (rv != 0)
182 goto errout;
183 var.vendor = guid;
184 var.data = buf;
185 var.datasize = sizeof(buf);
186 rv = ioctl(efi_fd, EFIIOC_VAR_GET, &var);
187 if (data_size != NULL)
188 *data_size = var.datasize;
189 if (data != NULL)
190 *data = buf;
191 if (attributes != NULL)
192 *attributes = var.attrib;
193 errout:
194 free(var.name);
195
196 return rv_to_linux_rv(rv);
197 }
198
199 int
efi_get_variable_attributes(efi_guid_t guid,const char * name,uint32_t * attributes)200 efi_get_variable_attributes(efi_guid_t guid, const char *name,
201 uint32_t *attributes)
202 {
203 /* Make sure this construct works -- I think it will fail */
204
205 return efi_get_variable(guid, name, NULL, NULL, attributes);
206 }
207
208 int
efi_get_variable_size(efi_guid_t guid,const char * name,size_t * size)209 efi_get_variable_size(efi_guid_t guid, const char *name,
210 size_t *size)
211 {
212
213 /* XXX check to make sure this matches the linux value */
214
215 *size = 0;
216 return efi_get_variable(guid, name, NULL, size, NULL);
217 }
218
219 int
efi_get_next_variable_name(efi_guid_t ** guid,char ** name)220 efi_get_next_variable_name(efi_guid_t **guid, char **name)
221 {
222 struct efi_var_ioctl var;
223 int rv;
224 static efi_char *buf;
225 static size_t buflen = 256 * sizeof(efi_char);
226 static efi_guid_t retguid;
227 size_t size;
228
229 if (efi_open_dev() == -1)
230 return -1;
231
232 /*
233 * Always allocate enough for an extra NUL on the end, but don't tell
234 * the IOCTL about it so we can NUL terminate the name before converting
235 * it to UTF8.
236 */
237 if (buf == NULL)
238 buf = malloc(buflen + sizeof(efi_char));
239
240 again:
241 efi_var_reset(&var);
242 var.name = buf;
243 var.namesize = buflen;
244 if (*name == NULL) {
245 *buf = 0;
246 /* GUID zeroed in var_reset */
247 } else {
248 rv = utf8_to_ucs2(*name, &var.name, &size);
249 if (rv != 0)
250 goto errout;
251 var.vendor = **guid;
252 }
253 rv = ioctl(efi_fd, EFIIOC_VAR_NEXT, &var);
254 if (rv == 0 && var.name == NULL) {
255 /*
256 * Variable name not long enough, so allocate more space for the
257 * name and try again. As above, mind the NUL we add.
258 */
259 void *new = realloc(buf, var.namesize + sizeof(efi_char));
260 if (new == NULL) {
261 rv = -1;
262 errno = ENOMEM;
263 goto done;
264 }
265 buflen = var.namesize;
266 buf = new;
267 goto again;
268 }
269
270 if (rv == 0) {
271 free(*name); /* Free last name, to avoid leaking */
272 *name = NULL; /* Force ucs2_to_utf8 to malloc new space */
273 var.name[var.namesize / sizeof(efi_char)] = 0; /* EFI doesn't NUL terminate */
274 rv = ucs2_to_utf8(var.name, name);
275 if (rv != 0)
276 goto errout;
277 retguid = var.vendor;
278 *guid = &retguid;
279 }
280 errout:
281
282 /* XXX The linux interface expects name to be a static buffer -- fix or leak memory? */
283 /* XXX for the moment, we free just before we'd leak, but still leak last one */
284 done:
285 if (rv != 0 && errno == ENOENT) {
286 errno = 0;
287 free(*name); /* Free last name, to avoid leaking */
288 return 0;
289 }
290
291 return (rv_to_linux_rv(rv));
292 }
293
294 int
efi_guid_cmp(const efi_guid_t * guid1,const efi_guid_t * guid2)295 efi_guid_cmp(const efi_guid_t *guid1, const efi_guid_t *guid2)
296 {
297 return (memcmp(guid1, guid2, sizeof(*guid1)));
298 }
299
300 int
efi_guid_is_zero(const efi_guid_t * guid)301 efi_guid_is_zero(const efi_guid_t *guid)
302 {
303 return (memcmp(guid, &efi_guid_empty, sizeof(*guid)) == 0);
304 }
305
306 int
efi_guid_to_name(efi_guid_t * guid,char ** name)307 efi_guid_to_name(efi_guid_t *guid, char **name)
308 {
309 size_t i;
310
311 efi_guid_tbl_compile();
312 for (i = 0; i < nitems(guid_tbl); i++) {
313 if (memcmp(guid, &guid_tbl[i].guid, sizeof(*guid)) == 0) {
314 *name = strdup(guid_tbl[i].name);
315 return (0);
316 }
317 }
318 return (efi_guid_to_str(guid, name));
319 }
320
321 int
efi_guid_to_symbol(efi_guid_t * guid __unused,char ** symbol __unused)322 efi_guid_to_symbol(efi_guid_t *guid __unused, char **symbol __unused)
323 {
324
325 /*
326 * Unsure what this is used for, efibootmgr doesn't use it.
327 * Leave unimplemented for now.
328 */
329 return -1;
330 }
331
332 int
efi_guid_to_str(const efi_guid_t * guid,char ** sp)333 efi_guid_to_str(const efi_guid_t *guid, char **sp)
334 {
335 uint32_t status;
336
337 /* knows efi_guid_t is binary compatible with uuid_t */
338 uuid_to_string((const uuid_t *)guid, sp, &status);
339
340 return (status == uuid_s_ok ? 0 : -1);
341 }
342
343 int
efi_name_to_guid(const char * name,efi_guid_t * guid)344 efi_name_to_guid(const char *name, efi_guid_t *guid)
345 {
346 size_t i;
347
348 efi_guid_tbl_compile();
349 for (i = 0; i < nitems(guid_tbl); i++) {
350 if (strcmp(name, guid_tbl[i].name) == 0) {
351 *guid = guid_tbl[i].guid;
352 return (0);
353 }
354 }
355 return (efi_str_to_guid(name, guid));
356 }
357
358 int
efi_set_variable(efi_guid_t guid,const char * name,uint8_t * data,size_t data_size,uint32_t attributes)359 efi_set_variable(efi_guid_t guid, const char *name,
360 uint8_t *data, size_t data_size, uint32_t attributes)
361 {
362 struct efi_var_ioctl var;
363 int rv;
364
365 if (efi_open_dev() == -1)
366 return -1;
367
368 efi_var_reset(&var);
369 rv = utf8_to_ucs2(name, &var.name, &var.namesize);
370 if (rv != 0)
371 goto errout;
372 var.vendor = guid;
373 var.data = data;
374 var.datasize = data_size;
375 var.attrib = attributes;
376 rv = ioctl(efi_fd, EFIIOC_VAR_SET, &var);
377 errout:
378 free(var.name);
379
380 return rv;
381 }
382
383 int
efi_variables_supported(void)384 efi_variables_supported(void)
385 {
386
387 return efi_open_dev() != -1;
388 }
389