On Tue, Sep 03, 2019 at 10:46:04PM +0200, Heinrich Schuchardt wrote:
> On 9/3/19 7:41 AM, AKASHI Takahiro wrote:
> >With this patch, when setting UEFI variable with "env set -e" command,
> >we will be able to
> >- specify vendor guid with "-guid guid",
> >- specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS,
> > TIME_BASED_AUTHENTICATED_WRITE_ACCESS respectively with
>
> Doesn't TIME_BASED_AUTHENTICATED_WRITE_ACCESS mandate changes in
> SetVariable() too?
>
> I could not find the EFI_VARIABLE_AUTHENTICATION_2 descriptor in the patch.
As you might image, this patch was part of my patch set for
UEFI secure boot implementation.
> I think we should not provide "-at" as a parameter of this command if it
> is not supported.
I believed that efi_set_variable() always checks for unsupported attributes
first, but it does so only under my local repository :)
Okay, I will remove it for now.
> So there should be first a patch to change
> SetVariable(). Then a patch implementing efidebug -at may follow.
>
> In a case of an error, please, provide a meaningful error message. (A
> variable might be READ_ONLY or NOT_FOUND. -rt might be specified without
> -bs.)
in which printf?
I didn't change anything in efi_variable.c.
-Takahiro Akashi
> Best regards
>
> Heinrich
>
> > "-bs", "-rt" and "-at",
> >- append a value instead of overwriting with "-a",
> >- use memory as variable's value instead of explicit values given
> > at the command line with "-i address,size"
> >
> >If guid is not explicitly given, default value will be used.
> >
> >When "-at" is given, a variable should be authenticated with
> >appropriate signature database before setting or modifying its value.
> >(Authentication is not supported yet though.)
> >
> >Meanwhile, "env print -e," will be modified so that it will dump
> >a variable's value only if '-v' (verbose) is specified.
> >
> >Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org>
> >---
> > cmd/nvedit.c | 20 +++--
> > cmd/nvedit_efi.c | 192 ++++++++++++++++++++++++++++++++++++++---------
> > 2 files changed, 172 insertions(+), 40 deletions(-)
> >
> >diff --git a/cmd/nvedit.c b/cmd/nvedit.c
> >index 1cb0bc1460b9..2d2adc8529db 100644
> >--- a/cmd/nvedit.c
> >+++ b/cmd/nvedit.c
> >@@ -1387,7 +1387,7 @@ static char env_help_text[] =
> > #endif
> > "env print [-a | name ...] - print environment\n"
> > #if defined(CONFIG_CMD_NVEDIT_EFI)
> >- "env print -e [name ...] - print UEFI environment\n"
> >+ "env print -e [-v] [name ...] - print UEFI environment\n"
> > #endif
> > #if defined(CONFIG_CMD_RUN)
> > "env run var [...] - run commands in an environment variable\n"
> >@@ -1399,7 +1399,8 @@ static char env_help_text[] =
> > #endif
> > #endif
> > #if defined(CONFIG_CMD_NVEDIT_EFI)
> >- "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not
> >specified\n"
> >+ "env set -e [-nv][-bs][-rt][-at][-a][-i addr,size][-v] name [arg ...]\n"
> >+ " - set UEFI variable; unset if '-i' or 'arg' not specified\n"
> > #endif
> > "env set [-f] name [arg ...]\n";
> > #endif
> >@@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE(
> > "print environment variables",
> > "[-a]\n - print [all] values of all environment variables\n"
> > #if defined(CONFIG_CMD_NVEDIT_EFI)
> >- "printenv -e [name ...]\n"
> >+ "printenv -e [-v] [name ...]\n"
> > " - print UEFI variable 'name' or all the variables\n"
> >+ " \"-v\": verbose for signature database\n"
> > #endif
> > "printenv name ...\n"
> > " - print value of environment variable 'name'",
> >@@ -1459,9 +1461,17 @@ U_BOOT_CMD_COMPLETE(
> > setenv, CONFIG_SYS_MAXARGS, 0, do_env_set,
> > "set environment variables",
> > #if defined(CONFIG_CMD_NVEDIT_EFI)
> >- "-e [-nv] name [value ...]\n"
> >+ "-e [-guid guid][-nv][-bs][-rt][-at][-a][-v]\n"
> >+ " [-i addr,size name], or [name [value ...]]\n"
> > " - set UEFI variable 'name' to 'value' ...'\n"
> >- " 'nv' option makes the variable non-volatile\n"
> >+ " \"-guid\": set vendor guid\n"
> >+ " \"-nv\": set non-volatile attribute\n"
> >+ " \"-bs\": set boot-service attribute\n"
> >+ " \"-rt\": set runtime attribute\n"
> >+ " \"-at\": set time-based authentication attribute\n"
> >+ " \"-a\": append-write\n"
> >+ " \"-i addr,size\": use <addr,size> as variable's value\n"
> >+ " \"-v\": verbose print\n"
> > " - delete UEFI variable 'name' if 'value' not specified\n"
> > #endif
> > "setenv [-f] name value ...\n"
> >diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c
> >index ed6d09a53046..a9ecb3ee4dc3 100644
> >--- a/cmd/nvedit_efi.c
> >+++ b/cmd/nvedit_efi.c
> >@@ -13,6 +13,7 @@
> > #include <exports.h>
> > #include <hexdump.h>
> > #include <malloc.h>
> >+#include <mapmem.h>
> > #include <linux/kernel.h>
> >
> > /*
> >@@ -34,15 +35,48 @@ static const struct {
> > {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"},
> > };
> >
> >+static const struct {
> >+ efi_guid_t guid;
> >+ char *text;
> >+} efi_guid_text[] = {
> >+ /* signature database */
> >+ {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"},
> >+};
> >+
> >+/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */
> >+static char unknown_guid[37];
> >+
> >+/**
> >+ * efi_guid_to_str() - convert guid to readable name
> >+ *
> >+ * @guid: GUID
> >+ * Return: string for GUID
> >+ *
> >+ * convert guid to readable name
> >+ */
> >+static const char *efi_guid_to_str(efi_guid_t *guid)
> >+{
> >+ int i;
> >+
> >+ for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++)
> >+ if (!guidcmp(guid, &efi_guid_text[i].guid))
> >+ return efi_guid_text[i].text;
> >+
> >+ uuid_bin_to_str(guid->b, unknown_guid, UUID_STR_FORMAT_GUID);
> >+
> >+ return unknown_guid;
> >+}
> >+
> > /**
> > * efi_dump_single_var() - show information about a UEFI variable
> > *
> > * @name: Name of the variable
> > * @guid: Vendor GUID
> >+ * @verbose: if true, dump data
> > *
> > * Show information encoded in one UEFI variable
> > */
> >-static void efi_dump_single_var(u16 *name, efi_guid_t *guid)
> >+static void efi_dump_single_var(u16 *name, efi_guid_t *guid, bool verbose)
> > {
> > u32 attributes;
> > u8 *data;
> >@@ -68,7 +102,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t
> >*guid)
> > if (ret != EFI_SUCCESS)
> > goto out;
> >
> >- printf("%ls:", name);
> >+ printf("%ls:\n %s:", name, efi_guid_to_str(guid));
> > for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++)
> > if (attributes & efi_var_attrs[i].mask) {
> > if (count)
> >@@ -79,7 +113,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t
> >*guid)
> > puts(efi_var_attrs[i].text);
> > }
> > printf(", DataSize = 0x%zx\n", size);
> >- print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true);
> >+ if (verbose)
> >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
> >+ data, size, true);
> >
> > out:
> > free(data);
> >@@ -90,11 +126,12 @@ out:
> > *
> > * @argc: Number of arguments (variables)
> > * @argv: Argument (variable name) array
> >+ * @verbose: if true, dump data
> > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> > *
> > * Show information encoded in named UEFI variables
> > */
> >-static int efi_dump_vars(int argc, char * const argv[])
> >+static int efi_dump_vars(int argc, char * const argv[], bool verbose)
> > {
> > u16 *var_name16, *p;
> > efi_uintn_t buf_size, size;
> >@@ -120,7 +157,8 @@ static int efi_dump_vars(int argc, char * const argv[])
> > utf8_utf16_strcpy(&p, argv[0]);
> >
> > efi_dump_single_var(var_name16,
> >- (efi_guid_t *)&efi_global_variable_guid);
> >+ (efi_guid_t *)&efi_global_variable_guid,
> >+ verbose);
> > }
> >
> > free(var_name16);
> >@@ -131,11 +169,12 @@ static int efi_dump_vars(int argc, char * const
> >argv[])
> > /**
> > * efi_dump_vars() - show information about all the UEFI variables
> > *
> >+ * @verbose: if true, dump data
> > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> > *
> > * Show information encoded in all the UEFI variables
> > */
> >-static int efi_dump_var_all(void)
> >+static int efi_dump_var_all(bool verbose)
> > {
> > u16 *var_name16, *p;
> > efi_uintn_t buf_size, size;
> >@@ -171,7 +210,7 @@ static int efi_dump_var_all(void)
> > return CMD_RET_FAILURE;
> > }
> >
> >- efi_dump_single_var(var_name16, &guid);
> >+ efi_dump_single_var(var_name16, &guid, verbose);
> > }
> >
> > free(var_name16);
> >@@ -189,12 +228,13 @@ static int efi_dump_var_all(void)
> > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> > *
> > * This function is for "env print -e" or "printenv -e" command:
> >- * => env print -e [var [...]]
> >+ * => env print -e [-v] [var [...]]
> > * If one or more variable names are specified, show information
> > * named UEFI variables, otherwise show all the UEFI variables.
> > */
> > int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const
> > argv[])
> > {
> >+ bool verbose;
> > efi_status_t ret;
> >
> > /* Initialize EFI drivers */
> >@@ -205,12 +245,23 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int
> >argc, char * const argv[])
> > return CMD_RET_FAILURE;
> > }
> >
> >- if (argc > 1)
> >+ verbose = false;
> >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
> >+ switch (argv[0][1]) {
> >+ case 'v':
> >+ verbose = true;
> >+ break;
> >+ default:
> >+ return CMD_RET_USAGE;
> >+ }
> >+ }
> >+
> >+ if (argc)
> > /* show specified UEFI variables */
> >- return efi_dump_vars(--argc, ++argv);
> >+ return efi_dump_vars(argc, argv, verbose);
> >
> > /* enumerate and show all UEFI variables */
> >- return efi_dump_var_all();
> >+ return efi_dump_var_all(verbose);
> > }
> >
> > /**
> >@@ -339,18 +390,22 @@ out:
> > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE
> > *
> > * This function is for "env set -e" or "setenv -e" command:
> >- * => env set -e var [value ...]]
> >+ * => env set -e [-guid guid][-nv][-bs][-rt][-at][-a][-v]
> >+ * [-i address,size] var, or
> >+ * var [value ...]
> > * Encode values specified and set given UEFI variable.
> > * If no value is specified, delete the variable.
> > */
> > int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const
> > argv[])
> > {
> >- char *var_name, *value = NULL;
> >- efi_uintn_t size = 0;
> >- u16 *var_name16 = NULL, *p;
> >- size_t len;
> >+ char *var_name, *value, *ep;
> >+ ulong addr;
> >+ efi_uintn_t size;
> > efi_guid_t guid;
> > u32 attributes;
> >+ bool default_guid, verbose, value_on_memory;
> >+ u16 *var_name16 = NULL, *p;
> >+ size_t len;
> > efi_status_t ret;
> >
> > if (argc == 1)
> >@@ -364,32 +419,96 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int
> >argc, char * const argv[])
> > return CMD_RET_FAILURE;
> > }
> >
> >- attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
> >- EFI_VARIABLE_RUNTIME_ACCESS;
> >- if (!strcmp(argv[1], "-nv")) {
> >- attributes |= EFI_VARIABLE_NON_VOLATILE;
> >- argc--;
> >- argv++;
> >- if (argc == 1)
> >- return CMD_RET_SUCCESS;
> >+ /*
> >+ * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
> >+ * EFI_VARIABLE_RUNTIME_ACCESS;
> >+ */
> >+ value = NULL;
> >+ size = 0;
> >+ attributes = 0;
> >+ guid = efi_global_variable_guid;
> >+ default_guid = true;
> >+ verbose = false;
> >+ value_on_memory = false;
> >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) {
> >+ if (!strcmp(argv[0], "-guid")) {
> >+ if (argc == 1)
> >+ return CMD_RET_USAGE;
> >+
> >+ argc--;
> >+ argv++;
> >+ if (uuid_str_to_bin(argv[0], guid.b,
> >+ UUID_STR_FORMAT_GUID))
> >+ return CMD_RET_FAILURE;
> >+ default_guid = false;
> >+ } else if (!strcmp(argv[0], "-bs")) {
> >+ attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS;
> >+ } else if (!strcmp(argv[0], "-rt")) {
> >+ attributes |= EFI_VARIABLE_RUNTIME_ACCESS;
> >+ } else if (!strcmp(argv[0], "-nv")) {
> >+ attributes |= EFI_VARIABLE_NON_VOLATILE;
> >+ } else if (!strcmp(argv[0], "-at")) {
> >+ attributes |=
> >+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> >+ } else if (!strcmp(argv[0], "-a")) {
> >+ attributes |= EFI_VARIABLE_APPEND_WRITE;
> >+ } else if (!strcmp(argv[0], "-i")) {
> >+ /* data comes from memory */
> >+ if (argc == 1)
> >+ return CMD_RET_USAGE;
> >+
> >+ argc--;
> >+ argv++;
> >+ addr = simple_strtoul(argv[0], &ep, 16);
> >+ if (*ep != ',')
> >+ return CMD_RET_USAGE;
> >+
> >+ size = simple_strtoul(++ep, NULL, 16);
> >+ if (!size)
> >+ return CMD_RET_FAILURE;
> >+ value_on_memory = true;
> >+ } else if (!strcmp(argv[0], "-v")) {
> >+ verbose = true;
> >+ } else {
> >+ return CMD_RET_USAGE;
> >+ }
> > }
> >+ if (!argc)
> >+ return CMD_RET_USAGE;
> >
> >- var_name = argv[1];
> >- if (argc == 2) {
> >- /* delete */
> >- value = NULL;
> >- size = 0;
> >- } else { /* set */
> >- argc -= 2;
> >- argv += 2;
> >+ var_name = argv[0];
> >+ if (default_guid)
> >+ guid = efi_global_variable_guid;
> >
> >- for ( ; argc > 0; argc--, argv++)
> >+ if (verbose) {
> >+ printf("GUID: %s\n", efi_guid_to_str(&guid));
> >+ printf("Attributes: 0x%x\n", attributes);
> >+ }
> >+
> >+ /* for value */
> >+ if (value_on_memory)
> >+ value = map_sysmem(addr, 0);
> >+ else if (argc > 1)
> >+ for (argc--, argv++; argc > 0; argc--, argv++)
> >+ /* FIXME: signness of value */
> > if (append_value(&value, &size, argv[0]) < 0) {
> > printf("## Failed to process an argument, %s\n",
> > argv[0]);
> > ret = CMD_RET_FAILURE;
> > goto out;
> > }
> >+
> >+ if (size && !(attributes & (EFI_VARIABLE_BOOTSERVICE_ACCESS |
> >+ EFI_VARIABLE_RUNTIME_ACCESS))) {
> >+ printf("## Attributes must be specified\n");
> >+ ret = CMD_RET_FAILURE;
> >+ goto out;
> >+ }
> >+
> >+ if (size && verbose) {
> >+ printf("Value:\n");
> >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET,
> >+ 16, 1, value, size, true);
> > }
> >
> > len = utf8_utf16_strnlen(var_name, strlen(var_name));
> >@@ -402,9 +521,9 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc,
> >char * const argv[])
> > p = var_name16;
> > utf8_utf16_strncpy(&p, var_name, len + 1);
> >
> >- guid = efi_global_variable_guid;
> > ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes,
> > size, value));
> >+ unmap_sysmem(value);
> > if (ret == EFI_SUCCESS) {
> > ret = CMD_RET_SUCCESS;
> > } else {
> >@@ -412,7 +531,10 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int
> >argc, char * const argv[])
> > ret = CMD_RET_FAILURE;
> > }
> > out:
> >- free(value);
> >+ if (value_on_memory)
> >+ unmap_sysmem(value);
> >+ else
> >+ free(value);
> > free(var_name16);
> >
> > return ret;
> >
>
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
