On Tue, Sep 03, 2019 at 10:46:04PM +0200, Heinrich Schuchardt wrote: > On 9/3/19 7:41 AM, AKASHI Takahiro wrote: > >With this patch, when setting UEFI variable with "env set -e" command, > >we will be able to > >- specify vendor guid with "-guid guid", > >- specify variable attributes, BOOTSERVICE_ACCESS, RUNTIME_ACCESS, > > TIME_BASED_AUTHENTICATED_WRITE_ACCESS respectively with > > Doesn't TIME_BASED_AUTHENTICATED_WRITE_ACCESS mandate changes in > SetVariable() too? > > I could not find the EFI_VARIABLE_AUTHENTICATION_2 descriptor in the patch.
As you might image, this patch was part of my patch set for UEFI secure boot implementation. > I think we should not provide "-at" as a parameter of this command if it > is not supported. I believed that efi_set_variable() always checks for unsupported attributes first, but it does so only under my local repository :) Okay, I will remove it for now. > So there should be first a patch to change > SetVariable(). Then a patch implementing efidebug -at may follow. > > In a case of an error, please, provide a meaningful error message. (A > variable might be READ_ONLY or NOT_FOUND. -rt might be specified without > -bs.) in which printf? I didn't change anything in efi_variable.c. -Takahiro Akashi > Best regards > > Heinrich > > > "-bs", "-rt" and "-at", > >- append a value instead of overwriting with "-a", > >- use memory as variable's value instead of explicit values given > > at the command line with "-i address,size" > > > >If guid is not explicitly given, default value will be used. > > > >When "-at" is given, a variable should be authenticated with > >appropriate signature database before setting or modifying its value. > >(Authentication is not supported yet though.) > > > >Meanwhile, "env print -e," will be modified so that it will dump > >a variable's value only if '-v' (verbose) is specified. > > > >Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org> > >--- > > cmd/nvedit.c | 20 +++-- > > cmd/nvedit_efi.c | 192 ++++++++++++++++++++++++++++++++++++++--------- > > 2 files changed, 172 insertions(+), 40 deletions(-) > > > >diff --git a/cmd/nvedit.c b/cmd/nvedit.c > >index 1cb0bc1460b9..2d2adc8529db 100644 > >--- a/cmd/nvedit.c > >+++ b/cmd/nvedit.c > >@@ -1387,7 +1387,7 @@ static char env_help_text[] = > > #endif > > "env print [-a | name ...] - print environment\n" > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "env print -e [name ...] - print UEFI environment\n" > >+ "env print -e [-v] [name ...] - print UEFI environment\n" > > #endif > > #if defined(CONFIG_CMD_RUN) > > "env run var [...] - run commands in an environment variable\n" > >@@ -1399,7 +1399,8 @@ static char env_help_text[] = > > #endif > > #endif > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "env set -e name [arg ...] - set UEFI variable; unset if 'arg' not > >specified\n" > >+ "env set -e [-nv][-bs][-rt][-at][-a][-i addr,size][-v] name [arg ...]\n" > >+ " - set UEFI variable; unset if '-i' or 'arg' not specified\n" > > #endif > > "env set [-f] name [arg ...]\n"; > > #endif > >@@ -1428,8 +1429,9 @@ U_BOOT_CMD_COMPLETE( > > "print environment variables", > > "[-a]\n - print [all] values of all environment variables\n" > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "printenv -e [name ...]\n" > >+ "printenv -e [-v] [name ...]\n" > > " - print UEFI variable 'name' or all the variables\n" > >+ " \"-v\": verbose for signature database\n" > > #endif > > "printenv name ...\n" > > " - print value of environment variable 'name'", > >@@ -1459,9 +1461,17 @@ U_BOOT_CMD_COMPLETE( > > setenv, CONFIG_SYS_MAXARGS, 0, do_env_set, > > "set environment variables", > > #if defined(CONFIG_CMD_NVEDIT_EFI) > >- "-e [-nv] name [value ...]\n" > >+ "-e [-guid guid][-nv][-bs][-rt][-at][-a][-v]\n" > >+ " [-i addr,size name], or [name [value ...]]\n" > > " - set UEFI variable 'name' to 'value' ...'\n" > >- " 'nv' option makes the variable non-volatile\n" > >+ " \"-guid\": set vendor guid\n" > >+ " \"-nv\": set non-volatile attribute\n" > >+ " \"-bs\": set boot-service attribute\n" > >+ " \"-rt\": set runtime attribute\n" > >+ " \"-at\": set time-based authentication attribute\n" > >+ " \"-a\": append-write\n" > >+ " \"-i addr,size\": use <addr,size> as variable's value\n" > >+ " \"-v\": verbose print\n" > > " - delete UEFI variable 'name' if 'value' not specified\n" > > #endif > > "setenv [-f] name value ...\n" > >diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c > >index ed6d09a53046..a9ecb3ee4dc3 100644 > >--- a/cmd/nvedit_efi.c > >+++ b/cmd/nvedit_efi.c > >@@ -13,6 +13,7 @@ > > #include <exports.h> > > #include <hexdump.h> > > #include <malloc.h> > >+#include <mapmem.h> > > #include <linux/kernel.h> > > > > /* > >@@ -34,15 +35,48 @@ static const struct { > > {EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, "AT"}, > > }; > > > >+static const struct { > >+ efi_guid_t guid; > >+ char *text; > >+} efi_guid_text[] = { > >+ /* signature database */ > >+ {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"}, > >+}; > >+ > >+/* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */ > >+static char unknown_guid[37]; > >+ > >+/** > >+ * efi_guid_to_str() - convert guid to readable name > >+ * > >+ * @guid: GUID > >+ * Return: string for GUID > >+ * > >+ * convert guid to readable name > >+ */ > >+static const char *efi_guid_to_str(efi_guid_t *guid) > >+{ > >+ int i; > >+ > >+ for (i = 0; i < ARRAY_SIZE(efi_guid_text); i++) > >+ if (!guidcmp(guid, &efi_guid_text[i].guid)) > >+ return efi_guid_text[i].text; > >+ > >+ uuid_bin_to_str(guid->b, unknown_guid, UUID_STR_FORMAT_GUID); > >+ > >+ return unknown_guid; > >+} > >+ > > /** > > * efi_dump_single_var() - show information about a UEFI variable > > * > > * @name: Name of the variable > > * @guid: Vendor GUID > >+ * @verbose: if true, dump data > > * > > * Show information encoded in one UEFI variable > > */ > >-static void efi_dump_single_var(u16 *name, efi_guid_t *guid) > >+static void efi_dump_single_var(u16 *name, efi_guid_t *guid, bool verbose) > > { > > u32 attributes; > > u8 *data; > >@@ -68,7 +102,7 @@ static void efi_dump_single_var(u16 *name, efi_guid_t > >*guid) > > if (ret != EFI_SUCCESS) > > goto out; > > > >- printf("%ls:", name); > >+ printf("%ls:\n %s:", name, efi_guid_to_str(guid)); > > for (count = 0, i = 0; i < ARRAY_SIZE(efi_var_attrs); i++) > > if (attributes & efi_var_attrs[i].mask) { > > if (count) > >@@ -79,7 +113,9 @@ static void efi_dump_single_var(u16 *name, efi_guid_t > >*guid) > > puts(efi_var_attrs[i].text); > > } > > printf(", DataSize = 0x%zx\n", size); > >- print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, data, size, true); > >+ if (verbose) > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, > >+ data, size, true); > > > > out: > > free(data); > >@@ -90,11 +126,12 @@ out: > > * > > * @argc: Number of arguments (variables) > > * @argv: Argument (variable name) array > >+ * @verbose: if true, dump data > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * Show information encoded in named UEFI variables > > */ > >-static int efi_dump_vars(int argc, char * const argv[]) > >+static int efi_dump_vars(int argc, char * const argv[], bool verbose) > > { > > u16 *var_name16, *p; > > efi_uintn_t buf_size, size; > >@@ -120,7 +157,8 @@ static int efi_dump_vars(int argc, char * const argv[]) > > utf8_utf16_strcpy(&p, argv[0]); > > > > efi_dump_single_var(var_name16, > >- (efi_guid_t *)&efi_global_variable_guid); > >+ (efi_guid_t *)&efi_global_variable_guid, > >+ verbose); > > } > > > > free(var_name16); > >@@ -131,11 +169,12 @@ static int efi_dump_vars(int argc, char * const > >argv[]) > > /** > > * efi_dump_vars() - show information about all the UEFI variables > > * > >+ * @verbose: if true, dump data > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * Show information encoded in all the UEFI variables > > */ > >-static int efi_dump_var_all(void) > >+static int efi_dump_var_all(bool verbose) > > { > > u16 *var_name16, *p; > > efi_uintn_t buf_size, size; > >@@ -171,7 +210,7 @@ static int efi_dump_var_all(void) > > return CMD_RET_FAILURE; > > } > > > >- efi_dump_single_var(var_name16, &guid); > >+ efi_dump_single_var(var_name16, &guid, verbose); > > } > > > > free(var_name16); > >@@ -189,12 +228,13 @@ static int efi_dump_var_all(void) > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * This function is for "env print -e" or "printenv -e" command: > >- * => env print -e [var [...]] > >+ * => env print -e [-v] [var [...]] > > * If one or more variable names are specified, show information > > * named UEFI variables, otherwise show all the UEFI variables. > > */ > > int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const > > argv[]) > > { > >+ bool verbose; > > efi_status_t ret; > > > > /* Initialize EFI drivers */ > >@@ -205,12 +245,23 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int > >argc, char * const argv[]) > > return CMD_RET_FAILURE; > > } > > > >- if (argc > 1) > >+ verbose = false; > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > >+ switch (argv[0][1]) { > >+ case 'v': > >+ verbose = true; > >+ break; > >+ default: > >+ return CMD_RET_USAGE; > >+ } > >+ } > >+ > >+ if (argc) > > /* show specified UEFI variables */ > >- return efi_dump_vars(--argc, ++argv); > >+ return efi_dump_vars(argc, argv, verbose); > > > > /* enumerate and show all UEFI variables */ > >- return efi_dump_var_all(); > >+ return efi_dump_var_all(verbose); > > } > > > > /** > >@@ -339,18 +390,22 @@ out: > > * Return: CMD_RET_SUCCESS on success, or CMD_RET_RET_FAILURE > > * > > * This function is for "env set -e" or "setenv -e" command: > >- * => env set -e var [value ...]] > >+ * => env set -e [-guid guid][-nv][-bs][-rt][-at][-a][-v] > >+ * [-i address,size] var, or > >+ * var [value ...] > > * Encode values specified and set given UEFI variable. > > * If no value is specified, delete the variable. > > */ > > int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const > > argv[]) > > { > >- char *var_name, *value = NULL; > >- efi_uintn_t size = 0; > >- u16 *var_name16 = NULL, *p; > >- size_t len; > >+ char *var_name, *value, *ep; > >+ ulong addr; > >+ efi_uintn_t size; > > efi_guid_t guid; > > u32 attributes; > >+ bool default_guid, verbose, value_on_memory; > >+ u16 *var_name16 = NULL, *p; > >+ size_t len; > > efi_status_t ret; > > > > if (argc == 1) > >@@ -364,32 +419,96 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int > >argc, char * const argv[]) > > return CMD_RET_FAILURE; > > } > > > >- attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > >- EFI_VARIABLE_RUNTIME_ACCESS; > >- if (!strcmp(argv[1], "-nv")) { > >- attributes |= EFI_VARIABLE_NON_VOLATILE; > >- argc--; > >- argv++; > >- if (argc == 1) > >- return CMD_RET_SUCCESS; > >+ /* > >+ * attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | > >+ * EFI_VARIABLE_RUNTIME_ACCESS; > >+ */ > >+ value = NULL; > >+ size = 0; > >+ attributes = 0; > >+ guid = efi_global_variable_guid; > >+ default_guid = true; > >+ verbose = false; > >+ value_on_memory = false; > >+ for (argc--, argv++; argc > 0 && argv[0][0] == '-'; argc--, argv++) { > >+ if (!strcmp(argv[0], "-guid")) { > >+ if (argc == 1) > >+ return CMD_RET_USAGE; > >+ > >+ argc--; > >+ argv++; > >+ if (uuid_str_to_bin(argv[0], guid.b, > >+ UUID_STR_FORMAT_GUID)) > >+ return CMD_RET_FAILURE; > >+ default_guid = false; > >+ } else if (!strcmp(argv[0], "-bs")) { > >+ attributes |= EFI_VARIABLE_BOOTSERVICE_ACCESS; > >+ } else if (!strcmp(argv[0], "-rt")) { > >+ attributes |= EFI_VARIABLE_RUNTIME_ACCESS; > >+ } else if (!strcmp(argv[0], "-nv")) { > >+ attributes |= EFI_VARIABLE_NON_VOLATILE; > >+ } else if (!strcmp(argv[0], "-at")) { > >+ attributes |= > >+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > >+ } else if (!strcmp(argv[0], "-a")) { > >+ attributes |= EFI_VARIABLE_APPEND_WRITE; > >+ } else if (!strcmp(argv[0], "-i")) { > >+ /* data comes from memory */ > >+ if (argc == 1) > >+ return CMD_RET_USAGE; > >+ > >+ argc--; > >+ argv++; > >+ addr = simple_strtoul(argv[0], &ep, 16); > >+ if (*ep != ',') > >+ return CMD_RET_USAGE; > >+ > >+ size = simple_strtoul(++ep, NULL, 16); > >+ if (!size) > >+ return CMD_RET_FAILURE; > >+ value_on_memory = true; > >+ } else if (!strcmp(argv[0], "-v")) { > >+ verbose = true; > >+ } else { > >+ return CMD_RET_USAGE; > >+ } > > } > >+ if (!argc) > >+ return CMD_RET_USAGE; > > > >- var_name = argv[1]; > >- if (argc == 2) { > >- /* delete */ > >- value = NULL; > >- size = 0; > >- } else { /* set */ > >- argc -= 2; > >- argv += 2; > >+ var_name = argv[0]; > >+ if (default_guid) > >+ guid = efi_global_variable_guid; > > > >- for ( ; argc > 0; argc--, argv++) > >+ if (verbose) { > >+ printf("GUID: %s\n", efi_guid_to_str(&guid)); > >+ printf("Attributes: 0x%x\n", attributes); > >+ } > >+ > >+ /* for value */ > >+ if (value_on_memory) > >+ value = map_sysmem(addr, 0); > >+ else if (argc > 1) > >+ for (argc--, argv++; argc > 0; argc--, argv++) > >+ /* FIXME: signness of value */ > > if (append_value(&value, &size, argv[0]) < 0) { > > printf("## Failed to process an argument, %s\n", > > argv[0]); > > ret = CMD_RET_FAILURE; > > goto out; > > } > >+ > >+ if (size && !(attributes & (EFI_VARIABLE_BOOTSERVICE_ACCESS | > >+ EFI_VARIABLE_RUNTIME_ACCESS))) { > >+ printf("## Attributes must be specified\n"); > >+ ret = CMD_RET_FAILURE; > >+ goto out; > >+ } > >+ > >+ if (size && verbose) { > >+ printf("Value:\n"); > >+ print_hex_dump(" ", DUMP_PREFIX_OFFSET, > >+ 16, 1, value, size, true); > > } > > > > len = utf8_utf16_strnlen(var_name, strlen(var_name)); > >@@ -402,9 +521,9 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, > >char * const argv[]) > > p = var_name16; > > utf8_utf16_strncpy(&p, var_name, len + 1); > > > >- guid = efi_global_variable_guid; > > ret = EFI_CALL(efi_set_variable(var_name16, &guid, attributes, > > size, value)); > >+ unmap_sysmem(value); > > if (ret == EFI_SUCCESS) { > > ret = CMD_RET_SUCCESS; > > } else { > >@@ -412,7 +531,10 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int > >argc, char * const argv[]) > > ret = CMD_RET_FAILURE; > > } > > out: > >- free(value); > >+ if (value_on_memory) > >+ unmap_sysmem(value); > >+ else > >+ free(value); > > free(var_name16); > > > > return ret; > > > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot