summaryrefslogtreecommitdiffstats
path: root/src/basic/efivars.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
commit55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch)
tree33f869f55a1b149e9b7c2b7e201867ca5dd52992 /src/basic/efivars.c
parentInitial commit. (diff)
downloadsystemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz
systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/basic/efivars.c')
-rw-r--r--src/basic/efivars.c446
1 files changed, 446 insertions, 0 deletions
diff --git a/src/basic/efivars.c b/src/basic/efivars.c
new file mode 100644
index 0000000..9011ae2
--- /dev/null
+++ b/src/basic/efivars.c
@@ -0,0 +1,446 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <linux/fs.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "sd-id128.h"
+
+#include "alloc-util.h"
+#include "chattr-util.h"
+#include "efivars.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "io-util.h"
+#include "macro.h"
+#include "memory-util.h"
+#include "stdio-util.h"
+#include "strv.h"
+#include "time-util.h"
+#include "utf8.h"
+#include "virt.h"
+
+#if ENABLE_EFI
+
+/* Reads from efivarfs sometimes fail with EINTR. Retry that many times. */
+#define EFI_N_RETRIES_NO_DELAY 20
+#define EFI_N_RETRIES_TOTAL 25
+#define EFI_RETRY_DELAY (50 * USEC_PER_MSEC)
+
+int efi_get_variable(
+ const char *variable,
+ uint32_t *ret_attribute,
+ void **ret_value,
+ size_t *ret_size) {
+
+ _cleanup_close_ int fd = -EBADF;
+ _cleanup_free_ void *buf = NULL;
+ struct stat st;
+ usec_t begin = 0; /* Unnecessary initialization to appease gcc */
+ uint32_t a;
+ ssize_t n;
+
+ assert(variable);
+
+ const char *p = strjoina("/sys/firmware/efi/efivars/", variable);
+
+ if (!ret_value && !ret_size && !ret_attribute) {
+ /* If caller is not interested in anything, just check if the variable exists and is
+ * readable. */
+ if (access(p, R_OK) < 0)
+ return -errno;
+
+ return 0;
+ }
+
+ if (DEBUG_LOGGING) {
+ log_debug("Reading EFI variable %s.", p);
+ begin = now(CLOCK_MONOTONIC);
+ }
+
+ fd = open(p, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+ if (fd < 0)
+ return log_debug_errno(errno, "open(\"%s\") failed: %m", p);
+
+ if (fstat(fd, &st) < 0)
+ return log_debug_errno(errno, "fstat(\"%s\") failed: %m", p);
+ if (st.st_size < 4)
+ return log_debug_errno(SYNTHETIC_ERRNO(ENODATA), "EFI variable %s is shorter than 4 bytes, refusing.", p);
+ if (st.st_size > 4*1024*1024 + 4)
+ return log_debug_errno(SYNTHETIC_ERRNO(E2BIG), "EFI variable %s is ridiculously large, refusing.", p);
+
+ if (ret_value || ret_attribute) {
+ /* The kernel ratelimits reads from the efivarfs because EFI is inefficient, and we'll
+ * occasionally fail with EINTR here. A slowdown is better than a failure for us, so
+ * retry a few times and eventually fail with -EBUSY.
+ *
+ * See https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L75
+ * and
+ * https://github.com/torvalds/linux/commit/bef3efbeb897b56867e271cdbc5f8adaacaeb9cd.
+ */
+ for (unsigned try = 0;; try++) {
+ n = read(fd, &a, sizeof(a));
+ if (n >= 0)
+ break;
+ log_debug_errno(errno, "Reading from \"%s\" failed: %m", p);
+ if (errno != EINTR)
+ return -errno;
+ if (try >= EFI_N_RETRIES_TOTAL)
+ return -EBUSY;
+
+ if (try >= EFI_N_RETRIES_NO_DELAY)
+ (void) usleep_safe(EFI_RETRY_DELAY);
+ }
+
+ if (n != sizeof(a))
+ return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+ "Read %zi bytes from EFI variable %s, expected %zu.", n, p, sizeof(a));
+ }
+
+ if (ret_value) {
+ buf = malloc(st.st_size - 4 + 3);
+ if (!buf)
+ return -ENOMEM;
+
+ n = read(fd, buf, (size_t) st.st_size - 4);
+ if (n < 0)
+ return log_debug_errno(errno, "Failed to read value of EFI variable %s: %m", p);
+ assert(n <= st.st_size - 4);
+
+ /* Always NUL-terminate (3 bytes, to properly protect UTF-16, even if truncated in the middle
+ * of a character) */
+ ((char*) buf)[n] = 0;
+ ((char*) buf)[n + 1] = 0;
+ ((char*) buf)[n + 2] = 0;
+ } else
+ /* Assume that the reported size is accurate */
+ n = st.st_size - 4;
+
+ if (DEBUG_LOGGING) {
+ usec_t end = now(CLOCK_MONOTONIC);
+ if (end > begin + EFI_RETRY_DELAY)
+ log_debug("Detected slow EFI variable read access on %s: %s",
+ variable, FORMAT_TIMESPAN(end - begin, 1));
+ }
+
+ /* Note that efivarfs interestingly doesn't require ftruncate() to update an existing EFI variable
+ * with a smaller value. */
+
+ if (ret_attribute)
+ *ret_attribute = a;
+
+ if (ret_value)
+ *ret_value = TAKE_PTR(buf);
+
+ if (ret_size)
+ *ret_size = n;
+
+ return 0;
+}
+
+int efi_get_variable_string(const char *variable, char **ret) {
+ _cleanup_free_ void *s = NULL;
+ size_t ss = 0;
+ int r;
+ char *x;
+
+ r = efi_get_variable(variable, NULL, &s, &ss);
+ if (r < 0)
+ return r;
+
+ x = utf16_to_utf8(s, ss);
+ if (!x)
+ return -ENOMEM;
+
+ *ret = x;
+ return 0;
+}
+
+static int efi_verify_variable(const char *variable, uint32_t attr, const void *value, size_t size) {
+ _cleanup_free_ void *buf = NULL;
+ size_t n;
+ uint32_t a;
+ int r;
+
+ assert(variable);
+ assert(value || size == 0);
+
+ r = efi_get_variable(variable, &a, &buf, &n);
+ if (r < 0)
+ return r;
+
+ return a == attr && memcmp_nn(buf, n, value, size) == 0;
+}
+
+int efi_set_variable(const char *variable, const void *value, size_t size) {
+ struct var {
+ uint32_t attr;
+ char buf[];
+ } _packed_ * _cleanup_free_ buf = NULL;
+ _cleanup_close_ int fd = -EBADF;
+ uint32_t attr = EFI_VARIABLE_NON_VOLATILE|EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS;
+ bool saved_flags_valid = false;
+ unsigned saved_flags;
+ int r;
+
+ assert(variable);
+ assert(value || size == 0);
+
+ const char *p = strjoina("/sys/firmware/efi/efivars/", variable);
+
+ /* size 0 means removal, empty variable would not be enough for that */
+ if (size > 0 && efi_verify_variable(variable, attr, value, size) > 0) {
+ log_debug("Variable '%s' is already in wanted state, skipping write.", variable);
+ return 0;
+ }
+
+ /* Newer efivarfs protects variables that are not in an allow list with FS_IMMUTABLE_FL by default,
+ * to protect them for accidental removal and modification. We are not changing these variables
+ * accidentally however, hence let's unset the bit first. */
+
+ r = chattr_path(p, 0, FS_IMMUTABLE_FL, &saved_flags);
+ if (r < 0 && r != -ENOENT)
+ log_debug_errno(r, "Failed to drop FS_IMMUTABLE_FL flag from '%s', ignoring: %m", p);
+
+ saved_flags_valid = r >= 0;
+
+ if (size == 0) {
+ if (unlink(p) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ return 0;
+ }
+
+ fd = open(p, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0644);
+ if (fd < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ buf = malloc(sizeof(uint32_t) + size);
+ if (!buf) {
+ r = -ENOMEM;
+ goto finish;
+ }
+
+ buf->attr = attr;
+ memcpy(buf->buf, value, size);
+
+ r = loop_write(fd, buf, sizeof(uint32_t) + size);
+ if (r < 0)
+ goto finish;
+
+ /* For some reason efivarfs doesn't update mtime automatically. Let's do it manually then. This is
+ * useful for processes that cache EFI variables to detect when changes occurred. */
+ if (futimens(fd, (struct timespec[2]) {
+ { .tv_nsec = UTIME_NOW },
+ { .tv_nsec = UTIME_NOW }
+ }) < 0)
+ log_debug_errno(errno, "Failed to update mtime/atime on %s, ignoring: %m", p);
+
+ r = 0;
+
+finish:
+ if (saved_flags_valid) {
+ int q;
+
+ /* Restore the original flags field, just in case */
+ if (fd < 0)
+ q = chattr_path(p, saved_flags, FS_IMMUTABLE_FL, NULL);
+ else
+ q = chattr_fd(fd, saved_flags, FS_IMMUTABLE_FL, NULL);
+ if (q < 0)
+ log_debug_errno(q, "Failed to restore FS_IMMUTABLE_FL on '%s', ignoring: %m", p);
+ }
+
+ return r;
+}
+
+int efi_set_variable_string(const char *variable, const char *value) {
+ _cleanup_free_ char16_t *u16 = NULL;
+
+ u16 = utf8_to_utf16(value, SIZE_MAX);
+ if (!u16)
+ return -ENOMEM;
+
+ return efi_set_variable(variable, u16, (char16_strlen(u16) + 1) * sizeof(char16_t));
+}
+
+bool is_efi_boot(void) {
+ static int cache = -1;
+
+ if (cache < 0) {
+ if (detect_container() > 0)
+ cache = false;
+ else {
+ cache = access("/sys/firmware/efi/", F_OK) >= 0;
+ if (!cache && errno != ENOENT)
+ log_debug_errno(errno, "Unable to test whether /sys/firmware/efi/ exists, assuming EFI not available: %m");
+ }
+ }
+
+ return cache;
+}
+
+static int read_flag(const char *variable) {
+ _cleanup_free_ void *v = NULL;
+ uint8_t b;
+ size_t s;
+ int r;
+
+ if (!is_efi_boot()) /* If this is not an EFI boot, assume the queried flags are zero */
+ return 0;
+
+ r = efi_get_variable(variable, NULL, &v, &s);
+ if (r < 0)
+ return r;
+
+ if (s != 1)
+ return -EINVAL;
+
+ b = *(uint8_t *)v;
+ return !!b;
+}
+
+bool is_efi_secure_boot(void) {
+ static int cache = -1;
+ int r;
+
+ if (cache < 0) {
+ r = read_flag(EFI_GLOBAL_VARIABLE(SecureBoot));
+ if (r == -ENOENT)
+ cache = false;
+ else if (r < 0)
+ log_debug_errno(r, "Error reading SecureBoot EFI variable, assuming not in SecureBoot mode: %m");
+ else
+ cache = r;
+ }
+
+ return cache > 0;
+}
+
+SecureBootMode efi_get_secure_boot_mode(void) {
+ static SecureBootMode cache = _SECURE_BOOT_INVALID;
+
+ if (cache != _SECURE_BOOT_INVALID)
+ return cache;
+
+ int secure = read_flag(EFI_GLOBAL_VARIABLE(SecureBoot));
+ if (secure < 0) {
+ if (secure != -ENOENT)
+ log_debug_errno(secure, "Error reading SecureBoot EFI variable, assuming not in SecureBoot mode: %m");
+
+ return (cache = SECURE_BOOT_UNSUPPORTED);
+ }
+
+ /* We can assume false for all these if they are abscent (AuditMode and
+ * DeployedMode may not exist on older firmware). */
+ int audit = read_flag(EFI_GLOBAL_VARIABLE(AuditMode));
+ int deployed = read_flag(EFI_GLOBAL_VARIABLE(DeployedMode));
+ int setup = read_flag(EFI_GLOBAL_VARIABLE(SetupMode));
+ log_debug("Secure boot variables: SecureBoot=%d AuditMode=%d DeployedMode=%d SetupMode=%d",
+ secure, audit, deployed, setup);
+
+ return (cache = decode_secure_boot_mode(secure, audit > 0, deployed > 0, setup > 0));
+}
+
+static int read_efi_options_variable(char **ret) {
+ int r;
+
+ /* In SecureBoot mode this is probably not what you want. As your cmdline is cryptographically signed
+ * like when using Type #2 EFI Unified Kernel Images (https://uapi-group.org/specifications/specs/boot_loader_specification)
+ * The user's intention is then that the cmdline should not be modified. You want to make sure that
+ * the system starts up as exactly specified in the signed artifact.
+ *
+ * (NB: For testing purposes, we still check the $SYSTEMD_EFI_OPTIONS env var before accessing this
+ * cache, even when in SecureBoot mode.) */
+ if (is_efi_secure_boot()) {
+ /* Let's be helpful with the returned error and check if the variable exists at all. If it
+ * does, let's return a recognizable error (EPERM), and if not ENODATA. */
+
+ if (access(EFIVAR_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), F_OK) < 0)
+ return errno == ENOENT ? -ENODATA : -errno;
+
+ return -EPERM;
+ }
+
+ r = efi_get_variable_string(EFI_SYSTEMD_VARIABLE(SystemdOptions), ret);
+ if (r == -ENOENT)
+ return -ENODATA;
+ return r;
+}
+
+int cache_efi_options_variable(void) {
+ _cleanup_free_ char *line = NULL;
+ int r;
+
+ r = read_efi_options_variable(&line);
+ if (r < 0)
+ return r;
+
+ return write_string_file(EFIVAR_CACHE_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), line,
+ WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755);
+}
+
+int systemd_efi_options_variable(char **ret) {
+ const char *e;
+ int r;
+
+ /* Returns the contents of the variable for current boot from the cache. */
+
+ assert(ret);
+
+ /* For testing purposes it is sometimes useful to be able to override this */
+ e = secure_getenv("SYSTEMD_EFI_OPTIONS");
+ if (e) {
+ char *m;
+
+ m = strdup(e);
+ if (!m)
+ return -ENOMEM;
+
+ *ret = m;
+ return 0;
+ }
+
+ r = read_one_line_file(EFIVAR_CACHE_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), ret);
+ if (r == -ENOENT)
+ return -ENODATA;
+ return r;
+}
+
+static int compare_stat_mtime(const struct stat *a, const struct stat *b) {
+ return CMP(timespec_load(&a->st_mtim), timespec_load(&b->st_mtim));
+}
+
+int systemd_efi_options_efivarfs_if_newer(char **ret) {
+ struct stat a = {}, b;
+ int r;
+
+ if (stat(EFIVAR_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), &a) < 0 && errno != ENOENT)
+ return log_debug_errno(errno, "Failed to stat EFI variable SystemdOptions: %m");
+
+ if (stat(EFIVAR_CACHE_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions)), &b) < 0) {
+ if (errno != ENOENT)
+ log_debug_errno(errno, "Failed to stat "EFIVAR_CACHE_PATH(EFI_SYSTEMD_VARIABLE(SystemdOptions))": %m");
+ } else if (compare_stat_mtime(&a, &b) > 0)
+ log_debug("Variable SystemdOptions in evifarfs is newer than in cache.");
+ else {
+ log_debug("Variable SystemdOptions in cache is up to date.");
+ *ret = NULL;
+ return 0;
+ }
+
+ r = read_efi_options_variable(ret);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to read SystemdOptions EFI variable: %m");
+
+ return 0;
+}
+#endif