--- /dev/null
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * UEFI runtime variable services
+ *
+ * Copyright (c) 2020, Heinrich Schuchardt <xypron.glpk@gmx.de>
+ */
+
+#include <common.h>
+#include <efi_loader.h>
+#include <efi_variable.h>
+
+/**
+ * efi_efi_get_variable() - retrieve value of a UEFI variable
+ *
+ * This function implements the GetVariable runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @variable_name: name of the variable
+ * @vendor: vendor GUID
+ * @attributes: attributes of the variable
+ * @data_size: size of the buffer to which the variable value is copied
+ * @data: buffer to which the variable value is copied
+ * Return: status code
+ */
+efi_status_t EFIAPI efi_get_variable(u16 *variable_name,
+ const efi_guid_t *vendor, u32 *attributes,
+ efi_uintn_t *data_size, void *data)
+{
+ efi_status_t ret;
+
+ EFI_ENTRY("\"%ls\" %pUl %p %p %p", variable_name, vendor, attributes,
+ data_size, data);
+
+ ret = efi_get_variable_int(variable_name, vendor, attributes,
+ data_size, data, NULL);
+
+ /* Remove EFI_VARIABLE_READ_ONLY flag */
+ if (attributes)
+ *attributes &= EFI_VARIABLE_MASK;
+
+ return EFI_EXIT(ret);
+}
+
+/**
+ * efi_set_variable() - set value of a UEFI variable
+ *
+ * This function implements the SetVariable runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @variable_name: name of the variable
+ * @vendor: vendor GUID
+ * @attributes: attributes of the variable
+ * @data_size: size of the buffer with the variable value
+ * @data: buffer with the variable value
+ * Return: status code
+ */
+efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
+ const efi_guid_t *vendor, u32 attributes,
+ efi_uintn_t data_size, const void *data)
+{
+ efi_status_t ret;
+
+ EFI_ENTRY("\"%ls\" %pUl %x %zu %p", variable_name, vendor, attributes,
+ data_size, data);
+
+ /* Make sure that the EFI_VARIABLE_READ_ONLY flag is not set */
+ if (attributes & ~(u32)EFI_VARIABLE_MASK)
+ ret = EFI_INVALID_PARAMETER;
+ else
+ ret = efi_set_variable_int(variable_name, vendor, attributes,
+ data_size, data, true);
+
+ return EFI_EXIT(ret);
+}
#include <common.h>
#include <efi_loader.h>
+#include <efi_variable.h>
#include <env.h>
#include <env_internal.h>
#include <hexdump.h>
#include <search.h>
#include <uuid.h>
#include <crypto/pkcs7_parser.h>
-#include <linux/bitops.h>
#include <linux/compat.h>
#include <u-boot/crc.h>
static enum efi_secure_mode efi_secure_mode;
static u8 efi_vendor_keys;
-#define READ_ONLY BIT(31)
-
-static efi_status_t efi_get_variable_common(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 *attributes,
- efi_uintn_t *data_size, void *data,
- u64 *timep);
-
-static efi_status_t efi_set_variable_common(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 attributes,
- efi_uintn_t data_size,
- const void *data,
- bool ro_check);
-
/*
* Mapping between EFI variables and u-boot variables:
*
str++;
if ((s = prefix(str, "ro"))) {
- attr |= READ_ONLY;
+ attr |= EFI_VARIABLE_READ_ONLY;
} else if ((s = prefix(str, "nv"))) {
attr |= EFI_VARIABLE_NON_VOLATILE;
} else if ((s = prefix(str, "boot"))) {
attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS |
- READ_ONLY;
- ret = efi_set_variable_common(L"SecureBoot", &efi_global_variable_guid,
- attributes, sizeof(secure_boot),
- &secure_boot, false);
+ EFI_VARIABLE_READ_ONLY;
+ ret = efi_set_variable_int(L"SecureBoot", &efi_global_variable_guid,
+ attributes, sizeof(secure_boot),
+ &secure_boot, false);
if (ret != EFI_SUCCESS)
goto err;
- ret = efi_set_variable_common(L"SetupMode", &efi_global_variable_guid,
- attributes, sizeof(setup_mode),
- &setup_mode, false);
+ ret = efi_set_variable_int(L"SetupMode", &efi_global_variable_guid,
+ attributes, sizeof(setup_mode),
+ &setup_mode, false);
if (ret != EFI_SUCCESS)
goto err;
- ret = efi_set_variable_common(L"AuditMode", &efi_global_variable_guid,
- attributes, sizeof(audit_mode),
- &audit_mode, false);
+ ret = efi_set_variable_int(L"AuditMode", &efi_global_variable_guid,
+ attributes, sizeof(audit_mode),
+ &audit_mode, false);
if (ret != EFI_SUCCESS)
goto err;
- ret = efi_set_variable_common(L"DeployedMode",
- &efi_global_variable_guid, attributes,
- sizeof(deployed_mode), &deployed_mode,
- false);
+ ret = efi_set_variable_int(L"DeployedMode",
+ &efi_global_variable_guid, attributes,
+ sizeof(deployed_mode), &deployed_mode,
+ false);
err:
return ret;
}
* @mode: new state
*
* Depending on @mode, secure boot related variables are updated.
- * Those variables are *read-only* for users, efi_set_variable_common()
+ * Those variables are *read-only* for users, efi_set_variable_int()
* is called here.
*
* Return: status code
efi_secure_boot = true;
} else if (mode == EFI_MODE_AUDIT) {
- ret = efi_set_variable_common(L"PK", &efi_global_variable_guid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_RUNTIME_ACCESS,
- 0, NULL, false);
+ ret = efi_set_variable_int(L"PK", &efi_global_variable_guid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ 0, NULL, false);
if (ret != EFI_SUCCESS)
goto err;
*/
size = 0;
- ret = efi_get_variable_common(L"PK", &efi_global_variable_guid,
- NULL, &size, NULL, NULL);
+ ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
+ NULL, &size, NULL, NULL);
if (ret == EFI_BUFFER_TOO_SMALL) {
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
mode = EFI_MODE_USER;
ret = efi_transfer_secure_state(mode);
if (ret == EFI_SUCCESS)
- ret = efi_set_variable_common(L"VendorKeys",
- &efi_global_variable_guid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_RUNTIME_ACCESS |
- READ_ONLY,
- sizeof(efi_vendor_keys),
- &efi_vendor_keys, false);
+ ret = efi_set_variable_int(L"VendorKeys",
+ &efi_global_variable_guid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_READ_ONLY,
+ sizeof(efi_vendor_keys),
+ &efi_vendor_keys, false);
err:
return ret;
}
#endif /* CONFIG_EFI_SECURE_BOOT */
-static efi_status_t efi_get_variable_common(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 *attributes,
- efi_uintn_t *data_size, void *data,
- u64 *timep)
+efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor,
+ u32 *attributes, efi_uintn_t *data_size,
+ void *data, u64 *timep)
{
char *native_name;
efi_status_t ret;
out:
if (attributes)
- *attributes = attr & EFI_VARIABLE_MASK;
+ *attributes = attr;
return ret;
}
-/**
- * efi_efi_get_variable() - retrieve value of a UEFI variable
- *
- * This function implements the GetVariable runtime service.
- *
- * See the Unified Extensible Firmware Interface (UEFI) specification for
- * details.
- *
- * @variable_name: name of the variable
- * @vendor: vendor GUID
- * @attributes: attributes of the variable
- * @data_size: size of the buffer to which the variable value is copied
- * @data: buffer to which the variable value is copied
- * Return: status code
- */
-efi_status_t EFIAPI efi_get_variable(u16 *variable_name,
- const efi_guid_t *vendor, u32 *attributes,
- efi_uintn_t *data_size, void *data)
-{
- efi_status_t ret;
-
- EFI_ENTRY("\"%ls\" %pUl %p %p %p", variable_name, vendor, attributes,
- data_size, data);
-
- ret = efi_get_variable_common(variable_name, vendor, attributes,
- data_size, data, NULL);
- return EFI_EXIT(ret);
-}
-
static char *efi_variables_list;
static char *efi_cur_variable;
return EFI_EXIT(ret);
}
-static efi_status_t efi_set_variable_common(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 attributes,
- efi_uintn_t data_size,
- const void *data,
- bool ro_check)
+efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
+ u32 attributes, efi_uintn_t data_size,
+ const void *data, bool ro_check)
{
char *native_name = NULL, *old_data = NULL, *val = NULL, *s;
efi_uintn_t old_size;
/* check if a variable exists */
old_size = 0;
attr = 0;
- ret = efi_get_variable_common(variable_name, vendor, &attr,
- &old_size, NULL, &time);
+ ret = efi_get_variable_int(variable_name, vendor, &attr,
+ &old_size, NULL, &time);
append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
delete = !append && (!data_size || !attributes);
/* check attributes */
if (old_size) {
- if (ro_check && (attr & READ_ONLY)) {
+ if (ro_check && (attr & EFI_VARIABLE_READ_ONLY)) {
ret = EFI_WRITE_PROTECTED;
goto err;
}
/* attributes won't be changed */
if (!delete &&
((ro_check && attr != attributes) ||
- (!ro_check && ((attr & ~(u32)READ_ONLY)
- != (attributes & ~(u32)READ_ONLY))))) {
+ (!ro_check && ((attr & ~(u32)EFI_VARIABLE_READ_ONLY)
+ != (attributes & ~(u32)EFI_VARIABLE_READ_ONLY))))) {
ret = EFI_INVALID_PARAMETER;
goto err;
}
ret = EFI_OUT_OF_RESOURCES;
goto err;
}
- ret = efi_get_variable_common(variable_name, vendor,
- &attr, &old_size, old_data, NULL);
+ ret = efi_get_variable_int(variable_name, vendor,
+ &attr, &old_size, old_data, NULL);
if (ret != EFI_SUCCESS)
goto err;
} else {
/*
* store attributes
*/
- attributes &= (READ_ONLY |
+ attributes &= (EFI_VARIABLE_READ_ONLY |
EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS |
while (attributes) {
attr = 1 << (ffs(attributes) - 1);
- if (attr == READ_ONLY) {
+ if (attr == EFI_VARIABLE_READ_ONLY) {
s += sprintf(s, "ro");
} else if (attr == EFI_VARIABLE_NON_VOLATILE) {
s += sprintf(s, "nv");
/* update VendorKeys */
if (vendor_keys_modified & efi_vendor_keys) {
efi_vendor_keys = 0;
- ret = efi_set_variable_common(
+ ret = efi_set_variable_int(
L"VendorKeys",
&efi_global_variable_guid,
EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
- | READ_ONLY,
+ | EFI_VARIABLE_READ_ONLY,
sizeof(efi_vendor_keys),
&efi_vendor_keys,
false);
return ret;
}
-/**
- * efi_set_variable() - set value of a UEFI variable
- *
- * This function implements the SetVariable runtime service.
- *
- * See the Unified Extensible Firmware Interface (UEFI) specification for
- * details.
- *
- * @variable_name: name of the variable
- * @vendor: vendor GUID
- * @attributes: attributes of the variable
- * @data_size: size of the buffer with the variable value
- * @data: buffer with the variable value
- * Return: status code
- */
-efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
- const efi_guid_t *vendor, u32 attributes,
- efi_uintn_t data_size, const void *data)
-{
- EFI_ENTRY("\"%ls\" %pUl %x %zu %p", variable_name, vendor, attributes,
- data_size, data);
-
- /* READ_ONLY bit is not part of API */
- attributes &= ~(u32)READ_ONLY;
-
- return EFI_EXIT(efi_set_variable_common(variable_name, vendor,
- attributes, data_size, data,
- true));
-}
-
/**
* efi_query_variable_info() - get information about EFI variables
*
#include <efi.h>
#include <efi_api.h>
#include <efi_loader.h>
+#include <efi_variable.h>
#include <tee.h>
#include <malloc.h>
#include <mm_communication.h>
return ret;
}
-/**
- * efi_get_variable() - retrieve value of a UEFI variable
- *
- * This function implements the GetVariable runtime service.
- *
- * See the Unified Extensible Firmware Interface (UEFI) specification for
- * details.
- *
- * @name: name of the variable
- * @guid: vendor GUID
- * @attr: attributes of the variable
- * @data_size: size of the buffer to which the variable value is copied
- * @data: buffer to which the variable value is copied
- * Return: status code
- */
-efi_status_t EFIAPI efi_get_variable(u16 *name, const efi_guid_t *guid,
- u32 *attr, efi_uintn_t *data_size,
- void *data)
+efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor,
+ u32 *attributes, efi_uintn_t *data_size,
+ void *data, u64 *timep)
{
struct smm_variable_access *var_acc;
efi_uintn_t payload_size;
u8 *comm_buf = NULL;
efi_status_t ret;
- EFI_ENTRY("\"%ls\" %pUl %p %p %p", name, guid, attr, data_size, data);
-
- if (!name || !guid || !data_size) {
+ if (!variable_name || !vendor || !data_size) {
ret = EFI_INVALID_PARAMETER;
goto out;
}
/* Check payload size */
- name_size = u16_strsize(name);
+ name_size = u16_strsize(variable_name);
if (name_size > max_payload_size - MM_VARIABLE_ACCESS_HEADER_SIZE) {
ret = EFI_INVALID_PARAMETER;
goto out;
goto out;
/* Fill in contents */
- guidcpy(&var_acc->guid, guid);
+ guidcpy(&var_acc->guid, vendor);
var_acc->data_size = tmp_dsize;
var_acc->name_size = name_size;
- var_acc->attr = attr ? *attr : 0;
- memcpy(var_acc->name, name, name_size);
+ var_acc->attr = attributes ? *attributes : 0;
+ memcpy(var_acc->name, variable_name, name_size);
/* Communicate */
ret = mm_communicate(comm_buf, payload_size);
if (ret != EFI_SUCCESS)
goto out;
- if (attr)
- *attr = var_acc->attr;
+ if (attributes)
+ *attributes = var_acc->attr;
if (data)
memcpy(data, (u8 *)var_acc->name + var_acc->name_size,
var_acc->data_size);
out:
free(comm_buf);
- return EFI_EXIT(ret);
+ return ret;
}
/**
return EFI_EXIT(ret);
}
-/**
- * efi_set_variable() - set value of a UEFI variable
- *
- * This function implements the SetVariable runtime service.
- *
- * See the Unified Extensible Firmware Interface (UEFI) specification for
- * details.
- *
- * @name: name of the variable
- * @guid: vendor GUID
- * @attr: attributes of the variable
- * @data_size: size of the buffer with the variable value
- * @data: buffer with the variable value
- * Return: status code
- */
-efi_status_t EFIAPI efi_set_variable(u16 *name, const efi_guid_t *guid,
- u32 attr, efi_uintn_t data_size,
- const void *data)
+efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
+ u32 attributes, efi_uintn_t data_size,
+ const void *data, bool ro_check)
{
struct smm_variable_access *var_acc;
efi_uintn_t payload_size;
u8 *comm_buf = NULL;
efi_status_t ret;
- EFI_ENTRY("\"%ls\" %pUl %x %zu %p", name, guid, attr, data_size, data);
-
- if (!name || name[0] == 0 || !guid) {
+ if (!variable_name || variable_name[0] == 0 || !vendor) {
ret = EFI_INVALID_PARAMETER;
goto out;
}
}
/* Check payload size */
- name_size = u16_strsize(name);
+ name_size = u16_strsize(variable_name);
payload_size = MM_VARIABLE_ACCESS_HEADER_SIZE + name_size + data_size;
if (payload_size > max_payload_size) {
ret = EFI_INVALID_PARAMETER;
goto out;
/* Fill in contents */
- guidcpy(&var_acc->guid, guid);
+ guidcpy(&var_acc->guid, vendor);
var_acc->data_size = data_size;
var_acc->name_size = name_size;
- var_acc->attr = attr;
- memcpy(var_acc->name, name, name_size);
+ var_acc->attr = attributes;
+ memcpy(var_acc->name, variable_name, name_size);
memcpy((u8 *)var_acc->name + name_size, data, data_size);
/* Communicate */
out:
free(comm_buf);
- return EFI_EXIT(ret);
+ return ret;
}
/**