Heinrich Schuchardt | f2d2b3a | 2020-06-22 18:10:27 +0200 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
| 2 | /* |
| 3 | * Copyright (c) 2020, Heinrich Schuchardt <xypron.glpk@gmx.de> |
| 4 | */ |
| 5 | |
| 6 | #ifndef _EFI_VARIABLE_H |
| 7 | #define _EFI_VARIABLE_H |
| 8 | |
| 9 | #include <linux/bitops.h> |
| 10 | |
| 11 | #define EFI_VARIABLE_READ_ONLY BIT(31) |
| 12 | |
Heinrich Schuchardt | 99bfab8 | 2020-07-15 12:40:35 +0200 | [diff] [blame] | 13 | enum efi_auth_var_type { |
| 14 | EFI_AUTH_VAR_NONE = 0, |
Heinrich Schuchardt | b191aa4 | 2021-08-26 04:30:24 +0200 | [diff] [blame] | 15 | EFI_AUTH_MODE, |
Heinrich Schuchardt | 99bfab8 | 2020-07-15 12:40:35 +0200 | [diff] [blame] | 16 | EFI_AUTH_VAR_PK, |
| 17 | EFI_AUTH_VAR_KEK, |
| 18 | EFI_AUTH_VAR_DB, |
| 19 | EFI_AUTH_VAR_DBX, |
| 20 | EFI_AUTH_VAR_DBT, |
| 21 | EFI_AUTH_VAR_DBR, |
| 22 | }; |
| 23 | |
Heinrich Schuchardt | f2d2b3a | 2020-06-22 18:10:27 +0200 | [diff] [blame] | 24 | /** |
| 25 | * efi_get_variable() - retrieve value of a UEFI variable |
| 26 | * |
| 27 | * @variable_name: name of the variable |
| 28 | * @vendor: vendor GUID |
| 29 | * @attributes: attributes of the variable |
| 30 | * @data_size: size of the buffer to which the variable value is copied |
| 31 | * @data: buffer to which the variable value is copied |
| 32 | * @timep: authentication time (seconds since start of epoch) |
| 33 | * Return: status code |
| 34 | */ |
Heinrich Schuchardt | d47671c | 2021-09-09 07:12:14 +0200 | [diff] [blame] | 35 | efi_status_t efi_get_variable_int(const u16 *variable_name, |
| 36 | const efi_guid_t *vendor, |
Heinrich Schuchardt | f2d2b3a | 2020-06-22 18:10:27 +0200 | [diff] [blame] | 37 | u32 *attributes, efi_uintn_t *data_size, |
| 38 | void *data, u64 *timep); |
| 39 | |
| 40 | /** |
| 41 | * efi_set_variable() - set value of a UEFI variable |
| 42 | * |
| 43 | * @variable_name: name of the variable |
| 44 | * @vendor: vendor GUID |
| 45 | * @attributes: attributes of the variable |
| 46 | * @data_size: size of the buffer with the variable value |
| 47 | * @data: buffer with the variable value |
| 48 | * @ro_check: check the read only read only bit in attributes |
| 49 | * Return: status code |
| 50 | */ |
Heinrich Schuchardt | d47671c | 2021-09-09 07:12:14 +0200 | [diff] [blame] | 51 | efi_status_t efi_set_variable_int(const u16 *variable_name, |
| 52 | const efi_guid_t *vendor, |
Heinrich Schuchardt | f2d2b3a | 2020-06-22 18:10:27 +0200 | [diff] [blame] | 53 | u32 attributes, efi_uintn_t data_size, |
| 54 | const void *data, bool ro_check); |
| 55 | |
Heinrich Schuchardt | 01df8cf | 2020-06-26 17:57:48 +0200 | [diff] [blame] | 56 | /** |
| 57 | * efi_get_next_variable_name_int() - enumerate the current variable names |
| 58 | * |
| 59 | * @variable_name_size: size of variable_name buffer in byte |
| 60 | * @variable_name: name of uefi variable's name in u16 |
| 61 | * @vendor: vendor's guid |
| 62 | * |
| 63 | * See the Unified Extensible Firmware Interface (UEFI) specification for |
| 64 | * details. |
| 65 | * |
| 66 | * Return: status code |
| 67 | */ |
| 68 | efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size, |
| 69 | u16 *variable_name, |
| 70 | efi_guid_t *vendor); |
| 71 | |
| 72 | /** |
| 73 | * efi_query_variable_info_int() - get information about EFI variables |
| 74 | * |
| 75 | * This function implements the QueryVariableInfo() runtime service. |
| 76 | * |
| 77 | * See the Unified Extensible Firmware Interface (UEFI) specification for |
| 78 | * details. |
| 79 | * |
| 80 | * @attributes: bitmask to select variables to be |
| 81 | * queried |
| 82 | * @maximum_variable_storage_size: maximum size of storage area for the |
| 83 | * selected variable types |
| 84 | * @remaining_variable_storage_size: remaining size of storage are for the |
| 85 | * selected variable types |
| 86 | * @maximum_variable_size: maximum size of a variable of the |
| 87 | * selected type |
| 88 | * Returns: status code |
| 89 | */ |
| 90 | efi_status_t efi_query_variable_info_int(u32 attributes, |
| 91 | u64 *maximum_variable_storage_size, |
| 92 | u64 *remaining_variable_storage_size, |
| 93 | u64 *maximum_variable_size); |
| 94 | |
Heinrich Schuchardt | 5f7dcf0 | 2020-03-19 18:21:58 +0000 | [diff] [blame] | 95 | #define EFI_VAR_FILE_NAME "ubootefi.var" |
| 96 | |
Heinrich Schuchardt | 265ce19 | 2020-12-20 11:05:38 +0100 | [diff] [blame] | 97 | #define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE |
Heinrich Schuchardt | 5f7dcf0 | 2020-03-19 18:21:58 +0000 | [diff] [blame] | 98 | |
Heinrich Schuchardt | 627ab39 | 2020-07-16 07:18:40 +0200 | [diff] [blame] | 99 | /* |
| 100 | * This constant identifies the file format for storing UEFI variables in |
| 101 | * struct efi_var_file. |
| 102 | */ |
Heinrich Schuchardt | 5f7dcf0 | 2020-03-19 18:21:58 +0000 | [diff] [blame] | 103 | #define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */ |
| 104 | |
| 105 | /** |
| 106 | * struct efi_var_entry - UEFI variable file entry |
| 107 | * |
| 108 | * @length: length of enty, multiple of 8 |
| 109 | * @attr: variable attributes |
| 110 | * @time: authentication time (seconds since start of epoch) |
| 111 | * @guid: vendor GUID |
| 112 | * @name: UTF16 variable name |
| 113 | */ |
| 114 | struct efi_var_entry { |
| 115 | u32 length; |
| 116 | u32 attr; |
| 117 | u64 time; |
| 118 | efi_guid_t guid; |
| 119 | u16 name[]; |
| 120 | }; |
| 121 | |
| 122 | /** |
| 123 | * struct efi_var_file - file for storing UEFI variables |
| 124 | * |
| 125 | * @reserved: unused, may be overwritten by memory probing |
Heinrich Schuchardt | 627ab39 | 2020-07-16 07:18:40 +0200 | [diff] [blame] | 126 | * @magic: identifies file format, takes value %EFI_VAR_FILE_MAGIC |
Heinrich Schuchardt | 5f7dcf0 | 2020-03-19 18:21:58 +0000 | [diff] [blame] | 127 | * @length: length including header |
| 128 | * @crc32: CRC32 without header |
| 129 | * @var: variables |
| 130 | */ |
| 131 | struct efi_var_file { |
| 132 | u64 reserved; |
| 133 | u64 magic; |
| 134 | u32 length; |
| 135 | u32 crc32; |
| 136 | struct efi_var_entry var[]; |
| 137 | }; |
| 138 | |
| 139 | /** |
| 140 | * efi_var_to_file() - save non-volatile variables as file |
| 141 | * |
| 142 | * File ubootefi.var is created on the EFI system partion. |
| 143 | * |
| 144 | * Return: status code |
| 145 | */ |
| 146 | efi_status_t efi_var_to_file(void); |
| 147 | |
| 148 | /** |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 149 | * efi_var_collect() - collect variables in buffer |
| 150 | * |
| 151 | * A buffer is allocated and filled with variables in a format ready to be |
| 152 | * written to disk. |
| 153 | * |
| 154 | * @bufp: pointer to pointer of buffer with collected variables |
| 155 | * @lenp: pointer to length of buffer |
| 156 | * @check_attr_mask: bitmask with required attributes of variables to be collected. |
| 157 | * variables are only collected if all of the required |
| 158 | * attributes are set. |
| 159 | * Return: status code |
| 160 | */ |
| 161 | efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp, |
| 162 | u32 check_attr_mask); |
| 163 | |
| 164 | /** |
Heinrich Schuchardt | 7dda163 | 2020-07-14 21:25:28 +0200 | [diff] [blame] | 165 | * efi_var_restore() - restore EFI variables from buffer |
| 166 | * |
Heinrich Schuchardt | 9ef82e2 | 2021-08-25 19:13:24 +0200 | [diff] [blame] | 167 | * Only if @safe is set secure boot related variables will be restored. |
| 168 | * |
Heinrich Schuchardt | 7dda163 | 2020-07-14 21:25:28 +0200 | [diff] [blame] | 169 | * @buf: buffer |
Heinrich Schuchardt | 9ef82e2 | 2021-08-25 19:13:24 +0200 | [diff] [blame] | 170 | * @safe: restoring from tamper-resistant storage |
Heinrich Schuchardt | 7dda163 | 2020-07-14 21:25:28 +0200 | [diff] [blame] | 171 | * Return: status code |
| 172 | */ |
Heinrich Schuchardt | 9ef82e2 | 2021-08-25 19:13:24 +0200 | [diff] [blame] | 173 | efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe); |
Heinrich Schuchardt | 7dda163 | 2020-07-14 21:25:28 +0200 | [diff] [blame] | 174 | |
| 175 | /** |
Heinrich Schuchardt | 5f7dcf0 | 2020-03-19 18:21:58 +0000 | [diff] [blame] | 176 | * efi_var_from_file() - read variables from file |
| 177 | * |
| 178 | * File ubootefi.var is read from the EFI system partitions and the variables |
| 179 | * stored in the file are created. |
| 180 | * |
| 181 | * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS |
| 182 | * is returned. |
| 183 | * |
| 184 | * Return: status code |
| 185 | */ |
| 186 | efi_status_t efi_var_from_file(void); |
| 187 | |
Heinrich Schuchardt | f1f990a | 2020-03-22 09:07:50 +0100 | [diff] [blame] | 188 | /** |
| 189 | * efi_var_mem_init() - set-up variable list |
| 190 | * |
| 191 | * Return: status code |
| 192 | */ |
| 193 | efi_status_t efi_var_mem_init(void); |
| 194 | |
| 195 | /** |
| 196 | * efi_var_mem_find() - find a variable in the list |
| 197 | * |
| 198 | * @guid: GUID of the variable |
| 199 | * @name: name of the variable |
| 200 | * @next: on exit pointer to the next variable after the found one |
| 201 | * Return: found variable |
| 202 | */ |
| 203 | struct efi_var_entry *efi_var_mem_find(const efi_guid_t *guid, const u16 *name, |
| 204 | struct efi_var_entry **next); |
| 205 | |
| 206 | /** |
| 207 | * efi_var_mem_del() - delete a variable from the list of variables |
| 208 | * |
| 209 | * @var: variable to delete |
| 210 | */ |
| 211 | void efi_var_mem_del(struct efi_var_entry *var); |
| 212 | |
| 213 | /** |
| 214 | * efi_var_mem_ins() - append a variable to the list of variables |
| 215 | * |
| 216 | * The variable is appended without checking if a variable of the same name |
| 217 | * already exists. The two data buffers are concatenated. |
| 218 | * |
| 219 | * @variable_name: variable name |
| 220 | * @vendor: GUID |
| 221 | * @attributes: variable attributes |
| 222 | * @size1: size of the first data buffer |
| 223 | * @data1: first data buffer |
| 224 | * @size2: size of the second data field |
| 225 | * @data2: second data buffer |
| 226 | * @time: time of authentication (as seconds since start of epoch) |
| 227 | * Result: status code |
| 228 | */ |
Heinrich Schuchardt | d47671c | 2021-09-09 07:12:14 +0200 | [diff] [blame] | 229 | efi_status_t efi_var_mem_ins(const u16 *variable_name, |
Heinrich Schuchardt | f1f990a | 2020-03-22 09:07:50 +0100 | [diff] [blame] | 230 | const efi_guid_t *vendor, u32 attributes, |
| 231 | const efi_uintn_t size1, const void *data1, |
| 232 | const efi_uintn_t size2, const void *data2, |
| 233 | const u64 time); |
| 234 | |
| 235 | /** |
| 236 | * efi_var_mem_free() - determine free memory for variables |
| 237 | * |
| 238 | * Return: maximum data size plus variable name size |
| 239 | */ |
| 240 | u64 efi_var_mem_free(void); |
| 241 | |
Heinrich Schuchardt | 012c56a | 2020-07-14 08:04:49 +0200 | [diff] [blame] | 242 | /** |
| 243 | * efi_init_secure_state - initialize secure boot state |
| 244 | * |
| 245 | * Return: status code |
| 246 | */ |
| 247 | efi_status_t efi_init_secure_state(void); |
| 248 | |
Heinrich Schuchardt | 99bfab8 | 2020-07-15 12:40:35 +0200 | [diff] [blame] | 249 | /** |
| 250 | * efi_auth_var_get_type() - convert variable name and guid to enum |
| 251 | * |
| 252 | * @name: name of UEFI variable |
| 253 | * @guid: guid of UEFI variable |
| 254 | * Return: identifier for authentication related variables |
| 255 | */ |
Heinrich Schuchardt | d47671c | 2021-09-09 07:12:14 +0200 | [diff] [blame] | 256 | enum efi_auth_var_type efi_auth_var_get_type(const u16 *name, |
| 257 | const efi_guid_t *guid); |
Heinrich Schuchardt | 99bfab8 | 2020-07-15 12:40:35 +0200 | [diff] [blame] | 258 | |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 259 | /** |
Heinrich Schuchardt | e618d1d | 2021-09-09 08:22:58 +0200 | [diff] [blame] | 260 | * efi_auth_var_get_guid() - get the predefined GUID for a variable name |
| 261 | * |
| 262 | * @name: name of UEFI variable |
| 263 | * Return: guid of UEFI variable |
| 264 | */ |
| 265 | const efi_guid_t *efi_auth_var_get_guid(const u16 *name); |
| 266 | |
| 267 | /** |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 268 | * efi_get_next_variable_name_mem() - Runtime common code across efi variable |
| 269 | * implementations for GetNextVariable() |
| 270 | * from the cached memory copy |
Heinrich Schuchardt | 70a4ac6 | 2022-12-18 06:08:57 +0000 | [diff] [blame] | 271 | * |
| 272 | * @variable_name_size: size of variable_name buffer in bytes |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 273 | * @variable_name: name of uefi variable's name in u16 |
| 274 | * @vendor: vendor's guid |
| 275 | * |
| 276 | * Return: status code |
| 277 | */ |
| 278 | efi_status_t __efi_runtime |
| 279 | efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name, |
| 280 | efi_guid_t *vendor); |
| 281 | /** |
| 282 | * efi_get_variable_mem() - Runtime common code across efi variable |
| 283 | * implementations for GetVariable() from |
| 284 | * the cached memory copy |
| 285 | * |
| 286 | * @variable_name: name of the variable |
| 287 | * @vendor: vendor GUID |
| 288 | * @attributes: attributes of the variable |
| 289 | * @data_size: size of the buffer to which the variable value is copied |
| 290 | * @data: buffer to which the variable value is copied |
| 291 | * @timep: authentication time (seconds since start of epoch) |
| 292 | * Return: status code |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 293 | */ |
| 294 | efi_status_t __efi_runtime |
Heinrich Schuchardt | d47671c | 2021-09-09 07:12:14 +0200 | [diff] [blame] | 295 | efi_get_variable_mem(const u16 *variable_name, const efi_guid_t *vendor, |
| 296 | u32 *attributes, efi_uintn_t *data_size, void *data, |
| 297 | u64 *timep); |
Ilias Apalodimas | e01aed4 | 2020-07-23 15:49:49 +0300 | [diff] [blame] | 298 | |
| 299 | /** |
| 300 | * efi_get_variable_runtime() - runtime implementation of GetVariable() |
| 301 | * |
| 302 | * @variable_name: name of the variable |
| 303 | * @guid: vendor GUID |
| 304 | * @attributes: attributes of the variable |
| 305 | * @data_size: size of the buffer to which the variable value is copied |
| 306 | * @data: buffer to which the variable value is copied |
| 307 | * Return: status code |
| 308 | */ |
| 309 | efi_status_t __efi_runtime EFIAPI |
| 310 | efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid, |
| 311 | u32 *attributes, efi_uintn_t *data_size, void *data); |
| 312 | |
| 313 | /** |
| 314 | * efi_get_next_variable_name_runtime() - runtime implementation of |
| 315 | * GetNextVariable() |
| 316 | * |
| 317 | * @variable_name_size: size of variable_name buffer in byte |
| 318 | * @variable_name: name of uefi variable's name in u16 |
| 319 | * @guid: vendor's guid |
| 320 | * Return: status code |
| 321 | */ |
| 322 | efi_status_t __efi_runtime EFIAPI |
| 323 | efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, |
| 324 | u16 *variable_name, efi_guid_t *guid); |
| 325 | |
Ilias Apalodimas | 53e54bf | 2021-01-16 17:28:04 +0200 | [diff] [blame] | 326 | /** |
| 327 | * efi_var_buf_update() - udpate memory buffer for variables |
| 328 | * |
| 329 | * @var_buf: source buffer |
| 330 | * |
| 331 | * This function copies to the memory buffer for UEFI variables. Call this |
| 332 | * function in ExitBootServices() if memory backed variables are only used |
| 333 | * at runtime to fill the buffer. |
| 334 | */ |
| 335 | void efi_var_buf_update(struct efi_var_file *var_buf); |
| 336 | |
Heinrich Schuchardt | f2d2b3a | 2020-06-22 18:10:27 +0200 | [diff] [blame] | 337 | #endif |