chiark / gitweb /
bootctl: print secure boot flags
authorKay Sievers <kay@vrfy.org>
Sun, 10 Mar 2013 21:47:56 +0000 (22:47 +0100)
committerKay Sievers <kay@vrfy.org>
Sun, 10 Mar 2013 21:48:27 +0000 (22:48 +0100)
src/boot/boot-efi.c
src/boot/boot.h
src/boot/bootctl.c
src/shared/efivars.c
src/shared/efivars.h

index 51f12c0..9960c4d 100644 (file)
@@ -158,6 +158,9 @@ int boot_info_query(struct boot_info *info) {
         char buf[64];
         char *loader_active = NULL;
 
+        info->fw_secure_boot = is_efi_secure_boot();
+        info->fw_secure_boot_setup_mode = is_efi_secure_boot_setup_mode();
+
         efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderInfo", &info->loader);
 
         get_boot_entries(info);
index febee12..bd8dc69 100644 (file)
@@ -45,6 +45,8 @@ struct boot_info {
         sd_id128_t boot_id;
         char *fw_type;
         char *fw_info;
+        int fw_secure_boot;
+        int fw_secure_boot_setup_mode;
         struct boot_info_entry *fw_entries;
         size_t fw_entries_count;
         uint16_t *fw_entries_order;
index 2a42898..35daad8 100644 (file)
@@ -143,33 +143,44 @@ static int show_status(char **args, unsigned n) {
 
         err = boot_info_query(info);
 
-        printf("    Machine ID: %s\n", sd_id128_to_string(info->machine_id, buf));
-        printf("       Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+        printf("Machine:\n");
+        printf("           ID: %s\n", sd_id128_to_string(info->machine_id, buf));
+        printf("      Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+        printf("\n");
+
+        printf("Firmware:\n");
         if (info->fw_type)
-                printf("      Firmware: %s (%s)\n", info->fw_type, strna(info->fw_info));
+                printf("         Type: %s (%s)\n", info->fw_type, strna(info->fw_info));
+
+        if (info->fw_secure_boot >= 0)
+                printf("  Secure Boot: %s\n", info->fw_secure_boot ? "enabled" : "disabled");
+        if (info->fw_secure_boot_setup_mode >= 0)
+                printf("     Setup Mode: %s\n", info->fw_secure_boot_setup_mode ? "setup" : "user");
 
         if (info->fw_entry_active >= 0) {
-                printf("Firmware entry: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
+                printf("        Title: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
                 if (info->fw_entries[info->fw_entry_active].path)
-                        printf("                %s\n", info->fw_entries[info->fw_entry_active].path);
+                        printf("       Binary: %s\n", info->fw_entries[info->fw_entry_active].path);
                 if (!sd_id128_equal(info->fw_entries[info->fw_entry_active].part_uuid, SD_ID128_NULL))
-                        printf("                /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+                        printf("    Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
                                SD_ID128_FORMAT_VAL(info->fw_entries[info->fw_entry_active].part_uuid));
         }
+        printf("\n");
 
         if (info->loader) {
-                printf("        Loader: %s\n", info->loader);
-                printf("                %s\n", strna(info->loader_image_path));
+                printf("Boot loader:\n");
+                printf("         Type: %s\n", info->loader);
+                printf("       Binary: %s\n", strna(info->loader_image_path));
                 if (!sd_id128_equal(info->loader_part_uuid, SD_ID128_NULL))
-                        printf("                /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+                        printf("    Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
                                SD_ID128_FORMAT_VAL(info->loader_part_uuid));
 
                 if (info->loader_entry_active >= 0) {
-                        printf("  Loader entry: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
-                        printf("                %s\n", info->loader_entries[info->loader_entry_active].path);
+                        printf("        Title: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
+                        printf("        Entry: %s\n", info->loader_entries[info->loader_entry_active].path);
                 }
 
-                printf("Loader options: %s\n", strna(info->loader_options_added));
+                printf("      Options: %s\n", strna(info->loader_options_added));
         } else
                 printf("No suitable data is provided by the boot manager. See:\n"
                        "  http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface\n"
index c42956f..4fb7742 100644 (file)
@@ -34,6 +34,36 @@ bool is_efi_boot(void) {
         return access("/sys/firmware/efi", F_OK) >= 0;
 }
 
+static int read_flag(const char *varname) {
+        int r;
+        void *v;
+        size_t s;
+        uint8_t b;
+
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
+        if (r < 0)
+                return r;
+
+        if (s != 1) {
+                r = -EINVAL;
+                goto finish;
+        }
+
+        b = *(uint8_t *)v;
+        r = b > 0;
+finish:
+        free(v);
+        return r;
+}
+
+int is_efi_secure_boot(void) {
+        return read_flag("SecureBoot");
+}
+
+int is_efi_secure_boot_setup_mode(void) {
+        return read_flag("SetupMode");
+}
+
 int efi_get_variable(
                 sd_id128_t vendor,
                 const char *name,
index 380e038..2b88c60 100644 (file)
@@ -32,6 +32,8 @@
 #define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c)
 
 bool is_efi_boot(void);
+int is_efi_secure_boot(void);
+int is_efi_secure_boot_setup_mode(void);
 
 int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size);
 int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p);