From bc6f2e7c62bcd08177f879423188c54289694619 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 10 Mar 2013 22:47:56 +0100 Subject: [PATCH] bootctl: print secure boot flags --- src/boot/boot-efi.c | 3 +++ src/boot/boot.h | 2 ++ src/boot/bootctl.c | 35 +++++++++++++++++++++++------------ src/shared/efivars.c | 30 ++++++++++++++++++++++++++++++ src/shared/efivars.h | 2 ++ 5 files changed, 60 insertions(+), 12 deletions(-) diff --git a/src/boot/boot-efi.c b/src/boot/boot-efi.c index 51f12c0c1..9960c4d74 100644 --- a/src/boot/boot-efi.c +++ b/src/boot/boot-efi.c @@ -158,6 +158,9 @@ int boot_info_query(struct boot_info *info) { char buf[64]; char *loader_active = NULL; + info->fw_secure_boot = is_efi_secure_boot(); + info->fw_secure_boot_setup_mode = is_efi_secure_boot_setup_mode(); + efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderInfo", &info->loader); get_boot_entries(info); diff --git a/src/boot/boot.h b/src/boot/boot.h index febee123d..bd8dc69d3 100644 --- a/src/boot/boot.h +++ b/src/boot/boot.h @@ -45,6 +45,8 @@ struct boot_info { sd_id128_t boot_id; char *fw_type; char *fw_info; + int fw_secure_boot; + int fw_secure_boot_setup_mode; struct boot_info_entry *fw_entries; size_t fw_entries_count; uint16_t *fw_entries_order; diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index 2a42898e3..35daad81c 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -143,33 +143,44 @@ static int show_status(char **args, unsigned n) { err = boot_info_query(info); - printf(" Machine ID: %s\n", sd_id128_to_string(info->machine_id, buf)); - printf(" Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf)); + printf("Machine:\n"); + printf(" ID: %s\n", sd_id128_to_string(info->machine_id, buf)); + printf(" Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf)); + printf("\n"); + + printf("Firmware:\n"); if (info->fw_type) - printf(" Firmware: %s (%s)\n", info->fw_type, strna(info->fw_info)); + printf(" Type: %s (%s)\n", info->fw_type, strna(info->fw_info)); + + if (info->fw_secure_boot >= 0) + printf(" Secure Boot: %s\n", info->fw_secure_boot ? "enabled" : "disabled"); + if (info->fw_secure_boot_setup_mode >= 0) + printf(" Setup Mode: %s\n", info->fw_secure_boot_setup_mode ? "setup" : "user"); if (info->fw_entry_active >= 0) { - printf("Firmware entry: %s\n", strna(info->fw_entries[info->fw_entry_active].title)); + printf(" Title: %s\n", strna(info->fw_entries[info->fw_entry_active].title)); if (info->fw_entries[info->fw_entry_active].path) - printf(" %s\n", info->fw_entries[info->fw_entry_active].path); + printf(" Binary: %s\n", info->fw_entries[info->fw_entry_active].path); if (!sd_id128_equal(info->fw_entries[info->fw_entry_active].part_uuid, SD_ID128_NULL)) - printf(" /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", + printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", SD_ID128_FORMAT_VAL(info->fw_entries[info->fw_entry_active].part_uuid)); } + printf("\n"); if (info->loader) { - printf(" Loader: %s\n", info->loader); - printf(" %s\n", strna(info->loader_image_path)); + printf("Boot loader:\n"); + printf(" Type: %s\n", info->loader); + printf(" Binary: %s\n", strna(info->loader_image_path)); if (!sd_id128_equal(info->loader_part_uuid, SD_ID128_NULL)) - printf(" /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", + printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", SD_ID128_FORMAT_VAL(info->loader_part_uuid)); if (info->loader_entry_active >= 0) { - printf(" Loader entry: %s\n", strna(info->loader_entries[info->loader_entry_active].title)); - printf(" %s\n", info->loader_entries[info->loader_entry_active].path); + printf(" Title: %s\n", strna(info->loader_entries[info->loader_entry_active].title)); + printf(" Entry: %s\n", info->loader_entries[info->loader_entry_active].path); } - printf("Loader options: %s\n", strna(info->loader_options_added)); + printf(" Options: %s\n", strna(info->loader_options_added)); } else printf("No suitable data is provided by the boot manager. See:\n" " http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface\n" diff --git a/src/shared/efivars.c b/src/shared/efivars.c index c42956f84..4fb77428f 100644 --- a/src/shared/efivars.c +++ b/src/shared/efivars.c @@ -34,6 +34,36 @@ bool is_efi_boot(void) { return access("/sys/firmware/efi", F_OK) >= 0; } +static int read_flag(const char *varname) { + int r; + void *v; + size_t s; + uint8_t b; + + r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s); + if (r < 0) + return r; + + if (s != 1) { + r = -EINVAL; + goto finish; + } + + b = *(uint8_t *)v; + r = b > 0; +finish: + free(v); + return r; +} + +int is_efi_secure_boot(void) { + return read_flag("SecureBoot"); +} + +int is_efi_secure_boot_setup_mode(void) { + return read_flag("SetupMode"); +} + int efi_get_variable( sd_id128_t vendor, const char *name, diff --git a/src/shared/efivars.h b/src/shared/efivars.h index 380e038f6..2b88c6075 100644 --- a/src/shared/efivars.h +++ b/src/shared/efivars.h @@ -32,6 +32,8 @@ #define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c) bool is_efi_boot(void); +int is_efi_secure_boot(void); +int is_efi_secure_boot_setup_mode(void); int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size); int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p); -- 2.30.2