[J-u-boot.git] / include / efi_variable.h

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright (c) 2020, Heinrich Schuchardt <[email protected]>
 */

#ifndef _EFI_VARIABLE_H
#define _EFI_VARIABLE_H

#include <linux/bitops.h>

#define EFI_VARIABLE_READ_ONLY BIT(31)

enum efi_auth_var_type {
	EFI_AUTH_VAR_NONE = 0,
	EFI_AUTH_MODE,
	EFI_AUTH_VAR_PK,
	EFI_AUTH_VAR_KEK,
	EFI_AUTH_VAR_DB,
	EFI_AUTH_VAR_DBX,
	EFI_AUTH_VAR_DBT,
	EFI_AUTH_VAR_DBR,
};

/**
 * efi_get_variable() - retrieve value of a UEFI variable
 *
 * @variable_name:	name of the variable
 * @vendor:		vendor GUID
 * @attributes:		attributes of the variable
 * @data_size:		size of the buffer to which the variable value is copied
 * @data:		buffer to which the variable value is copied
 * @timep:		authentication time (seconds since start of epoch)
 * Return:		status code
 */
efi_status_t efi_get_variable_int(const u16 *variable_name,
				  const efi_guid_t *vendor,
				  u32 *attributes, efi_uintn_t *data_size,
				  void *data, u64 *timep);

/**
 * efi_set_variable() - set value of a UEFI variable
 *
 * @variable_name:	name of the variable
 * @vendor:		vendor GUID
 * @attributes:		attributes of the variable
 * @data_size:		size of the buffer with the variable value
 * @data:		buffer with the variable value
 * @ro_check:		check the read only read only bit in attributes
 * Return:		status code
 */
efi_status_t efi_set_variable_int(const u16 *variable_name,
				  const efi_guid_t *vendor,
				  u32 attributes, efi_uintn_t data_size,
				  const void *data, bool ro_check);

/**
 * efi_get_next_variable_name_int() - enumerate the current variable names
 *
 * @variable_name_size:	size of variable_name buffer in byte
 * @variable_name:	name of uefi variable's name in u16
 * @vendor:		vendor's guid
 *
 * See the Unified Extensible Firmware Interface (UEFI) specification for
 * details.
 *
 * Return: status code
 */
efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
					    u16 *variable_name,
					    efi_guid_t *vendor);

/**
 * efi_query_variable_info_int() - get information about EFI variables
 *
 * This function implements the QueryVariableInfo() runtime service.
 *
 * See the Unified Extensible Firmware Interface (UEFI) specification for
 * details.
 *
 * @attributes:				bitmask to select variables to be
 *					queried
 * @maximum_variable_storage_size:	maximum size of storage area for the
 *					selected variable types
 * @remaining_variable_storage_size:	remaining size of storage are for the
 *					selected variable types
 * @maximum_variable_size:		maximum size of a variable of the
 *					selected type
 * Returns:				status code
 */
efi_status_t efi_query_variable_info_int(u32 attributes,
					 u64 *maximum_variable_storage_size,
					 u64 *remaining_variable_storage_size,
					 u64 *maximum_variable_size);

#define EFI_VAR_FILE_NAME "ubootefi.var"

#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE

/*
 * This constant identifies the file format for storing UEFI variables in
 * struct efi_var_file.
 */
#define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */

/**
 * struct efi_var_entry - UEFI variable file entry
 *
 * @length:	length of enty, multiple of 8
 * @attr:	variable attributes
 * @time:	authentication time (seconds since start of epoch)
 * @guid:	vendor GUID
 * @name:	UTF16 variable name
 */
struct efi_var_entry {
	u32 length;
	u32 attr;
	u64 time;
	efi_guid_t guid;
	u16 name[];
};

/**
 * struct efi_var_file - file for storing UEFI variables
 *
 * @reserved:	unused, may be overwritten by memory probing
 * @magic:	identifies file format, takes value %EFI_VAR_FILE_MAGIC
 * @length:	length including header
 * @crc32:	CRC32 without header
 * @var:	variables
 */
struct efi_var_file {
	u64 reserved;
	u64 magic;
	u32 length;
	u32 crc32;
	struct efi_var_entry var[];
};

/**
 * efi_var_to_file() - save non-volatile variables as file
 *
 * File ubootefi.var is created on the EFI system partion.
 *
 * Return:	status code
 */
efi_status_t efi_var_to_file(void);

/**
 * efi_var_collect() - collect variables in buffer
 *
 * A buffer is allocated and filled with variables in a format ready to be
 * written to disk.
 *
 * @bufp:		pointer to pointer of buffer with collected variables
 * @lenp:		pointer to length of buffer
 * @check_attr_mask:	bitmask with required attributes of variables to be collected.
 *                      variables are only collected if all of the required
 *                      attributes are set.
 * Return:		status code
 */
efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp,
					    u32 check_attr_mask);

/**
 * efi_var_restore() - restore EFI variables from buffer
 *
 * Only if @safe is set secure boot related variables will be restored.
 *
 * @buf:	buffer
 * @safe:	restoring from tamper-resistant storage
 * Return:	status code
 */
efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);

/**
 * efi_var_from_file() - read variables from file
 *
 * File ubootefi.var is read from the EFI system partitions and the variables
 * stored in the file are created.
 *
 * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS
 * is returned.
 *
 * Return:	status code
 */
efi_status_t efi_var_from_file(void);

/**
 * efi_var_mem_init() - set-up variable list
 *
 * Return:	status code
 */
efi_status_t efi_var_mem_init(void);

/**
 * efi_var_mem_find() - find a variable in the list
 *
 * @guid:	GUID of the variable
 * @name:	name of the variable
 * @next:	on exit pointer to the next variable after the found one
 * Return:	found variable
 */
struct efi_var_entry *efi_var_mem_find(const efi_guid_t *guid, const u16 *name,
				       struct efi_var_entry **next);

/**
 * efi_var_mem_del() - delete a variable from the list of variables
 *
 * @var:	variable to delete
 */
void efi_var_mem_del(struct efi_var_entry *var);

/**
 * efi_var_mem_ins() - append a variable to the list of variables
 *
 * The variable is appended without checking if a variable of the same name
 * already exists. The two data buffers are concatenated.
 *
 * @variable_name:	variable name
 * @vendor:		GUID
 * @attributes:		variable attributes
 * @size1:		size of the first data buffer
 * @data1:		first data buffer
 * @size2:		size of the second data field
 * @data2:		second data buffer
 * @time:		time of authentication (as seconds since start of epoch)
 * Result:		status code
 */
efi_status_t efi_var_mem_ins(const u16 *variable_name,
			     const efi_guid_t *vendor, u32 attributes,
			     const efi_uintn_t size1, const void *data1,
			     const efi_uintn_t size2, const void *data2,
			     const u64 time);

/**
 * efi_var_mem_free() - determine free memory for variables
 *
 * Return:	maximum data size plus variable name size
 */
u64 efi_var_mem_free(void);

/**
 * efi_init_secure_state - initialize secure boot state
 *
 * Return:	status code
 */
efi_status_t efi_init_secure_state(void);

/**
 * efi_auth_var_get_type() - convert variable name and guid to enum
 *
 * @name:	name of UEFI variable
 * @guid:	guid of UEFI variable
 * Return:	identifier for authentication related variables
 */
enum efi_auth_var_type efi_auth_var_get_type(const u16 *name,
					     const efi_guid_t *guid);

/**
 * efi_auth_var_get_guid() - get the predefined GUID for a variable name
 *
 * @name:	name of UEFI variable
 * Return:	guid of UEFI variable
 */
const efi_guid_t *efi_auth_var_get_guid(const u16 *name);

/**
 * efi_get_next_variable_name_mem() - Runtime common code across efi variable
 *                                    implementations for GetNextVariable()
 *                                    from the cached memory copy
 * @variable_name_size:	size of variable_name buffer in byte
 * @variable_name:	name of uefi variable's name in u16
 * @vendor:		vendor's guid
 *
 * Return: status code
 */
efi_status_t __efi_runtime
efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name,
			       efi_guid_t *vendor);
/**
 * efi_get_variable_mem() - Runtime common code across efi variable
 *                          implementations for GetVariable() from
 *                          the cached memory copy
 *
 * @variable_name:	name of the variable
 * @vendor:		vendor GUID
 * @attributes:		attributes of the variable
 * @data_size:		size of the buffer to which the variable value is copied
 * @data:		buffer to which the variable value is copied
 * @timep:		authentication time (seconds since start of epoch)
 * Return:		status code
 */
efi_status_t __efi_runtime
efi_get_variable_mem(const u16 *variable_name, const efi_guid_t *vendor,
		     u32 *attributes, efi_uintn_t *data_size, void *data,
		     u64 *timep);

/**
 * efi_get_variable_runtime() - runtime implementation of GetVariable()
 *
 * @variable_name:	name of the variable
 * @guid:		vendor GUID
 * @attributes:		attributes of the variable
 * @data_size:		size of the buffer to which the variable value is copied
 * @data:		buffer to which the variable value is copied
 * Return:		status code
 */
efi_status_t __efi_runtime EFIAPI
efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid,
			 u32 *attributes, efi_uintn_t *data_size, void *data);

/**
 * efi_get_next_variable_name_runtime() - runtime implementation of
 *					  GetNextVariable()
 *
 * @variable_name_size:	size of variable_name buffer in byte
 * @variable_name:	name of uefi variable's name in u16
 * @guid:		vendor's guid
 * Return:              status code
 */
efi_status_t __efi_runtime EFIAPI
efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size,
				   u16 *variable_name, efi_guid_t *guid);

/**
 * efi_var_buf_update() - udpate memory buffer for variables
 *
 * @var_buf:	source buffer
 *
 * This function copies to the memory buffer for UEFI variables. Call this
 * function in ExitBootServices() if memory backed variables are only used
 * at runtime to fill the buffer.
 */
void efi_var_buf_update(struct efi_var_file *var_buf);

#endif
Commit	Line	Data
f2d2b3a1 HS	1	/* SPDX-License-Identifier: GPL-2.0+ */
	2	/*
	3	* Copyright (c) 2020, Heinrich Schuchardt <[email protected]>
	4	*/
	5
	6	#ifndef _EFI_VARIABLE_H
	7	#define _EFI_VARIABLE_H
	8
	9	#include <linux/bitops.h>
	10
	11	#define EFI_VARIABLE_READ_ONLY BIT(31)
	12
99bfab8b HS	13	enum efi_auth_var_type {
99bfab8b HS	14	EFI_AUTH_VAR_NONE = 0,
b191aa42	15	EFI_AUTH_MODE,
99bfab8b HS	16	EFI_AUTH_VAR_PK,
	17	EFI_AUTH_VAR_KEK,
	18	EFI_AUTH_VAR_DB,
	19	EFI_AUTH_VAR_DBX,
	20	EFI_AUTH_VAR_DBT,
	21	EFI_AUTH_VAR_DBR,
	22	};
	23
f2d2b3a1 HS	24	/**
	25	* efi_get_variable() - retrieve value of a UEFI variable
	26	*
	27	* @variable_name: name of the variable
	28	* @vendor: vendor GUID
	29	* @attributes: attributes of the variable
	30	* @data_size: size of the buffer to which the variable value is copied
	31	* @data: buffer to which the variable value is copied
	32	* @timep: authentication time (seconds since start of epoch)
	33	* Return: status code
	34	*/
d47671c6 HS	35	efi_status_t efi_get_variable_int(const u16 *variable_name,
d47671c6 HS	36	const efi_guid_t *vendor,
f2d2b3a1 HS	37	u32 attributes, efi_uintn_t data_size,
	38	void data, u64 timep);
	39
	40	/**
	41	* efi_set_variable() - set value of a UEFI variable
	42	*
	43	* @variable_name: name of the variable
	44	* @vendor: vendor GUID
	45	* @attributes: attributes of the variable
	46	* @data_size: size of the buffer with the variable value
	47	* @data: buffer with the variable value
	48	* @ro_check: check the read only read only bit in attributes
	49	* Return: status code
	50	*/
d47671c6 HS	51	efi_status_t efi_set_variable_int(const u16 *variable_name,
d47671c6 HS	52	const efi_guid_t *vendor,
f2d2b3a1 HS	53	u32 attributes, efi_uintn_t data_size,
	54	const void *data, bool ro_check);
	55
01df8cf3 HS	56	/**
	57	* efi_get_next_variable_name_int() - enumerate the current variable names
	58	*
	59	* @variable_name_size: size of variable_name buffer in byte
	60	* @variable_name: name of uefi variable's name in u16
	61	* @vendor: vendor's guid
	62	*
	63	* See the Unified Extensible Firmware Interface (UEFI) specification for
	64	* details.
	65	*
	66	* Return: status code
	67	*/
	68	efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
	69	u16 *variable_name,
	70	efi_guid_t *vendor);
	71
	72	/**
	73	* efi_query_variable_info_int() - get information about EFI variables
	74	*
	75	* This function implements the QueryVariableInfo() runtime service.
	76	*
	77	* See the Unified Extensible Firmware Interface (UEFI) specification for
	78	* details.
	79	*
	80	* @attributes: bitmask to select variables to be
	81	* queried
	82	* @maximum_variable_storage_size: maximum size of storage area for the
	83	* selected variable types
	84	* @remaining_variable_storage_size: remaining size of storage are for the
	85	* selected variable types
	86	* @maximum_variable_size: maximum size of a variable of the
	87	* selected type
	88	* Returns: status code
	89	*/
	90	efi_status_t efi_query_variable_info_int(u32 attributes,
	91	u64 *maximum_variable_storage_size,
	92	u64 *remaining_variable_storage_size,
	93	u64 *maximum_variable_size);
	94
5f7dcf07 HS	95	#define EFI_VAR_FILE_NAME "ubootefi.var"
5f7dcf07 HS	96
265ce194	97	#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE
5f7dcf07	98
627ab390 HS	99	/*
	100	* This constant identifies the file format for storing UEFI variables in
	101	* struct efi_var_file.
	102	*/
5f7dcf07 HS	103	#define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */
	104
	105	/**
	106	* struct efi_var_entry - UEFI variable file entry
	107	*
	108	* @length: length of enty, multiple of 8
	109	* @attr: variable attributes
	110	* @time: authentication time (seconds since start of epoch)
	111	* @guid: vendor GUID
	112	* @name: UTF16 variable name
	113	*/
	114	struct efi_var_entry {
	115	u32 length;
	116	u32 attr;
	117	u64 time;
	118	efi_guid_t guid;
	119	u16 name[];
	120	};
	121
	122	/**
	123	* struct efi_var_file - file for storing UEFI variables
	124	*
	125	* @reserved: unused, may be overwritten by memory probing
627ab390	126	* @magic: identifies file format, takes value %EFI_VAR_FILE_MAGIC
5f7dcf07 HS	127	* @length: length including header
	128	* @crc32: CRC32 without header
	129	* @var: variables
	130	*/
	131	struct efi_var_file {
	132	u64 reserved;
	133	u64 magic;
	134	u32 length;
	135	u32 crc32;
	136	struct efi_var_entry var[];
	137	};
	138
	139	/**
	140	* efi_var_to_file() - save non-volatile variables as file
	141	*
	142	* File ubootefi.var is created on the EFI system partion.
	143	*
	144	* Return: status code
	145	*/
	146	efi_status_t efi_var_to_file(void);
	147
e01aed47 IA	148	/**
	149	* efi_var_collect() - collect variables in buffer
	150	*
	151	* A buffer is allocated and filled with variables in a format ready to be
	152	* written to disk.
	153	*
	154	* @bufp: pointer to pointer of buffer with collected variables
	155	* @lenp: pointer to length of buffer
	156	* @check_attr_mask: bitmask with required attributes of variables to be collected.
	157	* variables are only collected if all of the required
	158	* attributes are set.
	159	* Return: status code
	160	*/
	161	efi_status_t __maybe_unused efi_var_collect(struct efi_var_file *bufp, loff_t lenp,
	162	u32 check_attr_mask);
	163
7dda1634 HS	164	/**
	165	* efi_var_restore() - restore EFI variables from buffer
	166	*
9ef82e29 HS	167	* Only if @safe is set secure boot related variables will be restored.
9ef82e29 HS	168	*
7dda1634	169	* @buf: buffer
9ef82e29	170	* @safe: restoring from tamper-resistant storage
7dda1634 HS	171	* Return: status code
7dda1634 HS	172	*/
9ef82e29	173	efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);
7dda1634	174
5f7dcf07 HS	175	/**
	176	* efi_var_from_file() - read variables from file
	177	*
	178	* File ubootefi.var is read from the EFI system partitions and the variables
	179	* stored in the file are created.
	180	*
	181	* In case the file does not exist yet or a variable cannot be set EFI_SUCCESS
	182	* is returned.
	183	*
	184	* Return: status code
	185	*/
	186	efi_status_t efi_var_from_file(void);
	187
f1f990a8 HS	188	/**
	189	* efi_var_mem_init() - set-up variable list
	190	*
	191	* Return: status code
	192	*/
	193	efi_status_t efi_var_mem_init(void);
	194
	195	/**
	196	* efi_var_mem_find() - find a variable in the list
	197	*
	198	* @guid: GUID of the variable
	199	* @name: name of the variable
	200	* @next: on exit pointer to the next variable after the found one
	201	* Return: found variable
	202	*/
	203	struct efi_var_entry efi_var_mem_find(const efi_guid_t guid, const u16 *name,
	204	struct efi_var_entry **next);
	205
	206	/**
	207	* efi_var_mem_del() - delete a variable from the list of variables
	208	*
	209	* @var: variable to delete
	210	*/
	211	void efi_var_mem_del(struct efi_var_entry *var);
	212
	213	/**
	214	* efi_var_mem_ins() - append a variable to the list of variables
	215	*
	216	* The variable is appended without checking if a variable of the same name
	217	* already exists. The two data buffers are concatenated.
	218	*
	219	* @variable_name: variable name
	220	* @vendor: GUID
	221	* @attributes: variable attributes
	222	* @size1: size of the first data buffer
	223	* @data1: first data buffer
	224	* @size2: size of the second data field
	225	* @data2: second data buffer
	226	* @time: time of authentication (as seconds since start of epoch)
	227	* Result: status code
	228	*/
d47671c6	229	efi_status_t efi_var_mem_ins(const u16 *variable_name,
f1f990a8 HS	230	const efi_guid_t *vendor, u32 attributes,
	231	const efi_uintn_t size1, const void *data1,
	232	const efi_uintn_t size2, const void *data2,
	233	const u64 time);
	234
	235	/**
	236	* efi_var_mem_free() - determine free memory for variables
	237	*
	238	* Return: maximum data size plus variable name size
	239	*/
	240	u64 efi_var_mem_free(void);
	241
012c56ac HS	242	/**
	243	* efi_init_secure_state - initialize secure boot state
	244	*
	245	* Return: status code
	246	*/
	247	efi_status_t efi_init_secure_state(void);
	248
99bfab8b HS	249	/**
	250	* efi_auth_var_get_type() - convert variable name and guid to enum
	251	*
	252	* @name: name of UEFI variable
	253	* @guid: guid of UEFI variable
	254	* Return: identifier for authentication related variables
	255	*/
d47671c6 HS	256	enum efi_auth_var_type efi_auth_var_get_type(const u16 *name,
d47671c6 HS	257	const efi_guid_t *guid);
99bfab8b	258
e618d1d2 HS	259	/**
	260	* efi_auth_var_get_guid() - get the predefined GUID for a variable name
	261	*
	262	* @name: name of UEFI variable
	263	* Return: guid of UEFI variable
	264	*/
	265	const efi_guid_t efi_auth_var_get_guid(const u16 name);
	266
e01aed47 IA	267	/**
	268	* efi_get_next_variable_name_mem() - Runtime common code across efi variable
	269	* implementations for GetNextVariable()
	270	* from the cached memory copy
	271	* @variable_name_size: size of variable_name buffer in byte
	272	* @variable_name: name of uefi variable's name in u16
	273	* @vendor: vendor's guid
	274	*
	275	* Return: status code
	276	*/
	277	efi_status_t __efi_runtime
	278	efi_get_next_variable_name_mem(efi_uintn_t variable_name_size, u16 variable_name,
	279	efi_guid_t *vendor);
	280	/**
	281	* efi_get_variable_mem() - Runtime common code across efi variable
	282	* implementations for GetVariable() from
	283	* the cached memory copy
	284	*
	285	* @variable_name: name of the variable
	286	* @vendor: vendor GUID
	287	* @attributes: attributes of the variable
	288	* @data_size: size of the buffer to which the variable value is copied
	289	* @data: buffer to which the variable value is copied
	290	* @timep: authentication time (seconds since start of epoch)
	291	* Return: status code
e01aed47 IA	292	*/
e01aed47 IA	293	efi_status_t __efi_runtime
d47671c6 HS	294	efi_get_variable_mem(const u16 variable_name, const efi_guid_t vendor,
	295	u32 attributes, efi_uintn_t data_size, void *data,
	296	u64 *timep);
e01aed47 IA	297
	298	/**
	299	* efi_get_variable_runtime() - runtime implementation of GetVariable()
	300	*
	301	* @variable_name: name of the variable
	302	* @guid: vendor GUID
	303	* @attributes: attributes of the variable
	304	* @data_size: size of the buffer to which the variable value is copied
	305	* @data: buffer to which the variable value is copied
	306	* Return: status code
	307	*/
	308	efi_status_t __efi_runtime EFIAPI
	309	efi_get_variable_runtime(u16 variable_name, const efi_guid_t guid,
	310	u32 attributes, efi_uintn_t data_size, void *data);
	311
	312	/**
	313	* efi_get_next_variable_name_runtime() - runtime implementation of
	314	* GetNextVariable()
	315	*
	316	* @variable_name_size: size of variable_name buffer in byte
	317	* @variable_name: name of uefi variable's name in u16
	318	* @guid: vendor's guid
	319	* Return: status code
	320	*/
	321	efi_status_t __efi_runtime EFIAPI
	322	efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size,
	323	u16 variable_name, efi_guid_t guid);
	324
53e54bf5 IA	325	/**
	326	* efi_var_buf_update() - udpate memory buffer for variables
	327	*
	328	* @var_buf: source buffer
	329	*
	330	* This function copies to the memory buffer for UEFI variables. Call this
	331	* function in ExitBootServices() if memory backed variables are only used
	332	* at runtime to fill the buffer.
	333	*/
	334	void efi_var_buf_update(struct efi_var_file *var_buf);
	335
f2d2b3a1	336	#endif