Page MenuHomeFreeBSD
Differential D8278

Make append and write work more like Linux
Needs ReviewPublic
Actions

Authored by ambrisko on Oct 18 2016, 8:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Apr 9 2024, 2:35 AM
Unknown Object (File)
Apr 9 2024, 2:35 AM
Unknown Object (File)
Apr 7 2024, 1:49 AM
Unknown Object (File)
Mar 15 2024, 3:57 PM
Unknown Object (File)
Mar 15 2024, 3:57 PM
Unknown Object (File)
Jan 10 2024, 11:07 AM
Unknown Object (File)
Jan 10 2024, 3:41 AM
Unknown Object (File)
Dec 24 2023, 4:11 PM
View All 40 Files
Subscribers
None

Details

Reviewers
imp
Summary

Linux gets the current attributes and uses that as the default when
writing or appending. When appending Linux automatically adds
the EFI_VARIABLE_APPEND_WRITE attribute. Linux requires the data
to come from a file. Change the type of attrib to uint32_t. Allow
the attribute to come from the command line. When appending,
EFI_VARIABLE_APPEND_WRITE is added to the command line specified
attribute option.

Test Plan

Tested updates via append to secure variables with signed updates.
Tested updates via write. Both testing was done without specifying
an attribute and with. Compared that the same command with -f worked
on Linux and FreeBSD. Testing that FreeBSD still worked when reading
from stdin.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 7690
Build 7837: arc lint + arc unit

Event Timeline

ambrisko updated this revision to Diff 21482.Oct 18 2016, 8:38 PM
ambrisko retitled this revision from to Make append and write work more like Linux.
ambrisko updated this object.
ambrisko edited the test plan for this revision. (Show Details)
ambrisko added a reviewer: imp.
imp edited edge metadata.Oct 19 2016, 7:36 AM

See inline. Basically I like this, but there's some issues.

usr.sbin/efivar/efivar.c
67

I don't think this should be done. Also, you're diffing against an old version.

132

This is not needed. efi_append_variable already does this:

return efi_set_variable(guid, name, data, data_size,
    attributes | EFI_VARIABLE_APPEND_WRITE, 0);
157–158

You're allowed to set a variable that's not been set yet. This is incorrect.

159–160

And this is wrong if it was never set. The default should still be 0x7.

326–327

This is already in -current.

ambrisko updated this revision to Diff 25605.Feb 22 2017, 11:21 PM
ambrisko edited edge metadata.

Update to address comments so that writing a new variable works.
Use the sane attribute default and if the default is being used,
check for the old attribute file and use that. This could cause
an issue if the user tried to over ride the attribute but it matched
the sane default. This is probably low risk.

With this change I can delete the secure boot db keys via an authenticated
null db file. I can write a new db via an authenticated update passing
in -t 0x27. Authenticated appends also work (with -t 0x67 if it is the
first update).

Also various bases for the -t parameter.

This diverges from Linux but makes it more usable.

Revision Contents
Changeset List

PathSize
usr.sbin/
efivar/
30 lines

Diff 25605

View Options

usr.sbin/efivar/efivar.c

Loading...