1/* SPDX-License-Identifier: GPL-2.0+ */
2/*
3 * Copyright (c) 2020, Heinrich Schuchardt <xypron.glpk@gmx.de>
4 */
5
6#ifndef _EFI_VARIABLE_H
7#define _EFI_VARIABLE_H
8
9#include <linux/bitops.h>
10
11#define EFI_VARIABLE_READ_ONLY 0x80000000
12
13enum efi_auth_var_type {
14	EFI_AUTH_VAR_NONE = 0,
15	EFI_AUTH_MODE,
16	EFI_AUTH_VAR_PK,
17	EFI_AUTH_VAR_KEK,
18	EFI_AUTH_VAR_DB,
19	EFI_AUTH_VAR_DBX,
20	EFI_AUTH_VAR_DBT,
21	EFI_AUTH_VAR_DBR,
22};
23
24/**
25 * efi_get_variable() - retrieve value of a UEFI variable
26 *
27 * @variable_name:	name of the variable
28 * @vendor:		vendor GUID
29 * @attributes:		attributes of the variable
30 * @data_size:		size of the buffer to which the variable value is copied
31 * @data:		buffer to which the variable value is copied
32 * @timep:		authentication time (seconds since start of epoch)
33 * Return:		status code
34 */
35efi_status_t efi_get_variable_int(const u16 *variable_name,
36				  const efi_guid_t *vendor,
37				  u32 *attributes, efi_uintn_t *data_size,
38				  void *data, u64 *timep);
39
40/**
41 * efi_set_variable() - set value of a UEFI variable
42 *
43 * @variable_name:	name of the variable
44 * @vendor:		vendor GUID
45 * @attributes:		attributes of the variable
46 * @data_size:		size of the buffer with the variable value
47 * @data:		buffer with the variable value
48 * @ro_check:		check the read only read only bit in attributes
49 * Return:		status code
50 */
51efi_status_t efi_set_variable_int(const u16 *variable_name,
52				  const efi_guid_t *vendor,
53				  u32 attributes, efi_uintn_t data_size,
54				  const void *data, bool ro_check);
55
56/**
57 * efi_get_next_variable_name_int() - enumerate the current variable names
58 *
59 * @variable_name_size:	size of variable_name buffer in byte
60 * @variable_name:	name of uefi variable's name in u16
61 * @vendor:		vendor's guid
62 *
63 * See the Unified Extensible Firmware Interface (UEFI) specification for
64 * details.
65 *
66 * Return: status code
67 */
68efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
69					    u16 *variable_name,
70					    efi_guid_t *vendor);
71
72/**
73 * efi_query_variable_info_int() - get information about EFI variables
74 *
75 * This function implements the QueryVariableInfo() runtime service.
76 *
77 * See the Unified Extensible Firmware Interface (UEFI) specification for
78 * details.
79 *
80 * @attributes:				bitmask to select variables to be
81 *					queried
82 * @maximum_variable_storage_size:	maximum size of storage area for the
83 *					selected variable types
84 * @remaining_variable_storage_size:	remaining size of storage are for the
85 *					selected variable types
86 * @maximum_variable_size:		maximum size of a variable of the
87 *					selected type
88 * Returns:				status code
89 */
90efi_status_t efi_query_variable_info_int(u32 attributes,
91					 u64 *maximum_variable_storage_size,
92					 u64 *remaining_variable_storage_size,
93					 u64 *maximum_variable_size);
94
95#define EFI_VAR_FILE_NAME "ubootefi.var"
96
97#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE
98
99/*
100 * This constant identifies the file format for storing UEFI variables in
101 * struct efi_var_file.
102 */
103#define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */
104
105/**
106 * struct efi_var_entry - UEFI variable file entry
107 *
108 * @length:	length of enty, multiple of 8
109 * @attr:	variable attributes
110 * @time:	authentication time (seconds since start of epoch)
111 * @guid:	vendor GUID
112 * @name:	UTF16 variable name
113 */
114struct efi_var_entry {
115	u32 length;
116	u32 attr;
117	u64 time;
118	efi_guid_t guid;
119	u16 name[];
120};
121
122/**
123 * struct efi_var_file - file for storing UEFI variables
124 *
125 * @reserved:	unused, may be overwritten by memory probing
126 * @magic:	identifies file format, takes value %EFI_VAR_FILE_MAGIC
127 * @length:	length including header
128 * @crc32:	CRC32 without header
129 * @var:	variables
130 */
131struct efi_var_file {
132	u64 reserved;
133	u64 magic;
134	u32 length;
135	u32 crc32;
136	struct efi_var_entry var[];
137};
138
139/**
140 * efi_var_to_file() - save non-volatile variables as file
141 *
142 * File ubootefi.var is created on the EFI system partion.
143 *
144 * Return:	status code
145 */
146efi_status_t efi_var_to_file(void);
147
148/**
149 * efi_var_collect() - collect variables in buffer
150 *
151 * A buffer is allocated and filled with variables in a format ready to be
152 * written to disk.
153 *
154 * @bufp:		pointer to pointer of buffer with collected variables
155 * @lenp:		pointer to length of buffer
156 * @check_attr_mask:	bitmask with required attributes of variables to be collected.
157 *                      variables are only collected if all of the required
158 *                      attributes are set.
159 * Return:		status code
160 */
161efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp,
162					    u32 check_attr_mask);
163
164/**
165 * efi_var_restore() - restore EFI variables from buffer
166 *
167 * Only if @safe is set secure boot related variables will be restored.
168 *
169 * @buf:	buffer
170 * @safe:	restoring from tamper-resistant storage
171 * Return:	status code
172 */
173efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);
174
175/**
176 * efi_var_from_file() - read variables from file
177 *
178 * File ubootefi.var is read from the EFI system partitions and the variables
179 * stored in the file are created.
180 *
181 * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS
182 * is returned.
183 *
184 * Return:	status code
185 */
186efi_status_t efi_var_from_file(void);
187
188/**
189 * efi_var_mem_init() - set-up variable list
190 *
191 * Return:	status code
192 */
193efi_status_t efi_var_mem_init(void);
194
195/**
196 * efi_var_mem_find() - find a variable in the list
197 *
198 * @guid:	GUID of the variable
199 * @name:	name of the variable
200 * @next:	on exit pointer to the next variable after the found one
201 * Return:	found variable
202 */
203struct efi_var_entry *efi_var_mem_find(const efi_guid_t *guid, const u16 *name,
204				       struct efi_var_entry **next);
205
206/**
207 * efi_var_mem_del() - delete a variable from the list of variables
208 *
209 * @var:	variable to delete
210 */
211void efi_var_mem_del(struct efi_var_entry *var);
212
213/**
214 * efi_var_mem_ins() - append a variable to the list of variables
215 *
216 * The variable is appended without checking if a variable of the same name
217 * already exists. The two data buffers are concatenated.
218 *
219 * @variable_name:	variable name
220 * @vendor:		GUID
221 * @attributes:		variable attributes
222 * @size1:		size of the first data buffer
223 * @data1:		first data buffer
224 * @size2:		size of the second data field
225 * @data2:		second data buffer
226 * @time:		time of authentication (as seconds since start of epoch)
227 * Result:		status code
228 */
229efi_status_t efi_var_mem_ins(const u16 *variable_name,
230			     const efi_guid_t *vendor, u32 attributes,
231			     const efi_uintn_t size1, const void *data1,
232			     const efi_uintn_t size2, const void *data2,
233			     const u64 time);
234
235/**
236 * efi_var_mem_free() - determine free memory for variables
237 *
238 * Return:	maximum data size plus variable name size
239 */
240u64 efi_var_mem_free(void);
241
242/**
243 * efi_init_secure_state - initialize secure boot state
244 *
245 * Return:	status code
246 */
247efi_status_t efi_init_secure_state(void);
248
249/**
250 * efi_auth_var_get_type() - convert variable name and guid to enum
251 *
252 * @name:	name of UEFI variable
253 * @guid:	guid of UEFI variable
254 * Return:	identifier for authentication related variables
255 */
256enum efi_auth_var_type efi_auth_var_get_type(const u16 *name,
257					     const efi_guid_t *guid);
258
259/**
260 * efi_auth_var_get_guid() - get the predefined GUID for a variable name
261 *
262 * @name:	name of UEFI variable
263 * Return:	guid of UEFI variable
264 */
265const efi_guid_t *efi_auth_var_get_guid(const u16 *name);
266
267/**
268 * efi_get_next_variable_name_mem() - Runtime common code across efi variable
269 *                                    implementations for GetNextVariable()
270 *                                    from the cached memory copy
271 *
272 * @variable_name_size:	size of variable_name buffer in bytes
273 * @variable_name:	name of uefi variable's name in u16
274 * @mask:		bitmask with required attributes of variables to be collected.
275 *                      variables are only collected if all of the required
276 *                      attributes match. Use 0 to skip matching
277 * @vendor:		vendor's guid
278 *
279 * Return: status code
280 */
281efi_status_t __efi_runtime
282efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name,
283			       efi_guid_t *vendor, u32 mask);
284/**
285 * efi_get_variable_mem() - Runtime common code across efi variable
286 *                          implementations for GetVariable() from
287 *                          the cached memory copy
288 *
289 * @variable_name:	name of the variable
290 * @vendor:		vendor GUID
291 * @attributes:		attributes of the variable
292 * @data_size:		size of the buffer to which the variable value is copied
293 * @data:		buffer to which the variable value is copied
294 * @timep:		authentication time (seconds since start of epoch)
295 * @mask:		bitmask with required attributes of variables to be collected.
296 *                      variables are only collected if all of the required
297 *                      attributes match. Use 0 to skip matching
298 * Return:		status code
299 */
300efi_status_t __efi_runtime
301efi_get_variable_mem(const u16 *variable_name, const efi_guid_t *vendor,
302		     u32 *attributes, efi_uintn_t *data_size, void *data,
303		     u64 *timep, u32 mask);
304
305/**
306 * efi_get_variable_runtime() - runtime implementation of GetVariable()
307 *
308 * @variable_name:	name of the variable
309 * @guid:		vendor GUID
310 * @attributes:		attributes of the variable
311 * @data_size:		size of the buffer to which the variable value is copied
312 * @data:		buffer to which the variable value is copied
313 * Return:		status code
314 */
315efi_status_t __efi_runtime EFIAPI
316efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid,
317			 u32 *attributes, efi_uintn_t *data_size, void *data);
318
319/**
320 * efi_get_next_variable_name_runtime() - runtime implementation of
321 *					  GetNextVariable()
322 *
323 * @variable_name_size:	size of variable_name buffer in byte
324 * @variable_name:	name of uefi variable's name in u16
325 * @guid:		vendor's guid
326 * Return:              status code
327 */
328efi_status_t __efi_runtime EFIAPI
329efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size,
330				   u16 *variable_name, efi_guid_t *guid);
331
332/**
333 * efi_var_buf_update() - udpate memory buffer for variables
334 *
335 * @var_buf:	source buffer
336 *
337 * This function copies to the memory buffer for UEFI variables. Call this
338 * function in ExitBootServices() if memory backed variables are only used
339 * at runtime to fill the buffer.
340 */
341void efi_var_buf_update(struct efi_var_file *var_buf);
342
343efi_status_t __efi_runtime efi_var_collect_mem(struct efi_var_file *buf,
344					       efi_uintn_t *lenp,
345					       u32 check_attr_mask);
346
347u32 efi_var_entry_len(struct efi_var_entry *var);
348
349#endif
350