2025-11-01 03:24:14 -04:00
|
|
|
use crate::integrations::bootloader_interface::bitflags::LoaderFeatures;
|
2025-10-30 02:36:14 -04:00
|
|
|
use crate::platform::timer::PlatformTimer;
|
2025-10-30 12:44:07 -04:00
|
|
|
use crate::utils::device_path_subpath;
|
2025-10-30 18:57:26 -04:00
|
|
|
use crate::utils::variables::{VariableClass, VariableController};
|
2025-10-28 23:23:12 -04:00
|
|
|
use anyhow::{Context, Result};
|
2025-10-30 12:44:07 -04:00
|
|
|
use uefi::proto::device_path::DevicePath;
|
2025-10-30 18:57:26 -04:00
|
|
|
use uefi::{Guid, guid};
|
|
|
|
|
use uefi_raw::table::runtime::VariableVendor;
|
2025-10-28 21:05:22 -04:00
|
|
|
|
2025-11-01 03:24:14 -04:00
|
|
|
/// bitflags: LoaderFeatures bitflags.
|
|
|
|
|
mod bitflags;
|
|
|
|
|
|
2025-10-30 12:50:36 -04:00
|
|
|
/// The name of the bootloader to tell the system.
|
|
|
|
|
const LOADER_NAME: &str = "Sprout";
|
|
|
|
|
|
2025-11-01 17:47:41 -04:00
|
|
|
/// Represents the configured timeout for the bootloader interface.
|
|
|
|
|
pub enum BootloaderInterfaceTimeout {
|
|
|
|
|
/// Force the menu to be shown.
|
|
|
|
|
MenuForce,
|
|
|
|
|
/// Hide the menu.
|
|
|
|
|
MenuHidden,
|
|
|
|
|
/// Disable the menu.
|
|
|
|
|
MenuDisabled,
|
|
|
|
|
/// Set a timeout for the menu.
|
|
|
|
|
Timeout(u64),
|
|
|
|
|
/// Timeout is unspecified.
|
|
|
|
|
Unspecified,
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-28 21:05:22 -04:00
|
|
|
/// Bootloader Interface support.
|
|
|
|
|
pub struct BootloaderInterface;
|
|
|
|
|
|
|
|
|
|
impl BootloaderInterface {
|
2025-10-28 23:23:12 -04:00
|
|
|
/// Bootloader Interface GUID from https://systemd.io/BOOT_LOADER_INTERFACE
|
2025-10-30 18:57:26 -04:00
|
|
|
const VENDOR: VariableController = VariableController::new(VariableVendor(guid!(
|
|
|
|
|
"4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
|
|
|
|
|
)));
|
2025-10-28 23:23:12 -04:00
|
|
|
|
2025-11-01 03:24:14 -04:00
|
|
|
/// The feature we support in Sprout.
|
|
|
|
|
fn features() -> LoaderFeatures {
|
2025-11-01 17:09:49 -04:00
|
|
|
LoaderFeatures::Xbootldr
|
|
|
|
|
| LoaderFeatures::LoadDriver
|
|
|
|
|
| LoaderFeatures::Tpm2ActivePcrBanks
|
|
|
|
|
| LoaderFeatures::RetainShim
|
2025-11-01 17:47:41 -04:00
|
|
|
| LoaderFeatures::ConfigTimeout
|
|
|
|
|
| LoaderFeatures::ConfigTimeoutOneShot
|
|
|
|
|
| LoaderFeatures::MenuDisable
|
2025-11-01 03:24:14 -04:00
|
|
|
}
|
|
|
|
|
|
2025-10-28 21:05:22 -04:00
|
|
|
/// Tell the system that Sprout was initialized at the current time.
|
2025-10-30 02:51:52 -04:00
|
|
|
pub fn mark_init(timer: &PlatformTimer) -> Result<()> {
|
|
|
|
|
Self::mark_time("LoaderTimeInitUSec", timer)
|
2025-10-28 21:05:22 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Tell the system that Sprout is about to execute the boot entry.
|
2025-10-30 02:36:14 -04:00
|
|
|
pub fn mark_exec(timer: &PlatformTimer) -> Result<()> {
|
2025-10-30 02:51:52 -04:00
|
|
|
Self::mark_time("LoaderTimeExecUSec", timer)
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-30 13:27:58 -04:00
|
|
|
/// Tell the system that Sprout is about to display the menu.
|
|
|
|
|
pub fn mark_menu(timer: &PlatformTimer) -> Result<()> {
|
|
|
|
|
Self::mark_time("LoaderTimeMenuUsec", timer)
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-30 02:51:52 -04:00
|
|
|
/// Tell the system about the current time as measured by the platform timer.
|
|
|
|
|
/// Sets the variable specified by `key` to the number of microseconds.
|
|
|
|
|
fn mark_time(key: &str, timer: &PlatformTimer) -> Result<()> {
|
|
|
|
|
// Measure the elapsed time since the hardware timer was started.
|
|
|
|
|
let elapsed = timer.elapsed_since_lifetime();
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
key,
|
|
|
|
|
&elapsed.as_micros().to_string(),
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-28 21:05:22 -04:00
|
|
|
}
|
|
|
|
|
|
2025-11-01 03:24:14 -04:00
|
|
|
/// Tell the system what loader is being used and our features.
|
2025-10-30 12:50:36 -04:00
|
|
|
pub fn set_loader_info() -> Result<()> {
|
2025-11-01 03:24:14 -04:00
|
|
|
// Set the LoaderInfo variable with the name of the loader.
|
|
|
|
|
Self::VENDOR
|
|
|
|
|
.set_cstr16(
|
|
|
|
|
"LoaderInfo",
|
|
|
|
|
LOADER_NAME,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
|
|
|
|
.context("unable to set loader info variable")?;
|
|
|
|
|
|
|
|
|
|
// Set the LoaderFeatures variable with the features we support.
|
|
|
|
|
Self::VENDOR
|
|
|
|
|
.set_u64le(
|
|
|
|
|
"LoaderFeatures",
|
|
|
|
|
Self::features().bits(),
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
|
|
|
|
.context("unable to set loader features variable")?;
|
|
|
|
|
Ok(())
|
2025-10-30 12:50:36 -04:00
|
|
|
}
|
|
|
|
|
|
2025-10-30 12:44:07 -04:00
|
|
|
/// Tell the system the relative path to the partition root of the current bootloader.
|
|
|
|
|
pub fn set_loader_path(path: &DevicePath) -> Result<()> {
|
|
|
|
|
let subpath = device_path_subpath(path).context("unable to get loader path subpath")?;
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderImageIdentifier",
|
|
|
|
|
&subpath,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-30 12:44:07 -04:00
|
|
|
}
|
|
|
|
|
|
2025-10-28 21:05:22 -04:00
|
|
|
/// Tell the system what the partition GUID of the ESP Sprout was booted from is.
|
2025-10-28 23:23:12 -04:00
|
|
|
pub fn set_partition_guid(guid: &Guid) -> Result<()> {
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderDevicePartUUID",
|
|
|
|
|
&guid.to_string(),
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-28 21:05:22 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Tell the system what boot entries are available.
|
2025-10-28 23:23:12 -04:00
|
|
|
pub fn set_entries<N: AsRef<str>>(entries: impl Iterator<Item = N>) -> Result<()> {
|
|
|
|
|
// Entries are stored as a null-terminated list of CString16 strings back to back.
|
|
|
|
|
// Iterate over the entries and convert them to CString16 placing them into data.
|
|
|
|
|
let mut data = Vec::new();
|
|
|
|
|
for entry in entries {
|
2025-10-30 12:44:07 -04:00
|
|
|
// Convert the entry to CString16 little endian.
|
|
|
|
|
let encoded = entry
|
|
|
|
|
.as_ref()
|
|
|
|
|
.encode_utf16()
|
|
|
|
|
.flat_map(|c| c.to_le_bytes())
|
|
|
|
|
.collect::<Vec<u8>>();
|
2025-10-30 23:15:18 -04:00
|
|
|
// Write the bytes into the data buffer.
|
2025-10-30 12:44:07 -04:00
|
|
|
data.extend_from_slice(&encoded);
|
2025-10-30 23:15:18 -04:00
|
|
|
// Add a null terminator to the end of the entry.
|
2025-10-30 23:25:48 -04:00
|
|
|
data.extend_from_slice(&[0, 0]);
|
2025-10-28 23:23:12 -04:00
|
|
|
}
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set(
|
|
|
|
|
"LoaderEntries",
|
|
|
|
|
&data,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-28 21:05:22 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Tell the system what the selected boot entry is.
|
2025-10-28 23:23:12 -04:00
|
|
|
pub fn set_selected_entry(entry: String) -> Result<()> {
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderEntrySelected",
|
|
|
|
|
&entry,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-28 23:23:12 -04:00
|
|
|
}
|
|
|
|
|
|
2025-10-30 11:47:35 -04:00
|
|
|
/// Tell the system about the UEFI firmware we are running on.
|
|
|
|
|
pub fn set_firmware_info() -> Result<()> {
|
2025-10-30 23:25:48 -04:00
|
|
|
// Access the firmware revision.
|
2025-10-30 23:58:07 -04:00
|
|
|
let firmware_revision = uefi::system::firmware_revision();
|
|
|
|
|
|
|
|
|
|
// Access the UEFI revision.
|
|
|
|
|
let uefi_revision = uefi::system::uefi_revision();
|
2025-10-30 23:25:48 -04:00
|
|
|
|
2025-10-30 11:47:35 -04:00
|
|
|
// Format the firmware information string into something human-readable.
|
|
|
|
|
let firmware_info = format!(
|
|
|
|
|
"{} {}.{:02}",
|
|
|
|
|
uefi::system::firmware_vendor(),
|
2025-10-30 23:58:07 -04:00
|
|
|
firmware_revision >> 16,
|
|
|
|
|
firmware_revision & 0xffff,
|
2025-10-30 11:47:35 -04:00
|
|
|
);
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderFirmwareInfo",
|
|
|
|
|
&firmware_info,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)?;
|
2025-10-30 11:47:35 -04:00
|
|
|
|
|
|
|
|
// Format the firmware revision into something human-readable.
|
2025-10-30 23:58:07 -04:00
|
|
|
let firmware_type = format!(
|
|
|
|
|
"UEFI {}.{:02}",
|
|
|
|
|
uefi_revision.major(),
|
|
|
|
|
uefi_revision.minor()
|
|
|
|
|
);
|
2025-10-30 18:57:26 -04:00
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderFirmwareType",
|
|
|
|
|
&firmware_type,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
2025-10-28 23:23:12 -04:00
|
|
|
}
|
2025-10-31 01:30:07 -04:00
|
|
|
|
|
|
|
|
/// Tell the system what the number of active PCR banks is.
|
|
|
|
|
/// If this is zero, that is okay.
|
|
|
|
|
pub fn set_tpm2_active_pcr_banks(value: u32) -> Result<()> {
|
|
|
|
|
// Format the value into the specification format.
|
|
|
|
|
let value = format!("0x{:08x}", value);
|
|
|
|
|
Self::VENDOR.set_cstr16(
|
|
|
|
|
"LoaderTpm2ActivePcrBanks",
|
|
|
|
|
&value,
|
|
|
|
|
VariableClass::BootAndRuntimeTemporary,
|
|
|
|
|
)
|
|
|
|
|
}
|
2025-11-01 17:47:41 -04:00
|
|
|
|
|
|
|
|
/// Retrieve the timeout value from the bootloader interface, using the specified `key`.
|
|
|
|
|
/// `remove` indicates whether, when found, we remove the variable.
|
|
|
|
|
fn get_timeout_value(key: &str, remove: bool) -> Result<Option<BootloaderInterfaceTimeout>> {
|
|
|
|
|
// Retrieve the timeout value from the bootloader interface.
|
|
|
|
|
let Some(value) = Self::VENDOR
|
|
|
|
|
.get_cstr16(key)
|
|
|
|
|
.context("unable to get timeout value")?
|
|
|
|
|
else {
|
|
|
|
|
return Ok(None);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// If we reach here, we know the value was specified.
|
|
|
|
|
// If `remove` is true, remove the variable.
|
|
|
|
|
if remove {
|
|
|
|
|
Self::VENDOR
|
|
|
|
|
.remove(key)
|
|
|
|
|
.context("unable to remove timeout variable")?;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If the value is empty, return Unspecified.
|
|
|
|
|
if value.is_empty() {
|
|
|
|
|
return Ok(Some(BootloaderInterfaceTimeout::Unspecified));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If the value is "menu-force", return MenuForce.
|
|
|
|
|
if value == "menu-force" {
|
|
|
|
|
return Ok(Some(BootloaderInterfaceTimeout::MenuForce));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If the value is "menu-hidden", return MenuHidden.
|
|
|
|
|
if value == "menu-hidden" {
|
|
|
|
|
return Ok(Some(BootloaderInterfaceTimeout::MenuHidden));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If the value is "menu-disabled", return MenuDisabled.
|
|
|
|
|
if value == "menu-disabled" {
|
|
|
|
|
return Ok(Some(BootloaderInterfaceTimeout::MenuDisabled));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Parse the value as a u64 to decode an numeric value.
|
|
|
|
|
let value = value
|
|
|
|
|
.parse::<u64>()
|
|
|
|
|
.context("unable to parse timeout value")?;
|
|
|
|
|
|
|
|
|
|
// The specification says that a value of 0 means that the menu should be hidden.
|
|
|
|
|
if value == 0 {
|
|
|
|
|
return Ok(Some(BootloaderInterfaceTimeout::MenuHidden));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we reach here, we know it must be a real timeout value.
|
|
|
|
|
Ok(Some(BootloaderInterfaceTimeout::Timeout(value)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the timeout from the bootloader interface.
|
|
|
|
|
/// This indicates how the menu should behave.
|
|
|
|
|
/// If no values are set, Unspecified is returned.
|
|
|
|
|
pub fn get_timeout() -> Result<BootloaderInterfaceTimeout> {
|
|
|
|
|
// Attempt to acquire the value of the LoaderConfigTimeoutOneShot variable.
|
|
|
|
|
// This should take precedence over the LoaderConfigTimeout variable.
|
|
|
|
|
let oneshot = Self::get_timeout_value("LoaderConfigTimeoutOneShot", true)
|
|
|
|
|
.context("unable to check for LoaderConfigTimeoutOneShot variable")?;
|
|
|
|
|
|
|
|
|
|
// If oneshot was found, return it.
|
|
|
|
|
if let Some(oneshot) = oneshot {
|
|
|
|
|
return Ok(oneshot);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Attempt to acquire the value of the LoaderConfigTimeout variable.
|
|
|
|
|
// This will be used if the LoaderConfigTimeoutOneShot variable is not set.
|
|
|
|
|
let direct = Self::get_timeout_value("LoaderConfigTimeout", false)
|
|
|
|
|
.context("unable to check for LoaderConfigTimeout variable")?;
|
|
|
|
|
|
|
|
|
|
// If direct was found, return it.
|
|
|
|
|
if let Some(direct) = direct {
|
|
|
|
|
return Ok(direct);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If we reach here, we know that neither variable was set.
|
|
|
|
|
// We provide the unspecified value instead.
|
|
|
|
|
Ok(BootloaderInterfaceTimeout::Unspecified)
|
|
|
|
|
}
|
2025-10-28 21:05:22 -04:00
|
|
|
}
|
