sprout/src/integrations/bootloader_interface.rs

use crate::integrations::bootloader_interface::bitflags::LoaderFeatures;
use crate::platform::timer::PlatformTimer;
use crate::utils::device_path_subpath;
use crate::utils::variables::{VariableClass, VariableController};
use anyhow::{Context, Result};
use uefi::proto::device_path::DevicePath;
use uefi::{Guid, guid};
use uefi_raw::table::runtime::VariableVendor;

/// bitflags: LoaderFeatures bitflags.
mod bitflags;

/// The name of the bootloader to tell the system.
const LOADER_NAME: &str = "Sprout";

/// Bootloader Interface support.
pub struct BootloaderInterface;

impl BootloaderInterface {
    /// Bootloader Interface GUID from https://systemd.io/BOOT_LOADER_INTERFACE
    const VENDOR: VariableController = VariableController::new(VariableVendor(guid!(
        "4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
    )));

    /// The feature we support in Sprout.
    fn features() -> LoaderFeatures {
        LoaderFeatures::Xbootldr
            | LoaderFeatures::LoadDriver
            | LoaderFeatures::Tpm2ActivePcrBanks
            | LoaderFeatures::RetainShim
    }

    /// Tell the system that Sprout was initialized at the current time.
    pub fn mark_init(timer: &PlatformTimer) -> Result<()> {
        Self::mark_time("LoaderTimeInitUSec", timer)
    }

    /// Tell the system that Sprout is about to execute the boot entry.
    pub fn mark_exec(timer: &PlatformTimer) -> Result<()> {
        Self::mark_time("LoaderTimeExecUSec", timer)
    }

    /// Tell the system that Sprout is about to display the menu.
    pub fn mark_menu(timer: &PlatformTimer) -> Result<()> {
        Self::mark_time("LoaderTimeMenuUsec", timer)
    }

    /// Tell the system about the current time as measured by the platform timer.
    /// Sets the variable specified by `key` to the number of microseconds.
    fn mark_time(key: &str, timer: &PlatformTimer) -> Result<()> {
        // Measure the elapsed time since the hardware timer was started.
        let elapsed = timer.elapsed_since_lifetime();
        Self::VENDOR.set_cstr16(
            key,
            &elapsed.as_micros().to_string(),
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what loader is being used and our features.
    pub fn set_loader_info() -> Result<()> {
        // Set the LoaderInfo variable with the name of the loader.
        Self::VENDOR
            .set_cstr16(
                "LoaderInfo",
                LOADER_NAME,
                VariableClass::BootAndRuntimeTemporary,
            )
            .context("unable to set loader info variable")?;

        // Set the LoaderFeatures variable with the features we support.
        Self::VENDOR
            .set_u64le(
                "LoaderFeatures",
                Self::features().bits(),
                VariableClass::BootAndRuntimeTemporary,
            )
            .context("unable to set loader features variable")?;
        Ok(())
    }

    /// Tell the system the relative path to the partition root of the current bootloader.
    pub fn set_loader_path(path: &DevicePath) -> Result<()> {
        let subpath = device_path_subpath(path).context("unable to get loader path subpath")?;
        Self::VENDOR.set_cstr16(
            "LoaderImageIdentifier",
            &subpath,
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what the partition GUID of the ESP Sprout was booted from is.
    pub fn set_partition_guid(guid: &Guid) -> Result<()> {
        Self::VENDOR.set_cstr16(
            "LoaderDevicePartUUID",
            &guid.to_string(),
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what boot entries are available.
    pub fn set_entries<N: AsRef<str>>(entries: impl Iterator<Item = N>) -> Result<()> {
        // Entries are stored as a null-terminated list of CString16 strings back to back.
        // Iterate over the entries and convert them to CString16 placing them into data.
        let mut data = Vec::new();
        for entry in entries {
            // Convert the entry to CString16 little endian.
            let encoded = entry
                .as_ref()
                .encode_utf16()
                .flat_map(|c| c.to_le_bytes())
                .collect::<Vec<u8>>();
            // Write the bytes into the data buffer.
            data.extend_from_slice(&encoded);
            // Add a null terminator to the end of the entry.
            data.extend_from_slice(&[0, 0]);
        }
        Self::VENDOR.set(
            "LoaderEntries",
            &data,
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what the default boot entry is.
    pub fn set_default_entry(entry: String) -> Result<()> {
        Self::VENDOR.set_cstr16(
            "LoaderEntryDefault",
            &entry,
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what the selected boot entry is.
    pub fn set_selected_entry(entry: String) -> Result<()> {
        Self::VENDOR.set_cstr16(
            "LoaderEntrySelected",
            &entry,
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system about the UEFI firmware we are running on.
    pub fn set_firmware_info() -> Result<()> {
        // Access the firmware revision.
        let firmware_revision = uefi::system::firmware_revision();

        // Access the UEFI revision.
        let uefi_revision = uefi::system::uefi_revision();

        // Format the firmware information string into something human-readable.
        let firmware_info = format!(
            "{} {}.{:02}",
            uefi::system::firmware_vendor(),
            firmware_revision >> 16,
            firmware_revision & 0xffff,
        );
        Self::VENDOR.set_cstr16(
            "LoaderFirmwareInfo",
            &firmware_info,
            VariableClass::BootAndRuntimeTemporary,
        )?;

        // Format the firmware revision into something human-readable.
        let firmware_type = format!(
            "UEFI {}.{:02}",
            uefi_revision.major(),
            uefi_revision.minor()
        );
        Self::VENDOR.set_cstr16(
            "LoaderFirmwareType",
            &firmware_type,
            VariableClass::BootAndRuntimeTemporary,
        )
    }

    /// Tell the system what the number of active PCR banks is.
    /// If this is zero, that is okay.
    pub fn set_tpm2_active_pcr_banks(value: u32) -> Result<()> {
        // Format the value into the specification format.
        let value = format!("0x{:08x}", value);
        Self::VENDOR.set_cstr16(
            "LoaderTpm2ActivePcrBanks",
            &value,
            VariableClass::BootAndRuntimeTemporary,
        )
    }
}
feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`use crate::integrations::bootloader_interface::bitflags::LoaderFeatures;`
feat(bootloader-interface): add support for loader boot times 2025-10-30 02:36:14 -04:00			`use crate::platform::timer::PlatformTimer;`
feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`use crate::utils::device_path_subpath;`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`use crate::utils::variables::{VariableClass, VariableController};`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`use anyhow::{Context, Result};`
feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`use uefi::proto::device_path::DevicePath;`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`use uefi::{Guid, guid};`
			`use uefi_raw::table::runtime::VariableVendor;`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00
feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`/// bitflags: LoaderFeatures bitflags.`
			`mod bitflags;`

feat(bootloader-interface): identify ourselves as sprout 2025-10-30 12:50:36 -04:00			`/// The name of the bootloader to tell the system.`
			`const LOADER_NAME: &str = "Sprout";`

feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`/// Bootloader Interface support.`
			`pub struct BootloaderInterface;`

			`impl BootloaderInterface {`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`/// Bootloader Interface GUID from https://systemd.io/BOOT_LOADER_INTERFACE`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`const VENDOR: VariableController = VariableController::new(VariableVendor(guid!(`
			`"4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"`
			`)));`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00
feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`/// The feature we support in Sprout.`
			`fn features() -> LoaderFeatures {`
feat(bootloader-interface): signal support for XBOOTLDR 2025-11-01 17:09:49 -04:00			`LoaderFeatures::Xbootldr`
			`\| LoaderFeatures::LoadDriver`
			`\| LoaderFeatures::Tpm2ActivePcrBanks`
			`\| LoaderFeatures::RetainShim`
feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`}`

feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`/// Tell the system that Sprout was initialized at the current time.`
feat(bootloader-interface): measure time in firmware as well 2025-10-30 02:51:52 -04:00			`pub fn mark_init(timer: &PlatformTimer) -> Result<()> {`
			`Self::mark_time("LoaderTimeInitUSec", timer)`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`

			`/// Tell the system that Sprout is about to execute the boot entry.`
feat(bootloader-interface): add support for loader boot times 2025-10-30 02:36:14 -04:00			`pub fn mark_exec(timer: &PlatformTimer) -> Result<()> {`
feat(bootloader-interface): measure time in firmware as well 2025-10-30 02:51:52 -04:00			`Self::mark_time("LoaderTimeExecUSec", timer)`
			`}`

feat(bootloader-interface): add support for marking when the menu is being display 2025-10-30 13:27:58 -04:00			`/// Tell the system that Sprout is about to display the menu.`
			`pub fn mark_menu(timer: &PlatformTimer) -> Result<()> {`
			`Self::mark_time("LoaderTimeMenuUsec", timer)`
			`}`

feat(bootloader-interface): measure time in firmware as well 2025-10-30 02:51:52 -04:00			`/// Tell the system about the current time as measured by the platform timer.`
			/// Sets the variable specified by `key` to the number of microseconds.
			`fn mark_time(key: &str, timer: &PlatformTimer) -> Result<()> {`
			`// Measure the elapsed time since the hardware timer was started.`
			`let elapsed = timer.elapsed_since_lifetime();`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`key,`
			`&elapsed.as_micros().to_string(),`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`

feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`/// Tell the system what loader is being used and our features.`
feat(bootloader-interface): identify ourselves as sprout 2025-10-30 12:50:36 -04:00			`pub fn set_loader_info() -> Result<()> {`
feat(bootloader-interface): add support for LoaderFeatures 2025-11-01 03:24:14 -04:00			`// Set the LoaderInfo variable with the name of the loader.`
			`Self::VENDOR`
			`.set_cstr16(`
			`"LoaderInfo",`
			`LOADER_NAME,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
			`.context("unable to set loader info variable")?;`

			`// Set the LoaderFeatures variable with the features we support.`
			`Self::VENDOR`
			`.set_u64le(`
			`"LoaderFeatures",`
			`Self::features().bits(),`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
			`.context("unable to set loader features variable")?;`
			`Ok(())`
feat(bootloader-interface): identify ourselves as sprout 2025-10-30 12:50:36 -04:00			`}`

feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`/// Tell the system the relative path to the partition root of the current bootloader.`
			`pub fn set_loader_path(path: &DevicePath) -> Result<()> {`
			`let subpath = device_path_subpath(path).context("unable to get loader path subpath")?;`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderImageIdentifier",`
			`&subpath,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`}`

feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`/// Tell the system what the partition GUID of the ESP Sprout was booted from is.`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`pub fn set_partition_guid(guid: &Guid) -> Result<()> {`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderDevicePartUUID",`
			`&guid.to_string(),`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`

			`/// Tell the system what boot entries are available.`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`pub fn set_entries<N: AsRef<str>>(entries: impl Iterator<Item = N>) -> Result<()> {`
			`// Entries are stored as a null-terminated list of CString16 strings back to back.`
			`// Iterate over the entries and convert them to CString16 placing them into data.`
			`let mut data = Vec::new();`
			`for entry in entries {`
feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`// Convert the entry to CString16 little endian.`
			`let encoded = entry`
			`.as_ref()`
			`.encode_utf16()`
			`.flat_map(\|c\| c.to_le_bytes())`
			`.collect::<Vec<u8>>();`
fix(variables): add null terminator to the end of strings written into variables 2025-10-30 23:15:18 -04:00			`// Write the bytes into the data buffer.`
feat(bootloader-interface): implement support for LoaderImageIdentifier 2025-10-30 12:44:07 -04:00			`data.extend_from_slice(&encoded);`
fix(variables): add null terminator to the end of strings written into variables 2025-10-30 23:15:18 -04:00			`// Add a null terminator to the end of the entry.`
fix(bootloader-interface): report the correct firmware revision 2025-10-30 23:25:48 -04:00			`data.extend_from_slice(&[0, 0]);`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`}`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set(`
			`"LoaderEntries",`
			`&data,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`

			`/// Tell the system what the default boot entry is.`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`pub fn set_default_entry(entry: String) -> Result<()> {`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderEntryDefault",`
			`&entry,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`

			`/// Tell the system what the selected boot entry is.`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`pub fn set_selected_entry(entry: String) -> Result<()> {`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderEntrySelected",`
			`&entry,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`}`

feat(bootloader-interface): implement support for UEFI firmware information 2025-10-30 11:47:35 -04:00			`/// Tell the system about the UEFI firmware we are running on.`
			`pub fn set_firmware_info() -> Result<()> {`
fix(bootloader-interface): report the correct firmware revision 2025-10-30 23:25:48 -04:00			`// Access the firmware revision.`
fix(bootloader-interface): use the correct uefi revision and firmware revision format 2025-10-30 23:58:07 -04:00			`let firmware_revision = uefi::system::firmware_revision();`

			`// Access the UEFI revision.`
			`let uefi_revision = uefi::system::uefi_revision();`
fix(bootloader-interface): report the correct firmware revision 2025-10-30 23:25:48 -04:00
feat(bootloader-interface): implement support for UEFI firmware information 2025-10-30 11:47:35 -04:00			`// Format the firmware information string into something human-readable.`
			`let firmware_info = format!(`
			`"{} {}.{:02}",`
			`uefi::system::firmware_vendor(),`
fix(bootloader-interface): use the correct uefi revision and firmware revision format 2025-10-30 23:58:07 -04:00			`firmware_revision >> 16,`
			`firmware_revision & 0xffff,`
feat(bootloader-interface): implement support for UEFI firmware information 2025-10-30 11:47:35 -04:00			`);`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderFirmwareInfo",`
			`&firmware_info,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)?;`
feat(bootloader-interface): implement support for UEFI firmware information 2025-10-30 11:47:35 -04:00
			`// Format the firmware revision into something human-readable.`
fix(bootloader-interface): use the correct uefi revision and firmware revision format 2025-10-30 23:58:07 -04:00			`let firmware_type = format!(`
			`"UEFI {}.{:02}",`
			`uefi_revision.major(),`
			`uefi_revision.minor()`
			`);`
feat(safety): bail if secure boot is enabled early 2025-10-30 18:57:26 -04:00			`Self::VENDOR.set_cstr16(`
			`"LoaderFirmwareType",`
			`&firmware_type,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
feat(bls): basic support for boot loader interface 2025-10-28 23:23:12 -04:00			`}`
feat(tpm): initial tpm support code, we just tell systemd about the pcr banks right now 2025-10-31 01:30:07 -04:00
			`/// Tell the system what the number of active PCR banks is.`
			`/// If this is zero, that is okay.`
			`pub fn set_tpm2_active_pcr_banks(value: u32) -> Result<()> {`
			`// Format the value into the specification format.`
			`let value = format!("0x{:08x}", value);`
			`Self::VENDOR.set_cstr16(`
			`"LoaderTpm2ActivePcrBanks",`
			`&value,`
			`VariableClass::BootAndRuntimeTemporary,`
			`)`
			`}`
feat(integrations): implement initial bootloader interface touchpoints 2025-10-28 21:05:22 -04:00			`}`