summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/boot/boot-efi.c3
-rw-r--r--src/boot/boot.h2
-rw-r--r--src/boot/bootctl.c35
-rw-r--r--src/shared/efivars.c30
-rw-r--r--src/shared/efivars.h2
5 files changed, 60 insertions, 12 deletions
diff --git a/src/boot/boot-efi.c b/src/boot/boot-efi.c
index 51f12c0c1a..9960c4d742 100644
--- a/src/boot/boot-efi.c
+++ b/src/boot/boot-efi.c
@@ -158,6 +158,9 @@ int boot_info_query(struct boot_info *info) {
char buf[64];
char *loader_active = NULL;
+ info->fw_secure_boot = is_efi_secure_boot();
+ info->fw_secure_boot_setup_mode = is_efi_secure_boot_setup_mode();
+
efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderInfo", &info->loader);
get_boot_entries(info);
diff --git a/src/boot/boot.h b/src/boot/boot.h
index febee123d5..bd8dc69d3d 100644
--- a/src/boot/boot.h
+++ b/src/boot/boot.h
@@ -45,6 +45,8 @@ struct boot_info {
sd_id128_t boot_id;
char *fw_type;
char *fw_info;
+ int fw_secure_boot;
+ int fw_secure_boot_setup_mode;
struct boot_info_entry *fw_entries;
size_t fw_entries_count;
uint16_t *fw_entries_order;
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 2a42898e39..35daad81c6 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -143,33 +143,44 @@ static int show_status(char **args, unsigned n) {
err = boot_info_query(info);
- printf(" Machine ID: %s\n", sd_id128_to_string(info->machine_id, buf));
- printf(" Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+ printf("Machine:\n");
+ printf(" ID: %s\n", sd_id128_to_string(info->machine_id, buf));
+ printf(" Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+ printf("\n");
+
+ printf("Firmware:\n");
if (info->fw_type)
- printf(" Firmware: %s (%s)\n", info->fw_type, strna(info->fw_info));
+ printf(" Type: %s (%s)\n", info->fw_type, strna(info->fw_info));
+
+ if (info->fw_secure_boot >= 0)
+ printf(" Secure Boot: %s\n", info->fw_secure_boot ? "enabled" : "disabled");
+ if (info->fw_secure_boot_setup_mode >= 0)
+ printf(" Setup Mode: %s\n", info->fw_secure_boot_setup_mode ? "setup" : "user");
if (info->fw_entry_active >= 0) {
- printf("Firmware entry: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
+ printf(" Title: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
if (info->fw_entries[info->fw_entry_active].path)
- printf(" %s\n", info->fw_entries[info->fw_entry_active].path);
+ printf(" Binary: %s\n", info->fw_entries[info->fw_entry_active].path);
if (!sd_id128_equal(info->fw_entries[info->fw_entry_active].part_uuid, SD_ID128_NULL))
- printf(" /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+ printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
SD_ID128_FORMAT_VAL(info->fw_entries[info->fw_entry_active].part_uuid));
}
+ printf("\n");
if (info->loader) {
- printf(" Loader: %s\n", info->loader);
- printf(" %s\n", strna(info->loader_image_path));
+ printf("Boot loader:\n");
+ printf(" Type: %s\n", info->loader);
+ printf(" Binary: %s\n", strna(info->loader_image_path));
if (!sd_id128_equal(info->loader_part_uuid, SD_ID128_NULL))
- printf(" /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+ printf(" Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
SD_ID128_FORMAT_VAL(info->loader_part_uuid));
if (info->loader_entry_active >= 0) {
- printf(" Loader entry: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
- printf(" %s\n", info->loader_entries[info->loader_entry_active].path);
+ printf(" Title: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
+ printf(" Entry: %s\n", info->loader_entries[info->loader_entry_active].path);
}
- printf("Loader options: %s\n", strna(info->loader_options_added));
+ printf(" Options: %s\n", strna(info->loader_options_added));
} else
printf("No suitable data is provided by the boot manager. See:\n"
" http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface\n"
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index c42956f84d..4fb77428f2 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -34,6 +34,36 @@ bool is_efi_boot(void) {
return access("/sys/firmware/efi", F_OK) >= 0;
}
+static int read_flag(const char *varname) {
+ int r;
+ void *v;
+ size_t s;
+ uint8_t b;
+
+ r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
+ if (r < 0)
+ return r;
+
+ if (s != 1) {
+ r = -EINVAL;
+ goto finish;
+ }
+
+ b = *(uint8_t *)v;
+ r = b > 0;
+finish:
+ free(v);
+ return r;
+}
+
+int is_efi_secure_boot(void) {
+ return read_flag("SecureBoot");
+}
+
+int is_efi_secure_boot_setup_mode(void) {
+ return read_flag("SetupMode");
+}
+
int efi_get_variable(
sd_id128_t vendor,
const char *name,
diff --git a/src/shared/efivars.h b/src/shared/efivars.h
index 380e038f69..2b88c6075c 100644
--- a/src/shared/efivars.h
+++ b/src/shared/efivars.h
@@ -32,6 +32,8 @@
#define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c)
bool is_efi_boot(void);
+int is_efi_secure_boot(void);
+int is_efi_secure_boot_setup_mode(void);
int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size);
int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p);