WebSVN – QNX 8.QNX8 utilities – /dump-efivars.c

// dump-efivars.c -- EFI NVRAM variables dumper for QNX8 by Pierre-Marie Baty <pm@pmbaty.com>. Yup, from user space.
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/syspage.h>
#include <errno.h>
#include <ctype.h>
#define EFI_SYSTEM_TABLE_SIGNATURE "IBI SYST" // 0x5453595320494249
#define NVRAM_NVAR_ENTRY_SIGNATURE "NVAR" // 0x5241564e
#define NVRAM_NVAR_ENTRY_RUNTIME (1 << 0)
#define NVRAM_NVAR_ENTRY_ASCII_NAME (1 << 1)
#define NVRAM_NVAR_ENTRY_GUID (1 << 2)
#define NVRAM_NVAR_ENTRY_DATA_ONLY (1 << 3)
#define NVRAM_NVAR_ENTRY_EXT_HEADER (1 << 4)
#define NVRAM_NVAR_ENTRY_HW_ERROR_RECORD (1 << 5)
#define NVRAM_NVAR_ENTRY_AUTH_WRITE (1 << 6)
#define NVRAM_NVAR_ENTRY_VALID (1 << 7)
#define NVRAM_NVAR_ENTRY_EXT_CHECKSUM (1 << 0)
#define NVRAM_NVAR_ENTRY_EXT_AUTH_WRITE (1 << 4)
#define NVRAM_NVAR_ENTRY_EXT_TIME_BASED (1 << 5)
#define ROUND_UP(x,multiple) ((((x) + ((multiple) - 1)) / (multiple)) * (multiple))
typedef struct __attribute__((packed)) efi_table_header_s
{
uint64_t signature;
uint32_t revision;
uint32_t size;
uint32_t crc32;
uint32_t reserved;
} efi_table_header_t;
typedef struct __attribute__((packed)) efi_system_table_s // NOTE: entries are NATURAL SIZE INTEGERS AND POINTERS!
{
efi_table_header_t header;
size_t firmware_vendor_physptr; // CHAR16 *FirmwareVendor;
size_t firmware_revision; // normally uint32_t, but would break alignment
size_t console_in_handle;
size_t console_in_ptr; // EFI_SIMPLE_TEXT_INPUT_PROTOCOL *ConIn;
size_t console_out_handle;
size_t console_out_ptr; // EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *ConOut;
size_t standard_error_handle;
size_t standard_error_ptr; // EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *StdErr;
size_t runtime_services_ptr; // EFI_RUNTIME_SERVICES *RuntimeServices;
size_t boot_services_ptr; // EFI_BOOT_SERVICES *BootServices;
size_t configuration_entry_count;
size_t configuration_table_ptr; // EFI_CONFIGURATION_TABLE *ConfigurationTable;
} efi_system_table_t;
typedef struct __attribute__((packed)) nvar_entry_s
{
uint8_t magic[4]; // "NVAR"
uint16_t len; // size of entry, including header
uint8_t next[3]; // offset to next entry in list, or empty if latest in the store
uint8_t flags;
} nvar_entry_t;
// global variables
static efi_system_table_t *systable = NULL;
static size_t systable_physaddr = 0;
static uint32_t crc32_efi_table (uint8_t *data, size_t data_len)
{
// computes the CRC32 of an EFI table, skipping the relevant bytes on the fly as the UEFI specs say
static uint32_t table[256] = { 0 };
static int is_table_filled = 0;
const uint32_t polynomial = 0xedb88320;
size_t array_index;
size_t bit_index;
uint32_t remainder;
uint32_t byte;
uint32_t crc;
if (!is_table_filled) // someone could be lazy here and use a precomputed table. Whatever.
{
for (array_index = 0; array_index < 256; array_index++)
{
remainder = array_index;
for (bit_index = 0; bit_index < 8; bit_index++)
if (remainder & 1)
remainder = (remainder >> 1) ^ polynomial;
else
remainder = (remainder >> 1);
table[array_index] = remainder;
}
is_table_filled = 1;
}
crc = 0xffffffff;
for (array_index = 0; array_index < data_len; array_index++)
{
if ((array_index >= 16) && (array_index < 20))
byte = 0; // don't account for the table's claimed CRC when computing it
else
byte = data[array_index];
crc = table[byte ^ (crc & 0xff)] ^ (crc >> 8);
}
return (~crc);
}
int main (int argc, char **argv)
{
// program entrypoint
const size_t asinfo_count = SYSPAGE_ENTRY_SIZE (asinfo) / sizeof (struct asinfo_entry);
const struct asinfo_entry *asinfo_slots = SYSPAGE_ENTRY (asinfo);
const struct asinfo_entry *asinfo_slot;
const char *strings = SYSPAGE_ENTRY (strings)->data;
char nvar_name[256];
char flags_string[256];
uint32_t actual_crc;
nvar_entry_t *nvar;
char *outfile_pathname = NULL;
char *wanted_name = NULL;
void *region;
uint8_t *ptr;
int want_fulldata = 0;
int verbose_level = 0;
int match_found = 0;
int arg_index;
size_t attached_datalen;
size_t asinfo_idx;
size_t guid_idx;
size_t byte_idx;
size_t size;
FILE *fp;
// parse command-line arguments
for (arg_index = 1; arg_index < argc; arg_index++)
{
if ((strcmp (argv[arg_index], "-?") == 0) || (strcmp (argv[arg_index], "--help") == 0))
{
printf ("usage: dump-efivars [-v|-vv] [--fulldata] [VarName] [outfile]\n");
exit (0);
}
else if (strcmp (argv[arg_index], "-v") == 0)
verbose_level = 1;
else if (strcmp (argv[arg_index], "-vv") == 0)
verbose_level = 2;
else if (strcmp (argv[arg_index], "--fulldata") == 0)
want_fulldata = 1;
else if (wanted_name == NULL)
wanted_name = argv[arg_index];
else if (outfile_pathname == NULL)
outfile_pathname = argv[arg_index];
else
{
fprintf (stderr, "error: unknown argument '%s'\n", argv[arg_index]);
fprintf (stderr, "usage: dump-efivars [-v|-vv] [VarName] [outfile]\n");
exit (1);
}
}
// we got the start of the asinfo array through the syspage pointer in asinfo_slots
// now scan all accessible physical RAM regions that the firmware doesn't want allocated to applications
for (asinfo_idx = 0; asinfo_idx < asinfo_count; asinfo_idx++)
{
asinfo_slot = &asinfo_slots[asinfo_idx];
if (asinfo_slot->start == 0)
continue; // skip the first slot (ISA space) - there's no chance our stuff is in it
else if (strcmp (strings + asinfo_slot->name, "ram") != 0)
continue; // skip anything that's NOT non-allocatable RAM
// ask the kernel to map this physical region to a pointer in our virtual address space
size = asinfo_slot->end - asinfo_slot->start;
region = mmap (NULL, size, PROT_READ, MAP_PRIVATE | MAP_PHYS, NOFD, asinfo_slot->start);
if (region == NULL)
continue; // if this region can't be mapped (for whatever reason), skip it
// now scan this physical memory region for the EFI system table signature
for (ptr = (uint8_t *) ROUND_UP ((size_t) region, sizeof (size_t)); (size_t) ptr + sizeof (efi_system_table_t) < (size_t) region + size; ptr += sizeof (size_t))
{
if (*((uint64_t *) ptr) != *((uint64_t *) EFI_SYSTEM_TABLE_SIGNATURE))
continue; // skip anything that doesn't look like an EFI system table signature
else if ((((efi_system_table_t *) ptr)->header.size < sizeof (efi_system_table_t)) || (((efi_system_table_t *) ptr)->header.size > 255))
continue; // if table is too short or claims more than 255 bytes, skip it
else if (ptr + ((efi_system_table_t *) ptr)->header.size >= (uint8_t *) region + size)
continue; // if table's claimed size doesn't fit in region, skip it
else if ((ptr[10] != 2) || (ptr[11] != 0))
continue; // if revision is NOT 2.xx, skip it
else if (((efi_system_table_t *) ptr)->header.reserved != 0)
continue; // if reserved field is not 0 as the specs say, skip it
actual_crc = crc32_efi_table (ptr, ((efi_system_table_t *) ptr)->header.size);
if (actual_crc != ((efi_system_table_t *) ptr)->header.crc32)
continue; // if CRCs mismatch, forget about this table and skip it
// CRC is valid: this is a usable UEFI system table
systable = (efi_system_table_t *) ptr;
systable_physaddr = asinfo_slot->start + ((size_t) ptr - (size_t) region);
break; // stop looking right here
}
if (systable != NULL)
break; // if we found the system table already, no need to scan other regions
munmap (region, size); // unmap this physical memory region after it's been scanned
}
// consistency check
if (systable == NULL)
{
fprintf (stderr, "EFI system table not found\n");
exit (1); // if we found nothing, bail out
}
// in verbose mode, jump in joy and yell the world what we found
if (verbose_level > 1)
{
fprintf (stderr, "Valid EFI header at Address %016zx\n", systable_physaddr);
fprintf (stderr, "---------------------------------------------\n");
fprintf (stderr, "System: Table Structure size %08x revision %08x\n", systable->header.size, systable->header.revision);
fprintf (stderr, "ConIn (%016zx) ConOut (%016zx) StdErr (%016zx)\n", systable->console_in_ptr, systable->console_out_ptr, systable->standard_error_ptr);
fprintf (stderr, "Runtime Services %016zx\n", systable->runtime_services_ptr);
fprintf (stderr, "Boot Services %016zx\n", systable->boot_services_ptr);
}
// the EFI header is in the memory region [asinfo_slot->start - asinfo_slot->end]
// This region will also contain the NVARs, so let's scan for them, brute-force way.
// Yes, this is awful. My mother definitely told me not to do that, but I couldn't help it 0:-*
// FIXME: do a proper hierarchical reconstruction and assign GUIDs and detached payloads etc...
for (ptr = region;;)
{
while ( ((size_t) ptr + sizeof (nvar_entry_t) < (size_t) region + size)
&& (*((uint32_t *) ptr) != *((uint32_t *) NVRAM_NVAR_ENTRY_SIGNATURE)))
ptr++; // look for the next "NVAR" tag (NOTE THAT THEY ARE STORED UNALIGNED!)
if ((size_t) ptr + sizeof (nvar_entry_t) >= (size_t) region + size)
break; // end of region reached
nvar = (nvar_entry_t *) ptr; // access it as a NVRAM UEFI variable
// translate NVAR flags
flags_string[0] = 0;
if (nvar->flags & NVRAM_NVAR_ENTRY_RUNTIME) strcat (flags_string, ", runtime");
if (nvar->flags & NVRAM_NVAR_ENTRY_ASCII_NAME) strcat (flags_string, ", ASCII name");
if (nvar->flags & NVRAM_NVAR_ENTRY_GUID) strcat (flags_string, ", GUID");
if (nvar->flags & NVRAM_NVAR_ENTRY_DATA_ONLY) strcat (flags_string, ", data only");
if (nvar->flags & NVRAM_NVAR_ENTRY_EXT_HEADER) strcat (flags_string, ", ext. hdr");
if (nvar->flags & NVRAM_NVAR_ENTRY_HW_ERROR_RECORD) strcat (flags_string, ", HW err rec");
if (nvar->flags & NVRAM_NVAR_ENTRY_AUTH_WRITE) strcat (flags_string, ", auth write");
if (nvar->flags & NVRAM_NVAR_ENTRY_VALID) strcat (flags_string, ", valid");
// skip header
ptr += sizeof (nvar_entry_t);
// read GUID index and advance
guid_idx = *ptr++;
// read name and advance
for (byte_idx = 0; ; byte_idx++)
{
nvar_name[byte_idx] = *ptr; // either ASCII or UTF-16LE, so read first byte
ptr += (nvar->flags & NVRAM_NVAR_ENTRY_ASCII_NAME ? 1 : 2);
if ((nvar_name[byte_idx] == 0) || !isalnum (nvar_name[byte_idx]))
break; // stop on end of name or invalid character
}
if ((byte_idx == 0) || (nvar_name[byte_idx] != 0))
continue; // if varname is empty or invalid, skip this NVAR
if ((wanted_name != NULL) && (strcmp (nvar_name, wanted_name) != 0))
continue; // if this variable isn't the one we want, skip it
// if we shouldn't display this variable because it's invalid for the firmware itself, skip it
if (!(nvar->flags & NVRAM_NVAR_ENTRY_VALID))
continue; // there's no point in displaying junk data
match_found = 1; // remember we found a match
// measure attached data length
attached_datalen = nvar->len - (sizeof (nvar_entry_t) + 1 + (nvar->flags & NVRAM_NVAR_ENTRY_ASCII_NAME ? 1 : 2) * (strlen (nvar_name) + 1));
// do we just want ONE variable AND its content dumped to a file ?
if ((wanted_name != NULL) && (outfile_pathname != NULL))
{
fp = fopen (outfile_pathname, "wb"); // open outfile if we have one
if (fp == NULL)
{
fprintf (stderr, "error: can't open \"%s\" for writing: %s\n", outfile_pathname, strerror (errno));
exit (1);
}
fwrite (ptr, 1, attached_datalen, fp); // dump NVAR data to file if that's what we want
fclose (fp); // close the output file
}
else // print all variables, or just one to stdout
{
// in verbose mode, print NVAR size, 'next' field and attributes
if (verbose_level > 0)
fprintf (stdout, "%04x %02x%02x%02x %02x ", nvar->len, nvar->next[0], nvar->next[1], nvar->next[2], nvar->flags);
// print NVAR name and data
fprintf (stdout, "%s = ", nvar_name);
if (want_fulldata || (attached_datalen < 48))
{
fprintf (stdout, "[");
while ((size_t) ptr < (size_t) nvar + nvar->len)
fprintf (stdout, "%02x", *ptr++); // print data bytes if it's short enough, or if we requested it explicitly
fprintf (stdout, "]");
}
else
fprintf (stdout, "<%zd bytes>", attached_datalen); // else just print data size
// now print flags string
if (verbose_level > 0)
fprintf (stdout, "%s - GUID idx %zu", flags_string, guid_idx);
else if (nvar->flags & NVRAM_NVAR_ENTRY_AUTH_WRITE)
fprintf (stdout, " (LOCKED)");
fprintf (stdout, "\n");
}
}
munmap (region, size); // unmap the physical region upon exit
// if we found nothing, print an error message
if ((wanted_name != NULL) && !match_found)
fprintf (stderr, "No variable named \"%s\" found.\n", wanted_name);
// and return with a relevant exit code
exit (match_found ? 0 : 1);
}

Subversion Repositories QNX 8.QNX8 utilities

QNX 8.QNX8 utilities/dump-efivars.c @ 4 – Rev 1