[91432] | 1 | /* $Id: VBoxManageModifyNvram.cpp 103532 2024-02-22 14:05:31Z vboxsync $ */
|
---|
| 2 | /** @file
|
---|
| 3 | * VBoxManage - The nvram control related commands.
|
---|
| 4 | */
|
---|
| 5 |
|
---|
| 6 | /*
|
---|
[98103] | 7 | * Copyright (C) 2021-2023 Oracle and/or its affiliates.
|
---|
[91432] | 8 | *
|
---|
[96407] | 9 | * This file is part of VirtualBox base platform packages, as
|
---|
| 10 | * available from https://www.virtualbox.org.
|
---|
| 11 | *
|
---|
| 12 | * This program is free software; you can redistribute it and/or
|
---|
| 13 | * modify it under the terms of the GNU General Public License
|
---|
| 14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
| 15 | * License.
|
---|
| 16 | *
|
---|
| 17 | * This program is distributed in the hope that it will be useful, but
|
---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
| 20 | * General Public License for more details.
|
---|
| 21 | *
|
---|
| 22 | * You should have received a copy of the GNU General Public License
|
---|
| 23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
| 24 | *
|
---|
| 25 | * SPDX-License-Identifier: GPL-3.0-only
|
---|
[91432] | 26 | */
|
---|
| 27 |
|
---|
[94236] | 28 |
|
---|
[91432] | 29 | /*********************************************************************************************************************************
|
---|
| 30 | * Header Files *
|
---|
| 31 | *********************************************************************************************************************************/
|
---|
| 32 | #include <VBox/com/com.h>
|
---|
| 33 | #include <VBox/com/array.h>
|
---|
| 34 | #include <VBox/com/ErrorInfo.h>
|
---|
| 35 | #include <VBox/com/errorprint.h>
|
---|
| 36 | #include <VBox/com/VirtualBox.h>
|
---|
| 37 |
|
---|
[91433] | 38 | #include <iprt/errcore.h>
|
---|
[91432] | 39 | #include <iprt/path.h>
|
---|
| 40 | #include <iprt/param.h>
|
---|
| 41 | #include <iprt/string.h>
|
---|
| 42 | #include <iprt/ctype.h>
|
---|
| 43 | #include <iprt/stream.h>
|
---|
| 44 | #include <iprt/file.h>
|
---|
| 45 | #include <iprt/getopt.h>
|
---|
| 46 | #include <iprt/uuid.h>
|
---|
| 47 | #include <VBox/log.h>
|
---|
| 48 |
|
---|
| 49 | #include "VBoxManage.h"
|
---|
| 50 | using namespace com;
|
---|
| 51 |
|
---|
[92372] | 52 | DECLARE_TRANSLATION_CONTEXT(Nvram);
|
---|
[91432] | 53 |
|
---|
| 54 | // funcs
|
---|
| 55 | ///////////////////////////////////////////////////////////////////////////////
|
---|
| 56 |
|
---|
| 57 |
|
---|
| 58 | /**
|
---|
| 59 | * Handles the 'modifynvram myvm inituefivarstore' sub-command.
|
---|
| 60 | * @returns Exit code.
|
---|
| 61 | * @param a The handler argument package.
|
---|
| 62 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 63 | */
|
---|
| 64 | static RTEXITCODE handleModifyNvramInitUefiVarStore(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 65 | {
|
---|
[103532] | 66 | if (a->argc != 2)
|
---|
| 67 | return errorTooManyParameters(&a->argv[1]);
|
---|
[91432] | 68 |
|
---|
| 69 | CHECK_ERROR2I_RET(nvramStore, InitUefiVariableStore(0 /*aSize*/), RTEXITCODE_FAILURE);
|
---|
| 70 | return RTEXITCODE_SUCCESS;
|
---|
| 71 | }
|
---|
| 72 |
|
---|
| 73 |
|
---|
| 74 | /**
|
---|
| 75 | * Handles the 'modifynvram myvm enrollmssignatures' sub-command.
|
---|
| 76 | * @returns Exit code.
|
---|
| 77 | * @param a The handler argument package.
|
---|
| 78 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 79 | */
|
---|
| 80 | static RTEXITCODE handleModifyNvramEnrollMsSignatures(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 81 | {
|
---|
[103532] | 82 | if (a->argc != 2)
|
---|
| 83 | return errorTooManyParameters(&a->argv[1]);
|
---|
[91432] | 84 |
|
---|
| 85 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 86 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 87 |
|
---|
| 88 | CHECK_ERROR2I_RET(uefiVarStore, EnrollDefaultMsSignatures(), RTEXITCODE_FAILURE);
|
---|
| 89 | return RTEXITCODE_SUCCESS;
|
---|
| 90 | }
|
---|
| 91 |
|
---|
| 92 |
|
---|
| 93 | /**
|
---|
[98988] | 94 | * Helper for handleModifyNvramEnrollPlatformKey() and handleModifyNvramEnrollMok().
|
---|
| 95 | *
|
---|
| 96 | * This function reads key from file and enrolls it either as a PK (Platform Key)
|
---|
| 97 | * or as a MOK (Machine Owner Key).
|
---|
| 98 | *
|
---|
| 99 | * @returns Exit code.
|
---|
| 100 | * @param pszKey Path to a file which contains the key.
|
---|
| 101 | * @param pszOwnerUuid Owner's UUID.
|
---|
| 102 | * @param nvramStore Reference to the NVRAM store interface.
|
---|
| 103 | * @param fPk If True, a key will be enrolled as a PK, otherwise as a MOK.
|
---|
| 104 | */
|
---|
| 105 | static RTEXITCODE handleModifyNvramEnrollPlatformKeyOrMok(const char *pszKey, const char *pszOwnerUuid,
|
---|
| 106 | ComPtr<INvramStore> &nvramStore, bool fPk)
|
---|
| 107 | {
|
---|
| 108 | RTFILE hKeyFile;
|
---|
| 109 |
|
---|
| 110 | int vrc = RTFileOpen(&hKeyFile, pszKey, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
|
---|
| 111 | if (RT_SUCCESS(vrc))
|
---|
| 112 | {
|
---|
| 113 | uint64_t cbSize;
|
---|
| 114 | vrc = RTFileQuerySize(hKeyFile, &cbSize);
|
---|
| 115 | if (RT_SUCCESS(vrc))
|
---|
| 116 | {
|
---|
| 117 | if (cbSize <= _32K)
|
---|
| 118 | {
|
---|
| 119 | SafeArray<BYTE> aKey((size_t)cbSize);
|
---|
| 120 | vrc = RTFileRead(hKeyFile, aKey.raw(), (size_t)cbSize, NULL);
|
---|
| 121 | if (RT_SUCCESS(vrc))
|
---|
| 122 | {
|
---|
| 123 | RTFileClose(hKeyFile);
|
---|
| 124 |
|
---|
| 125 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 126 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 127 | if (fPk)
|
---|
| 128 | CHECK_ERROR2I_RET(uefiVarStore, EnrollPlatformKey(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE);
|
---|
| 129 | else
|
---|
| 130 | CHECK_ERROR2I_RET(uefiVarStore, AddSignatureToMok(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw(), SignatureType_X509), RTEXITCODE_FAILURE);
|
---|
| 131 |
|
---|
| 132 | return RTEXITCODE_SUCCESS;
|
---|
| 133 | }
|
---|
| 134 | else
|
---|
| 135 | RTMsgError(Nvram::tr("Cannot read contents of file \"%s\": %Rrc"), pszKey, vrc);
|
---|
| 136 | }
|
---|
| 137 | else
|
---|
| 138 | RTMsgError(Nvram::tr("File \"%s\" is bigger than 32KByte"), pszKey);
|
---|
| 139 | }
|
---|
| 140 | else
|
---|
| 141 | RTMsgError(Nvram::tr("Cannot get size of file \"%s\": %Rrc"), pszKey, vrc);
|
---|
| 142 |
|
---|
| 143 | RTFileClose(hKeyFile);
|
---|
| 144 | }
|
---|
| 145 | else
|
---|
| 146 | RTMsgError(Nvram::tr("Cannot open file \"%s\": %Rrc"), pszKey, vrc);
|
---|
| 147 |
|
---|
| 148 | return RTEXITCODE_FAILURE;
|
---|
| 149 | }
|
---|
| 150 |
|
---|
| 151 |
|
---|
| 152 | /**
|
---|
[91432] | 153 | * Handles the 'modifynvram myvm enrollpk' sub-command.
|
---|
| 154 | * @returns Exit code.
|
---|
| 155 | * @param a The handler argument package.
|
---|
[98988] | 156 | * @param nvramStore Reference to the NVRAM store interface.
|
---|
[91432] | 157 | */
|
---|
| 158 | static RTEXITCODE handleModifyNvramEnrollPlatformKey(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 159 | {
|
---|
| 160 | static const RTGETOPTDEF s_aOptions[] =
|
---|
| 161 | {
|
---|
| 162 | /* common options */
|
---|
| 163 | { "--platform-key", 'p', RTGETOPT_REQ_STRING },
|
---|
| 164 | { "--owner-uuid", 'f', RTGETOPT_REQ_STRING }
|
---|
| 165 | };
|
---|
| 166 |
|
---|
| 167 | const char *pszPlatformKey = NULL;
|
---|
| 168 | const char *pszOwnerUuid = NULL;
|
---|
| 169 |
|
---|
| 170 | RTGETOPTSTATE GetState;
|
---|
| 171 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 172 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 173 |
|
---|
| 174 | int c;
|
---|
| 175 | RTGETOPTUNION ValueUnion;
|
---|
| 176 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 177 | {
|
---|
| 178 | switch (c)
|
---|
| 179 | {
|
---|
| 180 | case 'p':
|
---|
| 181 | pszPlatformKey = ValueUnion.psz;
|
---|
| 182 | break;
|
---|
| 183 | case 'f':
|
---|
| 184 | pszOwnerUuid = ValueUnion.psz;
|
---|
| 185 | break;
|
---|
| 186 | default:
|
---|
| 187 | return errorGetOpt(c, &ValueUnion);
|
---|
| 188 | }
|
---|
| 189 | }
|
---|
| 190 |
|
---|
| 191 | if (!pszPlatformKey)
|
---|
[92372] | 192 | return errorSyntax(Nvram::tr("No platform key file path was given to \"enrollpk\""));
|
---|
[91432] | 193 | if (!pszOwnerUuid)
|
---|
[92372] | 194 | return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\""));
|
---|
[91432] | 195 |
|
---|
[98988] | 196 | return handleModifyNvramEnrollPlatformKeyOrMok(pszPlatformKey, pszOwnerUuid, nvramStore, true /* fPk */);
|
---|
| 197 | }
|
---|
| 198 |
|
---|
| 199 |
|
---|
| 200 | /**
|
---|
| 201 | * Handles the 'modifynvram myvm enrollmok' sub-command.
|
---|
| 202 | * @returns Exit code.
|
---|
| 203 | * @param a The handler argument package.
|
---|
| 204 | * @param nvramStore Reference to the NVRAM store interface.
|
---|
| 205 | */
|
---|
| 206 | static RTEXITCODE handleModifyNvramEnrollMok(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 207 | {
|
---|
| 208 | static const RTGETOPTDEF s_aOptions[] =
|
---|
[91432] | 209 | {
|
---|
[98988] | 210 | /* common options */
|
---|
| 211 | { "--mok", 'p', RTGETOPT_REQ_STRING },
|
---|
| 212 | { "--owner-uuid", 'f', RTGETOPT_REQ_STRING }
|
---|
| 213 | };
|
---|
| 214 |
|
---|
| 215 | const char *pszMok = NULL;
|
---|
| 216 | const char *pszOwnerUuid = NULL;
|
---|
| 217 |
|
---|
| 218 | RTGETOPTSTATE GetState;
|
---|
| 219 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 220 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 221 |
|
---|
| 222 | int c;
|
---|
| 223 | RTGETOPTUNION ValueUnion;
|
---|
| 224 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 225 | {
|
---|
| 226 | switch (c)
|
---|
[91432] | 227 | {
|
---|
[98988] | 228 | case 'p':
|
---|
| 229 | pszMok = ValueUnion.psz;
|
---|
| 230 | break;
|
---|
| 231 | case 'f':
|
---|
| 232 | pszOwnerUuid = ValueUnion.psz;
|
---|
| 233 | break;
|
---|
| 234 | default:
|
---|
| 235 | return errorGetOpt(c, &ValueUnion);
|
---|
[91432] | 236 | }
|
---|
| 237 | }
|
---|
| 238 |
|
---|
[98988] | 239 | if (!pszMok)
|
---|
| 240 | return errorSyntax(Nvram::tr("No machine owner key file path was given to \"enrollpk\""));
|
---|
| 241 | if (!pszOwnerUuid)
|
---|
| 242 | return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\""));
|
---|
| 243 |
|
---|
| 244 | return handleModifyNvramEnrollPlatformKeyOrMok(pszMok, pszOwnerUuid, nvramStore, false /* fPk */);
|
---|
[91432] | 245 | }
|
---|
| 246 |
|
---|
| 247 |
|
---|
| 248 | /**
|
---|
[91491] | 249 | * Handles the 'modifynvram myvm enrollorclpk' sub-command.
|
---|
| 250 | * @returns Exit code.
|
---|
| 251 | * @param a The handler argument package.
|
---|
| 252 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 253 | */
|
---|
| 254 | static RTEXITCODE handleModifyNvramEnrollOraclePlatformKey(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 255 | {
|
---|
[103532] | 256 | if (a->argc != 2)
|
---|
| 257 | return errorTooManyParameters(&a->argv[1]);
|
---|
[91491] | 258 |
|
---|
| 259 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 260 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 261 |
|
---|
| 262 | CHECK_ERROR2I_RET(uefiVarStore, EnrollOraclePlatformKey(), RTEXITCODE_FAILURE);
|
---|
| 263 | return RTEXITCODE_SUCCESS;
|
---|
| 264 | }
|
---|
| 265 |
|
---|
| 266 |
|
---|
| 267 | /**
|
---|
[103532] | 268 | * Handles the 'modifynvram myvm secureboot' sub-command.
|
---|
| 269 | * @returns Exit code.
|
---|
| 270 | * @param a The handler argument package.
|
---|
| 271 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 272 | */
|
---|
| 273 | static RTEXITCODE handleModifyNvramSecureBoot(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 274 | {
|
---|
| 275 | static const RTGETOPTDEF s_aOptions[] =
|
---|
| 276 | {
|
---|
| 277 | /* common options */
|
---|
| 278 | { "--enable", 'e', RTGETOPT_REQ_NOTHING },
|
---|
| 279 | { "--disable", 'd', RTGETOPT_REQ_NOTHING }
|
---|
| 280 | };
|
---|
| 281 |
|
---|
| 282 | int enable = -1;
|
---|
| 283 |
|
---|
| 284 | RTGETOPTSTATE GetState;
|
---|
| 285 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 286 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 287 |
|
---|
| 288 | int c;
|
---|
| 289 | RTGETOPTUNION ValueUnion;
|
---|
| 290 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 291 | {
|
---|
| 292 | switch (c)
|
---|
| 293 | {
|
---|
| 294 | case 'e': // --enable
|
---|
| 295 | if (enable >= 0)
|
---|
| 296 | return errorSyntax(Nvram::tr("You can specify either --enable or --disable once."));
|
---|
| 297 | enable = 1;
|
---|
| 298 | break;
|
---|
| 299 |
|
---|
| 300 | case 'd': // --disable
|
---|
| 301 | if (enable >= 0)
|
---|
| 302 | return errorSyntax(Nvram::tr("You can specify either --enable or --disable once."));
|
---|
| 303 | enable = 0;
|
---|
| 304 | break;
|
---|
| 305 |
|
---|
| 306 | default:
|
---|
| 307 | return errorGetOpt(c, &ValueUnion);
|
---|
| 308 | }
|
---|
| 309 | }
|
---|
| 310 |
|
---|
| 311 | if (enable < 0)
|
---|
| 312 | return errorSyntax(Nvram::tr("You have to specify either --enable or --disable."));
|
---|
| 313 |
|
---|
| 314 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 315 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 316 |
|
---|
| 317 | CHECK_ERROR2I_RET(uefiVarStore, COMSETTER(SecureBootEnabled((BOOL)enable)), RTEXITCODE_FAILURE);
|
---|
| 318 | return RTEXITCODE_SUCCESS;
|
---|
| 319 | }
|
---|
| 320 |
|
---|
| 321 |
|
---|
| 322 | /**
|
---|
[91457] | 323 | * Handles the 'modifynvram myvm listvars' sub-command.
|
---|
| 324 | * @returns Exit code.
|
---|
| 325 | * @param a The handler argument package.
|
---|
| 326 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 327 | */
|
---|
| 328 | static RTEXITCODE handleModifyNvramListUefiVars(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 329 | {
|
---|
[103532] | 330 | if (a->argc != 2)
|
---|
| 331 | return errorTooManyParameters(&a->argv[1]);
|
---|
[91457] | 332 |
|
---|
| 333 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 334 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 335 |
|
---|
| 336 | com::SafeArray<BSTR> aNames;
|
---|
| 337 | com::SafeArray<BSTR> aOwnerGuids;
|
---|
| 338 | CHECK_ERROR2I_RET(uefiVarStore, QueryVariables(ComSafeArrayAsOutParam(aNames), ComSafeArrayAsOutParam(aOwnerGuids)), RTEXITCODE_FAILURE);
|
---|
| 339 | for (size_t i = 0; i < aNames.size(); i++)
|
---|
| 340 | {
|
---|
| 341 | Bstr strName = aNames[i];
|
---|
| 342 | Bstr strOwnerGuid = aOwnerGuids[i];
|
---|
| 343 |
|
---|
| 344 | RTPrintf("%-32ls {%ls}\n", strName.raw(), strOwnerGuid.raw());
|
---|
| 345 | }
|
---|
| 346 |
|
---|
| 347 | return RTEXITCODE_SUCCESS;
|
---|
| 348 | }
|
---|
| 349 |
|
---|
| 350 |
|
---|
| 351 | /**
|
---|
| 352 | * Handles the 'modifynvram myvm queryvar' sub-command.
|
---|
| 353 | * @returns Exit code.
|
---|
| 354 | * @param a The handler argument package.
|
---|
| 355 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 356 | */
|
---|
| 357 | static RTEXITCODE handleModifyNvramQueryUefiVar(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 358 | {
|
---|
| 359 | static const RTGETOPTDEF s_aOptions[] =
|
---|
| 360 | {
|
---|
| 361 | /* common options */
|
---|
| 362 | { "--name", 'n', RTGETOPT_REQ_STRING },
|
---|
| 363 | { "--filename", 'f', RTGETOPT_REQ_STRING }
|
---|
| 364 | };
|
---|
| 365 |
|
---|
| 366 | const char *pszVarName = NULL;
|
---|
| 367 | const char *pszVarDataFilename = NULL;
|
---|
| 368 |
|
---|
| 369 | RTGETOPTSTATE GetState;
|
---|
| 370 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 371 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 372 |
|
---|
| 373 | int c;
|
---|
| 374 | RTGETOPTUNION ValueUnion;
|
---|
| 375 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 376 | {
|
---|
| 377 | switch (c)
|
---|
| 378 | {
|
---|
| 379 | case 'n':
|
---|
| 380 | pszVarName = ValueUnion.psz;
|
---|
| 381 | break;
|
---|
| 382 | case 'f':
|
---|
| 383 | pszVarDataFilename = ValueUnion.psz;
|
---|
| 384 | break;
|
---|
| 385 | default:
|
---|
| 386 | return errorGetOpt(c, &ValueUnion);
|
---|
| 387 | }
|
---|
| 388 | }
|
---|
| 389 |
|
---|
| 390 | if (!pszVarName)
|
---|
[92372] | 391 | return errorSyntax(Nvram::tr("No variable name was given to \"queryvar\""));
|
---|
[91457] | 392 |
|
---|
| 393 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 394 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 395 |
|
---|
| 396 | Bstr strOwnerGuid;
|
---|
| 397 | com::SafeArray<UefiVariableAttributes_T> aVarAttrs;
|
---|
| 398 | com::SafeArray<BYTE> aData;
|
---|
| 399 | CHECK_ERROR2I_RET(uefiVarStore, QueryVariableByName(Bstr(pszVarName).raw(), strOwnerGuid.asOutParam(),
|
---|
| 400 | ComSafeArrayAsOutParam(aVarAttrs), ComSafeArrayAsOutParam(aData)),
|
---|
| 401 | RTEXITCODE_FAILURE);
|
---|
| 402 |
|
---|
| 403 | RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
|
---|
| 404 | if (!pszVarDataFilename)
|
---|
| 405 | {
|
---|
| 406 | RTPrintf("%s {%ls}:\n"
|
---|
| 407 | "%.*Rhxd\n", pszVarName, strOwnerGuid.raw(), aData.size(), aData.raw());
|
---|
| 408 | }
|
---|
| 409 | else
|
---|
| 410 | {
|
---|
| 411 | /* Just write the data to the file. */
|
---|
| 412 | RTFILE hFile = NIL_RTFILE;
|
---|
| 413 | vrc = RTFileOpen(&hFile, pszVarDataFilename, RTFILE_O_CREATE_REPLACE | RTFILE_O_WRITE | RTFILE_O_DENY_NONE);
|
---|
| 414 | if (RT_SUCCESS(vrc))
|
---|
| 415 | {
|
---|
| 416 | vrc = RTFileWrite(hFile, aData.raw(), aData.size(), NULL /*pcbWritten*/);
|
---|
| 417 | if (RT_FAILURE(vrc))
|
---|
[92372] | 418 | rcExit = RTMsgErrorExitFailure(Nvram::tr("Error writing to '%s': %Rrc"), pszVarDataFilename, vrc);
|
---|
[91457] | 419 |
|
---|
| 420 | RTFileClose(hFile);
|
---|
| 421 | }
|
---|
| 422 | else
|
---|
[103532] | 423 | rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
|
---|
[91457] | 424 | }
|
---|
| 425 |
|
---|
| 426 | return rcExit;
|
---|
| 427 | }
|
---|
| 428 |
|
---|
| 429 |
|
---|
| 430 | /**
|
---|
[91685] | 431 | * Handles the 'modifynvram myvm deletevar' sub-command.
|
---|
| 432 | * @returns Exit code.
|
---|
| 433 | * @param a The handler argument package.
|
---|
| 434 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 435 | */
|
---|
| 436 | static RTEXITCODE handleModifyNvramDeleteUefiVar(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 437 | {
|
---|
| 438 | static const RTGETOPTDEF s_aOptions[] =
|
---|
| 439 | {
|
---|
| 440 | /* common options */
|
---|
| 441 | { "--name", 'n', RTGETOPT_REQ_STRING },
|
---|
| 442 | { "--owner-uuid", 'f', RTGETOPT_REQ_STRING }
|
---|
| 443 | };
|
---|
| 444 |
|
---|
| 445 | const char *pszVarName = NULL;
|
---|
| 446 | const char *pszOwnerUuid = NULL;
|
---|
| 447 |
|
---|
| 448 | RTGETOPTSTATE GetState;
|
---|
| 449 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 450 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 451 |
|
---|
| 452 | int c;
|
---|
| 453 | RTGETOPTUNION ValueUnion;
|
---|
| 454 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 455 | {
|
---|
| 456 | switch (c)
|
---|
| 457 | {
|
---|
| 458 | case 'n':
|
---|
| 459 | pszVarName = ValueUnion.psz;
|
---|
| 460 | break;
|
---|
| 461 | case 'f':
|
---|
| 462 | pszOwnerUuid = ValueUnion.psz;
|
---|
| 463 | break;
|
---|
| 464 | default:
|
---|
| 465 | return errorGetOpt(c, &ValueUnion);
|
---|
| 466 | }
|
---|
| 467 | }
|
---|
| 468 |
|
---|
| 469 | if (!pszVarName)
|
---|
[92372] | 470 | return errorSyntax(Nvram::tr("No variable name was given to \"deletevar\""));
|
---|
[91685] | 471 | if (!pszOwnerUuid)
|
---|
[92372] | 472 | return errorSyntax(Nvram::tr("No owner UUID was given to \"deletevar\""));
|
---|
[91685] | 473 |
|
---|
| 474 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 475 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 476 | CHECK_ERROR2I_RET(uefiVarStore, DeleteVariable(Bstr(pszVarName).raw(), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE);
|
---|
| 477 |
|
---|
| 478 | return RTEXITCODE_SUCCESS;
|
---|
| 479 | }
|
---|
| 480 |
|
---|
| 481 |
|
---|
| 482 | /**
|
---|
| 483 | * Handles the 'modifynvram myvm changevar' sub-command.
|
---|
| 484 | * @returns Exit code.
|
---|
| 485 | * @param a The handler argument package.
|
---|
| 486 | * @param nvram Reference to the NVRAM store interface.
|
---|
| 487 | */
|
---|
| 488 | static RTEXITCODE handleModifyNvramChangeUefiVar(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
|
---|
| 489 | {
|
---|
| 490 | static const RTGETOPTDEF s_aOptions[] =
|
---|
| 491 | {
|
---|
| 492 | /* common options */
|
---|
| 493 | { "--name", 'n', RTGETOPT_REQ_STRING },
|
---|
| 494 | { "--filename", 'f', RTGETOPT_REQ_STRING }
|
---|
| 495 | };
|
---|
| 496 |
|
---|
| 497 | const char *pszVarName = NULL;
|
---|
| 498 | const char *pszVarDataFilename = NULL;
|
---|
| 499 |
|
---|
| 500 | RTGETOPTSTATE GetState;
|
---|
| 501 | int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
|
---|
| 502 | AssertRCReturn(vrc, RTEXITCODE_FAILURE);
|
---|
| 503 |
|
---|
| 504 | int c;
|
---|
| 505 | RTGETOPTUNION ValueUnion;
|
---|
| 506 | while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
|
---|
| 507 | {
|
---|
| 508 | switch (c)
|
---|
| 509 | {
|
---|
| 510 | case 'n':
|
---|
| 511 | pszVarName = ValueUnion.psz;
|
---|
| 512 | break;
|
---|
| 513 | case 'f':
|
---|
| 514 | pszVarDataFilename = ValueUnion.psz;
|
---|
| 515 | break;
|
---|
| 516 | default:
|
---|
| 517 | return errorGetOpt(c, &ValueUnion);
|
---|
| 518 | }
|
---|
| 519 | }
|
---|
| 520 |
|
---|
| 521 | if (!pszVarName)
|
---|
[92372] | 522 | return errorSyntax(Nvram::tr("No variable name was given to \"changevar\""));
|
---|
[91685] | 523 | if (!pszVarDataFilename)
|
---|
[92372] | 524 | return errorSyntax(Nvram::tr("No variable data filename was given to \"changevar\""));
|
---|
[91685] | 525 |
|
---|
| 526 | RTFILE hFile = NIL_RTFILE;
|
---|
| 527 | RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
|
---|
| 528 | vrc = RTFileOpen(&hFile, pszVarDataFilename, RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE);
|
---|
| 529 | if (RT_SUCCESS(vrc))
|
---|
| 530 | {
|
---|
| 531 | uint64_t cbFile = 0;
|
---|
| 532 | vrc = RTFileQuerySize(hFile, &cbFile);
|
---|
| 533 | if (RT_SUCCESS(vrc))
|
---|
| 534 | {
|
---|
| 535 | com::SafeArray<BYTE> aData;
|
---|
| 536 | aData.resize(cbFile);
|
---|
| 537 |
|
---|
| 538 | vrc = RTFileRead(hFile, aData.raw(), aData.size(), NULL /*pcbRead*/);
|
---|
| 539 | RTFileClose(hFile);
|
---|
| 540 |
|
---|
| 541 | if (RT_SUCCESS(vrc))
|
---|
| 542 | {
|
---|
| 543 | ComPtr<IUefiVariableStore> uefiVarStore;
|
---|
| 544 | CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 545 | CHECK_ERROR2I_RET(uefiVarStore, ChangeVariable(Bstr(pszVarName).raw(), ComSafeArrayAsInParam(aData)), RTEXITCODE_FAILURE);
|
---|
| 546 | }
|
---|
| 547 | else
|
---|
[92372] | 548 | rcExit = RTMsgErrorExitFailure(Nvram::tr("Error reading from '%s': %Rrc"), pszVarDataFilename, vrc);
|
---|
[91685] | 549 | }
|
---|
| 550 | }
|
---|
| 551 | else
|
---|
[103532] | 552 | rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
|
---|
[91685] | 553 |
|
---|
| 554 | return rcExit;
|
---|
| 555 | }
|
---|
| 556 |
|
---|
| 557 |
|
---|
| 558 | /**
|
---|
[91432] | 559 | * Handles the 'modifynvram' command.
|
---|
| 560 | * @returns Exit code.
|
---|
| 561 | * @param a The handler argument package.
|
---|
| 562 | */
|
---|
| 563 | RTEXITCODE handleModifyNvram(HandlerArg *a)
|
---|
| 564 | {
|
---|
[95140] | 565 | HRESULT hrc = S_OK;
|
---|
[91432] | 566 | ComPtr<IMachine> machine;
|
---|
| 567 | ComPtr<INvramStore> nvramStore;
|
---|
| 568 |
|
---|
| 569 | if (a->argc < 2)
|
---|
| 570 | return errorNoSubcommand();
|
---|
| 571 |
|
---|
| 572 | /* try to find the given machine */
|
---|
| 573 | CHECK_ERROR_RET(a->virtualBox, FindMachine(Bstr(a->argv[0]).raw(),
|
---|
| 574 | machine.asOutParam()), RTEXITCODE_FAILURE);
|
---|
| 575 |
|
---|
| 576 | /* open a session for the VM (new or shared) */
|
---|
| 577 | CHECK_ERROR_RET(machine, LockMachine(a->session, LockType_Write), RTEXITCODE_FAILURE);
|
---|
| 578 |
|
---|
| 579 | /* get the mutable session machine */
|
---|
| 580 | a->session->COMGETTER(Machine)(machine.asOutParam());
|
---|
[95140] | 581 | hrc = machine->COMGETTER(NonVolatileStore)(nvramStore.asOutParam());
|
---|
| 582 | if (FAILED(hrc)) goto leave;
|
---|
[91432] | 583 |
|
---|
| 584 | if (!strcmp(a->argv[1], "inituefivarstore"))
|
---|
[91617] | 585 | {
|
---|
| 586 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_INITUEFIVARSTORE);
|
---|
[95140] | 587 | hrc = handleModifyNvramInitUefiVarStore(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 588 | }
|
---|
[91432] | 589 | else if (!strcmp(a->argv[1], "enrollmssignatures"))
|
---|
[91617] | 590 | {
|
---|
| 591 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLMSSIGNATURES);
|
---|
[95140] | 592 | hrc = handleModifyNvramEnrollMsSignatures(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 593 | }
|
---|
[91432] | 594 | else if (!strcmp(a->argv[1], "enrollpk"))
|
---|
[91617] | 595 | {
|
---|
| 596 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLPK);
|
---|
[95140] | 597 | hrc = handleModifyNvramEnrollPlatformKey(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 598 | }
|
---|
[98988] | 599 | else if (!strcmp(a->argv[1], "enrollmok"))
|
---|
| 600 | {
|
---|
| 601 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLMOK);
|
---|
| 602 | hrc = handleModifyNvramEnrollMok(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
| 603 | }
|
---|
[91491] | 604 | else if (!strcmp(a->argv[1], "enrollorclpk"))
|
---|
[91617] | 605 | {
|
---|
| 606 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLORCLPK);
|
---|
[95140] | 607 | hrc = handleModifyNvramEnrollOraclePlatformKey(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 608 | }
|
---|
[103532] | 609 | else if (!strcmp(a->argv[1], "secureboot"))
|
---|
| 610 | {
|
---|
| 611 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_SECUREBOOT);
|
---|
| 612 | hrc = handleModifyNvramSecureBoot(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
| 613 | }
|
---|
[91457] | 614 | else if (!strcmp(a->argv[1], "listvars"))
|
---|
[91617] | 615 | {
|
---|
| 616 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_LISTVARS);
|
---|
[95140] | 617 | hrc = handleModifyNvramListUefiVars(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 618 | }
|
---|
[91457] | 619 | else if (!strcmp(a->argv[1], "queryvar"))
|
---|
[91617] | 620 | {
|
---|
| 621 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_QUERYVAR);
|
---|
[95140] | 622 | hrc = handleModifyNvramQueryUefiVar(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91617] | 623 | }
|
---|
[91685] | 624 | else if (!strcmp(a->argv[1], "deletevar"))
|
---|
| 625 | {
|
---|
| 626 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_DELETEVAR);
|
---|
[95140] | 627 | hrc = handleModifyNvramDeleteUefiVar(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91685] | 628 | }
|
---|
| 629 | else if (!strcmp(a->argv[1], "changevar"))
|
---|
| 630 | {
|
---|
| 631 | setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_CHANGEVAR);
|
---|
[95140] | 632 | hrc = handleModifyNvramChangeUefiVar(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
|
---|
[91685] | 633 | }
|
---|
[91432] | 634 | else
|
---|
[103532] | 635 | return errorUnknownSubcommand(a->argv[1]);
|
---|
[91432] | 636 |
|
---|
| 637 | /* commit changes */
|
---|
[95140] | 638 | if (SUCCEEDED(hrc))
|
---|
[91432] | 639 | CHECK_ERROR(machine, SaveSettings());
|
---|
| 640 |
|
---|
| 641 | leave:
|
---|
| 642 | /* it's important to always close sessions */
|
---|
| 643 | a->session->UnlockMachine();
|
---|
| 644 |
|
---|
[95140] | 645 | return SUCCEEDED(hrc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
|
---|
[91432] | 646 | }
|
---|