| // Copyright 2023 The ChromiumOS Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef INIT_STARTUP_UEFI_STARTUP_H_ |
| #define INIT_STARTUP_UEFI_STARTUP_H_ |
| |
| #include <sys/types.h> |
| |
| #include <memory> |
| #include <optional> |
| #include <string> |
| |
| #include <base/files/file_enumerator.h> |
| #include <base/files/file_path.h> |
| #include <libstorage/platform/platform.h> |
| |
| #include "init/startup/startup_dep_impl.h" |
| |
| namespace startup { |
| |
| // Abstract class for UEFI operations. |
| class UefiDelegate { |
| public: |
| // User and group ID. |
| struct UserAndGroup { |
| uid_t uid; |
| gid_t gid; |
| }; |
| |
| // Create a concrete instance of the default implementation. |
| static std::unique_ptr<UefiDelegate> Create(libstorage::Platform* platform, |
| const base::FilePath& root_dir); |
| |
| virtual ~UefiDelegate(); |
| |
| // Check if the device was booted from UEFI firmware. This is done by |
| // checking if "/sys/firmware/efi" exists. |
| virtual bool IsUefiEnabled() const = 0; |
| |
| // Get the user ID and group ID for fwupd. |
| virtual std::optional<UserAndGroup> GetFwupdUserAndGroup() const = 0; |
| |
| // Mount the filesystem that provides access to UEFI variables. |
| // |
| // The UEFI variables are mounted at /sys/firmware/efi/efivars. |
| // This is a efivarfs filesystem, so it doesn't have unix permissions. |
| // The files need to be writable by fwupd, so mount options are used |
| // to set the user and group of all files to fwupd. |
| // |
| // Returns true on success. |
| virtual bool MountEfivarfs(const UserAndGroup& fwupd) = 0; |
| |
| // Make a UEFI variable writable by the fwupd service. This applies |
| // two changes to the variable: |
| // |
| // 1. The file's attributes are modified to remove the immutable |
| // bit. That bit is set by the kernel to make it harder for end |
| // users to accidentally brick a machine by deleting UEFI |
| // variables. Some firmware is poorly implemented and will do |
| // unexpected things if variables it expects go missing. We need to |
| // relax this restriction for UEFI variables that fwupd will |
| // modify. |
| // |
| // Returns true on success. |
| virtual bool MakeUefiVarMutable(const std::string& vendor, |
| const std::string& name) = 0; |
| |
| // Make the EFI System Resource Table (ESRT) readable by the fwupd |
| // service. |
| // |
| // The ESRT is represented by files in /sys/firmware/efi/esrt. The |
| // ownership of everything in that directory (recursive) is changed to |
| // fwupd. |
| // |
| // Errors are logged but otherwise ignored. |
| virtual void MakeEsrtReadableByFwupd(const UserAndGroup& fwupd) = 0; |
| }; |
| |
| // Initialize directories needed for UEFI platforms. Does nothing if not |
| // booted from UEFI firmware. |
| // |
| // Errors are logged, but not propagated to the caller. |
| void MaybeRunUefiStartup(UefiDelegate& uefi_delegate); |
| |
| } // namespace startup |
| |
| #endif // INIT_STARTUP_UEFI_STARTUP_H_ |