From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Gabriel Goller <g.goller@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH v3 proxmox 1/3] sys: add function to get boot_mode
Date: Mon, 27 Nov 2023 13:48:44 +0100 [thread overview]
Message-ID: <gxpphkp3qcaztijq4hcoozfybpuwl2e7z66ssgg2mabjxi327f@tpox4aiekttg> (raw)
In-Reply-To: <20231127101644.74160-2-g.goller@proxmox.com>
On Mon, Nov 27, 2023 at 11:16:42AM +0100, Gabriel Goller wrote:
> Helper that returns the current boot_mode. Either EFI, BIOS, or EFI
> (Secure Boot).
> Detection works the same as in pve, we use `/sys/firmware/efi` and
> the `efivars/SecureBoot-xxx..` file.
>
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> ---
> proxmox-sys/src/boot_mode.rs | 54 ++++++++++++++++++++++++++++++++++++
> proxmox-sys/src/lib.rs | 1 +
> 2 files changed, 55 insertions(+)
> create mode 100644 proxmox-sys/src/boot_mode.rs
>
> diff --git a/proxmox-sys/src/boot_mode.rs b/proxmox-sys/src/boot_mode.rs
> new file mode 100644
> index 0000000..6dcdf07
> --- /dev/null
> +++ b/proxmox-sys/src/boot_mode.rs
> @@ -0,0 +1,54 @@
> +use std::{io::Read, sync::Mutex};
> +
> +#[derive(Clone, Copy)]
> +pub enum SecureBoot {
> + /// SecureBoot is enabled
> + Enabled,
> + /// SecureBoot is disabled
> + Disabled,
> +}
> +
> +/// The possible BootModes
> +#[derive(Clone, Copy)]
> +pub enum BootModeInformation {
> + /// The BootMode is EFI/UEFI, has a SecureBoot variant
> + Efi(SecureBoot),
> + /// The BootMode is Legacy BIOS
> + Bios,
> +}
> +
> +// Returns the current bootmode (BIOS, EFI, or EFI(Secure Boot))
> +pub fn boot_mode() -> BootModeInformation {
> + lazy_static::lazy_static!(
> + static ref BOOT_MODE: Mutex<Option<BootModeInformation>> = Mutex::new(None);
> + );
> +
> + let mut last = BOOT_MODE.lock().unwrap();
> + let value = last.or_else(|| {
> + if std::path::Path::new("/sys/firmware/efi").exists() {
> + // Check if SecureBoot is enabled
> + // Attention: this file is not seekable!
> + // Spec: https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html?highlight=8be4d#globally-defined-variables
> + let efivar = std::fs::File::open(
> + "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c",
> + );
> + if let Ok(mut file) = efivar {
> + let mut buf = [0; 5];
> + let Ok(_) = file.read_exact(&mut buf) else {
> + return Some(BootModeInformation::Efi(SecureBoot::Disabled));
> + };
> + if buf[4..] == [1] {
This doesn't need to be a range comparison, just use `buf[4] == 1`
Or rather,, should we instead use `!= 0`?
Depending on how we want to treat a "reserved" mode...
next prev parent reply other threads:[~2023-11-27 12:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-27 10:16 [pbs-devel] [PATCH v3 proxmox{, -backup} 0/3] Add boot_mode, improve kernel version Gabriel Goller
2023-11-27 10:16 ` [pbs-devel] [PATCH v3 proxmox 1/3] sys: add function to get boot_mode Gabriel Goller
2023-11-27 12:48 ` Wolfgang Bumiller [this message]
2023-11-27 13:20 ` Gabriel Goller
2023-11-27 10:16 ` [pbs-devel] [PATCH v3 proxmox-backup 2/3] node: status: added bootmode Gabriel Goller
2023-11-27 10:39 ` Lukas Wagner
2023-11-27 10:52 ` Gabriel Goller
2023-11-27 10:16 ` [pbs-devel] [PATCH v3 proxmox-backup 3/3] node: status: declutter kernel-version Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gxpphkp3qcaztijq4hcoozfybpuwl2e7z66ssgg2mabjxi327f@tpox4aiekttg \
--to=w.bumiller@proxmox.com \
--cc=g.goller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.