From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Gabriel Goller <g.goller@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH v4 proxmox 1/5] sys: add helper to get bootmode and secureboot status
Date: Wed, 29 Nov 2023 11:13:37 +0100 [thread overview]
Message-ID: <r4t5hmghvgzrwwntlxym2kguda26c5mkha524ozl6upktax3ui@3jxbebezjvar> (raw)
In-Reply-To: <20231129090746.38798-2-g.goller@proxmox.com>
On Wed, Nov 29, 2023 at 10:07:42AM +0100, Gabriel Goller wrote:
> Helper that return the current boot_mode and secureboot status.
> Detection works the same as in pve, we use `/sys/firmware/efi` and
> the `efivars/SecureBoot-xxx..` file.
>
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> ---
> proxmox-sys/src/boot_mode.rs | 72 ++++++++++++++++++++++++++++++++++++
> proxmox-sys/src/lib.rs | 1 +
> 2 files changed, 73 insertions(+)
> create mode 100644 proxmox-sys/src/boot_mode.rs
>
> diff --git a/proxmox-sys/src/boot_mode.rs b/proxmox-sys/src/boot_mode.rs
> new file mode 100644
> index 0000000..dc9d4f5
> --- /dev/null
> +++ b/proxmox-sys/src/boot_mode.rs
> @@ -0,0 +1,72 @@
> +use std::{io::Read, sync::Mutex};
> +
> +#[derive(Clone, Copy)]
^ Maybe also + Debug + Eq + PartialEq
> +pub enum SecureBoot {
> + /// SecureBoot is enabled
> + Enabled,
> + /// SecureBoot is disabled
> + Disabled,
> +}
> +
> +/// The possible BootModes
> +#[derive(Clone, Copy)]
^ Maybe also + Debug + Eq + PartialEq
> +pub enum BootMode {
> + /// The BootMode is EFI/UEFI
> + Efi,
> + /// The BootMode is Legacy BIOS
> + Bios,
> +}
> +
> +impl BootMode {
> + /// Returns the current bootmode (BIOS or EFI)
> + pub fn query() -> BootMode {
> + lazy_static::lazy_static!(
> + static ref BOOT_MODE: Mutex<Option<BootMode>> = Mutex::new(None);
> + );
lazy_static + Mutex = overkill.
Here we can just use std::sync::OnceLock<BootMode>.
> +
> + let mut last = BOOT_MODE.lock().unwrap();
> + let value = last.or_else(|| {
> + if std::path::Path::new("/sys/firmware/efi").exists() {
> + Some(BootMode::Efi)
> + } else {
> + Some(BootMode::Bios)
> + }
> + });
> + *last = value;
> + value.unwrap()
> + }
> +}
> +
> +impl SecureBoot {
> + /// Checks if secure boot is enabled
> + pub fn query() -> SecureBoot {
> + lazy_static::lazy_static!(
> + static ref SECURE_BOOT: Mutex<Option<SecureBoot>> = Mutex::new(None);
> + );
^ same
> +
> + let mut last = SECURE_BOOT.lock().unwrap();
> + let value = last.or_else(|| {
> + // Check if SecureBoot is enabled
> + // Attention: this file is not seekable!
> + // Spec: https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html?highlight=8be4d#globally-defined-variables
> + let efivar = std::fs::File::open(
> + "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c",
> + );
> + if let Ok(mut file) = efivar {
> + let mut buf = [0; 5];
> + let Ok(_) = file.read_exact(&mut buf) else {
Btw. we can probably shorten this chain to
if File::open(
"..."
).and_then(|file| file.read_exact(&mut buf))
.is_ok()
&& buf[4] == 1
{
SecureBoot::Enabled
} else {
SecureBoot::Disabled
}
but, since in the API we need to do the same thing as in PVE, we might
as well just have a From/Into<bool> and shorten this even further...
> + return Some(SecureBoot::Disabled);
> + };
> + if buf[4] == 1 {
> + Some(SecureBoot::Enabled)
> + } else {
> + Some(SecureBoot::Disabled)
> + }
> + } else {
> + Some(SecureBoot::Disabled)
> + }
> + });
> + *last = value;
> + value.unwrap()
> + }
> +}
next prev parent reply other threads:[~2023-11-29 10:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 9:07 [pbs-devel] [PATCH v4 proxmox{, -backup} 0/5] Add boot_mode, improve kernel version Gabriel Goller
2023-11-29 9:07 ` [pbs-devel] [PATCH v4 proxmox 1/5] sys: add helper to get bootmode and secureboot status Gabriel Goller
2023-11-29 10:13 ` Wolfgang Bumiller [this message]
2023-11-29 9:07 ` [pbs-devel] [PATCH v4 proxmox-backup 2/5] node: status: added bootmode Gabriel Goller
2023-11-29 10:18 ` Wolfgang Bumiller
2023-11-29 12:44 ` Gabriel Goller
2023-11-29 9:07 ` [pbs-devel] [PATCH v4 proxmox-backup 3/5] ui: dashboard: show the bootmode Gabriel Goller
2023-11-29 9:07 ` [pbs-devel] [PATCH v4 proxmox-backup 4/5] node: status: declutter kernel-version Gabriel Goller
2023-11-29 10:23 ` Wolfgang Bumiller
2023-11-29 12:50 ` Gabriel Goller
2023-11-29 13:05 ` Wolfgang Bumiller
2023-11-29 9:07 ` [pbs-devel] [PATCH v4 proxmox-backup 5/5] ui: dashboard: nicely display kernel version Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=r4t5hmghvgzrwwntlxym2kguda26c5mkha524ozl6upktax3ui@3jxbebezjvar \
--to=w.bumiller@proxmox.com \
--cc=g.goller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.