Bug 251025

Summary: efivar: Cannot write to EFI variables which have a '-' in their name
Product: Base System Reporter: probono
Component: binAssignee: Warner Losh <imp>
Status: Closed FIXED    
Severity: Affects Some People CC: emaste, grahamperrin, imp, markj, yuripv
Priority: --- Keywords: needs-qa
Version: 12.1-RELEASEFlags: imp: mfc-stable13+
Hardware: Any   
OS: Any   
URL: https://reviews.freebsd.org/D29620
Attachments:
Description Flags
possible fix using regex to match guid part none

Description probono 2020-11-10 20:15:20 UTC 
Cannot write to EFI variables which have a ':' in their name, such as 'prev-lang:kbd':

$ echo -n 'de:3\0' | sudo efivar -w -n '7C436110-AB2A-4BBB-A880-FE41995C9F82-prev-lang:kbd'
efivar: Invalid guid 7C436110-AB2A-4BBB-A880-FE41995C9F82-prev

'7C436110-AB2A-4BBB-A880-FE41995C9F82-prev-lang:kbd' is a variable used by Apple to store the selected language and keyboard layout as an EFI variable.
Comment 1 Yuri Pankov 2020-11-10 21:09:52 UTC 
Looking at the error message and breakdown_name() in usr.sbin/efivar/efivar.c, this rather looks like "efivar cannot write to EFI variables which have a '-' in their name".  If you look at the code linked below, the issue is quite obvious -- we use strrchr() to find the end of GUID, and in this case it's not correct:

https://svnweb.freebsd.org/base/head/usr.sbin/efivar/efivar.c?revision=366165&view=markup#l87

This needs a better way of distinguishing between GUID and var name.
Comment 2 Yuri Pankov 2020-11-11 14:31:19 UTC 
Created attachment 219556 [details]
possible fix using regex to match guid part

Possible fix using regex to match guid part.  Doing comp/free every time breakdown_name() is called should not be too expensive.
Comment 3 Yuri Pankov 2020-11-11 14:49:13 UTC 
OR, we could do a cp = name + 36 (guid len) and be done with it as it looks like guid is checked somewhere else anyway :)
Comment 4 probono 2020-11-18 19:17:06 UTC 
Confirm, thuis
Comment 5 probono 2020-12-31 09:58:31 UTC 
Is there a way to compile the patched version without needing to download and/or compile the entire FreeBSD source?
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2021-01-03 01:25:06 UTC 
(In reply to probono from comment #5)

usr.sbin/efivar has a Makefile [1] so one should be able to make install in that directory after patching to install just that component.

[1] https://svnweb.freebsd.org/base/head/usr.sbin/efivar/Makefile?revision=326472&view=markup
Comment 7 Warner Losh freebsd_committer freebsd_triage 2021-04-07 06:03:06 UTC 
The proposed patch isn't quite right. You can specify names as well as UUIDs and there's a table lookup for those names.

https://reviews.freebsd.org/D29620

has my proposed alternate fix that doesn't break the name lookup.
Comment 9 probono 2021-04-10 09:07:41 UTC 
Thank you very much, highly appreciated.
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2021-11-09 23:49:29 UTC 
^Triage: Re-open to request MFH
Comment 11 probono 2021-11-09 23:53:16 UTC 
Thank you for re-opening. I'd like to request merge to stable/13 and stable/12 branches, for future releases to include the change. Thanks!
Comment 12 Mark Linimon freebsd_committer freebsd_triage 2023-12-25 15:04:11 UTC 
^Triage: committed back in 2022.  Only mfc-stable13 now applies.
Comment 13 Warner Losh freebsd_committer freebsd_triage 2024-02-19 02:39:39 UTC 
already MFC'd to 13, will be in 13.3