Bug 251025 - efivar: Cannot write to EFI variables which have a '-' in their name
Summary: efivar: Cannot write to EFI variables which have a '-' in their name
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: Warner Losh
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2020-11-10 20:15 UTC by probono
Modified: 2021-04-10 09:07 UTC (History)
5 users (show)

See Also:
koobs: mfc-stable12?
koobs: mfc-stable11?


Attachments
possible fix using regex to match guid part (982 bytes, patch)
2020-11-11 14:31 UTC, Yuri Pankov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description probono 2020-11-10 20:15:20 UTC
Cannot write to EFI variables which have a ':' in their name, such as 'prev-lang:kbd':

$ echo -n 'de:3\0' | sudo efivar -w -n '7C436110-AB2A-4BBB-A880-FE41995C9F82-prev-lang:kbd'
efivar: Invalid guid 7C436110-AB2A-4BBB-A880-FE41995C9F82-prev

'7C436110-AB2A-4BBB-A880-FE41995C9F82-prev-lang:kbd' is a variable used by Apple to store the selected language and keyboard layout as an EFI variable.
Comment 1 Yuri Pankov 2020-11-10 21:09:52 UTC
Looking at the error message and breakdown_name() in usr.sbin/efivar/efivar.c, this rather looks like "efivar cannot write to EFI variables which have a '-' in their name".  If you look at the code linked below, the issue is quite obvious -- we use strrchr() to find the end of GUID, and in this case it's not correct:

https://svnweb.freebsd.org/base/head/usr.sbin/efivar/efivar.c?revision=366165&view=markup#l87

This needs a better way of distinguishing between GUID and var name.
Comment 2 Yuri Pankov 2020-11-11 14:31:19 UTC
Created attachment 219556 [details]
possible fix using regex to match guid part

Possible fix using regex to match guid part.  Doing comp/free every time breakdown_name() is called should not be too expensive.
Comment 3 Yuri Pankov 2020-11-11 14:49:13 UTC
OR, we could do a cp = name + 36 (guid len) and be done with it as it looks like guid is checked somewhere else anyway :)
Comment 4 probono 2020-11-18 19:17:06 UTC
Confirm, thuis
Comment 5 probono 2020-12-31 09:58:31 UTC
Is there a way to compile the patched version without needing to download and/or compile the entire FreeBSD source?
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2021-01-03 01:25:06 UTC
(In reply to probono from comment #5)

usr.sbin/efivar has a Makefile [1] so one should be able to make install in that directory after patching to install just that component.

[1] https://svnweb.freebsd.org/base/head/usr.sbin/efivar/Makefile?revision=326472&view=markup
Comment 7 Warner Losh freebsd_committer 2021-04-07 06:03:06 UTC
The proposed patch isn't quite right. You can specify names as well as UUIDs and there's a table lookup for those names.

https://reviews.freebsd.org/D29620

has my proposed alternate fix that doesn't break the name lookup.
Comment 9 probono 2021-04-10 09:07:41 UTC
Thank you very much, highly appreciated.