Changeset 103532 in vbox for trunk/src/VBox/Frontends/VBoxManage

Timestamp:

Feb 22, 2024 2:05:31 PM (15 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

161878

Message:

VBoxManage: Add subcommand for enabling UEFI secure boot (and show the status in the VM infos).
Main/NVRAMStore+UefiVariableStore: Tweaks to allow reading the UEFI secure boot state when the VM isn't mutable.
doc/manual: Update VBoxManage manpage.

Location:

trunk/src/VBox/Frontends/VBoxManage

Files:

• VBoxManageInfo.cpp (modified) (1 diff)
• VBoxManageModifyNvram.cpp (modified) (9 diffs)

trunk/src/VBox/Frontends/VBoxManage/VBoxManageInfo.cpp

@@ -1414 +1414 @@
     if (bstrNVRAMFile.isNotEmpty())
         SHOW_BSTR_STRING("BIOS NVRAM File", Info::tr("BIOS NVRAM File:"), bstrNVRAMFile);
+    if (   firmwareType == FirmwareType_EFI || firmwareType == FirmwareType_EFI32
+        || firmwareType == FirmwareType_EFI64 || firmwareType == FirmwareType_EFIDUAL)
+    {
+        ComPtr<IUefiVariableStore> uefiVarStore;
+        CHECK_ERROR_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), hrc);
+        SHOW_BOOLEAN_PROP(uefiVarStore, SecureBootEnabled, "SecureBoot", Info::tr("UEFI Secure Boot:"));
+    }
     SHOW_BOOLEAN_PROP_EX(platform,   RTCUseUTC, "rtcuseutc", Info::tr("RTC:"), "UTC", Info::tr("local time"));
 

trunk/src/VBox/Frontends/VBoxManage/VBoxManageModifyNvram.cpp

@@ -64 +64 @@
 static RTEXITCODE handleModifyNvramInitUefiVarStore(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
 {
-    RT_NOREF(a);
+    if (a->argc != 2)
+        return errorTooManyParameters(&a->argv[1]);
 
     CHECK_ERROR2I_RET(nvramStore, InitUefiVariableStore(0 /*aSize*/), RTEXITCODE_FAILURE);
@@ -79 +80 @@
 static RTEXITCODE handleModifyNvramEnrollMsSignatures(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
 {
-    RT_NOREF(a);
+    if (a->argc != 2)
+        return errorTooManyParameters(&a->argv[1]);
 
     ComPtr<IUefiVariableStore> uefiVarStore;
@@ -252 +254 @@
 static RTEXITCODE handleModifyNvramEnrollOraclePlatformKey(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
 {
-    RT_NOREF(a);
+    if (a->argc != 2)
+        return errorTooManyParameters(&a->argv[1]);
 
     ComPtr<IUefiVariableStore> uefiVarStore;
@@ -263 +266 @@
 
 /**
+ * Handles the 'modifynvram myvm secureboot' sub-command.
+ * @returns Exit code.
+ * @param   a               The handler argument package.
+ * @param   nvram           Reference to the NVRAM store interface.
+ */
+static RTEXITCODE handleModifyNvramSecureBoot(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
+{
+    static const RTGETOPTDEF s_aOptions[] =
+    {
+        /* common options */
+        { "--enable",       'e', RTGETOPT_REQ_NOTHING },
+        { "--disable",      'd', RTGETOPT_REQ_NOTHING }
+    };
+
+    int enable = -1;
+
+    RTGETOPTSTATE GetState;
+    int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
+    AssertRCReturn(vrc, RTEXITCODE_FAILURE);
+
+    int c;
+    RTGETOPTUNION ValueUnion;
+    while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
+    {
+        switch (c)
+        {
+            case 'e':   // --enable
+                if (enable >= 0)
+                    return errorSyntax(Nvram::tr("You can specify either --enable or --disable once."));
+                enable = 1;
+                break;
+
+            case 'd':   // --disable
+                if (enable >= 0)
+                    return errorSyntax(Nvram::tr("You can specify either --enable or --disable once."));
+                enable = 0;
+                break;
+
+            default:
+                return errorGetOpt(c, &ValueUnion);
+        }
+    }
+
+    if (enable < 0)
+        return errorSyntax(Nvram::tr("You have to specify either --enable or --disable."));
+
+    ComPtr<IUefiVariableStore> uefiVarStore;
+    CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
+
+    CHECK_ERROR2I_RET(uefiVarStore, COMSETTER(SecureBootEnabled((BOOL)enable)), RTEXITCODE_FAILURE);
+    return RTEXITCODE_SUCCESS;
+}
+
+
+/**
  * Handles the 'modifynvram myvm listvars' sub-command.
  * @returns Exit code.
@@ -270 +328 @@
 static RTEXITCODE handleModifyNvramListUefiVars(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
 {
-    RT_NOREF(a);
+    if (a->argc != 2)
+        return errorTooManyParameters(&a->argv[1]);
 
     ComPtr<IUefiVariableStore> uefiVarStore;
@@ -362 +421 @@
         }
         else
-           rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
+            rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
     }
 
@@ -491 +550 @@
     }
     else
-       rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
+        rcExit = RTMsgErrorExitFailure(Nvram::tr("Error opening '%s': %Rrc"), pszVarDataFilename, vrc);
 
     return rcExit;
@@ -548 +607 @@
         hrc = handleModifyNvramEnrollOraclePlatformKey(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
     }
+    else if (!strcmp(a->argv[1], "secureboot"))
+    {
+        setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_SECUREBOOT);
+        hrc = handleModifyNvramSecureBoot(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
+    }
     else if (!strcmp(a->argv[1], "listvars"))
     {
@@ -569 +633 @@
     }
     else
-        return errorUnknownSubcommand(a->argv[0]);
+        return errorUnknownSubcommand(a->argv[1]);
 
     /* commit changes */