Repository files navigation

uefisettings is a tool to read and write BIOS settings on a local host. It currently supports two interfaces:

• HiiDB (used in OCP and also has partial support in other platforms)
• iLO BlobStore (used in HPE)

cargo install uefisettings

cd /tmpgit clone https://github.com/linuxboot/uefisettingscd uefisettingscargo install --path.~/.cargo/bin/uefisettings --help

uefisettings hiiset'Pending operation''TPM Clear'

if [["$(uefisettings hii get --json'Enable Intel(R) TXT'| jq -r'.responses | .[].question.answer')"="Enable" ]];then# Do something if TXT is enabledfi

SUBCOMMANDS:    get         Auto-identify backend and get the current value of a question    help        Print this message or the help of the given subcommand(s)    hii         Commands which work on machines exposing the UEFI HiiDB    identify    Auto-identify backend and display hardware/bios-information    ilo         Commands which work on machines having HPE's Ilo BMC    set         Auto-identify backend and set/change the value of a question

hii:

SUBCOMMANDS:    extract-db      Dump HiiDB into a file    get             Get the current value of a question    help            Print this message or the help of the given subcommand(s)    list-strings    List all strings-id, string pairs in HiiDB    set             Set/change the value of a question    show-ifr        Show a human readable representation of the Hii Forms

ilo:

SUBCOMMANDS:    get                Get the current value of a question    help               Print this message or the help of the given subcommand(s)    set                Set/change the value of a question    show-attributes    List bios attributes and their current values

To change BIOS settings from Linux terminal there are usually next ways available:

• OnOpen Compute Project hardware - read/parse a binary database called Hii (defined in the UEFI spec) and manipulate binary files in the/sys file system to change settings. This approach may also work on some non-OCP consumer hardware like your laptops.
• On Hewlett Packard Enterprise hardware - use HPE's redfish API to read/write settings. This requires the presence of HPE's iLO BMC.
• Use different proprietary tools like SCELNX from AMI or conrep from HPE. However, these require additional kernel modules to be loaded.

But this tool is an unified opensource approach to manipulate UEFI settings on any platform.

• Extract HiiDB from/dev/mem after getting offsets fromefivarfs.
• Library (hii) in Rust partially implements the UEFI Hii specification.
• It parses the HiiDB op-codes into a DOM tree like representation which can be read by machines and humans.
• It can ask questions about UEFI settings from HiiDB and get their answers.
• Change UEFI settings by calculating the correct offsets and writing to entries inefivarfs.

• Unlike OCP Hardware, HPE does not expose HiiDB inefivarfs.
• Instead they provide a way to change UEFI settings via iLO using the Redfish API.
• Redfish can be consumed over:
  • Standard networking protocols like TCP but this requires authentication credentials and network access to the BMC.
  • By accessing/dev/hpilo directly. This doesn't require authentication credentials. HPE doesn't provide any documentation for this approach but they provide an opensourceilorest CLI tool which calls a closed-source dynamically loaded shared object library calledilorest_chif.so which does the magic. The transport method used here instead of TCP is called Blobstore2.
• We are forbidden from disassemblingilorest_chif.so but we figured out most of its function signatures by looking at Apache2-licensed HPE's python ilorest CLI tool which calls it.
• Blobstore2 communication logic and rust bindings toilorest_chif.so are implemented in theilorest library. Feel free to use opensource implementation instead ofilorest_chif.so to avoid license problems.

The opensource ilorest study results are published indoc/ilorest.md.

If one needs to update a file insidethrift directory then:

1. Install fbthrift compiler:cargo install fbthrift_compiler && (sudo dnf install -y fbthrift || sudo apt install -y fbthrift)
2. Update the.thrift file.
3. Run~/.cargo/bin/compiler path/to/updated/file.thrift.
4. Runmv lib.rs path/to/generated/rust/file.rs.

For example:

# Install fbthrift compilercargo install fbthrift_compilersudo dnf install -y fbthrift# Update filevi thrift/uefisettings_spellings_db.thrift# Re-generate the rust file from the thrift file.cargo install fbthrift_compiler~/.cargo/bin/compiler thrift/uefisettings_spellings_db.thriftmv lib.rs thrift/rust/uefisettings_spellings_db_thrift/uefisettings_spellings_db.rs