Reading nvram efi variables
Clay Daniels
clay.daniels.jr at gmail.com
Sun Dec 29 05:58:59 UTC 2019
Actually I intended to write it as a binary file with the -b option:
root at bsd13:/bootkeys # efivar -n
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault -b > dbx
root at bsd13:/bootkeys # hexdump -C dbx
00000000 26 16 c4 c1 4c 50 92 40 ac a9 41 f9 36 93 43 28 |&...LP.@
..A.6.C(|
00000010 8c 0e 00 00 00 00 00 00 30 00 00 00 bd 9a fa 77
|........0......w|
00000020 59 03 32 4d bd 60 28 f4 e7 8f 78 4b 80 b4 d9 69
|Y.2M.`(...xK...i|
00000030 31 bf 0d 02 fd 91 a6 1e 19 d1 4f 1d a4 52 e6 6d
|1.........O..R.m|
00000040 b2 40 8c a8 60 4d 41 1f 92 65 9f 0a bd 9a fa 77
|. at ..`MA..e.....w|
00000050 59 03 32 4d bd 60 28 f4 e7 8f 78 4b f5 2f 83 a3
|Y.2M.`(...xK./..|
00000060 fa 9c fb d6 92 0f 72 28 24 db e4 03 45 34 d2 5b
|......r($...E4.[|
00000070 85 07 24 6b 3b 95 7d ac 6e 1b ce 7a bd 9a fa 77
|..$k;.}.n..z...w|
~
00000ec0 9c a5 44 e6 bb 78 0a 2c 78 90 1d 3f b3 37 38 76
|..D..x.,x..?.78v|
00000ed0 85 11 a3 06 17 af a0 1d 38 62 65 34 64 66 36 31
|........8be4df61|
00000ee0 2d 39 33 63 61 2d 31 31 64 32 2d 61 61 30 64 2d
|-93ca-11d2-aa0d-|
00000ef0 30 30 65 30 39 38 30 33 32 62 38 63 2d 64 62 78
|00e098032b8c-dbx|
00000f00 44 65 66 61 75 6c 74 0a 0a |Default..|
00000f09
root at bsd13:/bootkeys #
On Sat, Dec 28, 2019 at 11:46 PM Clay Daniels <clay.daniels.jr at gmail.com>
wrote:
> The efivar command will list efi variables using:
> # efivar -l
> ~
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-KEKDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-PKDefault
> ~
> (There are a lot more but these secure boot keys are the ones of interest
> to me)
>
> I can write them to a file with:
> # efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault > dbx
>
> I can sort of read it with hexdump:
> root at bsd13:/bootkeys # hexdump -C dbx
> 00000000 38 62 65 34 64 66 36 31 2d 39 33 63 61 2d 31 31
> |8be4df61-93ca-11|
> 00000010 64 32 2d 61 61 30 64 2d 30 30 65 30 39 38 30 33
> |d2-aa0d-00e09803|
> 00000020 32 62 38 63 2d 64 62 78 44 65 66 61 75 6c 74 0a
> |2b8c-dbxDefault.|
> 00000030 30 30 30 30 3a 20 32 36 20 31 36 20 63 34 20 63 |0000: 26 16
> c4 c|
> 00000040 31 20 34 63 20 35 30 20 39 32 20 34 30 20 61 63 |1 4c 50 92 40
> ac|
> 00000050 20 61 39 20 34 31 20 66 39 20 33 36 20 39 33 20 | a9 41 f9 36
> 93 |
> 00000060 34 33 20 32 38 20 0a 30 30 31 30 3a 20 38 63 20 |43 28 .0010:
> 8c |
> 00000070 30 65 20 30 30 20 30 30 20 30 30 20 30 30 20 30 |0e 00 00 00
> 00 0|
> 00000080 30 20 30 30 20 33 30 20 30 30 20 30 30 20 30 30 |0 00 30 00 00
> 00|
> 00000090 20 62 64 20 39 61 20 66 61 20 37 37 20 0a 30 30 | bd 9a fa 77
> .00|
> 000000a0 32 30 3a 20 35 39 20 30 33 20 33 32 20 34 64 20 |20: 59 03 32
> 4d |
> 000000b0 62 64 20 36 30 20 32 38 20 66 34 20 65 37 20 38 |bd 60 28 f4
> e7 8|
> 000000c0 66 20 37 38 20 34 62 20 38 30 20 62 34 20 64 39 |f 78 4b 80 b4
> d9|
> 000000d0 20 36 39 20 0a 30 30 33 30 3a 20 33 31 20 62 66 | 69 .0030: 31
> bf|
> 000000e0 20 30 64 20 30 32 20 66 64 20 39 31 20 61 36 20 | 0d 02 fd 91
> a6 |
> 000000f0 31 65 20 31 39 20 64 31 20 34 66 20 31 64 20 61 |1e 19 d1 4f
> 1d a|
> 00000100 34 20 35 32 20 65 36 20 36 64 20 0a 30 30 34 30 |4 52 e6 6d
> .0040|
> 00000110 3a 20 62 32 20 34 30 20 38 63 20 61 38 20 36 30 |: b2 40 8c a8
> 60|
> 00000120 20 34 64 20 34 31 20 31 66 20 39 32 20 36 35 20 | 4d 41 1f 92
> 65 |
> 00000130 39 66 20 30 61 20 62 64 20 39 61 20 66 61 20 37 |9f 0a bd 9a
> fa 7|
> 00000140 37 20 0a 30 30 35 30 3a 20 35 39 20 30 33 20 33 |7 .0050: 59
> 03 3|
> 00000150 32 20 34 64 20 62 64 20 36 30 20 32 38 20 66 34 |2 4d bd 60 28
> f4|
> 00000160 20 65 37 20 38 66 20 37 38 20 34 62 20 66 35 20 | e7 8f 78 4b
> f5 |
> 00000170 32 66 20 38 33 20 61 33 20 0a 30 30 36 30 3a 20 |2f 83 a3
> .0060: |
> 00000180 66 61 20 39 63 20 66 62 20 64 36 20 39 32 20 30 |fa 9c fb d6
> 92 0|
> 00000190 66 20 37 32 20 32 38 20 32 34 20 64 62 20 65 34 |f 72 28 24 db
> e4|
> 000001a0 20 30 33 20 34 35 20 33 34 20 64 32 20 35 62 20 | 03 45 34 d2
> 5b |
> 000001b0 0a 30 30 37 30 3a 20 38 35 20 30 37 20 32 34 20 |.0070: 85 07
> 24 |
> 000001c0 36 62 20 33 62 20 39 35 20 37 64 20 61 63 20 36 |6b 3b 95 7d
> ac 6|
> 000001d0 65 20 31 62 20 63 65 20 37 61 20 62 64 20 39 61 |e 1b ce 7a bd
> 9a|
> 000001e0 20 66 61 20 37 37 20 0a 30 30 38 30 3a 20 35 39 | fa 77 .0080:
> 59|
> 000001f0 20 30 33 20 33 32 20 34 64 20 62 64 20 36 30 20 | 03 32 4d bd
> 60 |
> 00000200 32 38 20 66 34 20 65 37 20 38 66 20 37 38 20 34 |28 f4 e7 8f
> 78 4|
> ~
> 00003300 63 20 37 38 20 39 30 20 31 64 20 33 66 20 62 33 |c 78 90 1d 3f
> b3|
> 00003310 20 33 37 20 33 38 20 37 36 20 0a 30 65 64 30 3a | 37 38 76
> .0ed0:|
> 00003320 20 38 35 20 31 31 20 61 33 20 30 36 20 31 37 20 | 85 11 a3 06
> 17 |
> 00003330 61 66 20 61 30 20 31 64 20 0a 0a |af a0 1d ..|
> 0000333b
> root at bsd13:/bootkeys #
>
> Does anyone have a way to get any more real information out of these files
> in more humanly readable form?
>
> Clay
>
More information about the freebsd-questions
mailing list