Reading nvram efi variables

Clay Daniels clay.daniels.jr at gmail.com
Sun Dec 29 05:58:59 UTC 2019 

Actually I intended to write it as a binary file with the -b option:
root at bsd13:/bootkeys # efivar -n
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault -b  > dbx
root at bsd13:/bootkeys # hexdump -C dbx
00000000  26 16 c4 c1 4c 50 92 40  ac a9 41 f9 36 93 43 28  |&...LP.@
..A.6.C(|
00000010  8c 0e 00 00 00 00 00 00  30 00 00 00 bd 9a fa 77
 |........0......w|
00000020  59 03 32 4d bd 60 28 f4  e7 8f 78 4b 80 b4 d9 69
 |Y.2M.`(...xK...i|
00000030  31 bf 0d 02 fd 91 a6 1e  19 d1 4f 1d a4 52 e6 6d
 |1.........O..R.m|
00000040  b2 40 8c a8 60 4d 41 1f  92 65 9f 0a bd 9a fa 77
 |. at ..`MA..e.....w|
00000050  59 03 32 4d bd 60 28 f4  e7 8f 78 4b f5 2f 83 a3
 |Y.2M.`(...xK./..|
00000060  fa 9c fb d6 92 0f 72 28  24 db e4 03 45 34 d2 5b
 |......r($...E4.[|
00000070  85 07 24 6b 3b 95 7d ac  6e 1b ce 7a bd 9a fa 77
 |..$k;.}.n..z...w|
~
00000ec0  9c a5 44 e6 bb 78 0a 2c  78 90 1d 3f b3 37 38 76
 |..D..x.,x..?.78v|
00000ed0  85 11 a3 06 17 af a0 1d  38 62 65 34 64 66 36 31
 |........8be4df61|
00000ee0  2d 39 33 63 61 2d 31 31  64 32 2d 61 61 30 64 2d
 |-93ca-11d2-aa0d-|
00000ef0  30 30 65 30 39 38 30 33  32 62 38 63 2d 64 62 78
 |00e098032b8c-dbx|
00000f00  44 65 66 61 75 6c 74 0a  0a                       |Default..|
00000f09
root at bsd13:/bootkeys #

On Sat, Dec 28, 2019 at 11:46 PM Clay Daniels <clay.daniels.jr at gmail.com>
wrote:

> The efivar command will list efi variables using:
> # efivar -l
> ~
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-KEKDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-PKDefault
> ~
> (There are a lot more but these secure boot keys are the ones of interest
> to me)
>
> I can write them to a file with:
> # efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault > dbx
>
> I can sort of read it with hexdump:
> root at bsd13:/bootkeys # hexdump -C dbx
> 00000000  38 62 65 34 64 66 36 31  2d 39 33 63 61 2d 31 31
>  |8be4df61-93ca-11|
> 00000010  64 32 2d 61 61 30 64 2d  30 30 65 30 39 38 30 33
>  |d2-aa0d-00e09803|
> 00000020  32 62 38 63 2d 64 62 78  44 65 66 61 75 6c 74 0a
>  |2b8c-dbxDefault.|
> 00000030  30 30 30 30 3a 20 32 36  20 31 36 20 63 34 20 63  |0000: 26 16
> c4 c|
> 00000040  31 20 34 63 20 35 30 20  39 32 20 34 30 20 61 63  |1 4c 50 92 40
> ac|
> 00000050  20 61 39 20 34 31 20 66  39 20 33 36 20 39 33 20  | a9 41 f9 36
> 93 |
> 00000060  34 33 20 32 38 20 0a 30  30 31 30 3a 20 38 63 20  |43 28 .0010:
> 8c |
> 00000070  30 65 20 30 30 20 30 30  20 30 30 20 30 30 20 30  |0e 00 00 00
> 00 0|
> 00000080  30 20 30 30 20 33 30 20  30 30 20 30 30 20 30 30  |0 00 30 00 00
> 00|
> 00000090  20 62 64 20 39 61 20 66  61 20 37 37 20 0a 30 30  | bd 9a fa 77
> .00|
> 000000a0  32 30 3a 20 35 39 20 30  33 20 33 32 20 34 64 20  |20: 59 03 32
> 4d |
> 000000b0  62 64 20 36 30 20 32 38  20 66 34 20 65 37 20 38  |bd 60 28 f4
> e7 8|
> 000000c0  66 20 37 38 20 34 62 20  38 30 20 62 34 20 64 39  |f 78 4b 80 b4
> d9|
> 000000d0  20 36 39 20 0a 30 30 33  30 3a 20 33 31 20 62 66  | 69 .0030: 31
> bf|
> 000000e0  20 30 64 20 30 32 20 66  64 20 39 31 20 61 36 20  | 0d 02 fd 91
> a6 |
> 000000f0  31 65 20 31 39 20 64 31  20 34 66 20 31 64 20 61  |1e 19 d1 4f
> 1d a|
> 00000100  34 20 35 32 20 65 36 20  36 64 20 0a 30 30 34 30  |4 52 e6 6d
> .0040|
> 00000110  3a 20 62 32 20 34 30 20  38 63 20 61 38 20 36 30  |: b2 40 8c a8
> 60|
> 00000120  20 34 64 20 34 31 20 31  66 20 39 32 20 36 35 20  | 4d 41 1f 92
> 65 |
> 00000130  39 66 20 30 61 20 62 64  20 39 61 20 66 61 20 37  |9f 0a bd 9a
> fa 7|
> 00000140  37 20 0a 30 30 35 30 3a  20 35 39 20 30 33 20 33  |7 .0050: 59
> 03 3|
> 00000150  32 20 34 64 20 62 64 20  36 30 20 32 38 20 66 34  |2 4d bd 60 28
> f4|
> 00000160  20 65 37 20 38 66 20 37  38 20 34 62 20 66 35 20  | e7 8f 78 4b
> f5 |
> 00000170  32 66 20 38 33 20 61 33  20 0a 30 30 36 30 3a 20  |2f 83 a3
> .0060: |
> 00000180  66 61 20 39 63 20 66 62  20 64 36 20 39 32 20 30  |fa 9c fb d6
> 92 0|
> 00000190  66 20 37 32 20 32 38 20  32 34 20 64 62 20 65 34  |f 72 28 24 db
> e4|
> 000001a0  20 30 33 20 34 35 20 33  34 20 64 32 20 35 62 20  | 03 45 34 d2
> 5b |
> 000001b0  0a 30 30 37 30 3a 20 38  35 20 30 37 20 32 34 20  |.0070: 85 07
> 24 |
> 000001c0  36 62 20 33 62 20 39 35  20 37 64 20 61 63 20 36  |6b 3b 95 7d
> ac 6|
> 000001d0  65 20 31 62 20 63 65 20  37 61 20 62 64 20 39 61  |e 1b ce 7a bd
> 9a|
> 000001e0  20 66 61 20 37 37 20 0a  30 30 38 30 3a 20 35 39  | fa 77 .0080:
> 59|
> 000001f0  20 30 33 20 33 32 20 34  64 20 62 64 20 36 30 20  | 03 32 4d bd
> 60 |
> 00000200  32 38 20 66 34 20 65 37  20 38 66 20 37 38 20 34  |28 f4 e7 8f
> 78 4|
> ~
> 00003300  63 20 37 38 20 39 30 20  31 64 20 33 66 20 62 33  |c 78 90 1d 3f
> b3|
> 00003310  20 33 37 20 33 38 20 37  36 20 0a 30 65 64 30 3a  | 37 38 76
> .0ed0:|
> 00003320  20 38 35 20 31 31 20 61  33 20 30 36 20 31 37 20  | 85 11 a3 06
> 17 |
> 00003330  61 66 20 61 30 20 31 64  20 0a 0a                 |af a0 1d ..|
> 0000333b
> root at bsd13:/bootkeys #
>
> Does anyone have a way to get any more real information out of these files
> in more humanly readable form?
>
> Clay
>

More information about the freebsd-questions mailing list