From owner-freebsd-questions@freebsd.org  Sun Dec 29 05:58:59 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28C191D55DE
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sun, 29 Dec 2019 05:58:59 +0000 (UTC)
 (envelope-from clay.daniels.jr@gmail.com)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com
 [IPv6:2a00:1450:4864:20::12b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47lqcy34VBz49Fx
 for <freebsd-questions@freebsd.org>; Sun, 29 Dec 2019 05:58:58 +0000 (UTC)
 (envelope-from clay.daniels.jr@gmail.com)
Received: by mail-lf1-x12b.google.com with SMTP id y19so23302631lfl.9
 for <freebsd-questions@freebsd.org>; Sat, 28 Dec 2019 21:58:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
 bh=qcivvGPIGoXxluqLT/nUFsgbv05tK5uJ9b6EXmkQojU=;
 b=glA5FXtfJekvbej+fHm7/ExKnEYIQH9uQMGthSoXWZ0WYWh2tnJMfFNXbJstDHilYF
 P8qC1iIvw1iFl8NdtBXqGXeUSuXAtEDfkuxbX27RbrcAiEamWQ0dQ2ztOfTYFwUrDUCV
 N0DPQR54Q8Y9HrHR1l6Z4oDmm8lAphqxj9tZ5y/mocF8V8PFN/T9EGGBXoXKShlqkFMB
 U09BnYTeBPapLRbHFqyhKGd0l71htIA6/8tm+oy8BW5Z3CP4ZySPHRIQG4guB/GUou8/
 lQExnV2WUxrPmkN1+Pqpv0QmrEV5LXn8h/lDtuYvjNAGv0sMaMxOcQU9V73UM/fAaxfm
 I5sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=qcivvGPIGoXxluqLT/nUFsgbv05tK5uJ9b6EXmkQojU=;
 b=PU4LXZ9+ROclumSwNavaRMcndyZouO++Gj3LEIviNnpaAIMD/bFemronizAgMVtSAC
 agHNC9n3KYGsjldANc5IKzZNKnQLpgEubmxqPdj6kHVqXMaTvYwGgJoQodCf1hAlr0Mf
 qFh4RmGcYRzZg+DALhRX1IrENhybaP8bLNP6xO5+/OFndTKxfRrodWoZ4ZWh4aJohYjs
 jJDY5xnNnrNHElEdxKzLEcImL69slUpfGNGFvUpZws7poRSoKly0pq+Twrm5d7vRwMpx
 BE2kM8Jo9ivChuSWLmeX0Ndz5uZLgPmevqdnhTHKazmkjDDnmlg1gldzuHgX5i1CiBFs
 iO5w==
X-Gm-Message-State: APjAAAWZap5LYj7dC7rlRppNjXaahz1SUO9yURYim+5asRMWxxK7Vn1h
 RTleUYL9+qK10zw8A0yNU782zcIwCy1z6/IHhvAP+uk=
X-Google-Smtp-Source: APXvYqyib5pP99qgJCLa9mUZYSIPwbeCGMKjimp7RJ+CFSTBuwaeGgFiyISGO0eYX+sfodtuWzxNoN9jdvciZmbkVVc=
X-Received: by 2002:a19:c697:: with SMTP id w145mr32919583lff.54.1577599135360; 
 Sat, 28 Dec 2019 21:58:55 -0800 (PST)
MIME-Version: 1.0
References: <CAGLDxTUZoXhWHFXBy4qoYjWPUk+3nf+p1xpk1U6mU80=5Y4Z_g@mail.gmail.com>
In-Reply-To: <CAGLDxTUZoXhWHFXBy4qoYjWPUk+3nf+p1xpk1U6mU80=5Y4Z_g@mail.gmail.com>
From: Clay Daniels <clay.daniels.jr@gmail.com>
Date: Sat, 28 Dec 2019 23:58:44 -0600
Message-ID: <CAGLDxTUNwJFpo8RLnrgZTY7LYN539vYCRd0+wpEfMYQ0uxoPSQ@mail.gmail.com>
Subject: Re: Reading nvram efi variables
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 47lqcy34VBz49Fx
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=glA5FXtf;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of claydanielsjr@gmail.com designates
 2a00:1450:4864:20::12b as permitted sender)
 smtp.mailfrom=claydanielsjr@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(0.00)[ip: (-9.14), ipnet: 2a00:1450::/32(-2.64), asn: 15169(-1.88),
 country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[b.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; TO_DN_EQ_ADDR_ALL(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Dec 2019 05:58:59 -0000

Actually I intended to write it as a binary file with the -b option:
root@bsd13:/bootkeys # efivar -n
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault -b  > dbx
root@bsd13:/bootkeys # hexdump -C dbx
00000000  26 16 c4 c1 4c 50 92 40  ac a9 41 f9 36 93 43 28  |&...LP.@
..A.6.C(|
00000010  8c 0e 00 00 00 00 00 00  30 00 00 00 bd 9a fa 77
 |........0......w|
00000020  59 03 32 4d bd 60 28 f4  e7 8f 78 4b 80 b4 d9 69
 |Y.2M.`(...xK...i|
00000030  31 bf 0d 02 fd 91 a6 1e  19 d1 4f 1d a4 52 e6 6d
 |1.........O..R.m|
00000040  b2 40 8c a8 60 4d 41 1f  92 65 9f 0a bd 9a fa 77
 |.@..`MA..e.....w|
00000050  59 03 32 4d bd 60 28 f4  e7 8f 78 4b f5 2f 83 a3
 |Y.2M.`(...xK./..|
00000060  fa 9c fb d6 92 0f 72 28  24 db e4 03 45 34 d2 5b
 |......r($...E4.[|
00000070  85 07 24 6b 3b 95 7d ac  6e 1b ce 7a bd 9a fa 77
 |..$k;.}.n..z...w|
~
00000ec0  9c a5 44 e6 bb 78 0a 2c  78 90 1d 3f b3 37 38 76
 |..D..x.,x..?.78v|
00000ed0  85 11 a3 06 17 af a0 1d  38 62 65 34 64 66 36 31
 |........8be4df61|
00000ee0  2d 39 33 63 61 2d 31 31  64 32 2d 61 61 30 64 2d
 |-93ca-11d2-aa0d-|
00000ef0  30 30 65 30 39 38 30 33  32 62 38 63 2d 64 62 78
 |00e098032b8c-dbx|
00000f00  44 65 66 61 75 6c 74 0a  0a                       |Default..|
00000f09
root@bsd13:/bootkeys #

On Sat, Dec 28, 2019 at 11:46 PM Clay Daniels <clay.daniels.jr@gmail.com>
wrote:

> The efivar command will list efi variables using:
> # efivar -l
> ~
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-KEKDefault
> 8be4df61-93ca-11d2-aa0d-00e098032b8c-PKDefault
> ~
> (There are a lot more but these secure boot keys are the ones of interest
> to me)
>
> I can write them to a file with:
> # efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault > dbx
>
> I can sort of read it with hexdump:
> root@bsd13:/bootkeys # hexdump -C dbx
> 00000000  38 62 65 34 64 66 36 31  2d 39 33 63 61 2d 31 31
>  |8be4df61-93ca-11|
> 00000010  64 32 2d 61 61 30 64 2d  30 30 65 30 39 38 30 33
>  |d2-aa0d-00e09803|
> 00000020  32 62 38 63 2d 64 62 78  44 65 66 61 75 6c 74 0a
>  |2b8c-dbxDefault.|
> 00000030  30 30 30 30 3a 20 32 36  20 31 36 20 63 34 20 63  |0000: 26 16
> c4 c|
> 00000040  31 20 34 63 20 35 30 20  39 32 20 34 30 20 61 63  |1 4c 50 92 40
> ac|
> 00000050  20 61 39 20 34 31 20 66  39 20 33 36 20 39 33 20  | a9 41 f9 36
> 93 |
> 00000060  34 33 20 32 38 20 0a 30  30 31 30 3a 20 38 63 20  |43 28 .0010:
> 8c |
> 00000070  30 65 20 30 30 20 30 30  20 30 30 20 30 30 20 30  |0e 00 00 00
> 00 0|
> 00000080  30 20 30 30 20 33 30 20  30 30 20 30 30 20 30 30  |0 00 30 00 00
> 00|
> 00000090  20 62 64 20 39 61 20 66  61 20 37 37 20 0a 30 30  | bd 9a fa 77
> .00|
> 000000a0  32 30 3a 20 35 39 20 30  33 20 33 32 20 34 64 20  |20: 59 03 32
> 4d |
> 000000b0  62 64 20 36 30 20 32 38  20 66 34 20 65 37 20 38  |bd 60 28 f4
> e7 8|
> 000000c0  66 20 37 38 20 34 62 20  38 30 20 62 34 20 64 39  |f 78 4b 80 b4
> d9|
> 000000d0  20 36 39 20 0a 30 30 33  30 3a 20 33 31 20 62 66  | 69 .0030: 31
> bf|
> 000000e0  20 30 64 20 30 32 20 66  64 20 39 31 20 61 36 20  | 0d 02 fd 91
> a6 |
> 000000f0  31 65 20 31 39 20 64 31  20 34 66 20 31 64 20 61  |1e 19 d1 4f
> 1d a|
> 00000100  34 20 35 32 20 65 36 20  36 64 20 0a 30 30 34 30  |4 52 e6 6d
> .0040|
> 00000110  3a 20 62 32 20 34 30 20  38 63 20 61 38 20 36 30  |: b2 40 8c a8
> 60|
> 00000120  20 34 64 20 34 31 20 31  66 20 39 32 20 36 35 20  | 4d 41 1f 92
> 65 |
> 00000130  39 66 20 30 61 20 62 64  20 39 61 20 66 61 20 37  |9f 0a bd 9a
> fa 7|
> 00000140  37 20 0a 30 30 35 30 3a  20 35 39 20 30 33 20 33  |7 .0050: 59
> 03 3|
> 00000150  32 20 34 64 20 62 64 20  36 30 20 32 38 20 66 34  |2 4d bd 60 28
> f4|
> 00000160  20 65 37 20 38 66 20 37  38 20 34 62 20 66 35 20  | e7 8f 78 4b
> f5 |
> 00000170  32 66 20 38 33 20 61 33  20 0a 30 30 36 30 3a 20  |2f 83 a3
> .0060: |
> 00000180  66 61 20 39 63 20 66 62  20 64 36 20 39 32 20 30  |fa 9c fb d6
> 92 0|
> 00000190  66 20 37 32 20 32 38 20  32 34 20 64 62 20 65 34  |f 72 28 24 db
> e4|
> 000001a0  20 30 33 20 34 35 20 33  34 20 64 32 20 35 62 20  | 03 45 34 d2
> 5b |
> 000001b0  0a 30 30 37 30 3a 20 38  35 20 30 37 20 32 34 20  |.0070: 85 07
> 24 |
> 000001c0  36 62 20 33 62 20 39 35  20 37 64 20 61 63 20 36  |6b 3b 95 7d
> ac 6|
> 000001d0  65 20 31 62 20 63 65 20  37 61 20 62 64 20 39 61  |e 1b ce 7a bd
> 9a|
> 000001e0  20 66 61 20 37 37 20 0a  30 30 38 30 3a 20 35 39  | fa 77 .0080:
> 59|
> 000001f0  20 30 33 20 33 32 20 34  64 20 62 64 20 36 30 20  | 03 32 4d bd
> 60 |
> 00000200  32 38 20 66 34 20 65 37  20 38 66 20 37 38 20 34  |28 f4 e7 8f
> 78 4|
> ~
> 00003300  63 20 37 38 20 39 30 20  31 64 20 33 66 20 62 33  |c 78 90 1d 3f
> b3|
> 00003310  20 33 37 20 33 38 20 37  36 20 0a 30 65 64 30 3a  | 37 38 76
> .0ed0:|
> 00003320  20 38 35 20 31 31 20 61  33 20 30 36 20 31 37 20  | 85 11 a3 06
> 17 |
> 00003330  61 66 20 61 30 20 31 64  20 0a 0a                 |af a0 1d ..|
> 0000333b
> root@bsd13:/bootkeys #
>
> Does anyone have a way to get any more real information out of these files
> in more humanly readable form?
>
> Clay
>