src/pkg/cosboot/efi.go - cos/tools.git - Git at Google

 // Copyright 2026 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package cosboot

 import (
 	"bytes"
 	"debug/pe"
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"path/filepath"

 	"cos.googlesource.com/cos/tools.git/src/pkg/tools/partutil"
 )

 func readEFIFileOnCOS(path string) ([]byte, error) {
 	efiPath, err := partutil.MountEFIPartition()
 	if err != nil {
 		return nil, err
 	}
 	data, err := os.ReadFile(filepath.Join(efiPath, path))
 	if err != nil {
 		unmountErr := partutil.UnmountEFIPartition()
 		if unmountErr != nil {
 			log.Printf("ERROR: failed to unmount EFI partition: %v", unmountErr)
 		}
 		return nil, fmt.Errorf("failed to read EFI file %q: %v", path, err)
 	}
 	if err := partutil.UnmountEFIPartition(); err != nil {
 		return nil, fmt.Errorf("failed to unmount EFI partition: %v", err)
 	}
 	return data, nil
 }

 func writeEFIFileOnCOS(path string, data []byte, perm os.FileMode) error {
 	efiPath, err := partutil.MountEFIPartition()
 	if err != nil {
 		return err
 	}
 	if err := os.WriteFile(filepath.Join(efiPath, path), data, perm); err != nil {
 		unmountErr := partutil.UnmountEFIPartition()
 		if unmountErr != nil {
 			log.Printf("ERROR: failed to unmount EFI partition: %v", unmountErr)
 		}
 		return fmt.Errorf("failed to write EFI file %q: %v", path, err)
 	}
 	if err := partutil.UnmountEFIPartition(); err != nil {
 		return fmt.Errorf("failed to unmount EFI partition: %v", err)
 	}
 	return nil
 }

 func readEFIFileOffline(disk, path string) ([]byte, error) {
 	sfdiskTable, err := partutil.ReadPartitionTableJSON(disk)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get GPT from %q: %v", disk, err)
 	}
 	partTable := sfdiskTable.PartitionTable
 	var partIndex int
 	var found bool
 	for i := range partTable.Partitions {
 		if partTable.Partitions[i].Name == "EFI-SYSTEM" {
 			partIndex = i
 			found = true
 			break
 		}
 	}
 	if !found {
 		return nil, fmt.Errorf("failed to find EFI partition on %q", disk)
 	}
 	efiData, err := partutil.ReadPartitionData(disk, partIndex+1)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read EFI partition from disk %q: %v", disk, err)
 	}
 	tmpDir, err := os.MkdirTemp("", "cos-efi")
 	if err != nil {
 		return nil, err
 	}
 	defer os.RemoveAll(tmpDir)
 	efiImage := filepath.Join(tmpDir, "efi.bin")
 	if err := os.WriteFile(efiImage, efiData, 0644); err != nil {
 		return nil, err
 	}
 	var stdout bytes.Buffer
 	var stderr bytes.Buffer
 	cmd := exec.Command("mcopy", "-i", efiImage, "::"+path, "-")
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
 	if err := cmd.Run(); err != nil {
 		log.Printf("Command %q failed with stderr: %v", cmd.String(), string(stderr.Bytes()))
 		return nil, fmt.Errorf("cannot mcopy from EFI image sourced from %q: %v", disk, err)
 	}
 	return stdout.Bytes(), nil
 }

 func writeEFIFileOffline(disk, path string, data []byte) error {
 	sfdiskTable, err := partutil.ReadPartitionTableJSON(disk)
 	if err != nil {
 		return fmt.Errorf("failed to get GPT from %q: %v", disk, err)
 	}
 	partTable := sfdiskTable.PartitionTable
 	var partIndex int
 	var found bool
 	for i := range partTable.Partitions {
 		if partTable.Partitions[i].Name == "EFI-SYSTEM" {
 			partIndex = i
 			found = true
 			break
 		}
 	}
 	if !found {
 		return fmt.Errorf("failed to find EFI partition on %q", disk)
 	}
 	efiData, err := partutil.ReadPartitionData(disk, partIndex+1)
 	if err != nil {
 		return fmt.Errorf("failed to read EFI partition from disk %q: %v", disk, err)
 	}
 	tmpDir, err := os.MkdirTemp("", "cos-efi")
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(tmpDir)
 	efiImage := filepath.Join(tmpDir, "efi.bin")
 	if err := os.WriteFile(efiImage, efiData, 0644); err != nil {
 		return err
 	}
 	var stdout bytes.Buffer
 	var stderr bytes.Buffer
 	cmd := exec.Command("mcopy", "-o", "-i", efiImage, "-", "::"+path)
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
 	cmd.Stdin = bytes.NewBuffer(data)
 	if err := cmd.Run(); err != nil {
 		log.Printf("Command %q failed with stderr: %v", cmd.String(), string(stderr.Bytes()))
 		return fmt.Errorf("cannot mcopy to EFI image sourced from %q: %v", disk, err)
 	}
 	updatedEFIData, err := os.ReadFile(efiImage)
 	if err != nil {
 		return err
 	}
 	return partutil.WritePartitionData(disk, partIndex+1, updatedEFIData)
 }

 func ReadEFIFile(disk, path string) ([]byte, error) {
 	if disk == "" {
 		return readEFIFileOnCOS(path)
 	} else {
 		return readEFIFileOffline(disk, path)
 	}
 }

 func WriteEFIFile(disk, path string, data []byte, perm os.FileMode) error {
 	if disk == "" {
 		return writeEFIFileOnCOS(path, data, perm)
 	} else {
 		return writeEFIFileOffline(disk, path, data)
 	}
 }

 func EFIArch(img []byte) (string, error) {
 	f, err := pe.NewFile(bytes.NewReader(img))
 	if err != nil {
 		return "", fmt.Errorf("failed to parse PE file: %v", err)
 	}
 	defer f.Close()

 	switch f.Machine {
 	case pe.IMAGE_FILE_MACHINE_AMD64:
 		return "x86_64", nil
 	case pe.IMAGE_FILE_MACHINE_ARM64:
 		return "arm64", nil
 	default:
 		return "", fmt.Errorf("unknown architecture: 0x%x", f.Machine)
 	}
 }
	// Copyright 2026 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package cosboot

	import (
	"bytes"
	"debug/pe"
	"fmt"
	"log"
	"os"
	"os/exec"
	"path/filepath"

	"cos.googlesource.com/cos/tools.git/src/pkg/tools/partutil"
	)

	func readEFIFileOnCOS(path string) ([]byte, error) {
	efiPath, err := partutil.MountEFIPartition()
	if err != nil {
	return nil, err
	}
	data, err := os.ReadFile(filepath.Join(efiPath, path))
	if err != nil {
	unmountErr := partutil.UnmountEFIPartition()
	if unmountErr != nil {
	log.Printf("ERROR: failed to unmount EFI partition: %v", unmountErr)
	}
	return nil, fmt.Errorf("failed to read EFI file %q: %v", path, err)
	}
	if err := partutil.UnmountEFIPartition(); err != nil {
	return nil, fmt.Errorf("failed to unmount EFI partition: %v", err)
	}
	return data, nil
	}

	func writeEFIFileOnCOS(path string, data []byte, perm os.FileMode) error {
	efiPath, err := partutil.MountEFIPartition()
	if err != nil {
	return err
	}
	if err := os.WriteFile(filepath.Join(efiPath, path), data, perm); err != nil {
	unmountErr := partutil.UnmountEFIPartition()
	if unmountErr != nil {
	log.Printf("ERROR: failed to unmount EFI partition: %v", unmountErr)
	}
	return fmt.Errorf("failed to write EFI file %q: %v", path, err)
	}
	if err := partutil.UnmountEFIPartition(); err != nil {
	return fmt.Errorf("failed to unmount EFI partition: %v", err)
	}
	return nil
	}

	func readEFIFileOffline(disk, path string) ([]byte, error) {
	sfdiskTable, err := partutil.ReadPartitionTableJSON(disk)
	if err != nil {
	return nil, fmt.Errorf("failed to get GPT from %q: %v", disk, err)
	}
	partTable := sfdiskTable.PartitionTable
	var partIndex int
	var found bool
	for i := range partTable.Partitions {
	if partTable.Partitions[i].Name == "EFI-SYSTEM" {
	partIndex = i
	found = true
	break
	}
	}
	if !found {
	return nil, fmt.Errorf("failed to find EFI partition on %q", disk)
	}
	efiData, err := partutil.ReadPartitionData(disk, partIndex+1)
	if err != nil {
	return nil, fmt.Errorf("failed to read EFI partition from disk %q: %v", disk, err)
	}
	tmpDir, err := os.MkdirTemp("", "cos-efi")
	if err != nil {
	return nil, err
	}
	defer os.RemoveAll(tmpDir)
	efiImage := filepath.Join(tmpDir, "efi.bin")
	if err := os.WriteFile(efiImage, efiData, 0644); err != nil {
	return nil, err
	}
	var stdout bytes.Buffer
	var stderr bytes.Buffer
	cmd := exec.Command("mcopy", "-i", efiImage, "::"+path, "-")
	cmd.Stdout = &stdout
	cmd.Stderr = &stderr
	if err := cmd.Run(); err != nil {
	log.Printf("Command %q failed with stderr: %v", cmd.String(), string(stderr.Bytes()))
	return nil, fmt.Errorf("cannot mcopy from EFI image sourced from %q: %v", disk, err)
	}
	return stdout.Bytes(), nil
	}

	func writeEFIFileOffline(disk, path string, data []byte) error {
	sfdiskTable, err := partutil.ReadPartitionTableJSON(disk)
	if err != nil {
	return fmt.Errorf("failed to get GPT from %q: %v", disk, err)
	}
	partTable := sfdiskTable.PartitionTable
	var partIndex int
	var found bool
	for i := range partTable.Partitions {
	if partTable.Partitions[i].Name == "EFI-SYSTEM" {
	partIndex = i
	found = true
	break
	}
	}
	if !found {
	return fmt.Errorf("failed to find EFI partition on %q", disk)
	}
	efiData, err := partutil.ReadPartitionData(disk, partIndex+1)
	if err != nil {
	return fmt.Errorf("failed to read EFI partition from disk %q: %v", disk, err)
	}
	tmpDir, err := os.MkdirTemp("", "cos-efi")
	if err != nil {
	return err
	}
	defer os.RemoveAll(tmpDir)
	efiImage := filepath.Join(tmpDir, "efi.bin")
	if err := os.WriteFile(efiImage, efiData, 0644); err != nil {
	return err
	}
	var stdout bytes.Buffer
	var stderr bytes.Buffer
	cmd := exec.Command("mcopy", "-o", "-i", efiImage, "-", "::"+path)
	cmd.Stdout = &stdout
	cmd.Stderr = &stderr
	cmd.Stdin = bytes.NewBuffer(data)
	if err := cmd.Run(); err != nil {
	log.Printf("Command %q failed with stderr: %v", cmd.String(), string(stderr.Bytes()))
	return fmt.Errorf("cannot mcopy to EFI image sourced from %q: %v", disk, err)
	}
	updatedEFIData, err := os.ReadFile(efiImage)
	if err != nil {
	return err
	}
	return partutil.WritePartitionData(disk, partIndex+1, updatedEFIData)
	}

	func ReadEFIFile(disk, path string) ([]byte, error) {
	if disk == "" {
	return readEFIFileOnCOS(path)
	} else {
	return readEFIFileOffline(disk, path)
	}
	}

	func WriteEFIFile(disk, path string, data []byte, perm os.FileMode) error {
	if disk == "" {
	return writeEFIFileOnCOS(path, data, perm)
	} else {
	return writeEFIFileOffline(disk, path, data)
	}
	}

	func EFIArch(img []byte) (string, error) {
	f, err := pe.NewFile(bytes.NewReader(img))
	if err != nil {
	return "", fmt.Errorf("failed to parse PE file: %v", err)
	}
	defer f.Close()

	switch f.Machine {
	case pe.IMAGE_FILE_MACHINE_AMD64:
	return "x86_64", nil
	case pe.IMAGE_FILE_MACHINE_ARM64:
	return "arm64", nil
	default:
	return "", fmt.Errorf("unknown architecture: 0x%x", f.Machine)
	}
	}