shim: Add a flag to make the setting persistent

Provide a -n flag to 'shim debug' so that the setting persists across reboots. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <sjg@chromium.org>
2025-08-29 07:28:42 -06:00
parent b304fb16d7
commit a5f843f0f2
2 changed files with 27 additions and 10 deletions
--- a/cmd/shim.c
+++ b/cmd/shim.c
@@ -22,11 +22,12 @@ static int do_shim_debug(struct cmd_tbl *cmdtp, int flag, int argc,
 	struct abuf buf;
 	const char *sub;
 	u32 value;
 	u32 attr;
 	int ret;
 	sub = cmd_arg1(argc, argv);
-	if (!sub) {
+	if (argc == 1) {
-		ret = efi_read_var(SHIM_VERBOSE_VAR_NAME, &efi_shim_lock, NULL,
+		ret = efi_read_var(SHIM_VERBOSE_VAR_NAME, &efi_shim_lock, &attr,
 				   &buf, NULL);
 		if (ret == -ENOENT) {
 			value = 0;
@@ -41,10 +42,18 @@ static int do_shim_debug(struct cmd_tbl *cmdtp, int flag, int argc,
 		}
 		printf("%d\n", value);
 	} else {
-		value = hextoul(sub, NULL) ? 1 : 0;
+		int arg = 1;
 		attr = EFI_VARIABLE_BOOTSERVICE_ACCESS;
 		if (!strcmp("-n", argv[arg])) {
 			attr |= EFI_VARIABLE_NON_VOLATILE;
 			arg++;
 		}
 		if (arg == argc)
 			return CMD_RET_USAGE;
 		value = hextoul(argv[arg], NULL) ? 1 : 0;
 		eret = efi_set_variable_int(SHIM_VERBOSE_VAR_NAME,
-					    &efi_shim_lock,
+					    &efi_shim_lock, attr,
 					    EFI_VARIABLE_BOOTSERVICE_ACCESS,
 					    sizeof(value), &value, false);
 		if (eret) {
 			printf("Failed to write variable (err=%lx)\n", eret);
@@ -59,7 +68,7 @@ fail:
 }
 U_BOOT_LONGHELP(shim,
-	"debug [<0/1>]  - Enable / disable debug verbose mode");
+	"debug [[-n] <0/1>]  - Enable / disable debug verbose mode");
 U_BOOT_CMD_WITH_SUBCMDS(shim, "Shim utilities", shim_help_text,
 	U_BOOT_SUBCMD_MKENT(debug, 3, 1, do_shim_debug));
--- a/doc/usage/cmd/shim.rst
+++ b/doc/usage/cmd/shim.rst
@@ -8,7 +8,7 @@ Synopsis
 ::
-    shim debug [<0/1>]
+    shim debug [[-n] <0/1>]
 Description
 -----------
@@ -36,6 +36,7 @@ Controls the Shim verbose debugging mode.
    shim debug          # Display current debug state (0 or 1)
    shim debug 0        # Disable verbose debugging
    shim debug 1        # Enable verbose debugging
    shim debug -n 1     # Enable verbose debugging (non-volatile)
 The command reads from or writes to the ``SHIM_VERBOSE`` EFI variable in the
 Shim Lock GUID namespace. When verbose mode is enabled (value = 1), Shim will
@@ -44,6 +45,7 @@ output additional debugging information during the boot process. When disabled
 **Parameters:**
 * ``-n`` - Makes the variable non-volatile (persistent across reboots)
 * ``<0/1>`` - Optional parameter to set debug mode:
  * ``0`` - Disable verbose debugging
@@ -69,6 +71,10 @@ Disable verbose debugging::
    => shim debug 0
 Enable verbose debugging with persistence across reboots::
    => shim debug -n 1
 Configuration
 ~~~~~~~~~~~~~
@@ -86,12 +92,14 @@ The command uses the EFI variable services to read and write the
 * **Variable Name:** ``SHIM_VERBOSE`` (Unicode string)
 * **GUID:** EFI Shim Lock GUID (``605dab50-e046-4300-abb6-3dd810dd8b23``)
-* **Attributes:** ``EFI_VARIABLE_BOOTSERVICE_ACCESS``
+* **Attributes:** ``EFI_VARIABLE_BOOTSERVICE_ACCESS`` (default) or
  ``EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE`` (with ``-n`` flag)
 * **Data Type:** 32-bit unsigned integer (4 bytes)
 * **Values:** 0 (disabled) or 1 (enabled)
-The variable is stored in the EFI variable store and persists across reboots
+By default, the variable is volatile and will be reset on reboot. When the
-until explicitly changed or the variable store is cleared.
+``-n`` flag is used, the variable becomes non-volatile and persists across
 reboots until explicitly changed or the variable store is cleared.
 See Also
 ~~~~~~~~