On an EFI system that boots GRUB2, I want to create a read-only EFI variable. Is this possbile?
Thanks,
Mat
According to Uefi Specification 2.7 there is a straight forward way of creating a read-only UEFI variable post ExitBootServices() by not providing EFI_VARIABLE_NON_VOLATILE attribute.
See Chapter '8.2 Variable Services' SetVariable() description:
Once ExitBootServices() is performed, only variables that have
EFI_VARIABLE_RUNTIME_ACCESS and EFI_VARIABLE_NON_VOLATILE set can be
set with SetVariable(). Variables that have runtime access but that are not nonvolatile are read-only data variables once ExitBootServices() is performed.
See also Chapter '8.2 Variable Services' GetVariable() Related Definitions:
//*******************************************************
// Variable Attributes
//*******************************************************
#define EFI_VARIABLE_NON_VOLATILE 0x00000001
According to UEFI Specification 2.5 there is no straight forward way of creating read-only UEFI variable.
Expecting result can be achieved by using variables with Attributes: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS.
According to chapter 7.2 (SetVariable description part) of UEFI Spec 2.5:
(...)
An attempt to delete a variable created with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute for which the
prescribed AuthInfo validation fails or when called using DataSize of zero will fail with an
EFI_SECURITY_VIOLATION status.
According to chapter 7.2.1 (Using the EFI_VARIABLE_AUTHENTICATION_2 descriptor), after long procedure describing variable update process:
The driver shall update the value of the variable only if all of these checks pass. If any of the checks
fails, firmware must return EFI_SECURITY_VIOLATION.
Concluding, it is impossible to delete or modify variable, that was created using *_WRITE_ACCESS attributes, without authentication. GetVariable will return correct value indicating in attributes that returned variable requires authentication before update or delete. For more information please read UEFI Spec 2.5 chapter 7.2.1 and 7.2.2.
Related
I have been trying to create a DBC file in CANoe, but in the latest demo version 13.0 I am not getting any option for environment variables.
Can anyone please help me finding or guiding me to how to get the environment variables in the DBC file?
Many pages of the help are referring to env vars being usable only if they were added to the Database, but then again via the CANoe Ribbon there is no way of adding new Environment Variables, and this is were you are confused.
To set new Environment Variables, you'll need CANdb++. To see existing Environment Variables, go View > List > Environment Variables. From here, you can add new env vars to the database.
Env Vars are typically used as interface between network nodes and specifically in panels as handles.
Demo versions of CANoe might lack certain functionalities, but luckily the CANdb++ editor is a free tool you can download from vector
disclaimer: this answer is based on this question's answer.
I see that you are creating a new DBC probably for learning purpose. An important point to be noted here is CANoe will stop supporting Environment Variables in the future versions. The current comment from Vector (according to v13.0 help document) is this:
The creation of environment variables is no longer supported. Instead, use system variables directly in CANoe. Currently CANoe still supports the use of environment variables. This support will not be available in future versions.
So, it is preferred to use system variables rather than environment variables.
To view the above comment in the v13.0 help document, go to the index tab and type "Environment Variable".
The creation of environment variables is no longer supported. Instead, use system variables directly in CANoe. Currently CANoe still supports the use of environment variables. This support will not be available in future versions.
Reading a book on Yocto. Got to the following page, which says:
BitBake provides a very easy-to-use way to write conditional metadata.
It is done by a mechanism called overrides.
The OVERRIDES variable contains values separated by colons (:), and
each value is an item we want to satisfy conditions. So, if we have a
variable that is conditional on arm, and arm is in OVERRIDES, then the
version of the variable that is specific to arm is used rather than
the non-conditional version, as shown:
OVERRIDES = "architecture:os:machine"
TEST = "defaultvalue"
TEST_os = "osspecificvalue"
TEST_other = "othercondvalue"
In this example, TEST will be osspecificvalue due to the condition
of os being in OVERRIDES.
I'm unclear from this explanation how did TEST become equal to osspecificvalue. Would someone be able to explain it?
Bitbake implements it's own dictionary data structure based on Python's MutableMapping in lib/bb/data_smart.py. The goal is to create a dictionary with more flexibility in that each value in the "key,value" pair can be overridden based on specific identifiers.
If you look at how the variables in this dictionary are set, you will see that the datastore allows "overrides" of variables based on a list of override identifiers. These identifiers are expected to be appended with an underscore, like in your example of "TEST_os".
In the case you are referencing, "other" identifier is not in the list of OVERRIDES, so this "smart dictionary" does not override the value of TEST with "othercondvalue". However, because the "os" identifier is in the list of OVERRIDES, the value of TEST is indeed overridden with the value "osspecificvalue".
I would highly recommend reading through the DataSmart class as this is a very simplified explanation, but hopefully it helps.
Also, see the BitBake manual entry for OVERRIDES for more information.
I'm porting a large Simulink model from Simulink R2010a → R2017b.
The main model is basically a glue-layer for many interwoven reference models. My objective is to generate a standalone executable out of this main model using Coder.
Parameter tunability in this context is not done via the Signals and Parameters section on the Optimization tab in the Model Configuration Parameters dialog (as is the case in stand-alone models), but rather, via constructing Simulink.Parameter objects in the base workspace, and referencing those in the respective referenced models, or in their respective model workspaces.
Now, AFAIK, in R2010a it was enough to set
new_parameter.RTWInfo.StorageClass = 'Auto';
new_parameter.RTWInfo.CustomStorageClass = 'Define';
to make the parameter non-tunable and convert it into a #define in the generated code. In R2017b, this is no longer allowed; the StorageClass must be 'Custom' if you set a non-empty CustomStorageClass:
new_parameter.CoderInfo.StorageClass = 'Custom'; % <- can't be 'Auto'
new_parameter.CoderInfo.CustomStorageClass = 'Define';
But apparently, this does not make the parameter non-tunable:
Warning: Parameter 'OutPortSampleTime' of '[...]/Rate Transition1' is non-tunable but refers to tunable variables (Simulation_compiletimeConstant (base workspace))
I can't find anything in the R2017b documentation on making parameters non-tunable, programatically; I can only find how to do it in stand-alone models via the dialog, but that's not what I want here.
Can anyone point me in the right direction?
NOTE: Back in the day, Simulink Coder was called Real-Time Workshop (well, Real-time Workshop split into Coder and several other things), hence the difference RTWInfo vs. CoderInfo. Note that RTWInfo still works in R2017b, but issues a warning and gets converted into Coderinfo automatically.
In generated code it should appear as #define, the way you specified it.
https://www.mathworks.com/help/rtw/ug/choose-a-built-in-storage-class-for-controlling-data-representation-in-the-generated-code.html
Btw, yes, it's a bit confusing, because in m-file you specify CustomStorageClass = 'Define';, in GUI you specify Storage class as Define (custom), but in documentation they say Storage Class as Defined.
I am not sure why warning about tunability shows up.
What does DPB mean in Firebird, and how to use isc_dpb_trusted_auth parameter?
What does DPB mean in Firebird
Most probably it is "Database Parameter Buffer", and there is TPB for "Transaction...." and SPB for "Service ..." (used in Services API).
And Firebird 2.1.7 bugslist has the following quote:
The engine was incorrectly populating integer containers in the blob parameter buffer (BPB)
I think those abbreviations were conceived more than 30 years ago, when the database today known as Firebird was being developed as proposed new component of VAX VMS operating system.
You may go Firebird-developers maillist and ask how current developers guess what DPB stand for. Or you may try to find mr. Starkey and mrs. Harrison and ask if they still remember what they meant more than 30 years ago.
how to use isc_dpb_trusted_auth parameter
This is described in two sources that I can see. And both use the same words.
https://firebirdsql.org/rlsnotesh/rnfb210-wintrusted.html
c:\Program Files\Firebird\Firebird_2_1\doc\README.trusted_authentication.txt
To keep legacy behavior when ISC_USER/ISC_PASSWORD variables are set
in environment, they are picked and used instead of trusted
authentication. In case when trusted authentication is needed and
ISC_USER/ISC_PASSWORD are set, add new DPB parameter
isc_dpb_trusted_auth to DPB.
It seems it does not matter which value the parameter has, it only sometime matters whether it is present or not.
To connect the database you call Firebird function isc_attach_database. This function takes 6 parameters. #5 is the length of DPB binary block and #6 is the pointer to DPB binary block.
Example of building of binary DPB block you can find in the sources of your library of choice that you use to connect to firebird server.
For example with Unified Interbase library you can start exploring examples\UIB\API\ projects. They all use calls like
UL.AttachDatabase(new_dbname, newdb, 'user_name = SYSDBA; password = masterkey');
The last string being the parameter list. For trusted aithenticaton to work, according to the documentation quoted above, you have to remove user_name and password parameters and optionally you may add trusted_auth parameter with any value. Then you can trace it down to the function CreateDBParams, which creates the DPB binary representation out of your text key-value list string.
PS. would you try to compile those examples - do not forget to configure UIB library to use Firebird 2.1 or higher API by enabling FB21 option in uib.inc file.
How can I create a transient domain using libvirt? (Using QEMU/KVM as back-end)
The documentation discusses the difference between transient and persistent domains at this link: http://wiki.libvirt.org/page/VM_lifecycle#Transient_guest_domains_vs_Persistent_guest_domains
Still, I haven't found any concrete example on how to create one.
The only pointer I found is in this email: https://www.redhat.com/archives/libvirt-users/2011-August/msg00057.html, where the maintainer suggests to add the <transient/> tag in the <disk> field of the XML's description.
When I tried, I got this disappointing answer: "libvirtError: unsupported configuration: transient disks not supported yet".
Is this feature really "not supported yet", or am I missing something? The documentation makes me think that this should be supported.
Any answer related to the C or Python binding, virsh, or virt-manager will be highly appreciated!
Using virsh
If you are using virsh, than there are commands:
define -- This command takes an XML file as it's parameter and makes the domain known to libvirt (you can reference that domain by using its name or UUID).
start -- This command takes the domain name or UUID as its parameter and starts (boots) the domain.
create -- This command takes an XML file as it's parameter and creates (starts) the domain with settings described in that file. Depending on whether the domain is known to libvirt (previously defined with that UUID) it may result in two things:
if it is already defined, the known domain is marked as started, it is persistent domain, but it is started with the settings supplied and not those it was defined with).
in case it is not defined, the domain started is now a transient domain (it disappears when it is destroyed, shuts down, etc.).
undefine -- This command takes a domain name or UUID (or ID if it's started) and makes it unknown to libvirt, but if that domain is running it doesn't destroy it, just marks it transient.
C functions
In C, the APIs that virsh is using for these commands are:
define -- virDomainDefineXML
start -- virDomainCreate
create -- virDomainCreateXML
undefine -- virDomainUndefine
Notes:
The names may be a little bit confusing, but due to backward compatibility it is kept from Xen times.
Most of those mention commands have parameters which may alter the behavior, these may cause using different C functions for the purpose.