analyze: add verb for dumping SMBIOS Type #11 data

I find myself wanting to check this data with a quick command, and
browsing through /sys/ manually getting binary data sucks. Hence let's
do add a nice little analysis tool.

man/systemd-analyze.xml

@@ -186,6 +186,11 @@
       <arg choice="plain">architectures</arg>
       <arg choice="opt" rep="repeat"><replaceable>NAME</replaceable></arg>
     </cmdsynopsis>
+    <cmdsynopsis>
+      <command>systemd-analyze</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
+      <arg choice="plain">smbios11</arg>
+    </cmdsynopsis>
   </refsynopsisdiv>
 
   <refsect1>
@@ -979,6 +984,26 @@ x86-64      native</programlisting>
       </example>
     </refsect2>
 
+    <refsect2>
+      <title><command>systemd-analyze smbios11</command></title>
+
+      <para>Shows a list of SMBIOS Type #11 strings passed to the system. Also see
+      <citerefentry><refentrytitle>smbios-type-11</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
+
+      <example>
+        <title>Example output</title>
+        <programlisting>$ systemd-analyze smbios11
+io.systemd.stub.kernel-cmdline-extra=console=ttyS0
+io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURGd20xbFp4WlRGclJteG9ZQlozOTYzcE1uYlJCaDMwM1MxVXhLSUM2NmYgbGVubmFydEB6ZXRhCg==
+io.systemd.credential:vmm.notify_socket=vsock-stream:2:254570042
+
+3 SMBIOS Type #11 strings passed.
+</programlisting>
+      </example>
+
+      <xi:include href="version-info.xml" xpointer="v257"/>
+    </refsect2>
+
   </refsect1>
 
   <refsect1>

src/analyze/analyze-smbios11.c

@@ -0,0 +1,73 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "analyze.h"
+#include "analyze-smbios11.h"
+#include "escape.h"
+#include "smbios11.h"
+#include "virt.h"
+
+int verb_smbios11(int argc, char *argv[], void *userdata) {
+        unsigned n = 0;
+        int r;
+
+        for (unsigned i = 0;; i++) {
+                _cleanup_free_ char *data = NULL;
+                bool written = false;
+                size_t size;
+
+                r = read_smbios11_field(i, SIZE_MAX, &data, &size);
+                if (r == -ENOENT) /* Reached the end */
+                        break;
+                if (r < 0)
+                        return log_error_errno(r, "Failed to read SMBIOS Type #11 string %u: %m", i);
+                bool incomplete = r == 0;
+
+                size_t left, skip;
+                const char *p;
+                for (p = data, left = size; left > 0; p += skip, left -= skip) {
+                        const char *nul;
+
+                        nul = memchr(p, 0, left);
+                        if (nul)
+                                skip = (nul - p) + 1;
+                        else {
+                                nul = p + left;
+                                skip = left;
+                        }
+
+                        if (nul - p == 0) /* Skip empty strings */
+                                continue;
+
+                        _cleanup_free_ char *escaped = NULL;
+                        escaped = cescape_length(p, nul - p);
+                        if (!escaped)
+                                return log_oom();
+
+                        if (written)
+                                fputc('\n', stdout);
+
+                        fputs(escaped, stdout);
+                        written = true;
+                        n++;
+                }
+
+                if (written) {
+                        if (incomplete)
+                                fputs(special_glyph(SPECIAL_GLYPH_ELLIPSIS), stdout);
+
+                        fputc('\n', stdout);
+                }
+
+                if (i == UINT_MAX) /* Prevent overflow */
+                        break;
+        }
+
+        if (!arg_quiet) {
+                if (n == 0)
+                        log_info("No SMBIOS Type #11 strings passed.");
+                else
+                        log_info("\n%u SMBIOS Type #11 strings passed.", n);
+        }
+
+        return EXIT_SUCCESS;
+}

src/analyze/analyze-smbios11.h

@@ -0,0 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+int verb_smbios11(int argc, char *argv[], void *userdata);

src/analyze/analyze.c

@@ -34,6 +34,7 @@
 #include "analyze-plot.h"
 #include "analyze-security.h"
 #include "analyze-service-watchdogs.h"
+#include "analyze-smbios11.h"
 #include "analyze-srk.h"
 #include "analyze-syscall-filter.h"
 #include "analyze-time.h"
@@ -241,6 +242,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "  image-policy POLICY...     Analyze image policy string\n"
                "  pcrs [PCR...]              Show TPM2 PCRs and their names\n"
                "  srk [>FILE]                Write TPM2 SRK (to FILE)\n"
+               "  smbios11                   List strings passed via SMBIOS Type #11\n"
                "\nOptions:\n"
                "     --recursive-errors=MODE Control which units are verified\n"
                "     --offline=BOOL          Perform a security review on unit file(s)\n"
@@ -657,6 +659,7 @@ static int run(int argc, char *argv[]) {
                 { "pcrs",              VERB_ANY, VERB_ANY, 0,            verb_pcrs              },
                 { "srk",               VERB_ANY, 1,        0,            verb_srk               },
                 { "architectures",     VERB_ANY, VERB_ANY, 0,            verb_architectures     },
+                { "smbios11",          VERB_ANY, 1,        0,            verb_smbios11          },
                 {}
         };
 

src/analyze/meson.build

@@ -22,6 +22,7 @@ systemd_analyze_sources = files(
         'analyze-plot.c',
         'analyze-security.c',
         'analyze-service-watchdogs.c',
+        'analyze-smbios11.c',
         'analyze-srk.c',
         'analyze-syscall-filter.c',
         'analyze-time.c',

test/units/TEST-65-ANALYZE.sh

@@ -947,6 +947,9 @@ systemd-analyze architectures x86-64
 systemd-analyze architectures native
 systemd-analyze architectures uname
 
+systemd-analyze smbios11
+systemd-analyze smbios11 -q
+
 systemd-analyze log-level info
 
 touch /testok