efivar

List all UEFI variables

$ efivar [[-l|--list]]

$ efivar [[-n|--name]] [146b234d-4052-4e07-b326-11220f8e1fe8-lBoot0000] [[-p|--print]]

efivar [OPTION...] [NAME]

-l, --list
    List names of all accessible EFI variables.

-p, --print
    Print the value of a specific EFI variable.

-w, --write
    Write or update an EFI variable's value.

-W, --write-guid
    Write a GUID-specific EFI variable.

-d, --delete
    Delete the specified EFI variable.

-n, --name=<NAME>
    Specify the EFI variable name (hex or ASCII).

-v, --value=<VALUE>
    Set variable value as hex string.

-f, --file=<FILE>
    Read value from binary file.

-g, --guid=<GUID>
    Specify GUID (e.g., 8be4df61-93ca-11d2-aa0d-00e098032b8c).

--type=<TYPE>
    Set attributes (0x0=delete, 0x7=RT|BO|NV|Runtime).

--ascii
    Treat value as ASCII string.

--nobadalloc
    Ignore ENOSPC errors on write.

-N, --no-delete
    Append to variable instead of overwriting.

--verbose
    Increase output verbosity.

-V, --version
    Display version information.

-h, --help
    Show usage summary.

efivar is a command-line utility and supporting library for accessing and modifying EFI (Extensible Firmware Interface) variables from user space in Linux. UEFI variables provide persistent storage in firmware NVRAM, used for boot managers, secure boot keys, driver configurations, and runtime settings.

It enables listing, printing, writing, and deleting these variables, essential for tasks like customizing boot entries, managing Secure Boot databases, or debugging firmware issues. The tool interfaces with the kernel via the efivarfs filesystem (typically mounted at /sys/firmware/efi/efivars) or directly via ioctls, requiring elevated privileges (CAP_SYS_ADMIN).

Common use cases include querying Boot#### variables for boot order, enrolling keys into db/dbX, or setting vendor-specific runtime variables. While powerful, it demands caution as incorrect modifications can prevent booting or brick hardware. efivar supports various data types (UINT8 to UINTN arrays, strings) and GUID-specific namespaces.

Requires root or CAP_SYS_ADMIN. Can brick systems if misused (e.g., deleting BootOrder). Secure Boot restricts writes. efivarfs must be mounted read-write.

List variables: efivar -l
Print Boot0000: efivar -p -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0000
Delete variable: efivar -d -n MyVar-12345678-1234-1234-1234-123456789abc

Values as hex bytes (e.g., 010203). Strings null-terminated. Use xxd for file inputs.

Developed 2011-2012 by Peter Jones (Red Hat) and contributors as part of efivar library. Integrated into major distros ~2013 for UEFI support. Active maintenance via freedesktop.org.

efibootmgr(8), fwupdmgr(8)