This function can be used to transfer EFI status code to string
for printing out debug message. Using this function can improve
the readability of log.
Cc: Ard Biesheuvel <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Anton Vorontsov <[email protected]>
Cc: Colin Cross <[email protected]>
Cc: Tony Luck <[email protected]>
Signed-off-by: "Lee, Chun-Yi" <[email protected]>
---
include/linux/efi.h | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 54357a258b35..a43cb0dc37af 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1768,4 +1768,32 @@ struct linux_efi_memreserve {
#define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \
/ sizeof(((struct linux_efi_memreserve *)0)->entry[0]))
+#define EFI_STATUS_STR(_status) \
+case EFI_##_status: \
+ return "EFI_" __stringify(_status);
+
+static inline char *
+efi_status_to_str(efi_status_t status)
+{
+ switch (status) {
+ EFI_STATUS_STR(SUCCESS)
+ EFI_STATUS_STR(LOAD_ERROR)
+ EFI_STATUS_STR(INVALID_PARAMETER)
+ EFI_STATUS_STR(UNSUPPORTED)
+ EFI_STATUS_STR(BAD_BUFFER_SIZE)
+ EFI_STATUS_STR(BUFFER_TOO_SMALL)
+ EFI_STATUS_STR(NOT_READY)
+ EFI_STATUS_STR(DEVICE_ERROR)
+ EFI_STATUS_STR(WRITE_PROTECTED)
+ EFI_STATUS_STR(OUT_OF_RESOURCES)
+ EFI_STATUS_STR(NOT_FOUND)
+ EFI_STATUS_STR(ABORTED)
+ EFI_STATUS_STR(SECURITY_VIOLATION)
+ default:
+ pr_warn("Unknown efi status: 0x%lx", status);
+ }
+
+ return "Unknown efi status";
+}
+
#endif /* _LINUX_EFI_H */
--
2.16.4
When loading certificates list from UEFI variable, the original error
message direct shows the efi status code from UEFI firmware. It looks
ugly:
[ 2.335031] Couldn't get size: 0x800000000000000e
[ 2.335032] Couldn't get UEFI MokListRT
[ 2.339985] Couldn't get size: 0x800000000000000e
[ 2.339987] Couldn't get UEFI dbx list
So, this patch shows the status string instead of status code.
On the other hand, the "Couldn't get UEFI" message doesn't need
to be exposed when db/dbx/mok variable do not exist. So, this
patch set the message level to debug.
v2.
Setting the MODSIGN messagse level to debug.
Link: https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516
Cc: James Morris <[email protected]>
Cc: Serge E. Hallyn" <[email protected]>
Cc: David Howells <[email protected]>
Cc: Nayna Jain <[email protected]>
Cc: Josh Boyer <[email protected]>
Cc: Mimi Zohar <[email protected]>
Signed-off-by: "Lee, Chun-Yi" <[email protected]>
---
security/integrity/platform_certs/load_uefi.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 81b19c52832b..e65244b31f04 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -48,7 +48,9 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
if (status != EFI_BUFFER_TOO_SMALL) {
- pr_err("Couldn't get size: 0x%lx\n", status);
+ if (status != EFI_NOT_FOUND)
+ pr_err("Couldn't get size: %s\n",
+ efi_status_to_str(status));
return NULL;
}
@@ -59,7 +61,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
status = efi.get_variable(name, guid, NULL, &lsize, db);
if (status != EFI_SUCCESS) {
kfree(db);
- pr_err("Error reading db var: 0x%lx\n", status);
+ pr_err("Error reading db var: %s\n",
+ efi_status_to_str(status));
return NULL;
}
@@ -155,7 +158,7 @@ static int __init load_uefi_certs(void)
if (!uefi_check_ignore_db()) {
db = get_cert_list(L"db", &secure_var, &dbsize);
if (!db) {
- pr_err("MODSIGN: Couldn't get UEFI db list\n");
+ pr_debug("MODSIGN: Couldn't get UEFI db list\n");
} else {
rc = parse_efi_signature_list("UEFI:db",
db, dbsize, get_handler_for_db);
@@ -168,7 +171,7 @@ static int __init load_uefi_certs(void)
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
if (!mok) {
- pr_info("Couldn't get UEFI MokListRT\n");
+ pr_debug("Couldn't get UEFI MokListRT\n");
} else {
rc = parse_efi_signature_list("UEFI:MokListRT",
mok, moksize, get_handler_for_db);
@@ -179,7 +182,7 @@ static int __init load_uefi_certs(void)
dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
if (!dbx) {
- pr_info("Couldn't get UEFI dbx list\n");
+ pr_debug("Couldn't get UEFI dbx list\n");
} else {
rc = parse_efi_signature_list("UEFI:dbx",
dbx, dbxsize,
--
2.16.4
On Sun, 24 Mar 2019 at 01:26, Lee, Chun-Yi <[email protected]> wrote:
>
> This function can be used to transfer EFI status code to string
> for printing out debug message. Using this function can improve
> the readability of log.
>
> Cc: Ard Biesheuvel <[email protected]>
> Cc: Kees Cook <[email protected]>
> Cc: Anton Vorontsov <[email protected]>
> Cc: Colin Cross <[email protected]>
> Cc: Tony Luck <[email protected]>
> Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> ---
> include/linux/efi.h | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/include/linux/efi.h b/include/linux/efi.h
> index 54357a258b35..a43cb0dc37af 100644
> --- a/include/linux/efi.h
> +++ b/include/linux/efi.h
> @@ -1768,4 +1768,32 @@ struct linux_efi_memreserve {
> #define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \
> / sizeof(((struct linux_efi_memreserve *)0)->entry[0]))
>
> +#define EFI_STATUS_STR(_status) \
> +case EFI_##_status: \
> + return "EFI_" __stringify(_status);
> +
> +static inline char *
> +efi_status_to_str(efi_status_t status)
> +{
> + switch (status) {
> + EFI_STATUS_STR(SUCCESS)
> + EFI_STATUS_STR(LOAD_ERROR)
> + EFI_STATUS_STR(INVALID_PARAMETER)
> + EFI_STATUS_STR(UNSUPPORTED)
> + EFI_STATUS_STR(BAD_BUFFER_SIZE)
> + EFI_STATUS_STR(BUFFER_TOO_SMALL)
> + EFI_STATUS_STR(NOT_READY)
> + EFI_STATUS_STR(DEVICE_ERROR)
> + EFI_STATUS_STR(WRITE_PROTECTED)
> + EFI_STATUS_STR(OUT_OF_RESOURCES)
> + EFI_STATUS_STR(NOT_FOUND)
> + EFI_STATUS_STR(ABORTED)
> + EFI_STATUS_STR(SECURITY_VIOLATION)
> + default:
> + pr_warn("Unknown efi status: 0x%lx", status);
> + }
> +
> + return "Unknown efi status";
> +}
> +
> #endif /* _LINUX_EFI_H */
> --
> 2.16.4
>
Please turn this into a proper function so that not every calling
object has to duplicate all these strings.
On Wed, 2019-03-27 at 19:58 +0100, Ard Biesheuvel wrote:
> On Sun, 24 Mar 2019 at 01:26, Lee, Chun-Yi <[email protected]> wrote:
> >
> > This function can be used to transfer EFI status code to string
> > for printing out debug message. Using this function can improve
> > the readability of log.
Maybe instead of "for transferring status" use "to convert the status
value to a" in the Subject line and here in the patch description.
> >
> > Cc: Ard Biesheuvel <[email protected]>
> > Cc: Kees Cook <[email protected]>
> > Cc: Anton Vorontsov <[email protected]>
> > Cc: Colin Cross <[email protected]>
> > Cc: Tony Luck <[email protected]>
> > Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> > ---
> > include/linux/efi.h | 28 ++++++++++++++++++++++++++++
> > 1 file changed, 28 insertions(+)
> >
> > diff --git a/include/linux/efi.h b/include/linux/efi.h
> > index 54357a258b35..a43cb0dc37af 100644
> > --- a/include/linux/efi.h
> > +++ b/include/linux/efi.h
> > @@ -1768,4 +1768,32 @@ struct linux_efi_memreserve {
> > #define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \
> > / sizeof(((struct linux_efi_memreserve *)0)->entry[0]))
> >
> > +#define EFI_STATUS_STR(_status) \
> > +case EFI_##_status: \
> > + return "EFI_" __stringify(_status);
> > +
> > +static inline char *
> > +efi_status_to_str(efi_status_t status)
> > +{
> > + switch (status) {
> > + EFI_STATUS_STR(SUCCESS)
> > + EFI_STATUS_STR(LOAD_ERROR)
> > + EFI_STATUS_STR(INVALID_PARAMETER)
> > + EFI_STATUS_STR(UNSUPPORTED)
> > + EFI_STATUS_STR(BAD_BUFFER_SIZE)
> > + EFI_STATUS_STR(BUFFER_TOO_SMALL)
> > + EFI_STATUS_STR(NOT_READY)
> > + EFI_STATUS_STR(DEVICE_ERROR)
> > + EFI_STATUS_STR(WRITE_PROTECTED)
> > + EFI_STATUS_STR(OUT_OF_RESOURCES)
> > + EFI_STATUS_STR(NOT_FOUND)
> > + EFI_STATUS_STR(ABORTED)
> > + EFI_STATUS_STR(SECURITY_VIOLATION)
> > + default:
> > + pr_warn("Unknown efi status: 0x%lx", status);
> > + }
> > +
> > + return "Unknown efi status";
> > +}
> > +
> > #endif /* _LINUX_EFI_H */
> > --
> > 2.16.4
> >
>
> Please turn this into a proper function so that not every calling
> object has to duplicate all these strings.
Hi Ard,
Keeping the status values and strings in sync is difficult. I was
going to suggest moving the macro immediately after the status value
definitions.
Mimi
On Sun, 2019-03-24 at 08:26 +0800, Lee, Chun-Yi wrote:
> When loading certificates list from UEFI variable, the original error
> message direct shows the efi status code from UEFI firmware. It looks
> ugly:
>
> [ 2.335031] Couldn't get size: 0x800000000000000e
> [ 2.335032] Couldn't get UEFI MokListRT
> [ 2.339985] Couldn't get size: 0x800000000000000e
> [ 2.339987] Couldn't get UEFI dbx list
>
> So, this patch shows the status string instead of status code.
>
> On the other hand, the "Couldn't get UEFI" message doesn't need
> to be exposed when db/dbx/mok variable do not exist. So, this
> patch set the message level to debug.
>
> v2.
> Setting the MODSIGN messagse level to debug.
>
> Link: https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516
> Cc: James Morris <[email protected]>
> Cc: Serge E. Hallyn" <[email protected]>
> Cc: David Howells <[email protected]>
> Cc: Nayna Jain <[email protected]>
> Cc: Josh Boyer <[email protected]>
> Cc: Mimi Zohar <[email protected]>
> Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> ---
> security/integrity/platform_certs/load_uefi.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index 81b19c52832b..e65244b31f04 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -48,7 +48,9 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
>
> status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
> if (status != EFI_BUFFER_TOO_SMALL) {
> - pr_err("Couldn't get size: 0x%lx\n", status);
> + if (status != EFI_NOT_FOUND)
> + pr_err("Couldn't get size: %s\n",
> + efi_status_to_str(status));
> return NULL;
> }
>
> @@ -59,7 +61,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
> status = efi.get_variable(name, guid, NULL, &lsize, db);
> if (status != EFI_SUCCESS) {
> kfree(db);
> - pr_err("Error reading db var: 0x%lx\n", status);
> + pr_err("Error reading db var: %s\n",
> + efi_status_to_str(status));
> return NULL;
> }
>
> @@ -155,7 +158,7 @@ static int __init load_uefi_certs(void)
> if (!uefi_check_ignore_db()) {
> db = get_cert_list(L"db", &secure_var, &dbsize);
> if (!db) {
> - pr_err("MODSIGN: Couldn't get UEFI db list\n");
> + pr_debug("MODSIGN: Couldn't get UEFI db list\n");
Sure, this is fine.
> } else {
> rc = parse_efi_signature_list("UEFI:db",
> db, dbsize, get_handler_for_db);
> @@ -168,7 +171,7 @@ static int __init load_uefi_certs(void)
>
> mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
> if (!mok) {
> - pr_info("Couldn't get UEFI MokListRT\n");
> + pr_debug("Couldn't get UEFI MokListRT\n");
This is fine too.
> } else {
> rc = parse_efi_signature_list("UEFI:MokListRT",
> mok, moksize, get_handler_for_db);
> @@ -179,7 +182,7 @@ static int __init load_uefi_certs(void)
>
> dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
> if (!dbx) {
> - pr_info("Couldn't get UEFI dbx list\n");
> + pr_debug("Couldn't get UEFI dbx list\n");
If there isn't a db or moklist, then this is fine. My concern is not
having an indication that the dbx wasn't installed, when it should
have been.
Perhaps similar to the "Loading compiled-in X.509 certificates"
informational message there should informational messages for db, mok,
and dbx as well.
Mimi
> } else {
> rc = parse_efi_signature_list("UEFI:dbx",
> dbx, dbxsize,
On Wed, Mar 27, 2019 at 03:23:55PM -0400, Mimi Zohar wrote:
> On Sun, 2019-03-24 at 08:26 +0800, Lee, Chun-Yi wrote:
> > When loading certificates list from UEFI variable, the original error
> > message direct shows the efi status code from UEFI firmware. It looks
> > ugly:
> >
> > [ 2.335031] Couldn't get size: 0x800000000000000e
> > [ 2.335032] Couldn't get UEFI MokListRT
> > [ 2.339985] Couldn't get size: 0x800000000000000e
> > [ 2.339987] Couldn't get UEFI dbx list
> >
> > So, this patch shows the status string instead of status code.
> >
> > On the other hand, the "Couldn't get UEFI" message doesn't need
> > to be exposed when db/dbx/mok variable do not exist. So, this
> > patch set the message level to debug.
> >
> > v2.
> > Setting the MODSIGN messagse level to debug.
> >
> > Link: https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516
> > Cc: James Morris <[email protected]>
> > Cc: Serge E. Hallyn" <[email protected]>
> > Cc: David Howells <[email protected]>
> > Cc: Nayna Jain <[email protected]>
> > Cc: Josh Boyer <[email protected]>
> > Cc: Mimi Zohar <[email protected]>
> > Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> > ---
> > security/integrity/platform_certs/load_uefi.c | 13 ++++++++-----
> > 1 file changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> > index 81b19c52832b..e65244b31f04 100644
> > --- a/security/integrity/platform_certs/load_uefi.c
> > +++ b/security/integrity/platform_certs/load_uefi.c
> > @@ -48,7 +48,9 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
> >
> > status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
> > if (status != EFI_BUFFER_TOO_SMALL) {
> > - pr_err("Couldn't get size: 0x%lx\n", status);
> > + if (status != EFI_NOT_FOUND)
> > + pr_err("Couldn't get size: %s\n",
> > + efi_status_to_str(status));
> > return NULL;
> > }
> >
> > @@ -59,7 +61,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
> > status = efi.get_variable(name, guid, NULL, &lsize, db);
> > if (status != EFI_SUCCESS) {
> > kfree(db);
> > - pr_err("Error reading db var: 0x%lx\n", status);
> > + pr_err("Error reading db var: %s\n",
> > + efi_status_to_str(status));
> > return NULL;
> > }
> >
> > @@ -155,7 +158,7 @@ static int __init load_uefi_certs(void)
> > if (!uefi_check_ignore_db()) {
> > db = get_cert_list(L"db", &secure_var, &dbsize);
> > if (!db) {
> > - pr_err("MODSIGN: Couldn't get UEFI db list\n");
> > + pr_debug("MODSIGN: Couldn't get UEFI db list\n");
>
> Sure, this is fine.
>
> > } else {
> > rc = parse_efi_signature_list("UEFI:db",
> > db, dbsize, get_handler_for_db);
> > @@ -168,7 +171,7 @@ static int __init load_uefi_certs(void)
> >
> > mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
> > if (!mok) {
> > - pr_info("Couldn't get UEFI MokListRT\n");
> > + pr_debug("Couldn't get UEFI MokListRT\n");
>
> This is fine too.
>
> > } else {
> > rc = parse_efi_signature_list("UEFI:MokListRT",
> > mok, moksize, get_handler_for_db);
> > @@ -179,7 +182,7 @@ static int __init load_uefi_certs(void)
> >
> > dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
> > if (!dbx) {
> > - pr_info("Couldn't get UEFI dbx list\n");
> > + pr_debug("Couldn't get UEFI dbx list\n");
>
> If there isn't a db or moklist, then this is fine. ?My concern is not
> having an indication that the dbx wasn't installed, when it should
> have been.
>
> Perhaps similar to the "Loading compiled-in X.509 certificates"
> informational message there should informational messages for db, mok,
> and dbx as well.
>
OK. I will add message when kernel found db, dbx and mok. It will
just like the informaton message for ACPI S0,S3,S4 support.
Thanks
Joey Lee
Hi Ard,
On Wed, Mar 27, 2019 at 07:58:03PM +0100, Ard Biesheuvel wrote:
> On Sun, 24 Mar 2019 at 01:26, Lee, Chun-Yi <[email protected]> wrote:
> >
> > This function can be used to transfer EFI status code to string
> > for printing out debug message. Using this function can improve
> > the readability of log.
> >
> > Cc: Ard Biesheuvel <[email protected]>
> > Cc: Kees Cook <[email protected]>
> > Cc: Anton Vorontsov <[email protected]>
> > Cc: Colin Cross <[email protected]>
> > Cc: Tony Luck <[email protected]>
> > Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> > ---
> > include/linux/efi.h | 28 ++++++++++++++++++++++++++++
> > 1 file changed, 28 insertions(+)
> >
> > diff --git a/include/linux/efi.h b/include/linux/efi.h
> > index 54357a258b35..a43cb0dc37af 100644
> > --- a/include/linux/efi.h
> > +++ b/include/linux/efi.h
> > @@ -1768,4 +1768,32 @@ struct linux_efi_memreserve {
> > #define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \
> > / sizeof(((struct linux_efi_memreserve *)0)->entry[0]))
> >
> > +#define EFI_STATUS_STR(_status) \
> > +case EFI_##_status: \
> > + return "EFI_" __stringify(_status);
> > +
> > +static inline char *
> > +efi_status_to_str(efi_status_t status)
> > +{
> > + switch (status) {
> > + EFI_STATUS_STR(SUCCESS)
> > + EFI_STATUS_STR(LOAD_ERROR)
> > + EFI_STATUS_STR(INVALID_PARAMETER)
> > + EFI_STATUS_STR(UNSUPPORTED)
> > + EFI_STATUS_STR(BAD_BUFFER_SIZE)
> > + EFI_STATUS_STR(BUFFER_TOO_SMALL)
> > + EFI_STATUS_STR(NOT_READY)
> > + EFI_STATUS_STR(DEVICE_ERROR)
> > + EFI_STATUS_STR(WRITE_PROTECTED)
> > + EFI_STATUS_STR(OUT_OF_RESOURCES)
> > + EFI_STATUS_STR(NOT_FOUND)
> > + EFI_STATUS_STR(ABORTED)
> > + EFI_STATUS_STR(SECURITY_VIOLATION)
> > + default:
> > + pr_warn("Unknown efi status: 0x%lx", status);
> > + }
> > +
> > + return "Unknown efi status";
> > +}
> > +
> > #endif /* _LINUX_EFI_H */
> > --
> > 2.16.4
> >
>
> Please turn this into a proper function so that not every calling
> object has to duplicate all these strings.
OK! I will move them to function.
Thanks for your review!
Joey Lee
Hi Mimi,
On Wed, Mar 27, 2019 at 03:04:02PM -0400, Mimi Zohar wrote:
> On Wed, 2019-03-27 at 19:58 +0100, Ard Biesheuvel wrote:
> > On Sun, 24 Mar 2019 at 01:26, Lee, Chun-Yi <[email protected]> wrote:
> > >
> > > This function can be used to transfer EFI status code to string
> > > for printing out debug message. Using this function can improve
> > > the readability of log.
>
> Maybe instead of "for transferring status" use "to convert the status
> value to a" in the Subject line and here in the patch description.
>
Thanks for your suggestion. I will change subject and description.
> > >
> > > Cc: Ard Biesheuvel <[email protected]>
> > > Cc: Kees Cook <[email protected]>
> > > Cc: Anton Vorontsov <[email protected]>
> > > Cc: Colin Cross <[email protected]>
> > > Cc: Tony Luck <[email protected]>
> > > Signed-off-by: "Lee, Chun-Yi" <[email protected]>
> > > ---
> > > include/linux/efi.h | 28 ++++++++++++++++++++++++++++
> > > 1 file changed, 28 insertions(+)
> > >
> > > diff --git a/include/linux/efi.h b/include/linux/efi.h
> > > index 54357a258b35..a43cb0dc37af 100644
> > > --- a/include/linux/efi.h
> > > +++ b/include/linux/efi.h
> > > @@ -1768,4 +1768,32 @@ struct linux_efi_memreserve {
> > > #define EFI_MEMRESERVE_COUNT(size) (((size) - sizeof(struct linux_efi_memreserve)) \
> > > / sizeof(((struct linux_efi_memreserve *)0)->entry[0]))
> > >
> > > +#define EFI_STATUS_STR(_status) \
> > > +case EFI_##_status: \
> > > + return "EFI_" __stringify(_status);
> > > +
> > > +static inline char *
> > > +efi_status_to_str(efi_status_t status)
> > > +{
> > > + switch (status) {
> > > + EFI_STATUS_STR(SUCCESS)
> > > + EFI_STATUS_STR(LOAD_ERROR)
> > > + EFI_STATUS_STR(INVALID_PARAMETER)
> > > + EFI_STATUS_STR(UNSUPPORTED)
> > > + EFI_STATUS_STR(BAD_BUFFER_SIZE)
> > > + EFI_STATUS_STR(BUFFER_TOO_SMALL)
> > > + EFI_STATUS_STR(NOT_READY)
> > > + EFI_STATUS_STR(DEVICE_ERROR)
> > > + EFI_STATUS_STR(WRITE_PROTECTED)
> > > + EFI_STATUS_STR(OUT_OF_RESOURCES)
> > > + EFI_STATUS_STR(NOT_FOUND)
> > > + EFI_STATUS_STR(ABORTED)
> > > + EFI_STATUS_STR(SECURITY_VIOLATION)
> > > + default:
> > > + pr_warn("Unknown efi status: 0x%lx", status);
> > > + }
> > > +
> > > + return "Unknown efi status";
> > > +}
> > > +
> > > #endif /* _LINUX_EFI_H */
> > > --
> > > 2.16.4
> > >
> >
> > Please turn this into a proper function so that not every calling
> > object has to duplicate all these strings.
>
> Hi Ard,
>
> Keeping the status values and strings in sync is difficult. I was
> going to suggest moving the macro immediately after the status value
> definitions.
>
I will move the code to after the status value definitions.
Thanks
Joey Lee