Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp542127img; Fri, 22 Mar 2019 03:35:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqye6IRYG1s36TDfRQCDPl3EsQfzD5y38ubOT3akhc/8SWBb5KfCrrN3S2KdwFF9zt8FUcx/ X-Received: by 2002:a62:4746:: with SMTP id u67mr8369614pfa.243.1553250912179; Fri, 22 Mar 2019 03:35:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553250912; cv=none; d=google.com; s=arc-20160816; b=uS5fETWhM40YmSCVbeagD3LBWf3puVhdIUkPxG8syePu0BDWjR1YPFbennJ5ifbTB/ WDb5zWptuX3votAa9GujjfEcRLzTMbicFQteYYH0vCttWpnCcMJKxJSoEw2HJMH2f1no CuSYysZ+bSQmGqUxYCXxgfmsJbqxAq0t0sIJxkc5+CptueZ9Rw8gWRkQypRnZKIOExsr vdvrJKAUtYNW0ixFRE7yU2GxvLB42sdR2rCqepS7vqErAiluGYwTbBXsnmNr+BF08YQR +PSMIZTtwAGroQtQjsjTvInEXKaY8WUrDYK2jDWscu6WMiEKHr9e9ASIwWujVis3Lnia 4oCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=XTYPASRGMg0q/uWZzsJSXvakCs0yqwCjmkSLykQSBrU=; b=HlrPHlPT8Bc4H4foSLA8ngh7HqSIazp2pLo92X6f/tsjFEsoacrFCxVcW+gJRaP6sB iHSpY+wQh7jM5f8F/csh+MAc+Lkj3xOhj2OtB9x/TUc9roLw6LEbpE2K6ZFJdjPkW7PH tCywUlarg3QqsTkKqDpIKmQhUSJSPUeSLecoQUtDEVSD+zWX9eCel+AEBQASqMLMo7r7 SyNkGpB7Kt3+xzeQ4LAwtEkzfEt6/CN3qhBoRcYdnPH3vV47JDFDDaO4mxwH5B7/PGVN wnWupk5Si5JNx5o76aLMaKlu5Y5B2Q5s4SdC8iO+yViNwzOYIdA24RJO396ABoH8Yptq 7QZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sdemoHNJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z8si6205666pgp.527.2019.03.22.03.34.56; Fri, 22 Mar 2019 03:35:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sdemoHNJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728098AbfCVKeG (ORCPT + 99 others); Fri, 22 Mar 2019 06:34:06 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:42819 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727985AbfCVKeF (ORCPT ); Fri, 22 Mar 2019 06:34:05 -0400 Received: by mail-pg1-f194.google.com with SMTP id p6so1230077pgh.9; Fri, 22 Mar 2019 03:34:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=XTYPASRGMg0q/uWZzsJSXvakCs0yqwCjmkSLykQSBrU=; b=sdemoHNJefqNMY39D7WWWxEJsg1U6wNnj5Cq/fU7JOZCKqJOtoia/qVwWjtz2SQPBt Mjv3qMaSiLjR5fyEtuyuJFrMggTGei9r1kmqGGy9EEZAuEXOfDjxAI9Bd+lmic8G8Diy U/u47rlm/5cOemYDNQpakBdsfhiEx0jh4wVJjdLIQKncGB6oMO8qGqhYBjMBw0nJMfAy G5+yAzEeSZ51U+fKlylDV85JjEa4C1CrVPaTuTJyiwflFBv2VRcYNGIWjGGaa7hrxc99 LTB/AvWXPDSldI+djBDChTLnTsrRKJ7Y60cEk0CmRnO5FEtIqyJNbUm0RFeZ5oWGa9b+ BzAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XTYPASRGMg0q/uWZzsJSXvakCs0yqwCjmkSLykQSBrU=; b=gpEVvBWRn3ofubF+Xhp46esHC5WNVfONJi5iGTZkDjeNroyZNmotRrTHfT5NQFSDt4 1SDssRVcLB/aWjaw7SSBcBb2D9UKHqH3pKwyRkj8W9po/s8QWYfbbyyzh7eALWhU/hBg /ihi8ATx/XDAqbCmU5Z3bcoFRnTTcG4eGH+6jBYYF88TYtv1Z2S0q9AQ9Kp4WesaGAk8 +9+4D8M0LJvqgEtSp8zWRThfiSCa50unsXKqivK/mL8efUsVSmroT5JWLtMA8nQ/vE7E TwnWtmkxv/JEg/3wRTAyFNcCAV/yw8gwnZDISLleJ9s9UBfJxbYhbT+RTg90F25ZjoxY VIeg== X-Gm-Message-State: APjAAAXj5LV3PT/+GxTxw5VQxDohh25FigAqajOpFMDdO6jupJpb8cum QsqcrWLpIfJ81JN9X8i/7OU= X-Received: by 2002:aa7:92c1:: with SMTP id k1mr8443187pfa.246.1553250844332; Fri, 22 Mar 2019 03:34:04 -0700 (PDT) Received: from linux-l9pv.suse ([202.47.205.198]) by smtp.gmail.com with ESMTPSA id l7sm22276889pfj.162.2019.03.22.03.34.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 22 Mar 2019 03:34:03 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: Ard Biesheuvel , James Morris , "Serge E . Hallyn" , David Howells , Josh Boyer , Nayna Jain , Mimi Zohar Cc: linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, "Lee, Chun-Yi" Subject: [PATCH 2/2] efi: print appropriate status message when loading certificates Date: Fri, 22 Mar 2019 18:33:50 +0800 Message-Id: <20190322103350.27764-2-jlee@suse.com> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20190322103350.27764-1-jlee@suse.com> References: <20190322103350.27764-1-jlee@suse.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When loading certificates list from UEFI variable, the original error message direct shows the efi status code from UEFI firmware. It looks ugly: [ 2.335031] Couldn't get size: 0x800000000000000e [ 2.335032] Couldn't get UEFI MokListRT [ 2.339985] Couldn't get size: 0x800000000000000e [ 2.339987] Couldn't get UEFI dbx list So, this patch shows the status string instead of status code. On the other hand, the error message of EFI_NOT_FOUND (0x800000000000000e) doesn't need to be exposed because kernel already prints "Couldn't get UEFI..." message. This patch also filtered out it. Link: https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-db-list?p=2897516#post2897516 Cc: James Morris Cc: Serge E. Hallyn" Cc: David Howells Cc: Nayna Jain Cc: Josh Boyer Cc: Mimi Zohar Signed-off-by: "Lee, Chun-Yi" --- security/integrity/platform_certs/load_uefi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c index 81b19c52832b..fe261166621f 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -48,7 +48,9 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); if (status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", status); + if (status != EFI_NOT_FOUND) + pr_err("Couldn't get size: %s\n", + efi_status_to_str(status)); return NULL; } @@ -59,7 +61,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, status = efi.get_variable(name, guid, NULL, &lsize, db); if (status != EFI_SUCCESS) { kfree(db); - pr_err("Error reading db var: 0x%lx\n", status); + pr_err("Error reading db var: %s\n", + efi_status_to_str(status)); return NULL; } -- 2.16.4