Received: by 10.223.164.202 with SMTP id h10csp4695235wrb; Wed, 29 Nov 2017 10:18:16 -0800 (PST) X-Google-Smtp-Source: AGs4zMaYHbg83iXk7Chd5iUnp3ZKD3dbr3gOPB4Rtbi1PDmwCKv9u83/n9M2cAvCAPM532cAfLnG X-Received: by 10.99.138.194 with SMTP id y185mr3581866pgd.290.1511979496319; Wed, 29 Nov 2017 10:18:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511979496; cv=none; d=google.com; s=arc-20160816; b=FsX0ViXXm485y3gW3AGQwMcJCIujTIuMIjWPIKUliX/fo8WvpdPdpqZGzpSECm5dvP l1WC1jw45QAQIKB2T+GW6pDdzDNlMEG/Q2sXOjw+yRvOLyYd/d4jbeV4WyYsbo2xfmZI YfOON0fUYyXDHd/EiI/a3519hdYBKYOcKiPNY2QpJezGS314DrOrGSr3y4uLN+B61Lnb X5zqZhyvn4USgSIUc6bO2hAtUahKN+Brstcv+8PatbH49OXiFnRy1AeHGoW+wtS+iR/Q smSWUNdz+sKoJvVCDS4DW7fxQ42sH9nB9m11VKZtFwZ0ZJ2wyv/XhxymIZ4oW6xVwG6y Jevg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=fofA7owGgVJlSpMD4/0hfQZUe1iAqBrxl1ak6irjgdw=; b=ZkBqMNMdiAGYFg/11NXARCH2B1seBuT9JABu5ahqsOCXDOgKNFFz17Inu5nXeaYApa mYy+rrqHniCwbYMnNX/1MObUv+2Snqh+0a7Uy28DzBqDfpkkM/jGp8kf/rzSzfLVJtNv 63F7hPRU2Wm2e4xb5iEAQpyqWRFsaaB0LZc90wbbzg5niP4T2NrgkeLsjKAvCQ6O7bWp PeM33MBLNfFbUS6YQ/I4xp4ORSqngOpJsQUI8LS2n2KlsDUlBVyw4I9cZs6CptB1X89+ k+CvGkhseeRF5DqIDgRCV7ZMUnbaBSsz+VcKjWsrGE6i685A+EzfJ48+ibYhbVeAFODM j3Fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=k/FYVzJf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w1si1667342plk.259.2017.11.29.10.18.06; Wed, 29 Nov 2017 10:18:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=k/FYVzJf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755281AbdK2ONw (ORCPT + 70 others); Wed, 29 Nov 2017 09:13:52 -0500 Received: from mail-pg0-f46.google.com ([74.125.83.46]:33159 "EHLO mail-pg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755176AbdK2OMj (ORCPT ); Wed, 29 Nov 2017 09:12:39 -0500 Received: by mail-pg0-f46.google.com with SMTP id g7so1555885pgs.0; Wed, 29 Nov 2017 06:12:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=fofA7owGgVJlSpMD4/0hfQZUe1iAqBrxl1ak6irjgdw=; b=k/FYVzJfpmpqS983XBpodvt8mJn/1h4WotWwL0LG4f8bKAOmpNTI6HgkCPw0pnvM7Y lR/OcDE4V+py+ld4FZrmNTNYpyBHQoWaqtyACpanYYEcpYiy8mZ2Moa3uTkFKdpctXbN x5MMqkG6GIxy+q84YcFoqJbPQLFy7hFecfn1R9U+3ouzMtQ1eIZusBUDvHueZ/h927+j 2ohsFqvYEw0GMe0t+vCRU0VUEBENr3cpj6BKN+55pR6C7sdzRqtx+7zUvdg9PGgGVObA hjyac69ZKQ/ibHKFcWuYqV0QUVRaw7HShf0YNRPrF9OylMWXJp2OQNBlwchi4YvNs1Tf JHbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=fofA7owGgVJlSpMD4/0hfQZUe1iAqBrxl1ak6irjgdw=; b=AYK55BJhY2tljz7TI8BByg+Pf+XbEchnum/d5F2gdxcUU6dyZLD9lKZv/yHGZPj/QS Z13yX7/O4oZty5ZlUSByipReDqWqTXNmUjAlyA4vucKFdBw88+UyjJ2tp9xJk3x+MEhj p8AtBVORM3ffH439y4yQd/o8nwIWXELE6aRnPlHKCLlqIV1/W9YG5mGhz3QOi0MZHKWN XrNqHbpXMJV5zoiO3KuDIomVo12iaI0K54Wf90ZKpbYrEktm/XtnzTbYhgV5NHDiwYMY 8HAlJ2f9rV8Z6ywyZcKLpXrpqqRmKeEzCtvS0b8O8y2JVkY5g/LezLnqmKFqudY/LH6i MJ8g== X-Gm-Message-State: AJaThX7c81Uk+0ummv/fWMkPFVw1kezTR09CHNBpjTXsUJ7ldv7s2uc0 1rRbQ8wsAxFbsWZRTt6IZSnIqg== X-Received: by 10.98.71.144 with SMTP id p16mr3104971pfi.15.1511964759177; Wed, 29 Nov 2017 06:12:39 -0800 (PST) Received: from linux-l9pv.suse ([124.11.22.254]) by smtp.gmail.com with ESMTPSA id n12sm3481373pfb.5.2017.11.29.06.12.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 29 Nov 2017 06:12:38 -0800 (PST) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: David Howells Cc: linux-fs@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Lee, Chun-Yi" , Josh Boyer Subject: [PATCH 2/4] MODSIGN: print appropriate status message when getting UEFI certificates list Date: Wed, 29 Nov 2017 22:11:37 +0800 Message-Id: <20171129141139.20088-3-jlee@suse.com> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20171129141139.20088-1-jlee@suse.com> References: <20171129141139.20088-1-jlee@suse.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When getting certificates list from UEFI variable, the original error message shows the state number from UEFI firmware. It's hard to be read by human. This patch changed the error message to show the appropriate string. The message will be showed as: [ 0.788529] MODSIGN: Couldn't get UEFI MokListRT: EFI_NOT_FOUND [ 0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells Cc: Josh Boyer Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 43 ++++++++++++++++++++++++++++++------------- include/linux/efi.h | 25 +++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/certs/load_uefi.c b/certs/load_uefi.c index d6de4d0..f2f372b 100644 --- a/certs/load_uefi.c +++ b/certs/load_uefi.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include "internal.h" @@ -32,6 +33,24 @@ static __init bool uefi_check_ignore_db(void) return status == EFI_SUCCESS; } +static __init void print_get_fail(efi_char16_t *char16_str, efi_status_t status) +{ + char *utf8_str; + unsigned long utf8_size; + + if (!char16_str) + return; + utf8_size = ucs2_utf8size(char16_str) + 1; + utf8_str = kmalloc(utf8_size, GFP_KERNEL); + if (!utf8_str) + return; + ucs2_as_utf8(utf8_str, char16_str, utf8_size); + + pr_info("MODSIGN: Couldn't get UEFI %s: %s\n", + utf8_str, efi_status_to_str(status)); + kfree(utf8_str); +} + /* * Get a certificate list blob from the named EFI variable. */ @@ -45,25 +64,29 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); if (status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", status); - return NULL; + if (status != EFI_NOT_FOUND) + pr_err("Couldn't get size: 0x%lx\n", status); + goto err; } db = kmalloc(lsize, GFP_KERNEL); if (!db) { pr_err("Couldn't allocate memory for uefi cert list\n"); - return NULL; + goto err; } status = efi.get_variable(name, guid, NULL, &lsize, db); if (status != EFI_SUCCESS) { kfree(db); pr_err("Error reading db var: 0x%lx\n", status); - return NULL; + goto err; } *size = lsize; return db; +err: + print_get_fail(name, status); + return NULL; } /* @@ -153,9 +176,7 @@ static int __init load_uefi_certs(void) */ if (!uefi_check_ignore_db()) { db = get_cert_list(L"db", &secure_var, &dbsize); - if (!db) { - pr_err("MODSIGN: Couldn't get UEFI db list\n"); - } else { + if (db) { rc = parse_efi_signature_list("UEFI:db", db, dbsize, get_handler_for_db); if (rc) @@ -165,9 +186,7 @@ static int __init load_uefi_certs(void) } dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); - if (!dbx) { - pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); - } else { + if (dbx) { rc = parse_efi_signature_list("UEFI:dbx", dbx, dbxsize, get_handler_for_dbx); @@ -181,9 +200,7 @@ static int __init load_uefi_certs(void) return 0; mok = get_cert_list(L"MokListRT", &mok_var, &moksize); - if (!mok) { - pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); - } else { + if (mok) { rc = parse_efi_signature_list("UEFI:MokListRT", mok, moksize, get_handler_for_db); if (rc) diff --git a/include/linux/efi.h b/include/linux/efi.h index 2729d6f..c44946c 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1600,4 +1600,29 @@ struct linux_efi_random_seed { u8 bits[]; }; +#define EFI_STATUS_STR(_status) \ + case EFI_##_status: \ + return "EFI_" __stringify(_status); \ + +static inline char * +efi_status_to_str(efi_status_t status) +{ + switch (status) { + EFI_STATUS_STR(SUCCESS) + EFI_STATUS_STR(LOAD_ERROR) + EFI_STATUS_STR(INVALID_PARAMETER) + EFI_STATUS_STR(UNSUPPORTED) + EFI_STATUS_STR(BAD_BUFFER_SIZE) + EFI_STATUS_STR(BUFFER_TOO_SMALL) + EFI_STATUS_STR(NOT_READY) + EFI_STATUS_STR(DEVICE_ERROR) + EFI_STATUS_STR(WRITE_PROTECTED) + EFI_STATUS_STR(OUT_OF_RESOURCES) + EFI_STATUS_STR(NOT_FOUND) + EFI_STATUS_STR(ABORTED) + EFI_STATUS_STR(SECURITY_VIOLATION) + } + + return ""; +} #endif /* _LINUX_EFI_H */ -- 2.10.2 From 1586619973632553414@xxx Tue Dec 12 22:45:18 +0000 2017 X-GM-THRID: 1586619973632553414 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread