Re: [PATCH 3/5] efi_loader: image_loader: replace EFI_PRINT with log macros

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: ilias.apalodimas@linaro.org, baocheng.su@siemens.com,
	jan.kiszka@siemens.com, u-boot@lists.denx.de
Subject: Re: [PATCH 3/5] efi_loader: image_loader: replace EFI_PRINT with log macros
Date: Wed, 6 Jul 2022 10:42:59 +0900	[thread overview]
Message-ID: <20220706014259.GC42673@laputa> (raw)
In-Reply-To: <0f2d88ab-f5ae-cdcf-6519-e791f2585c39@gmx.de>

Heinrich,

On Tue, Jul 05, 2022 at 05:26:58PM +0200, Heinrich Schuchardt wrote:
> On 7/5/22 07:48, AKASHI Takahiro wrote:
> > Now We are migrating from EFI_PRINT() to log macro's.
> 
> I don't understand your logic:
> 
> log_err("Parsing image's signature failed\n");
> log_debug("Signature was rejected by \"dbx\"\n");

I distinctively use those two macro's.
I use log_err() when such an error is *normally* NOT expected.
I think that users should always be notified of these cases.
(Say, a signing tool generates a incompatible format of image, or
a image itself is corrupted.)

On the other hand, I use log_debug() to show the detailed reason
of why the signature verification process failed.
I always enable those messages when I debug image authentication code.

Please note there is always log_err("Image not authenticated\n") if
efi_image_authenticate() fails.

-Takahiro Akashi

> Shouldn't everything leading to a signature being rejected be treated
> the same (i.e. use log_err())?
> 
> Best regards
> 
> Heinrich
> 
> > 
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >   lib/efi_loader/efi_image_loader.c | 54 +++++++++++++++----------------
> >   1 file changed, 27 insertions(+), 27 deletions(-)
> > 
> > diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> > index 961139888504..fe8e4a89082c 100644
> > --- a/lib/efi_loader/efi_image_loader.c
> > +++ b/lib/efi_loader/efi_image_loader.c
> > @@ -238,7 +238,7 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> >   	int i, j;
> > 
> >   	if (regs->num >= regs->max) {
> > -		EFI_PRINT("%s: no more room for regions\n", __func__);
> > +		log_err("%s: no more room for regions\n", __func__);
> >   		return EFI_OUT_OF_RESOURCES;
> >   	}
> > 
> > @@ -263,7 +263,7 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> >   		}
> > 
> >   		/* new data overlapping registered region */
> > -		EFI_PRINT("%s: new region already part of another\n", __func__);
> > +		log_err("%s: new region already part of another\n", __func__);
> >   		return EFI_INVALID_PARAMETER;
> >   	}
> > 
> > @@ -434,8 +434,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
> >   		bytes_hashed = opt->SizeOfHeaders;
> >   		align = opt->FileAlignment;
> >   	} else {
> > -		EFI_PRINT("%s: Invalid optional header magic %x\n", __func__,
> > -			  nt->OptionalHeader.Magic);
> > +		log_err("%s: Invalid optional header magic %x\n", __func__,
> > +			nt->OptionalHeader.Magic);
> >   		goto err;
> >   	}
> > 
> > @@ -445,7 +445,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
> >   			    nt->FileHeader.SizeOfOptionalHeader);
> >   	sorted = calloc(sizeof(IMAGE_SECTION_HEADER *), num_sections);
> >   	if (!sorted) {
> > -		EFI_PRINT("%s: Out of memory\n", __func__);
> > +		log_err("%s: Out of memory\n", __func__);
> >   		goto err;
> >   	}
> > 
> > @@ -464,7 +464,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
> >   		efi_image_region_add(regs, efi + sorted[i]->PointerToRawData,
> >   				     efi + sorted[i]->PointerToRawData + size,
> >   				     0);
> > -		EFI_PRINT("section[%d](%s): raw: 0x%x-0x%x, virt: %x-%x\n",
> > +		log_debug("section[%d](%s): raw: 0x%x-0x%x, virt: %x-%x\n",
> >   			  i, sorted[i]->Name,
> >   			  sorted[i]->PointerToRawData,
> >   			  sorted[i]->PointerToRawData + size,
> > @@ -478,7 +478,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
> > 
> >   	/* 3. Extra data excluding Certificates Table */
> >   	if (bytes_hashed + authsz < len) {
> > -		EFI_PRINT("extra data for hash: %zu\n",
> > +		log_debug("extra data for hash: %zu\n",
> >   			  len - (bytes_hashed + authsz));
> >   		efi_image_region_add(regs, efi + bytes_hashed,
> >   				     efi + len - authsz, 0);
> > @@ -487,18 +487,18 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
> >   	/* Return Certificates Table */
> >   	if (authsz) {
> >   		if (len < authoff + authsz) {
> > -			EFI_PRINT("%s: Size for auth too large: %u >= %zu\n",
> > -				  __func__, authsz, len - authoff);
> > +			log_err("%s: Size for auth too large: %u >= %zu\n",
> > +				__func__, authsz, len - authoff);
> >   			goto err;
> >   		}
> >   		if (authsz < sizeof(*auth)) {
> > -			EFI_PRINT("%s: Size for auth too small: %u < %zu\n",
> > -				  __func__, authsz, sizeof(*auth));
> > +			log_err("%s: Size for auth too small: %u < %zu\n",
> > +				__func__, authsz, sizeof(*auth));
> >   			goto err;
> >   		}
> >   		*auth = efi + authoff;
> >   		*auth_len = authsz;
> > -		EFI_PRINT("WIN_CERTIFICATE: 0x%x, size: 0x%x\n", authoff,
> > +		log_debug("WIN_CERTIFICATE: 0x%x, size: 0x%x\n", authoff,
> >   			  authsz);
> >   	} else {
> >   		*auth = NULL;
> > @@ -549,7 +549,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   	size_t auth_size;
> >   	bool ret = false;
> > 
> > -	EFI_PRINT("%s: Enter, %d\n", __func__, ret);
> > +	log_debug("%s: Enter, %d\n", __func__, ret);
> > 
> >   	if (!efi_secure_boot_enabled())
> >   		return true;
> > @@ -560,7 +560,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> > 
> >   	if (!efi_image_parse(new_efi, efi_size, &regs, &wincerts,
> >   			     &wincerts_len)) {
> > -		EFI_PRINT("Parsing PE executable image failed\n");
> > +		log_err("Parsing PE executable image failed\n");
> >   		goto out;
> >   	}
> > 
> > @@ -569,18 +569,18 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   	 */
> >   	db = efi_sigstore_parse_sigdb(u"db");
> >   	if (!db) {
> > -		EFI_PRINT("Getting signature database(db) failed\n");
> > +		log_err("Getting signature database(db) failed\n");
> >   		goto out;
> >   	}
> > 
> >   	dbx = efi_sigstore_parse_sigdb(u"dbx");
> >   	if (!dbx) {
> > -		EFI_PRINT("Getting signature database(dbx) failed\n");
> > +		log_err("Getting signature database(dbx) failed\n");
> >   		goto out;
> >   	}
> > 
> >   	if (efi_signature_lookup_digest(regs, dbx, true)) {
> > -		EFI_PRINT("Image's digest was found in \"dbx\"\n");
> > +		log_debug("Image's digest was found in \"dbx\"\n");
> >   		goto out;
> >   	}
> > 
> > @@ -602,12 +602,12 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   			break;
> > 
> >   		if (wincert->dwLength <= sizeof(*wincert)) {
> > -			EFI_PRINT("dwLength too small: %u < %zu\n",
> > +			log_debug("dwLength too small: %u < %zu\n",
> >   				  wincert->dwLength, sizeof(*wincert));
> >   			continue;
> >   		}
> > 
> > -		EFI_PRINT("WIN_CERTIFICATE_TYPE: 0x%x\n",
> > +		log_debug("WIN_CERTIFICATE_TYPE: 0x%x\n",
> >   			  wincert->wCertificateType);
> > 
> >   		auth = (u8 *)wincert + sizeof(*wincert);
> > @@ -617,12 +617,12 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   				break;
> > 
> >   			if (auth_size <= sizeof(efi_guid_t)) {
> > -				EFI_PRINT("dwLength too small: %u < %zu\n",
> > +				log_debug("dwLength too small: %u < %zu\n",
> >   					  wincert->dwLength, sizeof(*wincert));
> >   				continue;
> >   			}
> >   			if (guidcmp(auth, &efi_guid_cert_type_pkcs7)) {
> > -				EFI_PRINT("Certificate type not supported: %pUs\n",
> > +				log_debug("Certificate type not supported: %pUs\n",
> >   					  auth);
> >   				ret = false;
> >   				goto out;
> > @@ -632,14 +632,14 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   			auth_size -= sizeof(efi_guid_t);
> >   		} else if (wincert->wCertificateType
> >   				!= WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
> > -			EFI_PRINT("Certificate type not supported\n");
> > +			log_debug("Certificate type not supported\n");
> >   			ret = false;
> >   			goto out;
> >   		}
> > 
> >   		msg = pkcs7_parse_message(auth, auth_size);
> >   		if (IS_ERR(msg)) {
> > -			EFI_PRINT("Parsing image's signature failed\n");
> > +			log_err("Parsing image's signature failed\n");
> >   			msg = NULL;
> >   			continue;
> >   		}
> > @@ -666,13 +666,13 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   		/* try black-list first */
> >   		if (efi_signature_verify_one(regs, msg, dbx)) {
> >   			ret = false;
> > -			EFI_PRINT("Signature was rejected by \"dbx\"\n");
> > +			log_debug("Signature was rejected by \"dbx\"\n");
> >   			goto out;
> >   		}
> > 
> >   		if (!efi_signature_check_signers(msg, dbx)) {
> >   			ret = false;
> > -			EFI_PRINT("Signer(s) in \"dbx\"\n");
> > +			log_debug("Signer(s) in \"dbx\"\n");
> >   			goto out;
> >   		}
> > 
> > @@ -682,7 +682,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> >   			continue;
> >   		}
> > 
> > -		EFI_PRINT("Signature was not verified by \"db\"\n");
> > +		log_debug("Signature was not verified by \"db\"\n");
> >   	}
> > 
> > 
> > @@ -698,7 +698,7 @@ out:
> >   	if (new_efi != efi)
> >   		free(new_efi);
> > 
> > -	EFI_PRINT("%s: Exit, %d\n", __func__, ret);
> > +	log_debug("%s: Exit, %d\n", __func__, ret);
> >   	return ret;
> >   }
> >   #else
>

next prev parent reply	other threads:[~2022-07-06  1:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-05  5:48 [PATCH 0/5] efi_loader: fix a verification process issue in secure boot AKASHI Takahiro
2022-07-05  5:48 ` [PATCH 1/5] lib: crypto: add mscode_parser AKASHI Takahiro
2022-07-05 13:13   ` Jason A. Donenfeld
2022-07-06  1:07     ` AKASHI Takahiro
2022-07-05  5:48 ` [PATCH 2/5] efi_loader: signature: export efi_hash_regions() AKASHI Takahiro
2022-07-05  5:48 ` [PATCH 3/5] efi_loader: image_loader: replace EFI_PRINT with log macros AKASHI Takahiro
2022-07-05 15:26   ` Heinrich Schuchardt
2022-07-06  1:42     ` AKASHI Takahiro [this message]
2022-07-05  5:48 ` [PATCH 4/5] efi_loader: image_loader: add a missing digest verification for signed PE image AKASHI Takahiro
2022-07-05 15:29   ` Heinrich Schuchardt
2022-07-06  1:46     ` AKASHI Takahiro
2022-07-05  5:48 ` [PATCH 5/5] test/py: efi_secboot: add a test for a forged signed image AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220706014259.GC42673@laputa \
    --to=takahiro.akashi@linaro.org \
    --cc=baocheng.su@siemens.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=jan.kiszka@siemens.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox