int i, j;
if (regs->num >= regs->max) {
- EFI_PRINT("%s: no more room for regions\n", __func__);
+ log_err("%s: no more room for regions\n", __func__);
return EFI_OUT_OF_RESOURCES;
}
}
/* new data overlapping registered region */
- EFI_PRINT("%s: new region already part of another\n", __func__);
+ log_err("%s: new region already part of another\n", __func__);
return EFI_INVALID_PARAMETER;
}
bytes_hashed = opt->SizeOfHeaders;
align = opt->FileAlignment;
} else {
- EFI_PRINT("%s: Invalid optional header magic %x\n", __func__,
- nt->OptionalHeader.Magic);
+ log_err("%s: Invalid optional header magic %x\n", __func__,
+ nt->OptionalHeader.Magic);
goto err;
}
nt->FileHeader.SizeOfOptionalHeader);
sorted = calloc(sizeof(IMAGE_SECTION_HEADER *), num_sections);
if (!sorted) {
- EFI_PRINT("%s: Out of memory\n", __func__);
+ log_err("%s: Out of memory\n", __func__);
goto err;
}
efi_image_region_add(regs, efi + sorted[i]->PointerToRawData,
efi + sorted[i]->PointerToRawData + size,
0);
- EFI_PRINT("section[%d](%s): raw: 0x%x-0x%x, virt: %x-%x\n",
+ log_debug("section[%d](%s): raw: 0x%x-0x%x, virt: %x-%x\n",
i, sorted[i]->Name,
sorted[i]->PointerToRawData,
sorted[i]->PointerToRawData + size,
/* 3. Extra data excluding Certificates Table */
if (bytes_hashed + authsz < len) {
- EFI_PRINT("extra data for hash: %zu\n",
+ log_debug("extra data for hash: %zu\n",
len - (bytes_hashed + authsz));
efi_image_region_add(regs, efi + bytes_hashed,
efi + len - authsz, 0);
/* Return Certificates Table */
if (authsz) {
if (len < authoff + authsz) {
- EFI_PRINT("%s: Size for auth too large: %u >= %zu\n",
- __func__, authsz, len - authoff);
+ log_err("%s: Size for auth too large: %u >= %zu\n",
+ __func__, authsz, len - authoff);
goto err;
}
if (authsz < sizeof(*auth)) {
- EFI_PRINT("%s: Size for auth too small: %u < %zu\n",
- __func__, authsz, sizeof(*auth));
+ log_err("%s: Size for auth too small: %u < %zu\n",
+ __func__, authsz, sizeof(*auth));
goto err;
}
*auth = efi + authoff;
*auth_len = authsz;
- EFI_PRINT("WIN_CERTIFICATE: 0x%x, size: 0x%x\n", authoff,
+ log_debug("WIN_CERTIFICATE: 0x%x, size: 0x%x\n", authoff,
authsz);
} else {
*auth = NULL;
size_t auth_size;
bool ret = false;
- EFI_PRINT("%s: Enter, %d\n", __func__, ret);
+ log_debug("%s: Enter, %d\n", __func__, ret);
if (!efi_secure_boot_enabled())
return true;
if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
&wincerts_len)) {
- EFI_PRINT("Parsing PE executable image failed\n");
+ log_err("Parsing PE executable image failed\n");
goto out;
}
*/
db = efi_sigstore_parse_sigdb(u"db");
if (!db) {
- EFI_PRINT("Getting signature database(db) failed\n");
+ log_err("Getting signature database(db) failed\n");
goto out;
}
dbx = efi_sigstore_parse_sigdb(u"dbx");
if (!dbx) {
- EFI_PRINT("Getting signature database(dbx) failed\n");
+ log_err("Getting signature database(dbx) failed\n");
goto out;
}
if (efi_signature_lookup_digest(regs, dbx, true)) {
- EFI_PRINT("Image's digest was found in \"dbx\"\n");
+ log_debug("Image's digest was found in \"dbx\"\n");
goto out;
}
break;
if (wincert->dwLength <= sizeof(*wincert)) {
- EFI_PRINT("dwLength too small: %u < %zu\n",
+ log_debug("dwLength too small: %u < %zu\n",
wincert->dwLength, sizeof(*wincert));
continue;
}
- EFI_PRINT("WIN_CERTIFICATE_TYPE: 0x%x\n",
+ log_debug("WIN_CERTIFICATE_TYPE: 0x%x\n",
wincert->wCertificateType);
auth = (u8 *)wincert + sizeof(*wincert);
break;
if (auth_size <= sizeof(efi_guid_t)) {
- EFI_PRINT("dwLength too small: %u < %zu\n",
+ log_debug("dwLength too small: %u < %zu\n",
wincert->dwLength, sizeof(*wincert));
continue;
}
if (guidcmp(auth, &efi_guid_cert_type_pkcs7)) {
- EFI_PRINT("Certificate type not supported: %pUs\n",
+ log_debug("Certificate type not supported: %pUs\n",
auth);
ret = false;
goto out;
auth_size -= sizeof(efi_guid_t);
} else if (wincert->wCertificateType
!= WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
- EFI_PRINT("Certificate type not supported\n");
+ log_debug("Certificate type not supported\n");
ret = false;
goto out;
}
msg = pkcs7_parse_message(auth, auth_size);
if (IS_ERR(msg)) {
- EFI_PRINT("Parsing image's signature failed\n");
+ log_err("Parsing image's signature failed\n");
msg = NULL;
continue;
}
/* try black-list first */
if (efi_signature_verify_one(regs, msg, dbx)) {
ret = false;
- EFI_PRINT("Signature was rejected by \"dbx\"\n");
+ log_debug("Signature was rejected by \"dbx\"\n");
goto out;
}
if (!efi_signature_check_signers(msg, dbx)) {
ret = false;
- EFI_PRINT("Signer(s) in \"dbx\"\n");
+ log_debug("Signer(s) in \"dbx\"\n");
goto out;
}
continue;
}
- EFI_PRINT("Signature was not verified by \"db\"\n");
+ log_debug("Signature was not verified by \"db\"\n");
}
if (new_efi != efi)
free(new_efi);
- EFI_PRINT("%s: Exit, %d\n", __func__, ret);
+ log_debug("%s: Exit, %d\n", __func__, ret);
return ret;
}
#else