[PATCH 2/2] discover/boot: unify verification failure messages
Joel Stanley
joel at jms.id.au
Thu Jan 23 21:38:41 AEDT 2020
On Tue, 29 Oct 2019 at 09:26, Jeremy Kerr <jk at ozlabs.org> wrote:
>
> Currently, we have two sites where the result of validate_boot_files is
> interpreted: in kexec_load, and boot_process. In the former, we generate
> the pb_log message, and in the latter we generate the status message.
>
> This means we have separate places to maintain similar error messages,
> which is prone to future errors. This change does all of the
> interpretation directly after calling validate_boot_files().
>
> Signed-off-by: Jeremy Kerr <jk at ozlabs.org>
Acked-by: Joel Stanley <joel at jms.id.au>
> ---
> discover/boot.c | 45 ++++++++++++++++++++++-----------------------
> 1 file changed, 22 insertions(+), 23 deletions(-)
>
> diff --git a/discover/boot.c b/discover/boot.c
> index a6b88f0..9e7054b 100644
> --- a/discover/boot.c
> +++ b/discover/boot.c
> @@ -75,16 +75,30 @@ static int kexec_load(struct boot_task *boot_task)
> boot_task->local_dtb_override = NULL;
> boot_task->local_image_override = NULL;
>
> - if ((result = validate_boot_files(boot_task))) {
> - if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
> - pb_log("%s: Aborting kexec due to"
> - " decryption failure\n", __func__);
> - }
> - if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
> - pb_log("%s: Aborting kexec due to signature"
> - " verification failure\n", __func__);
> + result = validate_boot_files(boot_task);
> + if (result) {
> + const char *msg;
> +
> + switch (result) {
> + case KEXEC_LOAD_DECRYPTION_FALURE:
> + msg = _("decryption failed");
> + break;
> + case KEXEC_LOAD_SIGNATURE_FAILURE:
> + msg = _("signature verification failed");
> + break;
> + case KEXEC_LOAD_SIG_SETUP_INVALID:
> + msg = _("invalid signature configuration");
> + break;
> + default:
> + msg = _("unknown verification failure");
> }
>
> + update_status(boot_task->status_fn, boot_task->status_arg,
> + STATUS_ERROR,
> + _("Boot verification failure: %s"), msg);
> + pb_log_fn("Aborting kexec due to verification failure: %s",
> + msg);
> +
> validate_boot_files_cleanup(boot_task);
> return result;
> }
> @@ -451,21 +465,6 @@ static void boot_process(struct load_url_result *result, void *data)
> _("Performing kexec load"));
>
> rc = kexec_load(task);
> - pb_log_fn("kexec_load returned %d\n", rc);
> - if (rc == KEXEC_LOAD_DECRYPTION_FALURE) {
> - update_status(task->status_fn, task->status_arg,
> - STATUS_ERROR, _("Decryption failed"));
> - }
> - else if (rc == KEXEC_LOAD_SIGNATURE_FAILURE) {
> - update_status(task->status_fn, task->status_arg,
> - STATUS_ERROR,
> - _("Signature verification failed"));
> - }
> - else if (rc == KEXEC_LOAD_SIG_SETUP_INVALID) {
> - update_status(task->status_fn, task->status_arg,
> - STATUS_ERROR,
> - _("Invalid signature configuration"));
> - }
>
> no_load:
> list_for_each_entry(&task->resources, resource, list)
> --
> 2.20.1
>
> _______________________________________________
> Petitboot mailing list
> Petitboot at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/petitboot
More information about the Petitboot
mailing list