From 880f9de4123561d18e5c230b4f6e614c5eab960d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 4 Oct 2013 10:22:46 -0400
Subject: [PATCH] Try to actually make debug printing look reasonable.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/console.h | 22 ++++++++++++++++++++--
 lib/console.c     | 33 +++++++++++++++++++--------------
 shim.c            | 32 ++++++++------------------------
 3 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/include/console.h b/include/console.h
index fbeb7e6..e6c2818 100644
--- a/include/console.h
+++ b/include/console.h
@@ -20,8 +20,6 @@ console_alertbox(CHAR16 **title);
 void
 console_notify(CHAR16 *string);
 void
-console_notify_ascii(CHAR8 *string);
-void
 console_reset(void);
 #define NOSEL 0x7fffffff
 
@@ -66,5 +64,25 @@ struct _EFI_CONSOLE_CONTROL_PROTOCOL {
 };
 
 extern VOID setup_console (int text);
+extern VOID setup_verbosity(VOID);
+extern UINT8 verbose;
+#define dprint(fmt, ...) ({						\
+		UINTN __dprint_ret = 0;					\
+		if (verbose)						\
+			__dprint_ret = Print((fmt), ##__VA_ARGS__);	\
+		__dprint_ret;						\
+	})
+#define dprinta(fmt, ...) ({									\
+		UINTN __dprinta_ret = 0;							\
+		if (verbose) {									\
+			UINTN __dprinta_i;							\
+			CHAR16 *__dprinta_str = AllocateZeroPool((strlena(fmt) + 1) * 2);	\
+			for (__dprinta_i = 0; fmt[__dprinta_i] != '\0'; __dprinta_i++)		\
+				__dprinta_str[__dprinta_i] = fmt[__dprinta_i];			\
+			__dprinta_ret = Print((__dprinta_str), ##__VA_ARGS__);			\
+			FreePool(__dprinta_str);						\
+		}										\
+		__dprinta_ret;									\
+	})
 
 #endif /* _SHIM_LIB_CONSOLE_H */
diff --git a/lib/console.c b/lib/console.c
index 44b08f2..1f8f59c 100644
--- a/lib/console.c
+++ b/lib/console.c
@@ -8,6 +8,7 @@
 #include <efi/efilib.h>
 
 #include <console.h>
+#include <variables.h>
 #include <errors.h>
 
 static int min(int a, int b)
@@ -312,20 +313,6 @@ console_notify(CHAR16 *string)
 	console_alertbox(str_arr);
 }
 
-void
-console_notify_ascii(CHAR8 *string)
-{
-	CHAR16 *str = AllocateZeroPool((strlena(string) + 1) * 2);
-	int i, j;
-
-	if (!str)
-		return;
-
-	for (i = 0, j = 1; string[i] != '\0'; i++, j+=2)
-		str[j] = string[i];
-	console_notify(str);
-}
-
 #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
 
 /* Copy of gnu-efi-3.0 with the added secure boot strings */
@@ -416,6 +403,24 @@ console_reset(void)
 	uefi_call_wrapper(co->ClearScreen, 1, co);
 }
 
+UINT8 verbose;
+
+VOID
+setup_verbosity(VOID)
+{
+	EFI_STATUS status;
+	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
+	UINT8 verbose_check;
+	UINTN verbose_check_size;
+
+	verbose_check_size = 1;
+	status = get_variable(L"SHIM_VERBOSE", (void *)&verbose_check,
+				  &verbose_check_size, global_var);
+	verbose = 0;
+	if (!EFI_ERROR(status))
+		verbose = verbose_check;
+}
+
 VOID setup_console (int text)
 {
 	EFI_STATUS status;
diff --git a/shim.c b/shim.c
index 51dfc26..502a91d 100644
--- a/shim.c
+++ b/shim.c
@@ -59,7 +59,6 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB
 static CHAR16 *second_stage;
 static void *load_options;
 static UINT32 load_options_size;
-static UINT8 verbose;
 
 EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
 
@@ -731,12 +730,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	 * databases
 	 */
 	status = check_whitelist(cert, sha256hash, sha1hash);
-
-	if (status == EFI_SUCCESS) {
-		if (verbose)
-			console_notify(L"Binary is whitelisted\n");
+	if (status == EFI_SUCCESS)
 		return status;
-	}
 
 	/*
 	 * Check against the shim build key
@@ -746,8 +741,6 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 			       shim_cert, sizeof(shim_cert), sha256hash,
 			       SHA256_DIGEST_SIZE)) {
 		status = EFI_SUCCESS;
-		if (verbose)
-			console_notify(L"Binary is verified by the vendor certificate\n");
 		return status;
 	}
 
@@ -760,12 +753,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 			       vendor_cert, vendor_cert_size, sha256hash,
 			       SHA256_DIGEST_SIZE)) {
 		status = EFI_SUCCESS;
-		if (verbose)
-			console_notify(L"Binary is verified by the vendor certificate\n");
 		return status;
 	}
 
-	Print(L"Invalid signature\n");
 	status = EFI_ACCESS_DENIED;
 
 	return status;
@@ -896,9 +886,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
 	if (secure_mode ()) {
 		efi_status = verify_buffer(data, datasize, &context);
 
-		if (efi_status != EFI_SUCCESS) {
-			Print(L"Verification failed\n");
+		if (EFI_ERROR(efi_status)) {
+			console_error(L"Verification failed", efi_status);
 			return efi_status;
+		} else {
+			if (verbose)
+				console_notify(L"Verification succeeded");
 		}
 	}
 
@@ -1681,9 +1674,6 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	static SHIM_LOCK shim_lock_interface;
 	EFI_HANDLE handle = NULL;
 	EFI_STATUS efi_status;
-	UINT8 verbose_check;
-	UINTN verbose_check_size;
-	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
 
 	verification_method = VERIFIED_BY_NOTHING;
 
@@ -1708,15 +1698,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	InitializeLib(image_handle, systab);
 
 	setup_console(1);
+	setup_verbosity();
 
-	verbose_check_size = 1;
-	efi_status = get_variable(L"SHIM_VERBOSE", (void *)&verbose_check,
-				  &verbose_check_size, global_var);
-	if (!EFI_ERROR(efi_status))
-		verbose = verbose_check;
-
-	if (verbose)
-		console_notify_ascii(shim_version);
+	dprinta(shim_version);
 
 	/* Set the second stage loader */
 	set_second_stage (image_handle);