diff options
| -rw-r--r-- | PasswordCrypt.c | 30 | ||||
| -rw-r--r-- | errlog.c | 6 | ||||
| -rw-r--r-- | httpboot.c | 231 | ||||
| -rw-r--r-- | netboot.c | 32 | ||||
| -rw-r--r-- | replacements.c | 58 | ||||
| -rw-r--r-- | shim.c | 319 | ||||
| -rw-r--r-- | tpm.c | 113 |
7 files changed, 390 insertions, 399 deletions
diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 793cb72c..2eb971dd 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -286,7 +286,7 @@ static EFI_STATUS blowfish_crypt (const char *key, const char *salt, UINT8 *hash EFI_STATUS password_crypt (const char *password, UINT32 pw_length, const PASSWORD_CRYPT *pw_crypt, UINT8 *hash) { - EFI_STATUS status; + EFI_STATUS efi_status; if (!pw_crypt) return EFI_INVALID_PARAMETER; @@ -294,32 +294,36 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length, switch (pw_crypt->method) { case TRADITIONAL_DES: case EXTEND_BSDI_DES: - status = EFI_UNSUPPORTED; + efi_status = EFI_UNSUPPORTED; break; case MD5_BASED: - status = md5_crypt (password, pw_length, (char *)pw_crypt->salt, - pw_crypt->salt_size, hash); + efi_status = md5_crypt (password, pw_length, + (char *)pw_crypt->salt, + pw_crypt->salt_size, hash); break; case SHA256_BASED: - status = sha256_crypt(password, pw_length, (char *)pw_crypt->salt, - pw_crypt->salt_size, pw_crypt->iter_count, - hash); + efi_status = sha256_crypt(password, pw_length, + (char *)pw_crypt->salt, + pw_crypt->salt_size, + pw_crypt->iter_count, hash); break; case SHA512_BASED: - status = sha512_crypt(password, pw_length, (char *)pw_crypt->salt, - pw_crypt->salt_size, pw_crypt->iter_count, - hash); + efi_status = sha512_crypt(password, pw_length, + (char *)pw_crypt->salt, + pw_crypt->salt_size, + pw_crypt->iter_count, hash); break; case BLOWFISH_BASED: if (pw_crypt->salt_size != (7 + 22 + 1)) { - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; break; } - status = blowfish_crypt(password, (char *)pw_crypt->salt, hash); + efi_status = blowfish_crypt(password, (char *)pw_crypt->salt, + hash); break; default: return EFI_INVALID_PARAMETER; } - return status; + return efi_status; } @@ -54,13 +54,13 @@ EFI_STATUS LogError(const char *file, int line, const char *func, CHAR16 *fmt, ...) { va_list args; - EFI_STATUS status; + EFI_STATUS efi_status; va_start(args, fmt); - status = VLogError(file, line, func, fmt, args); + efi_status = VLogError(file, line, func, fmt, args); va_end(args); - return status; + return efi_status; } VOID @@ -262,17 +262,14 @@ get_nic_handle (EFI_MAC_ADDRESS *mac) EFI_HANDLE *buffer; UINTN NoHandles; UINTN i; - EFI_STATUS status; + EFI_STATUS efi_status; /* Get the list of handles that support the HTTP service binding protocol */ - status = uefi_call_wrapper(BS->LocateHandleBuffer, 5, - ByProtocol, - &EFI_HTTP_BINDING_GUID, - NULL, - &NoHandles, - &buffer); - if (EFI_ERROR(status)) + efi_status = uefi_call_wrapper(BS->LocateHandleBuffer, 5, ByProtocol, + &EFI_HTTP_BINDING_GUID, NULL, &NoHandles, + &buffer); + if (EFI_ERROR(efi_status)) return NULL; for (i = 0; i < NoHandles; i++) { @@ -327,35 +324,31 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node) EFI_IP6_CONFIG_PROTOCOL *ip6cfg; EFI_IP6_CONFIG_MANUAL_ADDRESS ip6; EFI_IPv6_ADDRESS gateway; - EFI_STATUS status; + EFI_STATUS efi_status; - status = uefi_call_wrapper(BS->HandleProtocol, 3, nic, - &EFI_IP6_CONFIG_GUID, (VOID **)&ip6cfg); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, nic, + &EFI_IP6_CONFIG_GUID, (VOID **)&ip6cfg); + if (EFI_ERROR(efi_status)) + return efi_status; ip6.Address = ip6node->LocalIpAddress; ip6.PrefixLength = ip6node->PrefixLength; ip6.IsAnycast = FALSE; - status = uefi_call_wrapper(ip6cfg->SetData, 4, - ip6cfg, - Ip6ConfigDataTypeManualAddress, - sizeof(ip6), - &ip6); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(ip6cfg->SetData, 4, ip6cfg, + Ip6ConfigDataTypeManualAddress, + sizeof(ip6), &ip6); + if (EFI_ERROR(efi_status)) + return efi_status; gateway = ip6node->GatewayIpAddress; if (is_unspecified_addr(gateway)) return EFI_SUCCESS; - status = uefi_call_wrapper(ip6cfg->SetData, 4, - ip6cfg, - Ip6ConfigDataTypeGateway, - sizeof(gateway), - &gateway); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(ip6cfg->SetData, 4, ip6cfg, + Ip6ConfigDataTypeGateway, + sizeof(gateway), &gateway); + if (EFI_ERROR(efi_status)) + return efi_status; return EFI_SUCCESS; } @@ -366,31 +359,29 @@ set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node) EFI_IP4_CONFIG2_PROTOCOL *ip4cfg2; EFI_IP4_CONFIG2_MANUAL_ADDRESS ip4; EFI_IPv4_ADDRESS gateway; - EFI_STATUS status; + EFI_STATUS efi_status; - status = uefi_call_wrapper(BS->HandleProtocol, 3, nic, - &EFI_IP4_CONFIG2_GUID, (VOID **)&ip4cfg2); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, nic, + &EFI_IP4_CONFIG2_GUID, + (VOID **)&ip4cfg2); + if (EFI_ERROR(efi_status)) + return efi_status; ip4.Address = ip4node->LocalIpAddress; ip4.SubnetMask = ip4node->SubnetMask; - status = uefi_call_wrapper(ip4cfg2->SetData, 4, - ip4cfg2, - Ip4Config2DataTypeManualAddress, - sizeof(ip4), - &ip4); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(ip4cfg2->SetData, 4, ip4cfg2, + Ip4Config2DataTypeManualAddress, + sizeof(ip4), &ip4); + if (EFI_ERROR(efi_status)) + return efi_status; gateway = ip4node->GatewayIpAddress; - status = uefi_call_wrapper(ip4cfg2->SetData, 4, - ip4cfg2, - Ip4Config2DataTypeGateway, - sizeof(gateway), - &gateway); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(ip4cfg2->SetData, 4, ip4cfg2, + Ip4Config2DataTypeGateway, + sizeof(gateway), + &gateway); + if (EFI_ERROR(efi_status)) + return efi_status; return EFI_SUCCESS; } @@ -437,7 +428,7 @@ send_http_request (EFI_HTTP_PROTOCOL *http, CHAR8 *hostname, CHAR8 *uri) EFI_HTTP_HEADER headers[3]; BOOLEAN request_done; CHAR16 *Url = NULL; - EFI_STATUS status; + EFI_STATUS efi_status; EFI_STATUS event_status; /* Convert the ascii string to the UCS2 string */ @@ -466,21 +457,19 @@ send_http_request (EFI_HTTP_PROTOCOL *http, CHAR8 *hostname, CHAR8 *uri) tx_token.Message = &tx_message; tx_token.Event = NULL; request_done = FALSE; - status = uefi_call_wrapper(BS->CreateEvent, 5, - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - httpnotify, - &request_done, - &tx_token.Event); - if (EFI_ERROR(status)) { - perror(L"Failed to Create Event for HTTP request: %r\n", status); + efi_status = uefi_call_wrapper(BS->CreateEvent, 5, EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, httpnotify, &request_done, + &tx_token.Event); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to Create Event for HTTP request: %r\n", + efi_status); goto no_event; } /* Send out the request */ - status = uefi_call_wrapper(http->Request, 2, http, &tx_token); - if (EFI_ERROR(status)) { - perror(L"HTTP request failed: %r\n", status); + efi_status = uefi_call_wrapper(http->Request, 2, http, &tx_token); + if (EFI_ERROR(efi_status)) { + perror(L"HTTP request failed: %r\n", efi_status); goto error; } @@ -490,7 +479,7 @@ send_http_request (EFI_HTTP_PROTOCOL *http, CHAR8 *hostname, CHAR8 *uri) if (EFI_ERROR(tx_token.Status)) { perror(L"HTTP request: %r\n", tx_token.Status); - status = tx_token.Status; + efi_status = tx_token.Status; } error: @@ -504,7 +493,7 @@ no_event: if (Url) FreePool(Url); - return status; + return efi_status; } static EFI_STATUS @@ -517,7 +506,7 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) BOOLEAN response_done; UINTN i, downloaded; CHAR8 rx_buffer[9216]; - EFI_STATUS status; + EFI_STATUS efi_status; EFI_STATUS event_status; /* Initialize the rx message and buffer */ @@ -532,21 +521,19 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) rx_token.Message = &rx_message; rx_token.Event = NULL; response_done = FALSE; - status = uefi_call_wrapper(BS->CreateEvent, 5, - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - httpnotify, - &response_done, - &rx_token.Event); - if (EFI_ERROR(status)) { - perror(L"Failed to Create Event for HTTP response: %r\n", status); + efi_status = uefi_call_wrapper(BS->CreateEvent, 5, EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, httpnotify, &response_done, + &rx_token.Event); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to Create Event for HTTP response: %r\n", + efi_status); goto no_event; } /* Notify the firmware to receive the HTTP messages */ - status = uefi_call_wrapper(http->Response, 2, http, &rx_token); - if (EFI_ERROR(status)) { - perror(L"HTTP response failed: %r\n", status); + efi_status = uefi_call_wrapper(http->Response, 2, http, &rx_token); + if (EFI_ERROR(efi_status)) { + perror(L"HTTP response failed: %r\n", efi_status); goto error; } @@ -556,7 +543,7 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) if (EFI_ERROR(rx_token.Status)) { perror(L"HTTP response: %r\n", rx_token.Status); - status = rx_token.Status; + efi_status = rx_token.Status; goto error; } @@ -565,7 +552,7 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) if (http_status != HTTP_STATUS_200_OK) { perror(L"HTTP Status Code: %d\n", convert_http_status_code(http_status)); - status = EFI_ABORTED; + efi_status = EFI_ABORTED; goto error; } @@ -605,9 +592,10 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) rx_token.Status = EFI_NOT_READY; response_done = FALSE; - status = uefi_call_wrapper(http->Response, 2, http, &rx_token); - if (EFI_ERROR(status)) { - perror(L"HTTP response failed: %r\n", status); + efi_status = uefi_call_wrapper(http->Response, 2, http, + &rx_token); + if (EFI_ERROR(efi_status)) { + perror(L"HTTP response failed: %r\n", efi_status); goto error; } @@ -616,12 +604,12 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) if (EFI_ERROR(rx_token.Status)) { perror(L"HTTP response: %r\n", rx_token.Status); - status = rx_token.Status; + efi_status = rx_token.Status; goto error; } if (rx_message.BodyLength + downloaded > *buf_size) { - status = EFI_BAD_BUFFER_SIZE; + efi_status = EFI_BAD_BUFFER_SIZE; goto error; } @@ -638,10 +626,10 @@ error: } no_event: - if (EFI_ERROR(status) && *buffer) + if (EFI_ERROR(efi_status) && *buffer) FreePool(*buffer); - return status; + return efi_status; } static EFI_STATUS @@ -652,50 +640,51 @@ http_fetch (EFI_HANDLE image, EFI_HANDLE device, EFI_SERVICE_BINDING *service; EFI_HANDLE http_handle; EFI_HTTP_PROTOCOL *http; - EFI_STATUS status; + EFI_STATUS efi_status; EFI_STATUS child_status; *buffer = NULL; *buf_size = 0; /* Open HTTP Service Binding Protocol */ - status = uefi_call_wrapper(BS->OpenProtocol, 6, device, - &EFI_HTTP_BINDING_GUID, (VOID **)&service, - image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(BS->OpenProtocol, 6, device, + &EFI_HTTP_BINDING_GUID, (VOID **)&service, + image, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (EFI_ERROR(efi_status)) + return efi_status; /* Create the ChildHandle from the Service Binding */ /* Set the handle to NULL to request a new handle */ http_handle = NULL; - status = uefi_call_wrapper(service->CreateChild, 2, service, - &http_handle); - if (EFI_ERROR (status)) - return status; + efi_status = uefi_call_wrapper(service->CreateChild, 2, service, + &http_handle); + if (EFI_ERROR(efi_status)) + return efi_status; /* Get the http protocol */ - status = uefi_call_wrapper(BS->HandleProtocol, 3, http_handle, - &EFI_HTTP_PROTOCOL_GUID, (VOID **)&http); - if (EFI_ERROR (status)) { + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, http_handle, + &EFI_HTTP_PROTOCOL_GUID, (VOID **)&http); + if (EFI_ERROR(efi_status)) { perror(L"Failed to get http\n"); goto error; } - status = configure_http(http, is_ip6); - if (EFI_ERROR (status)) { - perror(L"Failed to configure http: %r\n", status); + efi_status = configure_http(http, is_ip6); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to configure http: %r\n", efi_status); goto error; } - status = send_http_request(http, hostname, uri); - if (EFI_ERROR(status)) { - perror(L"Failed to send HTTP request: %r\n", status); + efi_status = send_http_request(http, hostname, uri); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to send HTTP request: %r\n", efi_status); goto error; } - status = receive_http_response(http, buffer, buf_size); - if (EFI_ERROR(status)) { - perror(L"Failed to receive HTTP response: %r\n", status); + efi_status = receive_http_response(http, buffer, buf_size); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to receive HTTP response: %r\n", efi_status); goto error; } @@ -703,8 +692,8 @@ error: child_status = uefi_call_wrapper(service->DestroyChild, 2, service, http_handle); - if (EFI_ERROR(status)) { - return status; + if (EFI_ERROR(efi_status)) { + return efi_status; } else if (EFI_ERROR(child_status)) { return child_status; } @@ -715,7 +704,7 @@ error: EFI_STATUS httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size) { - EFI_STATUS status; + EFI_STATUS efi_status; EFI_HANDLE nic; CHAR8 *next_loader = NULL; CHAR8 *next_uri = NULL; @@ -727,16 +716,16 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size) next_loader = translate_slashes(DEFAULT_LOADER_CHAR); /* Create the URI for the next loader based on the original URI */ - status = generate_next_uri(uri, next_loader, &next_uri); - if (EFI_ERROR (status)) { - perror(L"Next URI: %a, %r\n", next_uri, status); + efi_status = generate_next_uri(uri, next_loader, &next_uri); + if (EFI_ERROR(efi_status)) { + perror(L"Next URI: %a, %r\n", next_uri, efi_status); goto error; } /* Extract the hostname (or IP) from URI */ - status = extract_hostname(uri, &hostname); - if (EFI_ERROR (status)) { - perror(L"hostname: %a, %r\n", hostname, status); + efi_status = extract_hostname(uri, &hostname); + if (EFI_ERROR(efi_status)) { + perror(L"hostname: %a, %r\n", hostname, efi_status); goto error; } @@ -751,19 +740,19 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size) information in the device path node. We have to set up the connection on our own for the further operations. */ if (!is_ip6) - status = set_ip4(nic, &ip4_node); + efi_status = set_ip4(nic, &ip4_node); else - status = set_ip6(nic, &ip6_node); - if (EFI_ERROR (status)) { - perror(L"Failed to set IP for HTTPBoot: %r\n", status); + efi_status = set_ip6(nic, &ip6_node); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to set IP for HTTPBoot: %r\n", efi_status); goto error; } /* Use HTTP protocl to fetch the remote file */ - status = http_fetch (image, nic, hostname, next_uri, is_ip6, - buffer, buf_size); - if (EFI_ERROR (status)) { - perror(L"Failed to fetch image: %r\n", status); + efi_status = http_fetch (image, nic, hostname, next_uri, is_ip6, + buffer, buf_size); + if (EFI_ERROR(efi_status)) { + perror(L"Failed to fetch image: %r\n", efi_status); goto error; } @@ -775,5 +764,5 @@ error: if (hostname) FreePool(hostname); - return status; + return efi_status; } @@ -58,11 +58,11 @@ typedef struct { */ BOOLEAN findNetboot(EFI_HANDLE device) { - EFI_STATUS status; + EFI_STATUS efi_status; - status = uefi_call_wrapper(BS->HandleProtocol, 3, device, - &PxeBaseCodeProtocol, (VOID **)&pxe); - if (status != EFI_SUCCESS) { + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, device, + &PxeBaseCodeProtocol, (VOID **)&pxe); + if (EFI_ERROR(efi_status)) { pxe = NULL; return FALSE; } @@ -298,7 +298,7 @@ static EFI_STATUS parseDhcp4() EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle) { - EFI_STATUS rc; + EFI_STATUS efi_status; if (!pxe) return EFI_NOT_READY; @@ -310,15 +310,15 @@ EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle) * if its ipv4 or ipv6 */ if (pxe->Mode->UsingIpv6){ - rc = parseDhcp6(); + efi_status = parseDhcp6(); } else - rc = parseDhcp4(); - return rc; + efi_status = parseDhcp4(); + return efi_status; } EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz) { - EFI_STATUS rc; + EFI_STATUS efi_status; EFI_PXE_BASE_CODE_TFTP_OPCODE read = EFI_PXE_BASE_CODE_TFTP_READ_FILE; BOOLEAN overwrite = FALSE; BOOLEAN nobuffer = FALSE; @@ -328,15 +328,15 @@ EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *buf if (*buffer == NULL) { *buffer = AllocatePool(4096 * 1024); if (!*buffer) - return EFI_OUT_OF_RESOURCES; + return EFI_OUT_OF_RESOURCES; *bufsiz = 4096 * 1024; } try_again: - rc = uefi_call_wrapper(pxe->Mtftp, 10, pxe, read, *buffer, overwrite, - bufsiz, &blksz, &tftp_addr, full_path, NULL, nobuffer); - - if (rc == EFI_BUFFER_TOO_SMALL) { + efi_status = uefi_call_wrapper(pxe->Mtftp, 10, pxe, read, *buffer, + overwrite, bufsiz, &blksz, &tftp_addr, + full_path, NULL, nobuffer); + if (efi_status == EFI_BUFFER_TOO_SMALL) { /* try again, doubling buf size */ *bufsiz *= 2; FreePool(*buffer); @@ -346,8 +346,8 @@ try_again: goto try_again; } - if (rc != EFI_SUCCESS && *buffer) { + if (EFI_ERROR(efi_status) && *buffer) { FreePool(*buffer); } - return rc; + return efi_status; } diff --git a/replacements.c b/replacements.c index 93e1d6bb..946b059a 100644 --- a/replacements.c +++ b/replacements.c @@ -78,38 +78,40 @@ load_image(BOOLEAN BootPolicy, EFI_HANDLE ParentImageHandle, EFI_DEVICE_PATH *DevicePath, VOID *SourceBuffer, UINTN SourceSize, EFI_HANDLE *ImageHandle) { - EFI_STATUS status; + EFI_STATUS efi_status; unhook_system_services(); - status = systab->BootServices->LoadImage(BootPolicy, - ParentImageHandle, DevicePath, - SourceBuffer, SourceSize, ImageHandle); + efi_status = systab->BootServices->LoadImage(BootPolicy, + ParentImageHandle, + DevicePath, SourceBuffer, + SourceSize, ImageHandle); hook_system_services(systab); - if (EFI_ERROR(status)) + if (EFI_ERROR(efi_status)) last_loaded_image = NULL; else last_loaded_image = *ImageHandle; - return status; + return efi_status; } static EFI_STATUS EFIAPI start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) { - EFI_STATUS status; + EFI_STATUS efi_status; unhook_system_services(); if (image_handle == last_loaded_image) { loader_is_participating = 1; uninstall_shim_protocols(); } - status = systab->BootServices->StartImage(image_handle, exit_data_size, exit_data); - if (EFI_ERROR(status)) { + efi_status = systab->BootServices->StartImage(image_handle, exit_data_size, + exit_data); + if (EFI_ERROR(efi_status)) { if (image_handle == last_loaded_image) { - EFI_STATUS status2 = install_shim_protocols(); + EFI_STATUS efi_status2 = install_shim_protocols(); - if (EFI_ERROR(status2)) { - Print(L"Something has gone seriously wrong: %d\n", - status2); + if (EFI_ERROR(efi_status2)) { + Print(L"Something has gone seriously wrong: %r\n", + efi_status2); Print(L"shim cannot continue, sorry.\n"); msleep(5000000); systab->RuntimeServices->ResetSystem( @@ -120,19 +122,21 @@ start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 **exit_data) hook_system_services(systab); loader_is_participating = 0; } - return status; + return efi_status; } static EFI_STATUS EFIAPI exit_boot_services(EFI_HANDLE image_key, UINTN map_key) { - if (loader_is_participating || verification_method == VERIFIED_BY_HASH) { + if (loader_is_participating || + verification_method == VERIFIED_BY_HASH) { unhook_system_services(); - EFI_STATUS status; - status = systab->BootServices->ExitBootServices(image_key, map_key); - if (status != EFI_SUCCESS) + EFI_STATUS efi_status; + efi_status = systab->BootServices->ExitBootServices(image_key, + map_key); + if (EFI_ERROR(efi_status)) hook_system_services(systab); - return status; + return efi_status; } Print(L"Bootloader has not verified loaded image.\n"); @@ -146,18 +150,18 @@ static EFI_STATUS EFIAPI do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, UINTN ExitDataSize, CHAR16 *ExitData) { - EFI_STATUS status; + EFI_STATUS efi_status; shim_fini(); - status = systab->BootServices->Exit(ImageHandle, ExitStatus, - ExitDataSize, ExitData); - if (EFI_ERROR(status)) { - EFI_STATUS status2 = shim_init(); + efi_status = systab->BootServices->Exit(ImageHandle, ExitStatus, + ExitDataSize, ExitData); + if (EFI_ERROR(efi_status)) { + EFI_STATUS efi_status2 = shim_init(); - if (EFI_ERROR(status2)) { + if (EFI_ERROR(efi_status2)) { Print(L"Something has gone seriously wrong: %r\n", - status2); + efi_status2); Print(L"shim cannot continue, sorry.\n"); msleep(5000000); systab->RuntimeServices->ResetSystem( @@ -165,7 +169,7 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, EFI_SECURITY_VIOLATION, 0, NULL); } } - return status; + return efi_status; } void @@ -460,7 +460,7 @@ static CHECK_STATUS check_db_cert(CHAR16 *dbname, EFI_GUID guid, UINT8 *db; efi_status = get_variable(dbname, &db, &dbsize, guid); - if (efi_status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) return VAR_NOT_FOUND; CertList = (EFI_SIGNATURE_LIST *)db; @@ -527,8 +527,7 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, EFI_GUID guid, UINT8 *data, UINT8 *db; efi_status = get_variable(dbname, &db, &dbsize, guid); - - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { return VAR_NOT_FOUND; } @@ -698,14 +697,14 @@ static BOOLEAN secure_mode (void) #define check_size_line(data, datasize_in, hashbase, hashsize, l) ({ \ if ((unsigned long)hashbase > \ (unsigned long)data + datasize_in) { \ - status = EFI_INVALID_PARAMETER; \ + efi_status = EFI_INVALID_PARAMETER; \ perror(L"shim.c:%d Invalid hash base 0x%016x\n", l, \ hashbase); \ goto done; \ } \ if ((unsigned long)hashbase + hashsize > \ (unsigned long)data + datasize_in) { \ - status = EFI_INVALID_PARAMETER; \ + efi_status = EFI_INVALID_PARAMETER; \ perror(L"shim.c:%d Invalid hash size 0x%016x\n", l, \ hashsize); \ goto done; \ @@ -732,7 +731,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, unsigned int datasize; EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; - EFI_STATUS status = EFI_SUCCESS; + EFI_STATUS efi_status = EFI_SUCCESS; EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data; unsigned int PEHdr_offset = 0; @@ -758,7 +757,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) { perror(L"Unable to initialise hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -771,7 +770,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -784,7 +783,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -794,7 +793,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data); if (hashsize > datasize_in) { perror(L"Data Directory size %d is invalid\n", hashsize); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } check_size(data, datasize_in, hashbase, hashsize); @@ -802,7 +801,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -822,14 +821,14 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, (index * sizeof(*SectionPtr))); if (!SectionPtr) { perror(L"Malformed section %d\n", index); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } /* Validate section size is within image. */ if (SectionPtr->SizeOfRawData > datasize - SumOfBytesHashed - SumOfSectionBytes) { perror(L"Malformed section %d size\n", index); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } SumOfSectionBytes += SectionPtr->SizeOfRawData; @@ -838,7 +837,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections); if (SectionHeader == NULL) { perror(L"Unable to allocate section header\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -870,7 +869,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!hashbase) { perror(L"Malformed section header\n"); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } @@ -878,7 +877,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (Section->SizeOfRawData > datasize - Section->PointerToRawData) { perror(L"Malformed section raw size %d\n", index); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } hashsize = (unsigned int) Section->SizeOfRawData; @@ -887,7 +886,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } SumOfBytesHashed += Section->SizeOfRawData; @@ -905,7 +904,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, datasize, SumOfBytesHashed, context->SecDir->Size); Print(L"hashsize: %u SecDir->VirtualAddress: 0x%08lx\n", hashsize, context->SecDir->VirtualAddress); - status = EFI_INVALID_PARAMETER; + efi_status = EFI_INVALID_PARAMETER; goto done; } check_size(data, datasize_in, hashbase, hashsize); @@ -913,7 +912,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -931,7 +930,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Update(sha256ctx, hashbase, hashsize)) || !(Sha1Update(sha1ctx, hashbase, hashsize))) { perror(L"Unable to generate hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -942,7 +941,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, if (!(Sha256Final(sha256ctx, sha256hash)) || !(Sha1Final(sha1ctx, sha1hash))) { perror(L"Unable to finalise hash\n"); - status = EFI_OUT_OF_RESOURCES; + efi_status = EFI_OUT_OF_RESOURCES; goto done; } @@ -954,24 +953,26 @@ done: if (sha256ctx) FreePool(sha256ctx); - return status; + return efi_status; } /* * Ensure that the MOK database hasn't been set or modified from an OS */ static EFI_STATUS verify_mok (void) { - EFI_STATUS status = EFI_SUCCESS; + EFI_STATUS efi_status; UINT8 *MokListData = NULL; UINTN MokListDataSize = 0; UINT32 attributes; - status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, - SHIM_LOCK_GUID, &attributes); - - if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { + efi_status = get_variable_attr(L"MokList", &MokListData, + &MokListDataSize, SHIM_LOCK_GUID, + &attributes); + if (!EFI_ERROR(efi_status) && + attributes & EFI_VARIABLE_RUNTIME_ACCESS) { perror(L"MokList is compromised!\nErase all keys in MokList!\n"); - if (LibDeleteVariable(L"MokList", &SHIM_LOCK_GUID) != EFI_SUCCESS) { + efi_status = LibDeleteVariable(L"MokList", &SHIM_LOCK_GUID); + if (EFI_ERROR(efi_status)) { perror(L"Failed to erase MokList\n"); return EFI_SECURITY_VIOLATION; } @@ -990,7 +991,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT8 *sha256hash, UINT8 *sha1hash) { - EFI_STATUS status = EFI_SECURITY_VIOLATION; + EFI_STATUS efi_status = EFI_SECURITY_VIOLATION; WIN_CERTIFICATE_EFI_PKCS *cert = NULL; unsigned int size = datasize; @@ -1031,41 +1032,41 @@ static EFI_STATUS verify_buffer (char *data, int datasize, */ drain_openssl_errors(); - status = generate_hash(data, datasize, context, sha256hash, sha1hash); - if (status != EFI_SUCCESS) { - LogError(L"generate_hash: %r\n", status); - return status; + efi_status = generate_hash(data, datasize, context, sha256hash, sha1hash); + if (EFI_ERROR(efi_status)) { + LogError(L"generate_hash: %r\n", efi_status); + return efi_status; } /* * Check that the MOK database hasn't been modified */ - status = verify_mok(); - if (status != EFI_SUCCESS) { - LogError(L"verify_mok: %r\n", status); - return status; + efi_status = verify_mok(); + if (EFI_ERROR(efi_status)) { + LogError(L"verify_mok: %r\n", efi_status); + return efi_status; } /* * Ensure that the binary isn't blacklisted */ - status = check_blacklist(cert, sha256hash, sha1hash); - if (status != EFI_SUCCESS) { + efi_status = check_blacklist(cert, sha256hash, sha1hash); + if (EFI_ERROR(efi_status)) { perror(L"Binary is blacklisted\n"); - LogError(L"Binary is blacklisted: %r\n", status); - return status; + LogError(L"Binary is blacklisted: %r\n", efi_status); + return efi_status; } /* * Check whether the binary is whitelisted in any of the firmware * databases */ - status = check_whitelist(cert, sha256hash, sha1hash); - if (status == EFI_SUCCESS) { - drain_openssl_errors(); - return status; + efi_status = check_whitelist(cert, sha256hash, sha1hash); + if (EFI_ERROR(efi_status)) { + LogError(L"check_whitelist(): %r\n", efi_status); } else { - LogError(L"check_whitelist(): %r\n", status); + drain_openssl_errors(); + return efi_status; } if (cert) { @@ -1081,9 +1082,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, update_verification_method(VERIFIED_BY_CERT); tpm_measure_variable(L"Shim", SHIM_LOCK_GUID, sizeof(shim_cert), shim_cert); - status = EFI_SUCCESS; + efi_status = EFI_SUCCESS; drain_openssl_errors(); - return status; + return efi_status; } else { LogError(L"AuthenticodeVerify(shim_cert) failed\n"); } @@ -1100,9 +1101,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, update_verification_method(VERIFIED_BY_CERT); tpm_measure_variable(L"Shim", SHIM_LOCK_GUID, vendor_cert_size, vendor_cert); - status = EFI_SUCCESS; + efi_status = EFI_SUCCESS; drain_openssl_errors(); - return status; + return efi_status; } else { LogError(L"AuthenticodeVerify(vendor_cert) failed\n"); } @@ -1111,8 +1112,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, LogError(L"Binary is not whitelisted\n"); crypterr(EFI_SECURITY_VIOLATION); PrintErrors(); - status = EFI_SECURITY_VIOLATION; - return status; + efi_status = EFI_SECURITY_VIOLATION; + return efi_status; } /* @@ -1268,7 +1269,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, * The binary header contains relevant context and section pointers */ efi_status = read_header(data, datasize, &context); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to read header: %r\n", efi_status); return efi_status; } @@ -1278,7 +1279,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, */ efi_status = generate_hash(data, datasize, &context, sha256hash, sha1hash); - if (efi_status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) return efi_status; /* Measure the binary into the TPM */ @@ -1329,7 +1330,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, alloc_size / PAGE_SIZE, &alloc_address); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to allocate image buffer\n"); return EFI_OUT_OF_RESOURCES; } @@ -1456,7 +1457,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, efi_status = relocate_coff(&context, RelocSection, data, buffer); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Relocation failed: %r\n", efi_status); FreePool(buffer); return efi_status; @@ -1495,13 +1496,14 @@ should_use_fallback(EFI_HANDLE image_handle) EFI_FILE_IO_INTERFACE *fio = NULL; EFI_FILE *vh = NULL; EFI_FILE *fh = NULL; - EFI_STATUS rc; + EFI_STATUS efi_status; int ret = 0; - rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &EFI_LOADED_IMAGE_GUID, (void **)&li); - if (EFI_ERROR(rc)) { - perror(L"Could not get image for bootx64.efi: %r\n", rc); + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &EFI_LOADED_IMAGE_GUID, (void **)&li); + if (EFI_ERROR(efi_status)) { + perror(L"Could not get image for bootx64.efi: %r\n", + efi_status); return 0; } @@ -1522,27 +1524,29 @@ should_use_fallback(EFI_HANDLE image_handle) if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) goto error; - rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, - &FileSystemProtocol, (void **)&fio); - if (EFI_ERROR(rc)) { - perror(L"Could not get fio for li->DeviceHandle: %r\n", rc); + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle, + &FileSystemProtocol, (void **)&fio); + if (EFI_ERROR(efi_status)) { + perror(L"Could not get fio for li->DeviceHandle: %r\n", + efi_status); goto error; } - rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); - if (EFI_ERROR(rc)) { - perror(L"Could not open fio volume: %r\n", rc); + efi_status = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh); + if (EFI_ERROR(efi_status)) { + perror(L"Could not open fio volume: %r\n", efi_status); goto error; } - rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK, - EFI_FILE_MODE_READ, 0); - if (EFI_ERROR(rc)) { + efi_status = uefi_call_wrapper(vh->Open, 5, vh, &fh, + L"\\EFI\\BOOT" FALLBACK, + EFI_FILE_MODE_READ, 0); + if (EFI_ERROR(efi_status)) { /* Do not print the error here - this is an acceptable case * for removable media, where we genuinely don't want * fallback.efi to exist. - * Print(L"Could not open \"\\EFI\\BOOT%s\": %d\n", FALLBACK, - * rc); + * Print(L"Could not open \"\\EFI\\BOOT%s\": %r\n", FALLBACK, + * efi_status); */ goto error; } @@ -1671,14 +1675,13 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, device, &EFI_SIMPLE_FILE_SYSTEM_GUID, (void **)&drive); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to find fs: %r\n", efi_status); goto error; } efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); - - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to open fs: %r\n", efi_status); goto error; } @@ -1688,8 +1691,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, */ efi_status = uefi_call_wrapper(root->Open, 5, root, &grub, PathName, EFI_FILE_MODE_READ, 0); - - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to open %s - %r\n", PathName, efi_status); goto error; } @@ -1708,7 +1710,6 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, */ efi_status = uefi_call_wrapper(grub->GetInfo, 4, grub, &EFI_FILE_INFO_GUID, &buffersize, fileinfo); - if (efi_status == EFI_BUFFER_TOO_SMALL) { FreePool(fileinfo); fileinfo = AllocatePool(buffersize); @@ -1722,15 +1723,13 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, fileinfo); } - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Unable to get file info: %r\n", efi_status); goto error; } buffersize = fileinfo->FileSize; - *data = AllocatePool(buffersize); - if (!*data) { perror(L"Unable to allocate file buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; @@ -1742,16 +1741,15 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data, */ efi_status = uefi_call_wrapper(grub->Read, 3, grub, &buffersize, *data); - if (efi_status == EFI_BUFFER_TOO_SMALL) { FreePool(*data); *data = AllocatePool(buffersize); efi_status = uefi_call_wrapper(grub->Read, 3, grub, &buffersize, *data); } - - if (efi_status != EFI_SUCCESS) { - perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize); + if (EFI_ERROR(efi_status)) { + perror(L"Unexpected return from initial read: %r, buffersize %x\n", + efi_status, buffersize); goto error; } @@ -1777,7 +1775,7 @@ error: */ EFI_STATUS shim_verify (void *buffer, UINT32 size) { - EFI_STATUS status = EFI_SUCCESS; + EFI_STATUS efi_status = EFI_SUCCESS; PE_COFF_LOADER_IMAGE_CONTEXT context; UINT8 sha1hash[SHA1_DIGEST_SIZE]; UINT8 sha256hash[SHA256_DIGEST_SIZE]; @@ -1788,18 +1786,19 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) loader_is_participating = 1; in_protocol = 1; - status = read_header(buffer, size, &context); - if (status != EFI_SUCCESS) + efi_status = read_header(buffer, size, &context); + if (EFI_ERROR(efi_status)) goto done; - status = generate_hash(buffer, size, &context, sha256hash, sha1hash); - if (status != EFI_SUCCESS) + efi_status = generate_hash(buffer, size, &context, + sha256hash, sha1hash); + if (EFI_ERROR(efi_status)) goto done; /* Measure the binary into the TPM */ - status = tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4); + efi_status = tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4); #ifdef REQUIRE_TPM - if (status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) goto done; #endif @@ -1808,39 +1807,40 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) goto done; } - status = verify_buffer(buffer, size, &context, sha256hash, sha1hash); - + efi_status = verify_buffer(buffer, size, &context, + sha256hash, sha1hash); done: in_protocol = 0; - return status; + return efi_status; } static EFI_STATUS shim_hash (char *data, int datasize, PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT8 *sha256hash, UINT8 *sha1hash) { - EFI_STATUS status; + EFI_STATUS efi_status; if (datasize < 0) return EFI_INVALID_PARAMETER; in_protocol = 1; - status = generate_hash(data, datasize, context, sha256hash, sha1hash); + efi_status = generate_hash(data, datasize, context, + sha256hash, sha1hash); in_protocol = 0; - return status; + return efi_status; } static EFI_STATUS shim_read_header(void *data, unsigned int datasize, PE_COFF_LOADER_IMAGE_CONTEXT *context) { - EFI_STATUS status; + EFI_STATUS efi_status; in_protocol = 1; - status = read_header(data, datasize, context); + efi_status = read_header(data, datasize, context); in_protocol = 0; - return status; + return efi_status; } /* @@ -1862,7 +1862,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) */ efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &EFI_LOADED_IMAGE_GUID, (void **)&li); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Unable to init protocol\n"); return efi_status; } @@ -1879,13 +1879,13 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) if (findNetboot(li->DeviceHandle)) { efi_status = parseNetbootinfo(image_handle); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Netboot parsing failed: %r\n", efi_status); return EFI_PROTOCOL_ERROR; } efi_status = FetchNetbootimage(image_handle, &sourcebuffer, &sourcesize); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Unable to fetch TFTP image: %r\n", efi_status); return efi_status; @@ -1897,7 +1897,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) efi_status = httpboot_fetch_buffer (image_handle, &sourcebuffer, &sourcesize); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Unable to fetch HTTP image: %r\n", efi_status); return efi_status; @@ -1910,7 +1910,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) * Read the new executable off disk */ efi_status = load_image(li, &data, &datasize, PathName); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to load image %s: %r\n", PathName, efi_status); PrintErrors(); @@ -1934,7 +1934,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) * Verify and, if appropriate, relocate and execute the executable */ efi_status = handle_image(data, datasize, li); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to load image: %r\n", efi_status); PrintErrors(); ClearErrors(); @@ -1976,7 +1976,7 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) if (efi_status == EFI_SECURITY_VIOLATION || efi_status == EFI_ACCESS_DENIED) { efi_status = start_image(image_handle, MOK_MANAGER); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { Print(L"start_image() returned %r\n", efi_status); msleep(2000000); return efi_status; @@ -1986,7 +1986,7 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) use_fb ? FALLBACK : second_stage); } - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { Print(L"start_image() returned %r\n", efi_status); msleep(2000000); } @@ -2015,7 +2015,6 @@ EFI_STATUS measure_mok() if (EFI_ERROR(efi_status)) ret = efi_status; - } else { ret = efi_status; } @@ -2072,7 +2071,7 @@ EFI_STATUS mirror_mok_list() uint8_t *p = NULL; efi_status = get_variable(L"MokList", &Data, &DataSize, SHIM_LOCK_GUID); - if (efi_status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) DataSize = 0; if (vendor_cert_size) { @@ -2088,7 +2087,7 @@ EFI_STATUS mirror_mok_list() } p = FullData; - if (efi_status == EFI_SUCCESS && DataSize > 0) { + if (!EFI_ERROR(efi_status) && DataSize > 0) { CopyMem(p, Data, DataSize); p += DataSize; } @@ -2118,7 +2117,7 @@ EFI_STATUS mirror_mok_list() EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, FullDataSize, FullData); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to set MokListRT: %r\n", efi_status); } } @@ -2138,7 +2137,7 @@ EFI_STATUS mirror_mok_list_x() efi_status = get_variable(L"MokListX", &Data, &DataSize, SHIM_LOCK_GUID); - if (efi_status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) return efi_status; efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListXRT", @@ -2146,7 +2145,7 @@ EFI_STATUS mirror_mok_list_x() EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, DataSize, Data); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { console_error(L"Failed to set MokListRT", efi_status); } @@ -2163,22 +2162,17 @@ EFI_STATUS mirror_mok_sb_state() UINT8 *Data = NULL; UINTN DataSize = 0; - efi_status = get_variable(L"MokSBState", &Data, &DataSize, SHIM_LOCK_GUID); - if (efi_status == EFI_SUCCESS) { + efi_status = get_variable(L"MokSBState", &Data, &DataSize, + SHIM_LOCK_GUID); + if (!EFI_ERROR(efi_status)) { UINT8 *Data_RT = NULL; UINTN DataSize_RT = 0; - efi_status = get_variable(L"MokSBStateRT", &Data_RT, - &DataSize_RT, SHIM_LOCK_GUID); - if (efi_status == EFI_SUCCESS) { - efi_status = uefi_call_wrapper(RT->SetVariable, 5, - L"MokSBStateRT", - &SHIM_LOCK_GUID, - EFI_VARIABLE_BOOTSERVICE_ACCESS - | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_NON_VOLATILE, - 0, NULL); - } + efi_status = get_variable(L"MokSBStateRT", + &Data_RT, &DataSize_RT, + SHIM_LOCK_GUID); + if (!EFI_ERROR(efi_status) || efi_status != EFI_NOT_FOUND) + LibDeleteVariable(L"MokSBStateRT", &SHIM_LOCK_GUID); efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokSBStateRT", @@ -2186,7 +2180,7 @@ EFI_STATUS mirror_mok_sb_state() EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, DataSize, Data); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { console_error(L"Failed to set MokSBStateRT", efi_status); } } @@ -2207,7 +2201,7 @@ static BOOLEAN check_var(CHAR16 *varname) &SHIM_LOCK_GUID, &attributes, &size, (void *)&MokVar); - if (efi_status == EFI_SUCCESS || efi_status == EFI_BUFFER_TOO_SMALL) + if (!EFI_ERROR(efi_status) || efi_status == EFI_BUFFER_TOO_SMALL) return TRUE; return FALSE; @@ -2228,7 +2222,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) check_var(L"MokXAuth")) { efi_status = start_image(image_handle, MOK_MANAGER); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to start MokManager: %r\n", efi_status); return efi_status; } @@ -2242,7 +2236,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) */ static EFI_STATUS check_mok_sb (void) { - EFI_STATUS status = EFI_SUCCESS; + EFI_STATUS efi_status; UINT8 MokSBState; UINTN MokSBStateSize = sizeof(MokSBState); UINT32 attributes; @@ -2250,10 +2244,10 @@ static EFI_STATUS check_mok_sb (void) user_insecure_mode = 0; ignore_db = 0; - status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", - &SHIM_LOCK_GUID, &attributes, - &MokSBStateSize, &MokSBState); - if (status != EFI_SUCCESS) + efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokSBState", + &SHIM_LOCK_GUID, &attributes, + &MokSBStateSize, &MokSBState); + if (EFI_ERROR(efi_status)) return EFI_SECURITY_VIOLATION; /* @@ -2262,17 +2256,18 @@ static EFI_STATUS check_mok_sb (void) */ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { perror(L"MokSBState is compromised! Clearing it\n"); - if (LibDeleteVariable(L"MokSBState", &SHIM_LOCK_GUID) != EFI_SUCCESS) { + efi_status = LibDeleteVariable(L"MokSBState", &SHIM_LOCK_GUID); + if (EFI_ERROR(efi_status)) { perror(L"Failed to erase MokSBState\n"); } - status = EFI_SECURITY_VIOLATION; + efi_status = EFI_SECURITY_VIOLATION; } else { if (MokSBState == 1) { user_insecure_mode = 1; } } - return status; + return efi_status; } /* @@ -2281,15 +2276,15 @@ static EFI_STATUS check_mok_sb (void) static EFI_STATUS check_mok_db (void) { - EFI_STATUS status = EFI_SUCCESS; + EFI_STATUS efi_status; UINT8 MokDBState; UINTN MokDBStateSize = sizeof(MokDBState); UINT32 attributes; - status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", - &SHIM_LOCK_GUID, &attributes, - &MokDBStateSize, &MokDBState); - if (status != EFI_SUCCESS) + efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDBState", + &SHIM_LOCK_GUID, &attributes, + &MokDBStateSize, &MokDBState); + if (EFI_ERROR(efi_status)) return EFI_SECURITY_VIOLATION; ignore_db = 0; @@ -2300,17 +2295,18 @@ static EFI_STATUS check_mok_db (void) */ if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { perror(L"MokDBState is compromised! Clearing it\n"); - if (LibDeleteVariable(L"MokDBState", &SHIM_LOCK_GUID) != EFI_SUCCESS) { + efi_status = LibDeleteVariable(L"MokDBState", &SHIM_LOCK_GUID); + if (EFI_ERROR(efi_status)) { perror(L"Failed to erase MokDBState\n"); } - status = EFI_SECURITY_VIOLATION; + efi_status = EFI_SECURITY_VIOLATION; } else { if (MokDBState == 1) { ignore_db = 1; } } - return status; + return efi_status; } static EFI_STATUS mok_ignore_db() @@ -2327,7 +2323,7 @@ static EFI_STATUS mok_ignore_db() EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, DataSize, (void *)&Data); - if (efi_status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { perror(L"Failed to set MokIgnoreDB: %r\n", efi_status); } } @@ -2469,7 +2465,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len) */ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) { - EFI_STATUS status; + EFI_STATUS efi_status; EFI_LOADED_IMAGE *li = NULL; CHAR16 *start = NULL; int remaining_size = 0; @@ -2481,11 +2477,11 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) load_options = NULL; load_options_size = 0; - status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, - &LoadedImageProtocol, (void **) &li); - if (status != EFI_SUCCESS) { - perror (L"Failed to get load options: %r\n", status); - return status; + efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, + &LoadedImageProtocol, (void **) &li); + if (EFI_ERROR(efi_status)) { + perror (L"Failed to get load options: %r\n", efi_status); + return efi_status; } /* So, load options are a giant pain in the ass. If we're invoked @@ -2583,11 +2579,11 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) * We at least didn't find /enough/ strings. See if it works * as an EFI_LOAD_OPTION. */ - status = get_load_option_optional_data(li->LoadOptions, - li->LoadOptionsSize, - (UINT8 **)&start, - &loader_len); - if (status != EFI_SUCCESS) + efi_status = get_load_option_optional_data(li->LoadOptions, + li->LoadOptionsSize, + (UINT8 **)&start, + &loader_len); + if (EFI_ERROR(efi_status)) return EFI_SUCCESS; remaining_size = 0; @@ -2812,7 +2808,6 @@ shim_init(void) } hook_exit(systab); - } return install_shim_protocols(); @@ -2933,7 +2928,7 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) * Measure the MOK variables */ efi_status = measure_mok(); - if (efi_status != EFI_SUCCESS && efi_status != EFI_NOT_FOUND) { + if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) { Print(L"Something has gone seriously wrong: %r\n", efi_status); Print(L"Shim was unable to measure state into the TPM\n"); msleep(5000000); @@ -25,17 +25,16 @@ VARIABLE_RECORD *measureddata = NULL; static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm) { - EFI_STATUS status; + EFI_STATUS efi_status; TCG_EFI_BOOT_SERVICE_CAPABILITY caps; UINT32 flags; EFI_PHYSICAL_ADDRESS eventlog, lastevent; caps.Size = (UINT8)sizeof(caps); - status = uefi_call_wrapper(tpm->status_check, 5, tpm, &caps, &flags, - &eventlog, &lastevent); - - if (status != EFI_SUCCESS || caps.TPMDeactivatedFlag - || !caps.TPMPresentFlag) + efi_status = uefi_call_wrapper(tpm->status_check, 5, tpm, &caps, &flags, + &eventlog, &lastevent); + if (EFI_ERROR(efi_status) || + caps.TPMDeactivatedFlag || !caps.TPMPresentFlag) return FALSE; return TRUE; @@ -45,14 +44,13 @@ static EFI_STATUS tpm2_get_caps(efi_tpm2_protocol_t *tpm, EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, BOOLEAN *old_caps) { - EFI_STATUS status; + EFI_STATUS efi_status; caps->Size = (UINT8)sizeof(*caps); - status = uefi_call_wrapper(tpm->get_capability, 2, tpm, caps); - - if (status != EFI_SUCCESS) - return status; + efi_status = uefi_call_wrapper(tpm->get_capability, 2, tpm, caps); + if (EFI_ERROR(efi_status)) + return efi_status; if (caps->StructureVersion.Major == 1 && caps->StructureVersion.Minor == 0) @@ -119,19 +117,19 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, BOOLEAN *old_caps_p, EFI_TCG2_BOOT_SERVICE_CAPABILITY *capsp) { - EFI_STATUS status; + EFI_STATUS efi_status; *tpm = NULL; *tpm2 = NULL; - status = LibLocateProtocol(&EFI_TPM2_GUID, (VOID **)tpm2); + efi_status = LibLocateProtocol(&EFI_TPM2_GUID, (VOID **)tpm2); /* TPM 2.0 */ - if (status == EFI_SUCCESS) { + if (!EFI_ERROR(efi_status)) { BOOLEAN old_caps; EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; - status = tpm2_get_caps(*tpm2, &caps, &old_caps); - if (EFI_ERROR(status)) - return status; + efi_status = tpm2_get_caps(*tpm2, &caps, &old_caps); + if (EFI_ERROR(efi_status)) + return efi_status; if (tpm2_present(&caps, old_caps)) { if (old_caps_p) @@ -141,9 +139,9 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, return EFI_SUCCESS; } } else { - status = LibLocateProtocol(&EFI_TPM_GUID, (VOID **)tpm); - if (EFI_ERROR(status)) - return status; + efi_status = LibLocateProtocol(&EFI_TPM_GUID, (VOID **)tpm); + if (EFI_ERROR(efi_status)) + return efi_status; if (tpm_present(*tpm)) return EFI_SUCCESS; @@ -156,25 +154,27 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, const CHAR8 *log, UINTN logsize, UINT32 type, CHAR8 *hash) { - EFI_STATUS status; + EFI_STATUS efi_status; efi_tpm_protocol_t *tpm; efi_tpm2_protocol_t *tpm2; BOOLEAN old_caps; EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; - status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps); - if (EFI_ERROR(status)) { - return status; + efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps); + if (EFI_ERROR(efi_status)) { + return efi_status; } else if (tpm2) { EFI_TCG2_EVENT *event; EFI_TCG2_EVENT_LOG_BITMAP supported_logs; supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); - status = trigger_tcg2_final_events_table(tpm2, supported_logs); - if (EFI_ERROR(status)) { - perror(L"Unable to trigger tcg2 final events table: %r\n", status); - return status; + efi_status = trigger_tcg2_final_events_table(tpm2, + supported_logs); + if (EFI_ERROR(efi_status)) { + perror(L"Unable to trigger tcg2 final events table: %r\n", + efi_status); + return efi_status; } event = AllocatePool(sizeof(*event) + logsize); @@ -194,26 +194,25 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, themselves if we pass PE_COFF_IMAGE. In case that fails we fall back to measuring without it. */ - status = uefi_call_wrapper(tpm2->hash_log_extend_event, - 5, tpm2, PE_COFF_IMAGE, buf, - (UINT64) size, event); + efi_status = uefi_call_wrapper(tpm2->hash_log_extend_event, + 5, tpm2, PE_COFF_IMAGE, buf, + (UINT64) size, event); } - if (!hash || EFI_ERROR(status)) { - status = uefi_call_wrapper(tpm2->hash_log_extend_event, - 5, tpm2, 0, buf, - (UINT64) size, event); + if (!hash || EFI_ERROR(efi_status)) { + efi_status = uefi_call_wrapper(tpm2->hash_log_extend_event, + 5, tpm2, 0, buf, + (UINT64) size, event); } FreePool(event); - return status; + return efi_status; } else if (tpm) { TCG_PCR_EVENT *event; UINT32 eventnum = 0; EFI_PHYSICAL_ADDRESS lastevent; - status = LibLocateProtocol(&EFI_TPM_GUID, (VOID **)&tpm); - - if (status != EFI_SUCCESS) + efi_status = LibLocateProtocol(&EFI_TPM_GUID, (VOID **)&tpm); + if (EFI_ERROR(efi_status)) return EFI_SUCCESS; if (!tpm_present(tpm)) @@ -235,18 +234,18 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, hash rather than allowing the firmware to attempt to calculate it */ CopyMem(event->digest, hash, sizeof(event->digest)); - status = uefi_call_wrapper(tpm->log_extend_event, 7, - tpm, 0, 0, TPM_ALG_SHA, - event, &eventnum, - &lastevent); + efi_status = uefi_call_wrapper(tpm->log_extend_event, 7, + tpm, 0, 0, TPM_ALG_SHA, + event, &eventnum, + &lastevent); } else { - status = uefi_call_wrapper(tpm->log_extend_event, 7, - tpm, buf, (UINT64)size, - TPM_ALG_SHA, event, - &eventnum, &lastevent); + efi_status = uefi_call_wrapper(tpm->log_extend_event, 7, + tpm, buf, (UINT64)size, + TPM_ALG_SHA, event, + &eventnum, &lastevent); } FreePool(event); - return status; + return efi_status; } return EFI_SUCCESS; @@ -333,7 +332,7 @@ static EFI_STATUS tpm_record_data_measurement(CHAR16 *VarName, EFI_GUID VendorGu EFI_STATUS tpm_measure_variable(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData) { - EFI_STATUS Status; + EFI_STATUS efi_status; UINTN VarNameLength; EFI_VARIABLE_DATA_TREE *VarLog; UINT32 VarLogSize; @@ -363,14 +362,14 @@ EFI_STATUS tpm_measure_variable(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarS CopyMem ((CHAR16 *)VarLog->UnicodeName + VarNameLength, VarData, VarSize); - Status = tpm_log_event_raw((EFI_PHYSICAL_ADDRESS)(intptr_t)VarLog, - VarLogSize, 7, (CHAR8 *)VarLog, VarLogSize, - EV_EFI_VARIABLE_AUTHORITY, NULL); + efi_status = tpm_log_event_raw((EFI_PHYSICAL_ADDRESS)(intptr_t)VarLog, + VarLogSize, 7, (CHAR8 *)VarLog, VarLogSize, + EV_EFI_VARIABLE_AUTHORITY, NULL); FreePool(VarLog); - if (Status != EFI_SUCCESS) - return Status; + if (EFI_ERROR(efi_status)) + return efi_status; return tpm_record_data_measurement(VarName, VendorGuid, VarSize, VarData); @@ -379,12 +378,12 @@ EFI_STATUS tpm_measure_variable(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarS EFI_STATUS fallback_should_prefer_reset(void) { - EFI_STATUS status; + EFI_STATUS efi_status; efi_tpm_protocol_t *tpm; efi_tpm2_protocol_t *tpm2; - status = tpm_locate_protocol(&tpm, &tpm2, NULL, NULL); - if (EFI_ERROR(status)) + efi_status = tpm_locate_protocol(&tpm, &tpm2, NULL, NULL); + if (EFI_ERROR(efi_status)) return EFI_NOT_FOUND; return EFI_SUCCESS; } |