Merge pull request #112 from nix-community/log
Minimalistic Logging Support
This commit is contained in:
commit
a5e283ca44
|
@ -6,10 +6,12 @@ publish = false
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
uefi = { version = "0.19.1", default-features = false, features = [ "alloc", "global_allocator", "unstable" ] }
|
uefi = { version = "0.19.1", default-features = false, features = [ "alloc", "global_allocator", "unstable" ] }
|
||||||
uefi-services = { version = "0.16.0", default-features = false, features = [ "panic_handler" ] }
|
uefi-services = { version = "0.16.0", default-features = false, features = [ "panic_handler", "logger" ] }
|
||||||
log = "0.4.17"
|
|
||||||
goblin = { version = "0.6.0", default-features = false, features = [ "pe64", "alloc" ]}
|
goblin = { version = "0.6.0", default-features = false, features = [ "pe64", "alloc" ]}
|
||||||
|
|
||||||
|
# Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
|
||||||
|
log = { version = "0.4.17", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}
|
||||||
|
|
||||||
# Use software implementation because the UEFI target seems to need it.
|
# Use software implementation because the UEFI target seems to need it.
|
||||||
sha2 = { version = "0.10.6", default-features = false, features = ["force-soft"] }
|
sha2 = { version = "0.10.6", default-features = false, features = ["force-soft"] }
|
||||||
|
|
||||||
|
|
|
@ -12,13 +12,13 @@ mod pe_section;
|
||||||
mod uefi_helpers;
|
mod uefi_helpers;
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
use log::{info, warn};
|
||||||
use pe_loader::Image;
|
use pe_loader::Image;
|
||||||
use pe_section::{pe_section, pe_section_as_string};
|
use pe_section::{pe_section, pe_section_as_string};
|
||||||
use sha2::{Digest, Sha256};
|
use sha2::{Digest, Sha256};
|
||||||
use uefi::{
|
use uefi::{
|
||||||
prelude::*,
|
prelude::*,
|
||||||
proto::{
|
proto::{
|
||||||
console::text::Output,
|
|
||||||
loaded_image::LoadedImage,
|
loaded_image::LoadedImage,
|
||||||
media::file::{File, FileAttribute, FileMode, RegularFile},
|
media::file::{File, FileAttribute, FileMode, RegularFile},
|
||||||
},
|
},
|
||||||
|
@ -33,25 +33,23 @@ use crate::{
|
||||||
type Hash = sha2::digest::Output<Sha256>;
|
type Hash = sha2::digest::Output<Sha256>;
|
||||||
|
|
||||||
/// Print the startup logo on boot.
|
/// Print the startup logo on boot.
|
||||||
fn print_logo(output: &mut Output) -> Result<()> {
|
fn print_logo() {
|
||||||
output.clear()?;
|
info!(
|
||||||
|
|
||||||
output.output_string(cstr16!(
|
|
||||||
"
|
"
|
||||||
_ _ _\r
|
_ _ _
|
||||||
| | | | | |\r
|
| | | | | |
|
||||||
| | __ _ _ __ ______ _| |__ ___ ___ | |_ ___\r
|
| | __ _ _ __ ______ _| |__ ___ ___ | |_ ___
|
||||||
| |/ _` | '_ \\|_ / _` | '_ \\ / _ \\ / _ \\| __/ _ \\\r
|
| |/ _` | '_ \\|_ / _` | '_ \\ / _ \\ / _ \\| __/ _ \\
|
||||||
| | (_| | | | |/ / (_| | |_) | (_) | (_) | || __/\r
|
| | (_| | | | |/ / (_| | |_) | (_) | (_) | || __/
|
||||||
|_|\\__,_|_| |_/___\\__,_|_.__/ \\___/ \\___/ \\__\\___|\r
|
|_|\\__,_|_| |_/___\\__,_|_.__/ \\___/ \\___/ \\__\\___|
|
||||||
\r
|
|
||||||
"
|
"
|
||||||
))
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The configuration that is embedded at build time.
|
/// The configuration that is embedded at build time.
|
||||||
///
|
///
|
||||||
/// After lanzaboote is built, lanzatool needs to embed configuration
|
/// After lanzaboote is built, lzbt needs to embed configuration
|
||||||
/// into the binary. This struct represents that information.
|
/// into the binary. This struct represents that information.
|
||||||
struct EmbeddedConfiguration {
|
struct EmbeddedConfiguration {
|
||||||
/// The filename of the kernel to be booted. This filename is
|
/// The filename of the kernel to be booted. This filename is
|
||||||
|
@ -180,11 +178,11 @@ fn boot_linux_uefi(
|
||||||
fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
|
fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
|
||||||
uefi_services::init(&mut system_table).unwrap();
|
uefi_services::init(&mut system_table).unwrap();
|
||||||
|
|
||||||
print_logo(system_table.stdout()).unwrap();
|
print_logo();
|
||||||
|
|
||||||
let config: EmbeddedConfiguration =
|
let config: EmbeddedConfiguration =
|
||||||
EmbeddedConfiguration::new(&mut booted_image_file(system_table.boot_services()).unwrap())
|
EmbeddedConfiguration::new(&mut booted_image_file(system_table.boot_services()).unwrap())
|
||||||
.expect("Failed to extract configuration from binary. Did you run lanzatool?");
|
.expect("Failed to extract configuration from binary. Did you run lzbt?");
|
||||||
|
|
||||||
let kernel_data;
|
let kernel_data;
|
||||||
let initrd_data;
|
let initrd_data;
|
||||||
|
@ -227,17 +225,11 @@ fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
|
||||||
let is_initrd_hash_correct = Sha256::digest(&initrd_data) == config.initrd_hash;
|
let is_initrd_hash_correct = Sha256::digest(&initrd_data) == config.initrd_hash;
|
||||||
|
|
||||||
if !is_kernel_hash_correct {
|
if !is_kernel_hash_correct {
|
||||||
system_table
|
warn!("Hash mismatch for kernel!");
|
||||||
.stdout()
|
|
||||||
.output_string(cstr16!("Hash mismatch for kernel!\r\n"))
|
|
||||||
.unwrap();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !is_initrd_hash_correct {
|
if !is_initrd_hash_correct {
|
||||||
system_table
|
warn!("Hash mismatch for initrd!");
|
||||||
.stdout()
|
|
||||||
.output_string(cstr16!("Hash mismatch for initrd!\r\n"))
|
|
||||||
.unwrap();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if is_kernel_hash_correct && is_initrd_hash_correct {
|
if is_kernel_hash_correct && is_initrd_hash_correct {
|
||||||
|
@ -271,10 +263,7 @@ fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
|
||||||
// of the firmware is broken, we have little hope of security
|
// of the firmware is broken, we have little hope of security
|
||||||
// anyway.
|
// anyway.
|
||||||
|
|
||||||
system_table
|
warn!("Trying to continue as non-Secure Boot. This will fail when Secure Boot is enabled.");
|
||||||
.stdout()
|
|
||||||
.output_string(cstr16!("WARNING: Trying to continue as non-Secure Boot. This will fail when Secure Boot is enabled.\r\n"))
|
|
||||||
.unwrap();
|
|
||||||
|
|
||||||
boot_linux_uefi(
|
boot_linux_uefi(
|
||||||
handle,
|
handle,
|
||||||
|
|
Loading…
Reference in New Issue