min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #112 from nix-community/log 

Minimalistic Logging Support
This commit is contained in:
Julian Stecklina 2023-02-25 11:20:01 +01:00 committed by GitHub
parent 46b8a553b9 de4c62a1bd
commit a5e283ca44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rust/stub/Cargo.toml
View File

@ -6,10 +6,12 @@ publish = false
[dependencies] [dependencies]
uefi = { version = "0.19.1", default-features = false, features = [ "alloc", "global_allocator", "unstable" ] } uefi = { version = "0.19.1", default-features = false, features = [ "alloc", "global_allocator", "unstable" ] }
uefi-services = { version = "0.16.0", default-features = false, features = [ "panic_handler" ] } uefi-services = { version = "0.16.0", default-features = false, features = [ "panic_handler", "logger" ] }
log = "0.4.17"
goblin = { version = "0.6.0", default-features = false, features = [ "pe64", "alloc" ]} goblin = { version = "0.6.0", default-features = false, features = [ "pe64", "alloc" ]}
# Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
log = { version = "0.4.17", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}
# Use software implementation because the UEFI target seems to need it. # Use software implementation because the UEFI target seems to need it.
sha2 = { version = "0.10.6", default-features = false, features = ["force-soft"] } sha2 = { version = "0.10.6", default-features = false, features = ["force-soft"] }

45
rust/stub/src/main.rs
View File

@ -12,13 +12,13 @@ mod pe_section;
mod uefi_helpers; mod uefi_helpers;
use alloc::vec::Vec; use alloc::vec::Vec;
use log::{info, warn};
use pe_loader::Image; use pe_loader::Image;
use pe_section::{pe_section, pe_section_as_string}; use pe_section::{pe_section, pe_section_as_string};
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use uefi::{ use uefi::{
prelude::*, prelude::*,
proto::{ proto::{
console::text::Output,
loaded_image::LoadedImage, loaded_image::LoadedImage,
media::file::{File, FileAttribute, FileMode, RegularFile}, media::file::{File, FileAttribute, FileMode, RegularFile},
}, },
@ -33,25 +33,23 @@ use crate::{
type Hash = sha2::digest::Output<Sha256>; type Hash = sha2::digest::Output<Sha256>;
/// Print the startup logo on boot. /// Print the startup logo on boot.
fn print_logo(output: &mut Output) -> Result<()> { fn print_logo() {
output.clear()?; info!(
output.output_string(cstr16!(
" "
_ _ _\r _ _ _
| | | | | |\r | | | | | |
| | __ _ _ __ ______ _| |__ ___ ___ | |_ ___\r | | __ _ _ __ ______ _| |__ ___ ___ | |_ ___
| |/ _` | '_ \\|_ / _` | '_ \\ / _ \\ / _ \\| __/ _ \\\r | |/ _` | '_ \\|_ / _` | '_ \\ / _ \\ / _ \\| __/ _ \\
| | (_| | | | |/ / (_| | |_) | (_) | (_) | || __/\r | | (_| | | | |/ / (_| | |_) | (_) | (_) | || __/
|_|\\__,_|_| |_/___\\__,_|_.__/ \\___/ \\___/ \\__\\___|\r |_|\\__,_|_| |_/___\\__,_|_.__/ \\___/ \\___/ \\__\\___|
\r
" "
)) );
} }
/// The configuration that is embedded at build time. /// The configuration that is embedded at build time.
/// ///
/// After lanzaboote is built, lanzatool needs to embed configuration /// After lanzaboote is built, lzbt needs to embed configuration
/// into the binary. This struct represents that information. /// into the binary. This struct represents that information.
struct EmbeddedConfiguration { struct EmbeddedConfiguration {
/// The filename of the kernel to be booted. This filename is /// The filename of the kernel to be booted. This filename is
@ -180,11 +178,11 @@ fn boot_linux_uefi(
fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status { fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
uefi_services::init(&mut system_table).unwrap(); uefi_services::init(&mut system_table).unwrap();
print_logo(system_table.stdout()).unwrap(); print_logo();
let config: EmbeddedConfiguration = let config: EmbeddedConfiguration =
EmbeddedConfiguration::new(&mut booted_image_file(system_table.boot_services()).unwrap()) EmbeddedConfiguration::new(&mut booted_image_file(system_table.boot_services()).unwrap())
.expect("Failed to extract configuration from binary. Did you run lanzatool?"); .expect("Failed to extract configuration from binary. Did you run lzbt?");
let kernel_data; let kernel_data;
let initrd_data; let initrd_data;
@ -227,17 +225,11 @@ fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
let is_initrd_hash_correct = Sha256::digest(&initrd_data) == config.initrd_hash; let is_initrd_hash_correct = Sha256::digest(&initrd_data) == config.initrd_hash;
if !is_kernel_hash_correct { if !is_kernel_hash_correct {
system_table warn!("Hash mismatch for kernel!");
.stdout()
.output_string(cstr16!("Hash mismatch for kernel!\r\n"))
.unwrap();
} }
if !is_initrd_hash_correct { if !is_initrd_hash_correct {
system_table warn!("Hash mismatch for initrd!");
.stdout()
.output_string(cstr16!("Hash mismatch for initrd!\r\n"))
.unwrap();
} }
if is_kernel_hash_correct && is_initrd_hash_correct { if is_kernel_hash_correct && is_initrd_hash_correct {
@ -271,10 +263,7 @@ fn main(handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
// of the firmware is broken, we have little hope of security // of the firmware is broken, we have little hope of security
// anyway. // anyway.
system_table warn!("Trying to continue as non-Secure Boot. This will fail when Secure Boot is enabled.");
.stdout()
.output_string(cstr16!("WARNING: Trying to continue as non-Secure Boot. This will fail when Secure Boot is enabled.\r\n"))
.unwrap();
boot_linux_uefi( boot_linux_uefi(
handle, handle,