diff options
| author | Jeremy Kerr <jk@ozlabs.org> | 2019-10-29 17:03:05 +0800 |
|---|---|---|
| committer | Jeremy Kerr <jk@ozlabs.org> | 2020-01-23 09:02:43 +0800 |
| commit | 059cc5168f9b24eb5278e084909afe47db2861a6 (patch) | |
| tree | e1831fde970b916ee182fecd1947d159e5fa9df4 | |
| parent | 2f6259d468dd9cab890c95ee0895f00db0300842 (diff) | |
| download | talos-petitboot-059cc5168f9b24eb5278e084909afe47db2861a6.tar.gz talos-petitboot-059cc5168f9b24eb5278e084909afe47db2861a6.zip | |
discover/boot: unify verification failure messages
Currently, we have two sites where the result of validate_boot_files is
interpreted: in kexec_load, and boot_process. In the former, we generate
the pb_log message, and in the latter we generate the status message.
This means we have separate places to maintain similar error messages,
which is prone to future errors. This change does all of the
interpretation directly after calling validate_boot_files().
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
| -rw-r--r-- | discover/boot.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/discover/boot.c b/discover/boot.c index b1e2d1d..20de0a3 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -79,16 +79,30 @@ static int kexec_load(struct boot_task *boot_task) boot_task->local_dtb_override = NULL; boot_task->local_image_override = NULL; - if ((result = validate_boot_files(boot_task))) { - if (result == KEXEC_LOAD_DECRYPTION_FALURE) { - pb_log("%s: Aborting kexec due to" - " decryption failure\n", __func__); - } - if (result == KEXEC_LOAD_SIGNATURE_FAILURE) { - pb_log("%s: Aborting kexec due to signature" - " verification failure\n", __func__); + result = validate_boot_files(boot_task); + if (result) { + const char *msg; + + switch (result) { + case KEXEC_LOAD_DECRYPTION_FALURE: + msg = _("decryption failed"); + break; + case KEXEC_LOAD_SIGNATURE_FAILURE: + msg = _("signature verification failed"); + break; + case KEXEC_LOAD_SIG_SETUP_INVALID: + msg = _("invalid signature configuration"); + break; + default: + msg = _("unknown verification failure"); } + update_status(boot_task->status_fn, boot_task->status_arg, + STATUS_ERROR, + _("Boot verification failure: %s"), msg); + pb_log_fn("Aborting kexec due to verification failure: %s", + msg); + validate_boot_files_cleanup(boot_task); return result; } @@ -461,21 +475,6 @@ static void boot_process(struct load_url_result *result, void *data) _("Performing kexec load")); rc = kexec_load(task); - pb_log_fn("kexec_load returned %d\n", rc); - if (rc == KEXEC_LOAD_DECRYPTION_FALURE) { - update_status(task->status_fn, task->status_arg, - STATUS_ERROR, _("Decryption failed")); - } - else if (rc == KEXEC_LOAD_SIGNATURE_FAILURE) { - update_status(task->status_fn, task->status_arg, - STATUS_ERROR, - _("Signature verification failed")); - } - else if (rc == KEXEC_LOAD_SIG_SETUP_INVALID) { - update_status(task->status_fn, task->status_arg, - STATUS_ERROR, - _("Invalid signature configuration")); - } no_load: list_for_each_entry(&task->resources, resource, list) |
