From 4bfb13d803f4d8efe544e0f2aa9cd712b8cb84b1 Mon Sep 17 00:00:00 2001

From: Gary Ching-Pang Lin <glin@suse.com>

Date: Tue, 1 Oct 2013 11:58:52 +0800

Subject: [PATCH 37/74] Silence the functions of shim protocol

When grub2 invokes the functions of shim protocol in gfx mode,

OutputString in shim could distort the screen.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

Conflicts:

	shim.c

(modified by pjones to include some newer Prints that weren't there when

Gary did the initial work here.)

---

 shim.c | 192 ++++++++++++++++++++++++++++++++++++++---------------------------

 1 file changed, 114 insertions(+), 78 deletions(-)

diff --git a/shim.c b/shim.c

index f9fa606..69af766 100644

--- a/shim.c

+++ b/shim.c

@@ -59,6 +59,14 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB

 static CHAR16 *second_stage;

 static void *load_options;

 static UINT32 load_options_size;

+static UINT8 in_protocol;

+

+#define perror(fmt, ...) ({						\

+		UINTN __perror_ret = 0;					\

+		if (in_protocol)					\

+			__perror_ret = Print((fmt), ##__VA_ARGS__);	\

+		__perror_ret;						\

+	})

 EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };

@@ -133,7 +141,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,

 #endif

 	if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {

-		Print(L"Image has no relocation entry\n");

+		perror(L"Image has no relocation entry\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -141,7 +149,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,

 	RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);

 	if (!RelocBase || !RelocBaseEnd) {

-		Print(L"Reloc table overflows binary\n");

+		perror(L"Reloc table overflows binary\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -154,19 +162,19 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,

 		Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));

 		if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {

-			Print(L"Reloc block size is invalid\n");

+			perror(L"Reloc block size is invalid\n");

 			return EFI_UNSUPPORTED;

 		}

 		RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);

 		if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {

-			Print(L"Reloc entry overflows binary\n");

+			perror(L"Reloc entry overflows binary\n");

 			return EFI_UNSUPPORTED;

 		}

 		FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress);

 		if (!FixupBase) {

-			Print(L"Invalid fixupbase\n");

+			perror(L"Invalid fixupbase\n");

 			return EFI_UNSUPPORTED;

 		}

@@ -215,7 +223,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,

 				break;

 			default:

-				Print(L"Unknown relocation\n");

+				perror(L"Unknown relocation\n");

 				return EFI_UNSUPPORTED;

 			}

 			Reloc += 1;

@@ -478,7 +486,7 @@ static BOOLEAN secure_mode (void)

 	status = get_variable(L"SecureBoot", &Data, &len, global_var);

 	if (status != EFI_SUCCESS) {

-		if (verbose)

+		if (verbose && !in_protocol)

 			console_notify(L"Secure boot not enabled");

 		return FALSE;

 	}

@@ -486,7 +494,7 @@ static BOOLEAN secure_mode (void)

 	FreePool(Data);

 	if (sb != 1) {

-		if (verbose)

+		if (verbose && !in_protocol)

 			console_notify(L"Secure boot not enabled");

 		return FALSE;

 	}

@@ -499,7 +507,7 @@ static BOOLEAN secure_mode (void)

 	FreePool(Data);

 	if (setupmode == 1) {

-		if (verbose)

+		if (verbose && !in_protocol)

 			console_notify(L"Platform is in setup mode");

 		return FALSE;

 	}

@@ -531,14 +539,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	unsigned int PEHdr_offset = 0;

 	if (datasize_in < 0) {

-		Print(L"Invalid data size\n");

+		perror(L"Invalid data size\n");

 		return EFI_INVALID_PARAMETER;

 	}

 	size = datasize = (unsigned int)datasize_in;

 	if (datasize <= sizeof (*DosHdr) ||

 	    DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {

-		Print(L"Invalid signature\n");

+		perror(L"Invalid signature\n");

 		return EFI_INVALID_PARAMETER;

 	}

 	PEHdr_offset = DosHdr->e_lfanew;

@@ -550,12 +558,12 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	sha1ctx = AllocatePool(sha1ctxsize);

 	if (!sha256ctx || !sha1ctx) {

-		Print(L"Unable to allocate memory for hash context\n");

+		perror(L"Unable to allocate memory for hash context\n");

 		return EFI_OUT_OF_RESOURCES;

 	}

 	if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) {

-		Print(L"Unable to initialise hash\n");

+		perror(L"Unable to initialise hash\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -567,7 +575,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||

 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {

-		Print(L"Unable to generate hash\n");

+		perror(L"Unable to generate hash\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -579,7 +587,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||

 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {

-		Print(L"Unable to generate hash\n");

+		perror(L"Unable to generate hash\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -597,7 +605,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||

 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {

-		Print(L"Unable to generate hash\n");

+		perror(L"Unable to generate hash\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -621,14 +629,14 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 			context->PEHdr->Pe32.FileHeader.SizeOfOptionalHeader +

 			(index * sizeof(*SectionPtr)));

 		if (!SectionPtr) {

-			Print(L"Malformed section %d\n", index);

+			perror(L"Malformed section %d\n", index);

 			status = EFI_INVALID_PARAMETER;

 			goto done;

 		}

 		/* Validate section size is within image. */

 		if (SectionPtr->SizeOfRawData >

 		    datasize - SumOfBytesHashed - SumOfSectionBytes) {

-			Print(L"Malformed section %d size\n", index);

+			perror(L"Malformed section %d size\n", index);

 			status = EFI_INVALID_PARAMETER;

 			goto done;

 		}

@@ -637,7 +645,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections);

 	if (SectionHeader == NULL) {

-		Print(L"Unable to allocate section header\n");

+		perror(L"Unable to allocate section header\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -669,7 +677,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 		hashbase  = ImageAddress(data, size, Section->PointerToRawData);

 		if (!hashbase) {

-			Print(L"Malformed section header\n");

+			perror(L"Malformed section header\n");

 			status = EFI_INVALID_PARAMETER;

 			goto done;

 		}

@@ -677,7 +685,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 		/* Verify hashsize within image. */

 		if (Section->SizeOfRawData >

 		    datasize - Section->PointerToRawData) {

-			Print(L"Malformed section raw size %d\n", index);

+			perror(L"Malformed section raw size %d\n", index);

 			status = EFI_INVALID_PARAMETER;

 			goto done;

 		}

@@ -685,7 +693,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||

 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {

-			Print(L"Unable to generate hash\n");

+			perror(L"Unable to generate hash\n");

 			status = EFI_OUT_OF_RESOURCES;

 			goto done;

 		}

@@ -706,7 +714,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||

 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {

-			Print(L"Unable to generate hash\n");

+			perror(L"Unable to generate hash\n");

 			status = EFI_OUT_OF_RESOURCES;

 			goto done;

 		}

@@ -714,7 +722,7 @@ static EFI_STATUS generate_hash (char *data, int datasize_in,

 	if (!(Sha256Final(sha256ctx, sha256hash)) ||

 	    !(Sha1Final(sha1ctx, sha1hash))) {

-		Print(L"Unable to finalise hash\n");

+		perror(L"Unable to finalise hash\n");

 		status = EFI_OUT_OF_RESOURCES;

 		goto done;

 	}

@@ -744,9 +752,9 @@ static EFI_STATUS verify_mok (void) {

 				   shim_lock_guid, &attributes);

 	if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {

-		Print(L"MokList is compromised!\nErase all keys in MokList!\n");

+		perror(L"MokList is compromised!\nErase all keys in MokList!\n");

 		if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {

-			Print(L"Failed to erase MokList\n");

+			perror(L"Failed to erase MokList\n");

                         return EFI_ACCESS_DENIED;

 		}

 	}

@@ -774,13 +782,13 @@ static EFI_STATUS verify_buffer (char *data, int datasize,

 				     context->SecDir->VirtualAddress);

 		if (!cert) {

-			Print(L"Certificate located outside the image\n");

+			perror(L"Certificate located outside the image\n");

 			return EFI_INVALID_PARAMETER;

 		}

 		if (cert->Hdr.wCertificateType !=

 		    WIN_CERT_TYPE_PKCS_SIGNED_DATA) {

-			Print(L"Unsupported certificate type %x\n",

+			perror(L"Unsupported certificate type %x\n",

 				cert->Hdr.wCertificateType);

 			return EFI_UNSUPPORTED;

 		}

@@ -804,7 +812,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,

 	status = check_blacklist(cert, sha256hash, sha1hash);

 	if (status != EFI_SUCCESS) {

-		Print(L"Binary is blacklisted\n");

+		perror(L"Binary is blacklisted\n");

 		return status;

 	}

@@ -857,7 +865,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,

 	unsigned long HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize;

 	if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) {

-		Print(L"Invalid image\n");

+		perror(L"Invalid image\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -877,7 +885,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,

 	context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;

 	if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < context->NumberOfRvaAndSizes) {

-		Print(L"Image header too small\n");

+		perror(L"Image header too small\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -885,7 +893,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,

 			- sizeof (EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES;

 	if (((UINT32)PEHdr->Pe32.FileHeader.SizeOfOptionalHeader - HeaderWithoutDataDir) !=

 			context->NumberOfRvaAndSizes * sizeof (EFI_IMAGE_DATA_DIRECTORY)) {

-		Print(L"Image header overflows data directory\n");

+		perror(L"Image header overflows data directory\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -895,28 +903,28 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,

 				+ PEHdr->Pe32.FileHeader.SizeOfOptionalHeader;

 	if (((UINT32)context->ImageSize - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER

 			<= context->NumberOfSections) {

-		Print(L"Image sections overflow image size\n");

+		perror(L"Image sections overflow image size\n");

 		return EFI_UNSUPPORTED;

 	}

 	if ((context->SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER

 			< (UINT32)context->NumberOfSections) {

-		Print(L"Image sections overflow section headers\n");

+		perror(L"Image sections overflow section headers\n");

 		return EFI_UNSUPPORTED;

 	}

 	if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) {

-		Print(L"Invalid image\n");

+		perror(L"Invalid image\n");

 		return EFI_UNSUPPORTED;

 	}

 	if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) {

-		Print(L"Unsupported image type\n");

+		perror(L"Unsupported image type\n");

 		return EFI_UNSUPPORTED;

 	}

 	if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) {

-		Print(L"Unsupported image - Relocations have been stripped\n");

+		perror(L"Unsupported image - Relocations have been stripped\n");

 		return EFI_UNSUPPORTED;

 	}

@@ -935,23 +943,24 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,

 	context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));

 	if (context->ImageSize < context->SizeOfHeaders) {

-		Print(L"Invalid image\n");

+		perror(L"Invalid image\n");

 		return EFI_UNSUPPORTED;

 	}

 	if ((unsigned long)((UINT8 *)context->SecDir - (UINT8 *)data) >

 	    (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) {

-		Print(L"Invalid image\n");

+		perror(L"Invalid image\n");

 		return EFI_UNSUPPORTED;

 	}

 	if (context->SecDir->VirtualAddress >= datasize) {

-		Print(L"Malformed security header\n");

+		perror(L"Malformed security header\n");

 		return EFI_INVALID_PARAMETER;

 	}

 	return EFI_SUCCESS;

 }

+

 /*

  * Once the image has been loaded it needs to be validated and relocated

  */

@@ -971,7 +980,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,

 	 */

 	efi_status = read_header(data, datasize, &context);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to read header: %r\n", efi_status);

+		perror(L"Failed to read header: %r\n", efi_status);

 		return efi_status;

 	}

@@ -993,7 +1002,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,

 	buffer = AllocatePool(context.ImageSize);

 	if (!buffer) {

-		Print(L"Failed to allocate image buffer\n");

+		perror(L"Failed to allocate image buffer\n");

 		return EFI_OUT_OF_RESOURCES;

 	}

@@ -1013,13 +1022,13 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,

 		end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1);

 		if (!base || !end) {

-			Print(L"Invalid section size\n");

+			perror(L"Invalid section size\n");

 			return EFI_UNSUPPORTED;

 		}

 		if (Section->VirtualAddress < context.SizeOfHeaders ||

 				Section->PointerToRawData < context.SizeOfHeaders) {

-			Print(L"Section is inside image headers\n");

+			perror(L"Section is inside image headers\n");

 			return EFI_UNSUPPORTED;

 		}

@@ -1038,7 +1047,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,

 	efi_status = relocate_coff(&context, buffer);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Relocation failed: %r\n", efi_status);

+		perror(L"Relocation failed: %r\n", efi_status);

 		FreePool(buffer);

 		return efi_status;

 	}

@@ -1056,7 +1065,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,

 	li->LoadOptionsSize = load_options_size;

 	if (!entry_point) {

-		Print(L"Invalid entry point\n");

+		perror(L"Invalid entry point\n");

 		FreePool(buffer);

 		return EFI_UNSUPPORTED;

 	}

@@ -1079,7 +1088,7 @@ should_use_fallback(EFI_HANDLE image_handle)

 	rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,

 				       &loaded_image_protocol, (void **)&li;;

 	if (EFI_ERROR(rc)) {

-		Print(L"Could not get image for bootx64.efi: %r\n", rc);

+		perror(L"Could not get image for bootx64.efi: %r\n", rc);

 		return 0;

 	}

@@ -1101,13 +1110,13 @@ should_use_fallback(EFI_HANDLE image_handle)

 	rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,

 			       &FileSystemProtocol, (void **)&fio;;

 	if (EFI_ERROR(rc)) {

-		Print(L"Could not get fio for li->DeviceHandle: %r\n", rc);

+		perror(L"Could not get fio for li->DeviceHandle: %r\n", rc);

 		return 0;

 	}

-	

+

 	rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh;;

 	if (EFI_ERROR(rc)) {

-		Print(L"Could not open fio volume: %r\n", rc);

+		perror(L"Could not open fio volume: %r\n", rc);

 		return 0;

 	}

@@ -1185,7 +1194,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,

 	*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));

 	if (!*PathName) {

-		Print(L"Failed to allocate path buffer\n");

+		perror(L"Failed to allocate path buffer\n");

 		efi_status = EFI_OUT_OF_RESOURCES;

 		goto error;

 	}

@@ -1226,14 +1235,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 				       (void **)&drive);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to find fs: %r\n", efi_status);

+		perror(L"Failed to find fs: %r\n", efi_status);

 		goto error;

 	}

 	efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to open fs: %r\n", efi_status);

+		perror(L"Failed to open fs: %r\n", efi_status);

 		goto error;

 	}

@@ -1244,14 +1253,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 				       EFI_FILE_MODE_READ, 0);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to open %s - %r\n", PathName, efi_status);

+		perror(L"Failed to open %s - %r\n", PathName, efi_status);

 		goto error;

 	}

 	fileinfo = AllocatePool(buffersize);

 	if (!fileinfo) {

-		Print(L"Unable to allocate file info buffer\n");

+		perror(L"Unable to allocate file info buffer\n");

 		efi_status = EFI_OUT_OF_RESOURCES;

 		goto error;

 	}

@@ -1267,7 +1276,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 		FreePool(fileinfo);

 		fileinfo = AllocatePool(buffersize);

 		if (!fileinfo) {

-			Print(L"Unable to allocate file info buffer\n");

+			perror(L"Unable to allocate file info buffer\n");

 			efi_status = EFI_OUT_OF_RESOURCES;

 			goto error;

 		}

@@ -1277,7 +1286,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 	}

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Unable to get file info: %r\n", efi_status);

+		perror(L"Unable to get file info: %r\n", efi_status);

 		goto error;

 	}

@@ -1286,7 +1295,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 	*data = AllocatePool(buffersize);

 	if (!*data) {

-		Print(L"Unable to allocate file buffer\n");

+		perror(L"Unable to allocate file buffer\n");

 		efi_status = EFI_OUT_OF_RESOURCES;

 		goto error;

 	}

@@ -1305,7 +1314,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,

 	}

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);

+		perror(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);

 		goto error;

 	}

@@ -1335,6 +1344,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)

 	PE_COFF_LOADER_IMAGE_CONTEXT context;

 	loader_is_participating = 1;

+	in_protocol = 1;

 	if (!secure_mode())

 		return EFI_SUCCESS;

@@ -1342,9 +1352,35 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)

 	status = read_header(buffer, size, &context);

 	if (status != EFI_SUCCESS)

-		return status;

+		goto done;

 	status = verify_buffer(buffer, size, &context);

+done:

+	in_protocol = 0;

+	return status;

+}

+

+static EFI_STATUS shim_hash (char *data, int datasize,

+			     PE_COFF_LOADER_IMAGE_CONTEXT *context,

+			     UINT8 *sha256hash, UINT8 *sha1hash)

+{

+	EFI_STATUS status;

+

+	in_protocol = 1;

+	status = generate_hash(data, datasize, context, sha256hash, sha1hash);

+	in_protocol = 0;

+

+	return status;

+}

+

+static EFI_STATUS shim_read_header(void *data, unsigned int datasize,

+				   PE_COFF_LOADER_IMAGE_CONTEXT *context)

+{

+	EFI_STATUS status;

+

+	in_protocol = 1;

+	status = read_header(data, datasize, context);

+	in_protocol = 0;

 	return status;

 }

@@ -1371,7 +1407,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)

 				       &loaded_image_protocol, (void **)&li;;

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Unable to init protocol\n");

+		perror(L"Unable to init protocol\n");

 		return efi_status;

 	}

@@ -1381,20 +1417,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)

 	efi_status = generate_path(li, ImagePath, &PathName);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status);

+		perror(L"Unable to generate path %s: %r\n", ImagePath, efi_status);

 		goto done;

 	}

 	if (findNetboot(li->DeviceHandle)) {

 		efi_status = parseNetbootinfo(image_handle);

 		if (efi_status != EFI_SUCCESS) {

-			Print(L"Netboot parsing failed: %r\n", efi_status);

+			perror(L"Netboot parsing failed: %r\n", efi_status);

 			return EFI_PROTOCOL_ERROR;

 		}

 		efi_status = FetchNetbootimage(image_handle, &sourcebuffer,

 					       &sourcesize);

 		if (efi_status != EFI_SUCCESS) {

-			Print(L"Unable to fetch TFTP image: %r\n", efi_status);

+			perror(L"Unable to fetch TFTP image: %r\n", efi_status);

 			return efi_status;

 		}

 		data = sourcebuffer;

@@ -1406,7 +1442,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)

 		efi_status = load_image(li, &data, &datasize, PathName);

 		if (efi_status != EFI_SUCCESS) {

-			Print(L"Failed to load image %s: %r\n", PathName, efi_status);

+			perror(L"Failed to load image %s: %r\n", PathName, efi_status);

 			goto done;

 		}

 	}

@@ -1423,7 +1459,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)

 	efi_status = handle_image(data, datasize, li);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to load image: %r\n", efi_status);

+		perror(L"Failed to load image: %r\n", efi_status);

 		CopyMem(li, &li_bak, sizeof(li_bak));

 		goto done;

 	}

@@ -1495,7 +1531,7 @@ EFI_STATUS mirror_mok_list()

 		     ;

 	FullData = AllocatePool(FullDataSize);

 	if (!FullData) {

-		Print(L"Failed to allocate space for MokListRT\n");

+		perror(L"Failed to allocate space for MokListRT\n");

 		return EFI_OUT_OF_RESOURCES;

 	}

 	p = FullData;

@@ -1526,7 +1562,7 @@ EFI_STATUS mirror_mok_list()

 				       | EFI_VARIABLE_RUNTIME_ACCESS,

 				       FullDataSize, FullData);

 	if (efi_status != EFI_SUCCESS) {

-		Print(L"Failed to set MokListRT: %r\n", efi_status);

+		perror(L"Failed to set MokListRT: %r\n", efi_status);

 	}

 	return efi_status;

@@ -1567,7 +1603,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)

 		efi_status = start_image(image_handle, MOK_MANAGER);

 		if (efi_status != EFI_SUCCESS) {

-			Print(L"Failed to start MokManager: %r\n", efi_status);

+			perror(L"Failed to start MokManager: %r\n", efi_status);

 			return efi_status;

 		}

 	}

@@ -1601,9 +1637,9 @@ static EFI_STATUS check_mok_sb (void)

 	 * modified by the OS

 	 */

 	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {

-		Print(L"MokSBState is compromised! Clearing it\n");

+		perror(L"MokSBState is compromised! Clearing it\n");

 		if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) {

-			Print(L"Failed to erase MokSBState\n");

+			perror(L"Failed to erase MokSBState\n");

 		}

 		status = EFI_ACCESS_DENIED;

 	} else {

@@ -1642,9 +1678,9 @@ static EFI_STATUS check_mok_db (void)

 	 * modified by the OS

 	 */

 	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {

-		Print(L"MokDBState is compromised! Clearing it\n");

+		perror(L"MokDBState is compromised! Clearing it\n");

 		if (LibDeleteVariable(L"MokDBState", &shim_lock_guid) != EFI_SUCCESS) {

-			Print(L"Failed to erase MokDBState\n");

+			perror(L"Failed to erase MokDBState\n");

 		}

 		status = EFI_ACCESS_DENIED;

 	} else {

@@ -1674,7 +1710,7 @@ static EFI_STATUS mok_ignore_db()

 				| EFI_VARIABLE_RUNTIME_ACCESS,

 				DataSize, (void *)&Data);

 		if (efi_status != EFI_SUCCESS) {

-			Print(L"Failed to set MokIgnoreDB: %r\n", efi_status);

+			perror(L"Failed to set MokIgnoreDB: %r\n", efi_status);

 		}

 	}

@@ -1702,7 +1738,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)

 	status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,

 				   &LoadedImageProtocol, (void **) &li;;

 	if (status != EFI_SUCCESS) {

-		Print (L"Failed to get load options: %r\n", status);

+		perror (L"Failed to get load options: %r\n", status);

 		return status;

 	}

@@ -1746,7 +1782,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)

 	if (loader_len > 0) {

 		loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16));

 		if (!loader_str) {

-			Print(L"Failed to allocate loader string\n");

+			perror(L"Failed to allocate loader string\n");

 			return EFI_OUT_OF_RESOURCES;

 		}

 		for (i = 0; i < loader_len; i++)

@@ -1825,8 +1861,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)

 	 * call back in and use shim functions

 	 */

 	shim_lock_interface.Verify = shim_verify;

-	shim_lock_interface.Hash = generate_hash;

-	shim_lock_interface.Context = read_header;

+	shim_lock_interface.Hash = shim_hash;

+	shim_lock_interface.Context = shim_read_header;

 	systab = passed_systab;

-- 

1.9.3