boot: introduce string tables for RebootOnError and sucure_boot_enroll

2025-03-19 22:50:17 +03:00 · 2025-03-13 02:37:03 +09:00 · 2025-03-13 02:37:03 +09:00 · 1ae60b69fa
commit 1ae60b69fa
parent c5710c00ff
4 changed files with 38 additions and 31 deletions
--- a/src/boot/boot.c
+++ b/src/boot/boot.c
@ -6,6 +6,7 @@
 #include "device-path-util.h"
 #include "devicetree.h"
 #include "drivers.h"
+#include "efi-string-table.h"
 #include "efivars-fundamental.h"
 #include "efivars.h"
 #include "export-vars.h"
@ -83,8 +84,17 @@ typedef enum {
        REBOOT_NO,
        REBOOT_YES,
        REBOOT_AUTO,
+        _REBOOT_ON_ERROR_MAX,
 } RebootOnError;

+static const char *reboot_on_error_table[_REBOOT_ON_ERROR_MAX] = {
+        [REBOOT_NO]   = "no",
+        [REBOOT_YES]  = "yes",
+        [REBOOT_AUTO] = "auto",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(reboot_on_error, RebootOnError);
+
 typedef struct BootEntry {
        char16_t *id;         /* The unique identifier for this entry (typically the filename of the file defining the entry, possibly suffixed with a profile id) */
        char16_t *id_without_profile; /* same, but without any profile id suffixed */
@ -323,37 +333,8 @@ static void print_status(Config *config, char16_t *loaded_image_path) {
        printf("           auto-reboot: %ls\n", yes_no(config->auto_reboot));
        printf("                  beep: %ls\n", yes_no(config->beep));
        printf("  reboot-for-bitlocker: %ls\n", yes_no(config->reboot_for_bitlocker));
-
-        switch (config->reboot_on_error) {
-        case REBOOT_NO:
-                printf("       reboot-on-error: no\n");
-                break;
-        case REBOOT_YES:
-                printf("       reboot-on-error: yes\n");
-                break;
-        case REBOOT_AUTO:
-                printf("       reboot-on-error: auto\n");
-                break;
-        default:
-                assert_not_reached();
-        }
-
-        switch (config->secure_boot_enroll) {
-        case ENROLL_OFF:
-                printf("    secure-boot-enroll: off\n");
-                break;
-        case ENROLL_MANUAL:
-                printf("    secure-boot-enroll: manual\n");
-                break;
-        case ENROLL_IF_SAFE:
-                printf("    secure-boot-enroll: if-safe\n");
-                break;
-        case ENROLL_FORCE:
-                printf("    secure-boot-enroll: force\n");
-                break;
-        default:
-                assert_not_reached();
-        }
+        printf("       reboot-on-error: %s\n",  reboot_on_error_to_string(config->reboot_on_error));
+        printf("    secure-boot-enroll: %s\n",  secure_boot_enroll_to_string(config->secure_boot_enroll));

        switch (config->console_mode) {
        case CONSOLE_MODE_AUTO:
--- a/src/boot/efi-string-table.h
+++ b/src/boot/efi-string-table.h
@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "macro-fundamental.h"
+
+#define _DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name,type,scope)          \
+        scope const char* name##_to_string(type i) {                    \
+                assert(i >= 0 && i < (type) ELEMENTSOF(name##_table));  \
+                return name##_table[i];                                 \
+        }
+
+#define DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name,type) _DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name,type,)
+#define DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(name,type) _DEFINE_STRING_TABLE_LOOKUP_TO_STRING(name,type,static)
--- a/src/boot/secure-boot.c
+++ b/src/boot/secure-boot.c
@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */

 #include "console.h"
+#include "efi-string-table.h"
 #include "efivars.h"
 #include "proto/security-arch.h"
 #include "secure-boot.h"
@ -287,3 +288,12 @@ void uninstall_security_override(void) {
        if (security_override.original_hook2)
                security_override.security2->FileAuthentication = security_override.original_hook2;
 }
+
+static const char *secure_boot_enroll_table[_SECURE_BOOT_ENROLL_MAX] = {
+        [ENROLL_OFF]     = "off",
+        [ENROLL_MANUAL]  = "manual",
+        [ENROLL_IF_SAFE] = "if-safe",
+        [ENROLL_FORCE]   = "force"
+};
+
+DEFINE_STRING_TABLE_LOOKUP_TO_STRING(secure_boot_enroll, secure_boot_enroll);
--- a/src/boot/secure-boot.h
+++ b/src/boot/secure-boot.h
@ -9,6 +9,7 @@ typedef enum {
        ENROLL_MANUAL,      /* Secure Boot key enrollment is strictly manual: manual entries are generated and need to be selected by the user */
        ENROLL_IF_SAFE,     /* Automatically enroll if it is safe (if we are running inside a VM, for example). */
        ENROLL_FORCE,       /* Secure Boot key enrollment may be automatic if it is available but might not be safe */
+        _SECURE_BOOT_ENROLL_MAX,
 } secure_boot_enroll;

 bool secure_boot_enabled(void);
@ -24,3 +25,5 @@ typedef bool (*security_validator_t)(

 void install_security_override(security_validator_t validator, const void *validator_ctx);
 void uninstall_security_override(void);
+
+const char* secure_boot_enroll_to_string(secure_boot_enroll e) _const_;