Replace log.fatal with error return?
rgl opened this issue · 3 comments
should the log.fatal lines be replaced by an error return? e.g. at
go-uefi/efi/attributes/attributes.go
Line 112 in 5faf8e4
They probably should! The main problem has been to try figure out a good way to structure the top-level APIs in a way that makes sense. The result is that many of the functions are just hacks to iterate quickly, it's easier to ignore error handling 😄
I'd gladly take patches else I'll iterate a bit while working on covering more with integration tests :) The relevant issues with attributes.go
is how to set the appropriate os.OpenFile
file modes in a way we can truncate the file (say we want to remove dbx
with an empty EFI_SIGNATURE_LIST signed with KEK) and write to it. I haven't figured out all of it yet.
Ah so you are still trying to flesh these APIs. So this issue is moot.
I'm not yet ready to submit any PR. I'm still trying to figure out how Secure Boot actually works, and this code and sbctl are helping making things clear. Thanks for creating this and putting it in the open :-)
sbctl
still uses sbsigntools
for secureboot operations. But you could almost substitute all the tools with the stuff inside ./cmd
. It should be noted that you can totally sign and enroll keys using go-uefi
, but the API is tedious and not really ready for people adopting it.
Once I'm happy with the API I intend to mark a release and actually port sbctl
over. But until then I need to read some more API designs and figure out how things make sense :)
Thanks for the encouraging words and please do open issues for any API ideas or stuff that is confusing in the code. I'll gladly take the feedback to figure out these things!