Replace log.fatal with error return?

[rgl]

should the log.fatal lines be replaced by an error return? e.g. at https://github.com/Foxboron/go-uefi/blob/5faf8e43ee9b7163b277b7a2d6282f1b904ca1de/efi/attributes/attributes.go#L112

[Foxboron]

They probably should! The main problem has been to try figure out a good way to structure the top-level APIs in a way that makes sense. The result is that many of the functions are just hacks to iterate quickly, it's easier to ignore error handling :smile:

I'd gladly take patches else I'll iterate a bit while working on covering more with integration tests :) The relevant issues with attributes.go is how to set the appropriate os.OpenFile file modes in a way we can truncate the file (say we want to remove dbx with an empty EFI_SIGNATURE_LIST signed with KEK) and write to it. I haven't figured out all of it yet.

[rgl]

Ah so you are still trying to flesh these APIs. So this issue is moot.

I'm not yet ready to submit any PR. I'm still trying to figure out how Secure Boot actually works, and this code and sbctl are helping making things clear. Thanks for creating this and putting it in the open :-)

[Foxboron]

sbctl still uses sbsigntools for secureboot operations. But you could almost substitute all the tools with the stuff inside ./cmd. It should be noted that you can totally sign and enroll keys using go-uefi, but the API is tedious and not really ready for people adopting it.

Once I'm happy with the API I intend to mark a release and actually port sbctl over. But until then I need to read some more API designs and figure out how things make sense :)

Thanks for the encouraging words and please do open issues for any API ideas or stuff that is confusing in the code. I'll gladly take the feedback to figure out these things!