Add VBDEBUG macro for debug output.

Replaced in firmware/ lib; not replaced in host-side utils/tests. Review URL: http://codereview.chromium.org/2810026
2025-11-24 02:05:01 +00:00 · 2010-06-23 21:17:07 -07:00
parent 07f7865227
commit e2ec98412e
8 changed files with 102 additions and 95 deletions
--- a/3
+++ b/3
@@ -4,7 +4,8 @@
 export CC ?= gcc
 export CXX ?= g++
-export CFLAGS = -Wall -DNDEBUG -O3 -Werror -DCHROMEOS_ENVIRONMENT
+export CFLAGS = -Wall -DNDEBUG -O3 -Werror -DCHROMEOS_ENVIRONMENT \
 	-DVBOOT_DEBUG
 export TOP = $(shell pwd)
 export FWDIR=$(TOP)/firmware
 export HOSTDIR=$(TOP)/host
--- a/firmware/include/utility.h
+++ b/firmware/include/utility.h
@@ -12,6 +12,13 @@
 #include "sysincludes.h"
 /* Debug and error output */
 #ifdef VBOOT_DEBUG
 #define VBDEBUG(params) debug params
 #else
 #define VBDEBUG(params)
 #endif
 /* Outputs an error message and quits. */
 void error(const char *format, ...);
--- a/firmware/lib/cgptlib/cgptlib.c
+++ b/firmware/lib/cgptlib/cgptlib.c
@@ -23,7 +23,7 @@ int GptInit(GptData *gpt) {
  retval = GptSanityCheck(gpt);
  if (GPT_SUCCESS != retval) {
-    debug("GptInit() failed sanity check\n");
+    VBDEBUG(("GptInit() failed sanity check\n"));
    return retval;
  }
@@ -48,16 +48,16 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
      e = entries + i;
      if (!IsKernelEntry(e))
        continue;
-      debug("GptNextKernelEntry looking at same prio partition %d\n", i);
+      VBDEBUG(("GptNextKernelEntry looking at same prio partition %d\n", i));
-      debug("GptNextKernelEntry s%d t%d p%d\n",
+      VBDEBUG(("GptNextKernelEntry s%d t%d p%d\n",
-            GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e));
+               GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e)));
      if (!(GetEntrySuccessful(e) || GetEntryTries(e)))
        continue;
      if (GetEntryPriority(e) == gpt->current_priority) {
        gpt->current_kernel = i;
        *start_sector = e->starting_lba;
        *size = e->ending_lba - e->starting_lba + 1;
-        debug("GptNextKernelEntry likes that one\n");
+        VBDEBUG(("GptNextKernelEntry likes that one\n"));
        return GPT_SUCCESS;
      }
    }
@@ -69,9 +69,9 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
    int current_prio = GetEntryPriority(e);
    if (!IsKernelEntry(e))
      continue;
-    debug("GptNextKernelEntry looking at new prio partition %d\n", i);
+    VBDEBUG(("GptNextKernelEntry looking at new prio partition %d\n", i));
-    debug("GptNextKernelEntry s%d t%d p%d\n",
+    VBDEBUG(("GptNextKernelEntry s%d t%d p%d\n",
-          GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e));
+             GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e)));
    if (!(GetEntrySuccessful(e) || GetEntryTries(e)))
      continue;
    if (current_prio >= gpt->current_priority)
@@ -89,11 +89,11 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
  gpt->current_priority = new_prio;
  if (CGPT_KERNEL_ENTRY_NOT_FOUND == new_kernel) {
-    debug("GptNextKernelEntry no more kernels\n");
+    VBDEBUG(("GptNextKernelEntry no more kernels\n"));
    return GPT_ERROR_NO_VALID_KERNEL;
  }
-  debug("GptNextKernelEntry likes that one\n");
+  VBDEBUG(("GptNextKernelEntry likes that one\n"));
  e = entries + new_kernel;
  *start_sector = e->starting_lba;
  *size = e->ending_lba - e->starting_lba + 1;
--- a/firmware/lib/cryptolib/rsa.c
+++ b/firmware/lib/cryptolib/rsa.c
@@ -135,17 +135,17 @@ int RSAVerify(const RSAPublicKey *key,
  int success = 1;
  if (sig_len != (key->len * sizeof(uint32_t))) {
-    debug("Signature is of incorrect length!\n");
+    VBDEBUG(("Signature is of incorrect length!\n"));
    return 0;
  }
  if (sig_type >= kNumAlgorithms) {
-    debug("Invalid signature type!\n");
+    VBDEBUG(("Invalid signature type!\n"));
    return 0;
  }
  if (key->len != siglen_map[sig_type] / sizeof(uint32_t)) {
-    debug("Wrong key passed in!\n");
+    VBDEBUG(("Wrong key passed in!\n"));
    return 0;
  }
@@ -162,8 +162,7 @@ int RSAVerify(const RSAPublicKey *key,
    if (buf[i] != padding[i]) {
 #ifndef NDEBUG
 /* TODO(gauravsh): Replace with a macro call for logging. */
-      debug("Padding: Expecting = %02x Got = %02x\n", padding[i],
+      VBDEBUG(("Padding: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
              buf[i]);
 #endif
      success = 0;
    }
@@ -174,8 +173,7 @@ int RSAVerify(const RSAPublicKey *key,
    if (buf[i] != *hash++) {
 #ifndef NDEBUG
 /* TODO(gauravsh): Replace with a macro call for logging. */
-      debug("Digest: Expecting = %02x Got = %02x\n", padding[i],
+      VBDEBUG(("Digest: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
              buf[i]);
 #endif
      success = 0;
    }
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -81,7 +81,7 @@ static uint32_t InitializeSpaces(void) {
  uint32_t zero = 0;
  uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE;
-  debug("Initializing spaces\n");
+  VBDEBUG(("Initializing spaces\n"));
  RETURN_ON_FAILURE(TlclSetNvLocked());
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -109,11 +109,11 @@ RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) {
  RSAPublicKey *rsa;
  if (kNumAlgorithms <= key->algorithm) {
-    debug("Invalid algorithm.\n");
+    VBDEBUG(("Invalid algorithm.\n"));
    return NULL;
  }
  if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) {
-    debug("Wrong key size for algorithm\n");
+    VBDEBUG(("Wrong key size for algorithm\n"));
    return NULL;
  }
@@ -130,7 +130,7 @@ int VerifyData(const uint8_t* data, const VbSignature *sig,
               const RSAPublicKey* key) {
  if (sig->sig_size != siglen_map[key->algorithm]) {
-    debug("Wrong signature size for algorithm.\n");
+    VBDEBUG(("Wrong signature size for algorithm.\n"));
    return 1;
  }
@@ -146,7 +146,7 @@ int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
                 const RSAPublicKey* key) {
  if (sig->sig_size != siglen_map[key->algorithm]) {
-    debug("Wrong signature size for algorithm.\n");
+    VBDEBUG(("Wrong signature size for algorithm.\n"));
    return 1;
  }
@@ -165,15 +165,15 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
  /* Sanity checks before attempting signature of data */
  if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
-    debug("Not a valid verified boot key block.\n");
+    VBDEBUG(("Not a valid verified boot key block.\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
  if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
-    debug("Incompatible key block header version.\n");
+    VBDEBUG(("Incompatible key block header version.\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
  if (size < block->key_block_size) {
-    debug("Not enough data for key block.\n");
+    VBDEBUG(("Not enough data for key block.\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
@@ -186,13 +186,13 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
    sig = &block->key_block_signature;
    if (VerifySignatureInside(block, block->key_block_size, sig)) {
-      debug("Key block signature off end of block\n");
+      VBDEBUG(("Key block signature off end of block\n"));
      return VBOOT_KEY_BLOCK_INVALID;
    }
    rsa = PublicKeyToRSA(key);
    if (!rsa) {
-      debug("Invalid public key\n");
+      VBDEBUG(("Invalid public key\n"));
      return VBOOT_PUBLIC_KEY_INVALID;
    }
    rv = VerifyData((const uint8_t*)block, sig, rsa);
@@ -208,11 +208,11 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
    sig = &block->key_block_checksum;
    if (VerifySignatureInside(block, block->key_block_size, sig)) {
-      debug("Key block hash off end of block\n");
+      VBDEBUG(("Key block hash off end of block\n"));
      return VBOOT_KEY_BLOCK_INVALID;
    }
    if (sig->sig_size != SHA512_DIGEST_SIZE) {
-      debug("Wrong hash size for key block.\n");
+      VBDEBUG(("Wrong hash size for key block.\n"));
      return VBOOT_KEY_BLOCK_INVALID;
    }
@@ -222,24 +222,24 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
                    SHA512_DIGEST_SIZE);
    Free(header_checksum);
    if (rv) {
-      debug("Invalid key block hash.\n");
+      VBDEBUG(("Invalid key block hash.\n"));
      return VBOOT_KEY_BLOCK_HASH;
    }
  }
  /* Verify we signed enough data */
  if (sig->data_size < sizeof(VbKeyBlockHeader)) {
-    debug("Didn't sign enough data\n");
+    VBDEBUG(("Didn't sign enough data\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
  /* Verify data key is inside the block and inside signed data */
  if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) {
-    debug("Data key off end of key block\n");
+    VBDEBUG(("Data key off end of key block\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
  if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) {
-    debug("Data key off end of signed data\n");
+    VBDEBUG(("Data key off end of signed data\n"));
    return VBOOT_KEY_BLOCK_INVALID;
  }
@@ -256,41 +256,41 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
  /* Sanity checks before attempting signature of data */
  if (preamble->header_version_major !=
      FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
-    debug("Incompatible firmware preamble header version.\n");
+    VBDEBUG(("Incompatible firmware preamble header version.\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  if (size < preamble->preamble_size) {
-    debug("Not enough data for preamble.\n");
+    VBDEBUG(("Not enough data for preamble.\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  /* Check signature */
  if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) {
-    debug("Preamble signature off end of preamble\n");
+    VBDEBUG(("Preamble signature off end of preamble\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  if (VerifyData((const uint8_t*)preamble, sig, key)) {
-    debug("Preamble signature validation failed\n");
+    VBDEBUG(("Preamble signature validation failed\n"));
    return VBOOT_PREAMBLE_SIGNATURE;
  }
  /* Verify we signed enough data */
  if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) {
-    debug("Didn't sign enough data\n");
+    VBDEBUG(("Didn't sign enough data\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  /* Verify body signature is inside the block */
  if (VerifySignatureInside(preamble, preamble->preamble_size,
                            &preamble->body_signature)) {
-    debug("Firmware body signature off end of preamble\n");
+    VBDEBUG(("Firmware body signature off end of preamble\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  /* Verify kernel subkey is inside the block */
  if (VerifyPublicKeyInside(preamble, preamble->preamble_size,
                            &preamble->kernel_subkey)) {
-    debug("Kernel subkey off end of preamble\n");
+    VBDEBUG(("Kernel subkey off end of preamble\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
@@ -306,34 +306,34 @@ int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
  /* Sanity checks before attempting signature of data */
  if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
-    debug("Incompatible kernel preamble header version.\n");
+    VBDEBUG(("Incompatible kernel preamble header version.\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  if (size < preamble->preamble_size) {
-    debug("Not enough data for preamble.\n");
+    VBDEBUG(("Not enough data for preamble.\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  /* Check signature */
  if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) {
-    debug("Preamble signature off end of preamble\n");
+    VBDEBUG(("Preamble signature off end of preamble\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  if (VerifyData((const uint8_t*)preamble, sig, key)) {
-    debug("Preamble signature validation failed\n");
+    VBDEBUG(("Preamble signature validation failed\n"));
    return VBOOT_PREAMBLE_SIGNATURE;
  }
  /* Verify we signed enough data */
  if (sig->data_size < sizeof(VbKernelPreambleHeader)) {
-    debug("Didn't sign enough data\n");
+    VBDEBUG(("Didn't sign enough data\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
  /* Verify body signature is inside the block */
  if (VerifySignatureInside(preamble, preamble->preamble_size,
                            &preamble->body_signature)) {
-    debug("Kernel body signature off end of preamble\n");
+    VBDEBUG(("Kernel body signature off end of preamble\n"));
    return VBOOT_PREAMBLE_INVALID;
  }
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -46,23 +46,23 @@ int LoadFirmware(LoadFirmwareParams* params) {
  /* Clear output params in case we fail */
  params->firmware_index = 0;
-  debug("LoadFirmware started...\n");
+  VBDEBUG(("LoadFirmware started...\n"));
  if (params->kernel_sign_key_size < sizeof(VbPublicKey)) {
-    debug("Kernel sign key buffer too small\n");
+    VBDEBUG(("Kernel sign key buffer too small\n"));
    return LOAD_FIRMWARE_RECOVERY;
  }
  /* Must have a root key */
  if (!root_key) {
-    debug("No root key\n");
+    VBDEBUG(("No root key\n"));
    return LOAD_FIRMWARE_RECOVERY;
  }
  /* Initialize the TPM and read rollback indices. */
  /* TODO: fix SetupTPM parameter for developer mode */
  if (0 != RollbackFirmwareSetup(0, &tpm_key_version, &tpm_fw_version)) {
-    debug("Unable to get stored versions.\n");
+    VBDEBUG(("Unable to get stored versions.\n"));
    return LOAD_FIRMWARE_RECOVERY;
  }
@@ -90,21 +90,21 @@ int LoadFirmware(LoadFirmwareParams* params) {
      vblock_size = params->verification_size_1;
    }
    if ((0 != KeyBlockVerify(key_block, vblock_size, root_key))) {
-      debug("Key block verification failed.\n");
+      VBDEBUG(("Key block verification failed.\n"));
      continue;
    }
    /* Check for rollback of key version. */
    key_version = key_block->data_key.key_version;
    if (key_version < tpm_key_version) {
-      debug("Key rollback detected.\n");
+      VBDEBUG(("Key rollback detected.\n"));
      continue;
    }
    /* Get the key for preamble/data verification from the key block. */
    data_key = PublicKeyToRSA(&key_block->data_key);
    if (!data_key) {
-      debug("Unable to parse data key.\n");
+      VBDEBUG(("Unable to parse data key.\n"));
      continue;
    }
@@ -114,7 +114,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    if ((0 != VerifyFirmwarePreamble2(preamble,
                                      vblock_size - key_block->key_block_size,
                                      data_key))) {
-      debug("Preamble verfication failed.\n");
+      VBDEBUG(("Preamble verfication failed.\n"));
      RSAPublicKeyFree(data_key);
      continue;
    }
@@ -122,7 +122,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    /* Check for rollback of firmware version. */
    if (key_version == tpm_key_version &&
        preamble->firmware_version < tpm_fw_version) {
-      debug("Firmware version rollback detected.\n");
+      VBDEBUG(("Firmware version rollback detected.\n"));
      RSAPublicKeyFree(data_key);
      continue;
    }
@@ -147,13 +147,14 @@ int LoadFirmware(LoadFirmwareParams* params) {
    DigestInit(&lfi->body_digest_context, data_key->algorithm);
    lfi->body_size_accum = 0;
    if (0 != GetFirmwareBody(params, index)) {
-      debug("GetFirmwareBody() failed for index %d\n", index);
+      VBDEBUG(("GetFirmwareBody() failed for index %d\n", index));
      RSAPublicKeyFree(data_key);
      continue;
    }
    if (lfi->body_size_accum != preamble->body_signature.data_size) {
-      debug("Hash updated %d bytes but expected %d\n",
+      VBDEBUG(("Hash updated %d bytes but expected %d\n",
-            (int)lfi->body_size_accum, (int)preamble->body_signature.data_size);
+               (int)lfi->body_size_accum,
               (int)preamble->body_signature.data_size));
      RSAPublicKeyFree(data_key);
      continue;
    }
@@ -161,7 +162,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    /* Verify firmware data */
    body_digest = DigestFinal(&lfi->body_digest_context);
    if (0 != VerifyDigest(body_digest, &preamble->body_signature, data_key)) {
-      debug("Firmware body verification failed.\n");
+      VBDEBUG(("Firmware body verification failed.\n"));
      RSAPublicKeyFree(data_key);
      Free(body_digest);
      continue;
@@ -172,7 +173,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    Free(body_digest);
    /* If we're still here, the firmware is valid. */
-    debug("Firmware %d is valid.\n", index);
+    VBDEBUG(("Firmware %d is valid.\n", index));
    if (-1 == good_index) {
      VbPublicKey *kdest = (VbPublicKey*)params->kernel_sign_key_blob;
@@ -181,7 +182,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
                    (params->kernel_sign_key_size - sizeof(VbPublicKey)));
      if (0 != PublicKeyCopy(kdest, &preamble->kernel_subkey)) {
-        debug("Kernel subkey too big for buffer.\n");
+        VBDEBUG(("Kernel subkey too big for buffer.\n"));
        continue;  /* The firmware signature was good, but the public
                    * key was bigger that the caller can handle. */
      }
@@ -217,23 +218,23 @@ int LoadFirmware(LoadFirmwareParams* params) {
         lowest_fw_version > tpm_fw_version)) {
      if (0 != RollbackFirmwareWrite((uint16_t)lowest_key_version,
                                     (uint16_t)lowest_fw_version)) {
-        debug("Unable to write stored versions.\n");
+        VBDEBUG(("Unable to write stored versions.\n"));
        return LOAD_FIRMWARE_RECOVERY;
      }
    }
    /* Lock firmware versions in TPM */
    if (0 != RollbackFirmwareLock()) {
-      debug("Unable to lock firmware versions.\n");
+      VBDEBUG(("Unable to lock firmware versions.\n"));
      return LOAD_FIRMWARE_RECOVERY;
    }
    /* Success */
-    debug("Will boot firmware index %d\n", (int)params->firmware_index);
+    VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
    return LOAD_FIRMWARE_SUCCESS;
  }
  /* If we're still here, no good firmware, so go to recovery mode. */
-  debug("Alas, no good firmware.\n");
+  VBDEBUG(("Alas, no good firmware.\n"));
  return LOAD_FIRMWARE_RECOVERY;
 }
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -67,7 +67,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
  if (gptdata->primary_header) {
    if (gptdata->modified & GPT_MODIFIED_HEADER1) {
-      debug("Updating GPT header 1\n");
+      VBDEBUG(("Updating GPT header 1\n"));
      if (0 != BootDeviceWriteLBA(1, 1, gptdata->primary_header))
        return 1;
    }
@@ -76,7 +76,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
  if (gptdata->primary_entries) {
    if (gptdata->modified & GPT_MODIFIED_ENTRIES1) {
-      debug("Updating GPT entries 1\n");
+      VBDEBUG(("Updating GPT entries 1\n"));
      if (0 != BootDeviceWriteLBA(2, entries_sectors,
                                  gptdata->primary_entries))
        return 1;
@@ -86,7 +86,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
  if (gptdata->secondary_entries) {
    if (gptdata->modified & GPT_MODIFIED_ENTRIES2) {
-      debug("Updating GPT header 2\n");
+      VBDEBUG(("Updating GPT header 2\n"));
      if (0 != BootDeviceWriteLBA(gptdata->drive_sectors - entries_sectors - 1,
                                  entries_sectors, gptdata->secondary_entries))
        return 1;
@@ -96,7 +96,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
  if (gptdata->secondary_header) {
    if (gptdata->modified & GPT_MODIFIED_HEADER2) {
-      debug("Updating GPT entries 2\n");
+      VBDEBUG(("Updating GPT entries 2\n"));
      if (0 != BootDeviceWriteLBA(gptdata->drive_sectors - 1, 1,
                                  gptdata->secondary_header))
        return 1;
@@ -138,7 +138,7 @@ int LoadKernel(LoadKernelParams* params) {
  if (BOOT_FLAG_RECOVERY & params->boot_flags) {
    if (0 != RollbackKernelRecovery(BOOT_FLAG_DEVELOPER & params->boot_flags
                                    ? 1 : 0)) {
-      debug("Error setting up TPM for recovery kernel\n");
+      VBDEBUG(("Error setting up TPM for recovery kernel\n"));
      return LOAD_KERNEL_RECOVERY;
    }
  }
@@ -147,7 +147,7 @@ int LoadKernel(LoadKernelParams* params) {
    /* Read current kernel key index from TPM.  Assumes TPM is already
     * initialized. */
    if (0 != RollbackKernelRead(&tpm_key_version, &tpm_kernel_version)) {
-      debug("Unable to get kernel versions from TPM\n");
+      VBDEBUG(("Unable to get kernel versions from TPM\n"));
      return LOAD_KERNEL_RECOVERY;
    }
  } else if (is_dev) {
@@ -161,13 +161,13 @@ int LoadKernel(LoadKernelParams* params) {
    gpt.sector_bytes = (uint32_t)blba;
    gpt.drive_sectors = params->ending_lba + 1;
    if (0 != AllocAndReadGptData(&gpt)) {
-      debug("Unable to read GPT data\n");
+      VBDEBUG(("Unable to read GPT data\n"));
      break;
    }
    /* Initialize GPT library */
    if (GPT_SUCCESS != GptInit(&gpt)) {
-      debug("Error parsing GPT\n");
+      VBDEBUG(("Error parsing GPT\n"));
      break;
    }
@@ -184,8 +184,8 @@ int LoadKernel(LoadKernelParams* params) {
      uint64_t key_version;
      uint64_t body_offset;
-      debug("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n",
+      VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n",
-            part_start, part_size);
+              part_start, part_size));
      /* Found at least one kernel partition. */
      found_partitions++;
@@ -199,7 +199,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* Verify the key block */
      key_block = (VbKeyBlockHeader*)kbuf;
      if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) {
-        debug("Verifying key block failed.\n");
+        VBDEBUG(("Verifying key block failed.\n"));
        continue;
      }
@@ -207,13 +207,13 @@ int LoadKernel(LoadKernelParams* params) {
      if (!(key_block->key_block_flags &&
            ((BOOT_FLAG_DEVELOPER & params->boot_flags) ?
             KEY_BLOCK_FLAG_DEVELOPER_1 : KEY_BLOCK_FLAG_DEVELOPER_0))) {
-        debug("Developer flag mismatch.\n");
+        VBDEBUG(("Developer flag mismatch.\n"));
        continue;
      }
      if (!(key_block->key_block_flags &&
            ((BOOT_FLAG_RECOVERY & params->boot_flags) ?
             KEY_BLOCK_FLAG_RECOVERY_1 : KEY_BLOCK_FLAG_RECOVERY_0))) {
-        debug("Recovery flag mismatch.\n");
+        VBDEBUG(("Recovery flag mismatch.\n"));
        continue;
      }
@@ -222,7 +222,7 @@ int LoadKernel(LoadKernelParams* params) {
       * key_version=0 above. */
      key_version = key_block->data_key.key_version;
      if (key_version < tpm_key_version) {
-        debug("Key version too old.\n");
+        VBDEBUG(("Key version too old.\n"));
        continue;
      }
@@ -236,7 +236,7 @@ int LoadKernel(LoadKernelParams* params) {
      if ((0 != VerifyKernelPreamble2(preamble,
                                     KBUF_SIZE - key_block->key_block_size,
                                     data_key))) {
-        debug("Preamble verification failed.\n");
+        VBDEBUG(("Preamble verification failed.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -246,12 +246,12 @@ int LoadKernel(LoadKernelParams* params) {
       * key_version=0 and kernel_version=0 above. */
      if (key_version == tpm_key_version &&
          preamble->kernel_version < tpm_kernel_version) {
-        debug("Kernel version too low.\n");
+        VBDEBUG(("Kernel version too low.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
-      debug("Kernel preamble is good.\n");
+      VBDEBUG(("Kernel preamble is good.\n"));
      /* Check for lowest key version from a valid header. */
      if (lowest_key_version > key_version) {
@@ -272,7 +272,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* Verify body load address matches what we expect */
      if ((preamble->body_load_address != (size_t)params->kernel_buffer) &&
          !(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) {
-        debug("Wrong body load address.\n");
+        VBDEBUG(("Wrong body load address.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -280,7 +280,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* Verify kernel body starts at a multiple of the sector size. */
      body_offset = key_block->key_block_size + preamble->preamble_size;
      if (0 != body_offset % blba) {
-        debug("Kernel body not at multiple of sector size.\n");
+        VBDEBUG(("Kernel body not at multiple of sector size.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -288,7 +288,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* Verify kernel body fits in the partition */
      if (body_offset + preamble->body_signature.data_size >
          part_size * blba) {
-        debug("Kernel body doesn't fit in partition.\n");
+        VBDEBUG(("Kernel body doesn't fit in partition.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -298,7 +298,7 @@ int LoadKernel(LoadKernelParams* params) {
              part_start + (body_offset / blba),
              (preamble->body_signature.data_size + blba - 1) / blba,
              params->kernel_buffer)) {
-        debug("Unable to read kernel data.\n");
+        VBDEBUG(("Unable to read kernel data.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -306,7 +306,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* Verify kernel data */
      if (0 != VerifyData((const uint8_t*)params->kernel_buffer,
                          &preamble->body_signature, data_key)) {
-        debug("Kernel data verification failed.\n");
+        VBDEBUG(("Kernel data verification failed.\n"));
        RSAPublicKeyFree(data_key);
        continue;
      }
@@ -316,7 +316,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* If we're still here, the kernel is valid. */
      /* Save the first good partition we find; that's the one we'll boot */
-      debug("Partiton is good.\n");
+      VBDEBUG(("Partiton is good.\n"));
      /* TODO: GPT partitions start at 1, but cgptlib starts them at 0.
       * Adjust here, until cgptlib is fixed. */
      good_partition = gpt.current_kernel + 1;
@@ -326,7 +326,7 @@ int LoadKernel(LoadKernelParams* params) {
      /* If we're in developer or recovery mode, there's no rollback
       * protection, so we can stop at the first valid kernel. */
      if (!is_normal) {
-        debug("Boot_flags = !is_normal\n");
+        VBDEBUG(("Boot_flags = !is_normal\n"));
        break;
      }
@@ -337,7 +337,7 @@ int LoadKernel(LoadKernelParams* params) {
       * to see if they contain a newer key. */
      if (key_version == tpm_key_version &&
          preamble->kernel_version == tpm_kernel_version) {
-        debug("Same key version\n");
+        VBDEBUG(("Same key version\n"));
        break;
      }
    } /* while(GptNextKernelEntry) */
@@ -352,7 +352,7 @@ int LoadKernel(LoadKernelParams* params) {
  /* Handle finding a good partition */
  if (good_partition >= 0) {
-    debug("Good_partition >= 0\n");
+    VBDEBUG(("Good_partition >= 0\n"));
    /* See if we need to update the TPM */
    if (is_normal) {
@@ -362,13 +362,13 @@ int LoadKernel(LoadKernelParams* params) {
       * forward.  In recovery mode, the TPM stays PP-unlocked, so
       * anything we write gets blown away by the firmware when we go
       * back to normal mode. */
-      debug("Boot_flags = is_normal\n");
+      VBDEBUG(("Boot_flags = is_normal\n"));
      if ((lowest_key_version > tpm_key_version) ||
          (lowest_key_version == tpm_key_version &&
           lowest_kernel_version > tpm_kernel_version)) {
        if (0 != RollbackKernelWrite((uint16_t)lowest_key_version,
                                     (uint16_t)lowest_kernel_version)) {
-          debug("Error writing kernel versions to TPM.\n");
+          VBDEBUG(("Error writing kernel versions to TPM.\n"));
          return LOAD_KERNEL_RECOVERY;
        }
      }
@@ -376,7 +376,7 @@ int LoadKernel(LoadKernelParams* params) {
    /* Lock the kernel versions, since we're about to boot the kernel */
    if (0 != RollbackKernelLock()) {
-      debug("Error locking kernel versions.\n");
+      VBDEBUG(("Error locking kernel versions.\n"));
      return LOAD_KERNEL_RECOVERY;
    }