Pass severity to vectx_open() rather than vectx_close() - src

diff options


context:
space:
mode:

author	Simon J. Gerraty <sjg@FreeBSD.org>	2026-04-10 17:43:15 +0000
committer	Simon J. Gerraty <sjg@FreeBSD.org>	2026-04-10 17:46:54 +0000
commit	35bbdfad28626255c63360d98c45e41f2c692ef0 (patch)
tree	e03fcfd9fd379c4246a2e29f4160d582db89ede2 /lib/libsecureboot
parent	fc68534a9ad93f6df1756ffa8e707c30a35ce4d7 (diff)

Diffstat (limited to 'lib/libsecureboot')

-rw-r--r--

lib/libsecureboot/h/verify_file.h

-rw-r--r--

lib/libsecureboot/tests/tvo.c

-rw-r--r--

lib/libsecureboot/vectx.c

-rw-r--r--

lib/libsecureboot/verify_file.c

4 files changed, 40 insertions, 22 deletions

diff --git a/lib/libsecureboot/h/verify_file.h b/lib/libsecureboot/h/verify_file.h
index f918ed6d0e38..19bef24b1dee 100644
--- a/lib/libsecureboot/h/verify_file.h
+++ b/lib/libsecureboot/h/verify_file.h

@@ -51,6 +51,7 @@ int ve_status_get(int);

int load_manifest(const char *, const char *, const char *, struct stat *);

int pass_manifest(const char *, const char *);

int pass_manifest_export_envs(void);

+int severity_guess(const char *);

void verify_report(const char *, int, int, struct stat *);

int verify_file(int, const char *, off_t, int, const char *);

void verify_pcr_export(void);

@@ -59,9 +60,9 @@ int is_verified(struct stat *);

void add_verify_status(struct stat *, int);

struct vectx;

-struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *, const char *);

+struct vectx* vectx_open(int, const char *, int, off_t, struct stat *, int *, const char *);

ssize_t vectx_read(struct vectx *, void *, size_t);

off_t vectx_lseek(struct vectx *, off_t, int);

-int vectx_close(struct vectx *, int, const char *);

+int vectx_close(struct vectx *, const char *);

#endif /* _VERIFY_FILE_H_ */

diff --git a/lib/libsecureboot/tests/tvo.c b/lib/libsecureboot/tests/tvo.c
index 7851e79c5a2a..407fcbefd6db 100644
--- a/lib/libsecureboot/tests/tvo.c
+++ b/lib/libsecureboot/tests/tvo.c

@@ -170,8 +170,8 @@ main(int argc, char *argv[])

fstat(fd, &st);

lseek(fd, 0, SEEK_SET);

off = st.st_size % 512;

- vp = vectx_open(fd, argv[optind], off,

- &st, &error, __func__);

+ vp = vectx_open(fd, argv[optind], VE_GUESS,

+ off, &st, &error, __func__);

if (!vp) {

printf("vectx_open(%s) failed: %d %s\n",

argv[optind], error,

@@ -190,7 +190,7 @@ main(int argc, char *argv[])

off = vectx_lseek(vp, 0, SEEK_END);

/* repeating that should be harmless */

off = vectx_lseek(vp, 0, SEEK_END);

- error = vectx_close(vp, VE_MUST, __func__);

+ error = vectx_close(vp, __func__);

if (error) {

printf("vectx_close(%s) == %d %s\n",

argv[optind], error,

diff --git a/lib/libsecureboot/vectx.c b/lib/libsecureboot/vectx.c
index 2d56830cd81d..4b42293a0d93 100644
--- a/lib/libsecureboot/vectx.c
+++ b/lib/libsecureboot/vectx.c

@@ -60,6 +60,7 @@ struct vectx {

int vec_fd; /* file descriptor */

int vec_status; /* verification status */

int vec_closing; /* we are closing */

+ int vec_severity; /* usually VE_MUST */

};

@@ -93,7 +94,8 @@ struct vectx {

* NULL is only returned for non-files or out-of-memory.

struct vectx *

-vectx_open(int fd, const char *path, off_t off, struct stat *stp,

+vectx_open(int fd, const char *path, int severity,

+ off_t off, struct stat *stp,

int *error, const char *caller)

{

struct vectx *ctx;

@@ -106,14 +108,19 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp,

stp = &st;

rc = verify_prep(fd, path, off, stp, __func__);

+ if (severity == VE_GUESS)

+ severity = severity_guess(path);

DEBUG_PRINTF(2,

- ("vectx_open: caller=%s,fd=%d,name='%s',prep_rc=%d\n",

- caller, fd, path, rc));

+ ("vectx_open: caller=%s,fd=%d,name='%s',prep_rc=%d,severity=%d\n",

+ caller, fd, path, rc, severity));

switch (rc) {

case VE_FINGERPRINT_NONE:

case VE_FINGERPRINT_UNKNOWN:

+ if (severity < VE_MUST)

+ break;

+ /* FALLTHROUGH */

case VE_FINGERPRINT_WRONG:

*error = rc;

return (NULL);

@@ -127,19 +134,24 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp,

ctx->vec_off = 0;

ctx->vec_hashed = 0;

ctx->vec_want = NULL;

+ ctx->vec_severity = severity;

ctx->vec_status = 0;

ctx->vec_hashsz = hashsz = 0;

ctx->vec_closing = 0;

- if (rc == 0) {

+ if (rc == VE_UNVERIFIED_OK) {

/* we are not verifying this */

*error = 0;

return (ctx);

}

cp = fingerprint_info_lookup(fd, path);

if (!cp) {

- ctx->vec_status = VE_FINGERPRINT_NONE;

- ve_error_set("%s: no entry", path);

+ if (severity < VE_MUST)

+ ctx->vec_status = VE_UNVERIFIED_OK;

+ else {

+ ctx->vec_status = VE_FINGERPRINT_NONE;

+ ve_error_set("%s: no entry", path);

+ }

} else {

if (strncmp(cp, "no_hash", 7) == 0) {

ctx->vec_status = VE_FINGERPRINT_IGNORE;

@@ -167,8 +179,12 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp,

cp += 7;

#endif

} else {

- ctx->vec_status = VE_FINGERPRINT_UNKNOWN;

- ve_error_set("%s: no supported fingerprint", path);

+ if (severity < VE_MUST)

+ ctx->vec_status = VE_UNVERIFIED_OK;

+ else {

+ ctx->vec_status = VE_FINGERPRINT_UNKNOWN;

+ ve_error_set("%s: no supported fingerprint", path);

+ }

}

*error = ctx->vec_status;

@@ -183,9 +199,9 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp,

}

DEBUG_PRINTF(2,

- ("vectx_open: caller=%s,name='%s',hashsz=%lu,status=%d\n",

+ ("vectx_open: caller=%s,name='%s',hashsz=%lu,severity=%d,status=%d\n",

caller, path, (unsigned long)ctx->vec_hashsz,

- ctx->vec_status));

+ severity, ctx->vec_status));

return (ctx);

enomem: /* unlikely */

@@ -379,7 +395,7 @@ vectx_lseek(struct vectx *ctx, off_t off, int whence)

* @return 0 or an error.

int

-vectx_close(struct vectx *ctx, int severity, const char *caller)

+vectx_close(struct vectx *ctx, const char *caller)

{

int rc;

@@ -393,7 +409,7 @@ vectx_close(struct vectx *ctx, int severity, const char *caller)

* these tend to be processed in a more deterministic

* order, which makes our pseudo pcr more useful.

- ve_pcr_updating_set((severity == VE_MUST));

+ ve_pcr_updating_set((ctx->vec_severity == VE_MUST));

#endif

/* make sure we have hashed it all */

vectx_lseek(ctx, 0, SEEK_END);

@@ -401,13 +417,13 @@ vectx_close(struct vectx *ctx, int severity, const char *caller)

ctx->vec_path, ctx->vec_want, ctx->vec_hashsz);

}

DEBUG_PRINTF(2,

- ("vectx_close: caller=%s,name='%s',rc=%d,severity=%d\n",

- caller,ctx->vec_path, rc, severity));

- verify_report(ctx->vec_path, severity, rc, NULL);

+ ("vectx_close: caller=%s,name='%s',severity=%d,rc=%d\n",

+ caller,ctx->vec_path, ctx->vec_severity, rc));

+ verify_report(ctx->vec_path, ctx->vec_severity, rc, NULL);

if (rc == VE_FINGERPRINT_WRONG) {

#if !defined(UNIT_TEST) && !defined(DEBUG_VECTX)

/* we are generally called with VE_MUST */

- if (severity > VE_WANT)

+ if (ctx->vec_severity > VE_WANT)

panic("cannot continue");

#endif

}

diff --git a/lib/libsecureboot/verify_file.c b/lib/libsecureboot/verify_file.c
index ee263dafe774..b1aad36672d0 100644
--- a/lib/libsecureboot/verify_file.c
+++ b/lib/libsecureboot/verify_file.c

@@ -271,7 +271,7 @@ find_manifest(const char *name)

# define ACCEPT_NO_FP_DEFAULT VE_MUST

#endif

-static int

+int

severity_guess(const char *filename)

{

const char *cp;

@@ -285,6 +285,7 @@ severity_guess(const char *filename)

if ((cp = strrchr(filename, '.'))) {

if (strcmp(cp, ".cookie") == 0 ||

+ strcmp(cp, ".dof") == 0 ||

strcmp(cp, ".hints") == 0 ||

strcmp(cp, ".order") == 0 ||

strcmp(cp, ".tgz") == 0)