From 4b9d605768acabc460aa6dcfe8a1f8db35b16794 Mon Sep 17 00:00:00 2001
From: Stéphane Rochoy <stephane.rochoy@stormshield.eu>
Date: Mon, 4 Dec 2023 10:57:43 +0100
Subject: libsecureboot: be more verbose about validation failures

Reviewed by:	imp, sjg
Pull Request:	https://github.com/freebsd/freebsd-src/pull/916
---
 lib/libsecureboot/vets.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'lib/libsecureboot')

diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c
index 4a2aba433191..c86b198c45c5 100644
--- a/lib/libsecureboot/vets.c
+++ b/lib/libsecureboot/vets.c
@@ -568,9 +568,17 @@ verify_signer_xcs(br_x509_certificate *xcs,
 			ve_error_set("Validation failed, certificate not valid as of %s",
 			    gdate(date, sizeof(date), ve_utc));
 			break;
-		default:
-			ve_error_set("Validation failed, err = %d", err);
-			break;
+		default: {
+			const char *err_desc = NULL;
+			const char *err_name = find_error_name(err, &err_desc);
+
+			if (err_name == NULL)
+				ve_error_set("Validation failed, err = %d",
+				    err);
+			else
+				ve_error_set("Validation failed, %s (%s)",
+				    err_desc, err_name);
+			break; }
 		}
 	} else {
 		tpk = mc.vtable->get_pkey(&mc.vtable, &usages);
-- 
cgit v1.3