The basic idea is that whenever the loader opens a file
it calls verify_file() to verify it.
If that returns < 0, the file should be discarded.
This can obviously cause the boot to fail.
Some parts of the loader like load_elf.c know exactly what they are
dealing with and how important verification is.
load_elf always passes VE_MUST which tells verify_file() that
a matching hash is always required.
Other parts of the loader have no idea what file they are opening
on behalf of loader.rc etc, and these typically pass VE_GUESS
asking verify_file() to decide.
For files like loader.conf, a missing hash can be tollerated so
VE_GUESS maps to VE_TRY, for other files it maps to VE_WANT.
The only difference in behavior from those two depends on how strict
the loader has been told to be, in strict mode (eg for FIPS mode)
VE_WANT is treated as for VE_MUST, otherwise it is treated like VE_TRY.
At no time is a hash error tollerated, all the above only applies to
the case where no hash for a file can be found.
The intergration at this point is aimed to be as simple
Further work for example would be to overhaul load_elf.c
to make use of the more efficient api in libve/vectx.c
but that would be an extensive re-work.