Index: sbin/veriexec/Makefile
===================================================================
--- sbin/veriexec/Makefile
+++ sbin/veriexec/Makefile
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <src.opts.mk>
+
 PROG=	veriexec
 MAN=	veriexec.8
 SRCS= \
@@ -7,13 +9,19 @@
 	manifest_parser.y \
 	manifest_lexer.l
 
-LIBADD+= veriexec secureboot bearssl
+LIBADD+= veriexec
+.if ${MK_BEARSSL} != "no"
+LIBADD+= secureboot bearssl
+.endif
 
 NO_SHARED=
 
 .include <bsd.prog.mk>
 
 CFLAGS+= -I${.CURDIR} ${XCFLAGS.${.TARGET:T:R}:U}
+.if ${MK_BEARSSL} != "no"
+CFLAGS+= -DHAVE_BEARSSL
+.endif
 
 XCFLAGS.manifest_lexer+= -Wno-missing-variable-declarations \
 	-Wno-unneeded-internal-declaration
Index: sbin/veriexec/manifest_lexer.l
===================================================================
--- sbin/veriexec/manifest_lexer.l
+++ sbin/veriexec/manifest_lexer.l
@@ -124,10 +124,14 @@
 		fclose(yyin);
 	}
 
-	str_buf.buf  = file_content;
-	str_buf.pos  = 0;
-	str_buf.size = strlen(file_content);
-	yyin = fropen(&str_buf, read_string_buf);
+	if (file_content) {
+		str_buf.buf  = file_content;
+		str_buf.pos  = 0;
+		str_buf.size = strlen(file_content);
+		yyin = fropen(&str_buf, read_string_buf);
+	} else {
+		yyin = fopen(file, "r");
+	}
 	if (yyin) {
 		manifest_file = strdup(file);
 		lineno = 1;
Index: sbin/veriexec/veriexec.h
===================================================================
--- sbin/veriexec/veriexec.h
+++ sbin/veriexec/veriexec.h
@@ -31,6 +31,8 @@
 #include <sys/ioctl.h>
 #include <dev/veriexec/veriexec_ioctl.h>
 
+#include <stdio.h>
+
 extern int dev_fd;
 extern int parser_version;
 extern int ForceFlags;
Index: sbin/veriexec/veriexec.c
===================================================================
--- sbin/veriexec/veriexec.c
+++ sbin/veriexec/veriexec.c
@@ -25,13 +25,18 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <sysexits.h>
 #include <unistd.h>
 #include <paths.h>
+#include <fcntl.h>
 #include <err.h>
 #include <syslog.h>
+#ifdef HAVE_BEARSSL
 #include <libsecureboot.h>
+#endif
 #include <libveriexec.h>
 
 #include "veriexec.h"
@@ -49,9 +54,13 @@
 	unsigned char *content;
 	int rc;
 
+#ifdef HAVE_BEARSSL
 	content = verify_signed(manifest, VEF_VERBOSE);
 	if (!content)
 		errx(EX_USAGE, "cannot verify %s", manifest);
+#else
+	content = NULL;
+#endif
 	if (manifest_open(manifest, content)) {
 		rc = yyparse();
 	} else {
@@ -160,8 +169,10 @@
 		}
 	}
 	openlog(getprogname(), LOG_PID, LOG_AUTH);
+#ifdef HAVE_BEARSSL
 	if (ve_trust_init() < 1)
 		errx(EX_OSFILE, "cannot initialize trust store");
+#endif
 #ifdef VERIEXEC_GETVERSION
 	if (ioctl(dev_fd, VERIEXEC_GETVERSION, &VeriexecVersion)) {
 		VeriexecVersion = 0;	/* unknown */