diff --git a/sbin/veriexec/manifest_parser.y b/sbin/veriexec/manifest_parser.y
--- a/sbin/veriexec/manifest_parser.y
+++ b/sbin/veriexec/manifest_parser.y
@@ -290,12 +290,16 @@
 
 #ifdef VERIEXEC_LABEL
 	if (params->flags & VERIEXEC_LABEL) {
-		if (ioctl(dev_fd, VERIEXEC_LABEL_LOAD, &lparams) < 0)
+		if (ioctl(dev_fd, VERIEXEC_LABEL_LOAD, &lparams) < 0) {
 			warn("cannot update veriexec label for %s",
 			    params->file);
+			FailedVerifiedFileInjection++;
+		}
 	} else
 #endif
-	if (ioctl(dev_fd, VERIEXEC_SIGNED_LOAD, params) < 0)
+	if (ioctl(dev_fd, VERIEXEC_SIGNED_LOAD, params) < 0) {
 		warn("cannot update veriexec for %s", params->file);
+		FailedVerifiedFileInjection++;
+	}
 	params->fp_type[0] = '\0';
 }
diff --git a/sbin/veriexec/veriexec.h b/sbin/veriexec/veriexec.h
--- a/sbin/veriexec/veriexec.h
+++ b/sbin/veriexec/veriexec.h
@@ -37,6 +37,7 @@
 extern int Verbose;
 extern int VeriexecVersion;
 extern const char *Cdir;
+extern int FailedVerifiedFileInjection;
 
 #define VERBOSE(n, x) if (Verbose > n) printf x
 
diff --git a/sbin/veriexec/veriexec.c b/sbin/veriexec/veriexec.c
--- a/sbin/veriexec/veriexec.c
+++ b/sbin/veriexec/veriexec.c
@@ -42,6 +42,8 @@
 int ForceFlags = 0;
 int Verbose = 0;
 int VeriexecVersion = 0;
+int FailedVerifiedFileInjection = 0;
+
 const char *Cdir = NULL;
 
 /*!
@@ -52,8 +54,10 @@
 static int
 veriexec_usage()
 {
-	printf("%s",
-	    "Usage:\tveriexec [-h] [-i state] [-C] [-xv state|verbosity] [path]\n");
+	printf("%s","Usage:\tveriexec [-h] [-C path] [-S] [-s] [-v] [path]\n"
+	    "\t\tveriexec -i state\n"
+	    "\t\tveriexec -x path...\n"
+	    "\t\tveriexec -z state\n");
 
 	return (0);
 }
@@ -142,13 +146,14 @@
 	uint32_t state;
 	char c;
 	int x;
+	int strict_mode = 0;
 
 	if (argc < 2)
 		return (veriexec_usage());
 
 	dev_fd = open(_PATH_DEV_VERIEXEC, O_WRONLY, 0);
 
-	while ((c = getopt(argc, argv, "hC:i:Sxvz:")) != -1) {
+	while ((c = getopt(argc, argv, "hC:i:Ssxvz:")) != -1) {
 		switch (c) {
 		case 'h':
 			/* Print usage info */
@@ -178,6 +183,10 @@
 			/* Strictly enforce certificate validity */
 			ve_enforce_validity_set(1);
 			break;
+		case 's':
+			/* Return an error in case of failed ioctls when sending new verified files */
+			strict_mode = 1;
+			break;
 		case 'v':
 			/* Increase the verbosity */
 
@@ -269,5 +278,5 @@
 			err(EX_DATAERR, "cannot load %s", argv[optind]);
 		}
 	}
-	exit(EX_OK);
+	exit((strict_mode && (FailedVerifiedFileInjection > 0)) ? EX_OSERR : EX_OK);
 }