Changeset View
Changeset View
Standalone View
Standalone View
sbin/veriexec/veriexec.c
Show All 19 Lines | |||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <stdio.h> | |||||
#include <stdlib.h> | #include <stdlib.h> | ||||
#include <string.h> | |||||
#include <sysexits.h> | #include <sysexits.h> | ||||
#include <unistd.h> | #include <unistd.h> | ||||
#include <paths.h> | #include <paths.h> | ||||
#include <fcntl.h> | |||||
#include <err.h> | #include <err.h> | ||||
#include <syslog.h> | #include <syslog.h> | ||||
#ifdef HAVE_BEARSSL | |||||
#include <libsecureboot.h> | #include <libsecureboot.h> | ||||
#endif | |||||
#include <libveriexec.h> | #include <libveriexec.h> | ||||
#include "veriexec.h" | #include "veriexec.h" | ||||
int dev_fd = -1; | int dev_fd = -1; | ||||
int ForceFlags = 0; | int ForceFlags = 0; | ||||
int Verbose = 0; | int Verbose = 0; | ||||
int VeriexecVersion = 0; | int VeriexecVersion = 0; | ||||
const char *Cdir = NULL; | const char *Cdir = NULL; | ||||
static int | static int | ||||
veriexec_load(const char *manifest) | veriexec_load(const char *manifest) | ||||
{ | { | ||||
unsigned char *content; | unsigned char *content; | ||||
int rc; | int rc; | ||||
#ifdef HAVE_BEARSSL | |||||
content = verify_signed(manifest, VEF_VERBOSE); | content = verify_signed(manifest, VEF_VERBOSE); | ||||
if (!content) | if (!content) | ||||
errx(EX_USAGE, "cannot verify %s", manifest); | errx(EX_USAGE, "cannot verify %s", manifest); | ||||
#else | |||||
content = NULL; | |||||
#endif | |||||
if (manifest_open(manifest, content)) { | if (manifest_open(manifest, content)) { | ||||
rc = yyparse(); | rc = yyparse(); | ||||
} else { | } else { | ||||
err(EX_NOINPUT, "cannot load %s", manifest); | err(EX_NOINPUT, "cannot load %s", manifest); | ||||
} | } | ||||
free(content); | free(content); | ||||
return (rc); | return (rc); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 92 Lines • ▼ Show 20 Lines | case 'z': | ||||
} else if (ctl == VERIEXEC_GETSTATE) { | } else if (ctl == VERIEXEC_GETSTATE) { | ||||
printf("%#o\n", x); | printf("%#o\n", x); | ||||
} | } | ||||
exit(EX_OK); | exit(EX_OK); | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
openlog(getprogname(), LOG_PID, LOG_AUTH); | openlog(getprogname(), LOG_PID, LOG_AUTH); | ||||
#ifdef HAVE_BEARSSL | |||||
if (ve_trust_init() < 1) | if (ve_trust_init() < 1) | ||||
errx(EX_OSFILE, "cannot initialize trust store"); | errx(EX_OSFILE, "cannot initialize trust store"); | ||||
#endif | |||||
#ifdef VERIEXEC_GETVERSION | #ifdef VERIEXEC_GETVERSION | ||||
if (ioctl(dev_fd, VERIEXEC_GETVERSION, &VeriexecVersion)) { | if (ioctl(dev_fd, VERIEXEC_GETVERSION, &VeriexecVersion)) { | ||||
VeriexecVersion = 0; /* unknown */ | VeriexecVersion = 0; /* unknown */ | ||||
} | } | ||||
#endif | #endif | ||||
for (; optind < argc; optind++) { | for (; optind < argc; optind++) { | ||||
if (veriexec_load(argv[optind])) { | if (veriexec_load(argv[optind])) { | ||||
err(EX_DATAERR, "cannot load %s", argv[optind]); | err(EX_DATAERR, "cannot load %s", argv[optind]); | ||||
} | } | ||||
} | } | ||||
exit(EX_OK); | exit(EX_OK); | ||||
} | } |