Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libsecureboot/verify_file.c
Show First 20 Lines • Show All 334 Lines • ▼ Show 20 Lines | #endif | ||||
if (rc != VE_NOT_CHECKED) { | if (rc != VE_NOT_CHECKED) { | ||||
ve_status_set(fd, rc); | ve_status_set(fd, rc); | ||||
return (rc); | return (rc); | ||||
} | } | ||||
rc = find_manifest(filename); | rc = find_manifest(filename); | ||||
if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) { | if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) { | ||||
if (severity <= VE_GUESS) | if (severity <= VE_GUESS) | ||||
severity = severity_guess(filename); | severity = severity_guess(filename); | ||||
#ifdef VE_PCR_SUPPORT | |||||
/* | |||||
* Only update pcr with things that must verify | |||||
* these tend to be processed in a more deterministic | |||||
* order, which makes our pseudo pcr more useful. | |||||
*/ | |||||
ve_pcr_updating_set((severity == VE_MUST)); | |||||
#endif | |||||
if ((rc = verify_fd(fd, filename, off, &st)) >= 0) { | if ((rc = verify_fd(fd, filename, off, &st)) >= 0) { | ||||
if (verbose || severity > VE_WANT) { | if (verbose || severity > VE_WANT) { | ||||
#if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 | #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 | ||||
printf("%serified %s %llu,%llu\n", | printf("%serified %s %llu,%llu\n", | ||||
(rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", | (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", | ||||
filename, | filename, | ||||
(long long)st.st_dev, (long long)st.st_ino); | (long long)st.st_dev, (long long)st.st_ino); | ||||
#else | #else | ||||
▲ Show 20 Lines • Show All 73 Lines • Show Last 20 Lines |