2 * Copyright (c) 2017-2018, Juniper Networks, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
14 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
15 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
16 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
17 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
19 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 #include <sys/cdefs.h>
26 __FBSDID("$FreeBSD$");
28 #include "../libsecureboot-priv.h"
32 #include <verify_file.h>
39 main(int argc, char *argv[])
55 printf("Trust %d\n", n);
58 while ((c = getopt(argc, argv, "D:dp:s:T:V")) != -1) {
62 DestdirLen = strlen(optarg);
74 n = ve_trust_add(optarg);
75 printf("Local trust %s: %d\n", optarg, n);
81 errx(1, "unknown option: -%c", c);
87 ve_pcr_updating_set(1);
91 for ( ; optind < argc; optind++) {
94 * Simulate what loader does.
95 * verify_file should "just work"
97 fd = open(argv[optind], O_RDONLY);
100 * See if verify_file is happy
104 x = verify_file(fd, argv[optind], 0, VE_GUESS, __func__);
105 printf("verify_file(%s) = %d\n", argv[optind], x);
110 #ifdef VE_OPENPGP_SUPPORT
111 if (strstr(argv[optind], "asc")) {
112 cp = (char *)verify_asc(argv[optind], 1);
114 printf("Verified: %s: %.28s...\n",
116 fingerprint_info_add(argv[optind],
117 prefix, Skip, cp, NULL);
119 fprintf(stderr, "%s: %s\n",
120 argv[optind], ve_error_get());
124 if (strstr(argv[optind], "sig")) {
125 cp = (char *)verify_sig(argv[optind], 1);
127 printf("Verified: %s: %.28s...\n",
129 fingerprint_info_add(argv[optind],
130 prefix, Skip, cp, NULL);
132 fprintf(stderr, "%s: %s\n",
133 argv[optind], ve_error_get());
135 } else if (strstr(argv[optind], "manifest")) {
136 cp = (char *)read_file(argv[optind], NULL);
138 fingerprint_info_add(argv[optind],
139 prefix, Skip, cp, NULL);
142 fd = verify_open(argv[optind], O_RDONLY);
143 printf("verify_open(%s) = %d %s\n", argv[optind], fd,
144 (fd < 0) ? ve_error_get() : "");
147 * Check that vectx_* can also verify the file.
156 lseek(fd, 0, SEEK_SET);
157 off = st.st_size % 512;
158 vp = vectx_open(fd, argv[optind], off,
159 &st, &error, __func__);
161 printf("vectx_open(%s) failed: %d %s\n",
165 off = vectx_lseek(vp,
166 (st.st_size % 1024), SEEK_SET);
167 /* we can seek backwards! */
168 off = vectx_lseek(vp, off/2, SEEK_SET);
169 if (off < st.st_size) {
170 n = vectx_read(vp, buf,
175 off = vectx_lseek(vp, 0, SEEK_END);
176 /* repeating that should be harmless */
177 off = vectx_lseek(vp, 0, SEEK_END);
178 error = vectx_close(vp, VE_MUST, __func__);
180 printf("vectx_close(%s) == %d %s\n",
184 printf("vectx_close: Verified: %s\n",
192 #ifdef VE_PCR_SUPPORT
194 printf("pcr=%s\n", getenv("loader.ve.pcr"));