2 * Copyright (c) 2017-2018, Juniper Networks, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
14 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
15 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
16 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
17 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
19 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 #include <sys/cdefs.h>
26 __FBSDID("$FreeBSD$");
28 #include "../libsecureboot-priv.h"
32 #include <verify_file.h>
37 main(int argc, char *argv[])
50 printf("Trust %d\n", n);
53 while ((c = getopt(argc, argv, "dp:s:T:V")) != -1) {
65 n = ve_trust_add(optarg);
66 printf("Local trust %s: %d\n", optarg, n);
72 errx(1, "unknown option: -%c", c);
78 ve_pcr_updating_set(1);
82 for ( ; optind < argc; optind++) {
85 * Simulate what loader does.
86 * verify_file should "just work"
88 fd = open(argv[optind], O_RDONLY);
91 * See if verify_file is happy
95 x = verify_file(fd, argv[optind], 0, VE_GUESS);
96 printf("verify_file(%s) = %d\n", argv[optind], x);
101 #ifdef VE_OPENPGP_SUPPORT
102 if (strstr(argv[optind], "asc")) {
103 cp = (char *)verify_asc(argv[optind], 1);
105 printf("Verified: %s: %.28s...\n",
107 fingerprint_info_add(argv[optind],
108 prefix, Skip, cp, NULL);
110 fprintf(stderr, "%s: %s\n",
111 argv[optind], ve_error_get());
115 if (strstr(argv[optind], "sig")) {
116 cp = (char *)verify_sig(argv[optind], 1);
118 printf("Verified: %s: %.28s...\n",
120 fingerprint_info_add(argv[optind],
121 prefix, Skip, cp, NULL);
123 fprintf(stderr, "%s: %s\n",
124 argv[optind], ve_error_get());
126 } else if (strstr(argv[optind], "manifest")) {
127 cp = (char *)read_file(argv[optind], NULL);
129 fingerprint_info_add(argv[optind],
130 prefix, Skip, cp, NULL);
133 fd = verify_open(argv[optind], O_RDONLY);
134 printf("verify_open(%s) = %d %s\n", argv[optind], fd,
135 (fd < 0) ? ve_error_get() : "");
138 * Check that vectx_* can also verify the file.
147 lseek(fd, 0, SEEK_SET);
148 off = st.st_size % 512;
149 vp = vectx_open(fd, argv[optind], off,
152 printf("vectx_open(%s) failed: %d %s\n",
156 off = vectx_lseek(vp,
157 (st.st_size % 1024), SEEK_SET);
159 if (off < st.st_size) {
160 n = vectx_read(vp, buf,
165 off = vectx_lseek(vp, 0, SEEK_END);
166 /* repeating that should be harmless */
167 off = vectx_lseek(vp, 0, SEEK_END);
168 error = vectx_close(vp);
170 printf("vectx_close(%s) == %d %s\n",
174 printf("vectx_close: Verified: %s\n",
182 #ifdef VE_PCR_SUPPORT
184 printf("pcr=%s\n", getenv("loader.ve.pcr"));