svn commit: r354038 - head/lib/libsecureboot

Simon J. Gerraty sjg at FreeBSD.org
Thu Oct 24 19:50:19 UTC 2019 

Author: sjg
Date: Thu Oct 24 19:50:18 2019
New Revision: 354038
URL: https://svnweb.freebsd.org/changeset/base/354038

Log:
  Initialize verbosity and debug level from env
  
  For EFI at least, we can seed the environment
  with VE_VERBOSE etc.
  
  Reviewed by:	stevek imp
  Sponsored by:	Juniper Networks
  MFC after:	1 week
  Differential Revision:  https://reviews.freebsd.org/D22135

Modified:
  head/lib/libsecureboot/verify_file.c
  head/lib/libsecureboot/vets.c

Modified: head/lib/libsecureboot/verify_file.c
==============================================================================
--- head/lib/libsecureboot/verify_file.c	Thu Oct 24 19:47:32 2019	(r354037)
+++ head/lib/libsecureboot/verify_file.c	Thu Oct 24 19:50:18 2019	(r354038)
@@ -292,6 +292,28 @@ verify_tweak(int fd, off_t off, struct stat *stp,
 	}
 }
 
+#ifndef VE_DEBUG_LEVEL
+# define VE_DEBUG_LEVEL 0
+#endif
+
+static int
+getenv_int(const char *var, int def)
+{
+	const char *cp;
+	char *ep;
+	long val;
+
+	val = def;
+	cp = getenv(var);
+	if (cp && *cp) {
+		val = strtol(cp, &ep, 0);
+		if ((ep && *ep) || val != (int)val) {
+			val = def;
+		}
+	}
+	return (int)val;
+}
+
 /**
  * @brief verify an open file
  *
@@ -331,9 +353,8 @@ verify_file(int fd, const char *filename, off_t off, i
 
 	if (verifying < 0) {
 		verifying = ve_trust_init();
-#ifdef VE_DEBUG_LEVEL
-		ve_debug_set(VE_DEBUG_LEVEL);
-#endif
+		verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT);
+		ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL));
 		/* initialize ve_status with default result */
 		rc = verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING;
 		ve_status_set(0, rc);

Modified: head/lib/libsecureboot/vets.c
==============================================================================
--- head/lib/libsecureboot/vets.c	Thu Oct 24 19:47:32 2019	(r354037)
+++ head/lib/libsecureboot/vets.c	Thu Oct 24 19:50:18 2019	(r354038)
@@ -240,7 +240,7 @@ ve_forbidden_digest_add(hash_data *digest, size_t num)
 
 static size_t
 ve_anchors_add(br_x509_certificate *xcs, size_t num, anchor_list *anchors,
-    char *anchors_name)
+    const char *anchors_name)
 {
 	br_x509_trust_anchor ta;
 	size_t u;

More information about the svn-src-head mailing list