Initialize verbosity and debug level from env

For EFI at least, we can seed the environment with VE_VERBOSE etc. Reviewed by: stevek imp Sponsored by: Juniper Networks MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D22135
svn path=/head/; revision=354038
2024-07-09 04:36:31 +00:00 · 2019-10-24 19:50:18 +00:00 · 2019-10-24 19:50:18 +00:00 · 18e2fbc0d8 · 2020-12-20 02:59:44 +00:00
commit 18e2fbc0d8
parent e5fffe9a69
2 changed files with 25 additions and 4 deletions
--- a/lib/libsecureboot/verify_file.c
+++ b/lib/libsecureboot/verify_file.c
@ -292,6 +292,28 @@ verify_tweak(int fd, off_t off, struct stat *stp,
 	}
 }

+#ifndef VE_DEBUG_LEVEL
+# define VE_DEBUG_LEVEL 0
+#endif
+
+static int
+getenv_int(const char *var, int def)
+{
+	const char *cp;
+	char *ep;
+	long val;
+
+	val = def;
+	cp = getenv(var);
+	if (cp && *cp) {
+		val = strtol(cp, &ep, 0);
+		if ((ep && *ep) || val != (int)val) {
+			val = def;
+		}
+	}
+	return (int)val;
+}
+
 /**
 * @brief verify an open file
 *
@ -331,9 +353,8 @@ verify_file(int fd, const char *filename, off_t off, int severity)

 	if (verifying < 0) {
 		verifying = ve_trust_init();
-#ifdef VE_DEBUG_LEVEL
-		ve_debug_set(VE_DEBUG_LEVEL);
-#endif
+		verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT);
+		ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL));
 		/* initialize ve_status with default result */
 		rc = verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING;
 		ve_status_set(0, rc);
--- a/lib/libsecureboot/vets.c
+++ b/lib/libsecureboot/vets.c
@ -240,7 +240,7 @@ ve_forbidden_digest_add(hash_data *digest, size_t num)

 static size_t
 ve_anchors_add(br_x509_certificate *xcs, size_t num, anchor_list *anchors,
-    char *anchors_name)
+    const char *anchors_name)
 {
 	br_x509_trust_anchor ta;
 	size_t u;