kgess-mirror/freebsd-src
1
0
Fork 0
mirror of https://git.freebsd.org/src.git synced 2026-01-11 19:57:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

libsecureboot: do further checks on files without manifests

Browse source 
verify_prep can return VE_FINGERPRINT_NONE. Consider such scenario so
the VE_GEUSS heuristics works with files that likely will not have
fingerprints in the manifest file.

Obtained from:	Hewlett Packard Enterprise
Reviewed by:	sjg
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D53940
This commit is contained in:
Ka Ho Ng 2025-11-26 21:17:14 -05:00
parent 35232d8edb
commit 52c0749723
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/libsecureboot/verify_file.c
View file

@ -539,7 +539,7 @@ verify_file(int fd, const char *filename, off_t off, int severity,
return (0);
if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) {
if (rc != VE_NOT_CHECKED)
if (rc != VE_NOT_CHECKED && rc != VE_FINGERPRINT_NONE)
return (rc);
if (severity <= VE_GUESS)