From nobody Thu Nov 27 02:18:51 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dH0V41M2hz6J6FD for ; Thu, 27 Nov 2025 02:18:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dH0V36Hhcz3FrL for ; Thu, 27 Nov 2025 02:18:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764209931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e2xi/ao9+BCRJbMC1OuTATX7l8zI+aLGyBB0wIEuskY=; b=fw9c4MqAQavpbN2bKZGgP+cwc2YXJ3qPODj7FqVM2ejZcDqcO2siHqTH6vwsQDv1bCxdiU t5pzRE04Het7HcTyQmQEPnT4QmGygwbiQossELOIZXVIySoyZZrrpG0aZ9vLaWGCtRaCL5 Fv/sRBV92hrXFaZCA5fiPWlAiUxa4soSWdfsMgEEE9l26pXWu9lxXnExaHBu7PT/HZnJw3 aiBFZx0rVul0CJVyGbSbVP3RXdN16vjgqoCZkX71Bx7MWNPjqytkADp6dzFfUmzWkEkhkU Td70lc2NRwpfcemZphpWj2WXYenzQLfQvfWc5eWOz3+EzzHAFtl823Kz1XArRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764209931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e2xi/ao9+BCRJbMC1OuTATX7l8zI+aLGyBB0wIEuskY=; b=l/SDpWBdIHpmB5puUsKKJ0259FoVqeOol9rWh2V4PGAjVBV9zY6gByoysCac6gtXecK9ME hd0xFlSjXkGyOtezasM/dvz0luNxCLVr+zO5vI5yRfToCQlKjx8baSIGPKPG8Jcvs6nUiS oZwrZ34e4CdZYPHLlCLC7dc0ZkgL932J3eKz3ZlmsFXxyuPOe9UEXJ7LxFd7WZuGoW6QSx dZIfAAiaTXL7bW2t5EkBFobWx6ju1JiSngOeZTRz8twHDNwEu4FiBHUN8zmDd6YQ5Ez2mm 1R8sXc5Dhp22T3gyctQbqb8Hty68xk8EH2yfJIBvoYY5b8yHAD8xCRPOMHMQPg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1764209931; a=rsa-sha256; cv=none; b=HrKrnCLDNxHWzbQaWpyJTgsBE8J40enbZ0plue4/mU/VKimSXvc6BabuPVCQsxD9rS6D9s ugCYixUYhWHRrbA2z6ONbzULjnM0QouqXjnUuiCtMercCQXM8XNgalRrDxWqmc+YwKJVQ1 MYwqJ7XHnhqa+L9gsVTp4F5bjGFn5L//yPydK7oKjdDIa5wcXG5asYdHVs3dR2n+UVhf7S /Gi/xh0yu6XYSXIYlnjuJ+08HvWl+j6E8aRDc2gRyIZ5zAje7TPZ0nzp2dMCAEdfiGZfCT v/WaJMPJIgcOtlMKowP4Ua3yV6xGhPRkre0KquBVkm8NS/VAFSWfuauOHW4X8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dH0V35Frrz1C6y for ; Thu, 27 Nov 2025 02:18:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 2c780 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 27 Nov 2025 02:18:51 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ka Ho Ng Subject: git: 52c0749723bd - main - libsecureboot: do further checks on files without manifests List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: khng X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 52c0749723bd80017fb0c0487440762a783ad323 Auto-Submitted: auto-generated Date: Thu, 27 Nov 2025 02:18:51 +0000 Message-Id: <6927b50b.2c780.4b67f7f9@gitrepo.freebsd.org> The branch main has been updated by khng: URL: https://cgit.FreeBSD.org/src/commit/?id=52c0749723bd80017fb0c0487440762a783ad323 commit 52c0749723bd80017fb0c0487440762a783ad323 Author: Ka Ho Ng AuthorDate: 2025-11-27 02:17:14 +0000 Commit: Ka Ho Ng CommitDate: 2025-11-27 02:18:23 +0000 libsecureboot: do further checks on files without manifests verify_prep can return VE_FINGERPRINT_NONE. Consider such scenario so the VE_GEUSS heuristics works with files that likely will not have fingerprints in the manifest file. Obtained from: Hewlett Packard Enterprise Reviewed by: sjg MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D53940 --- lib/libsecureboot/verify_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libsecureboot/verify_file.c b/lib/libsecureboot/verify_file.c index 753204a33b6a..ee263dafe774 100644 --- a/lib/libsecureboot/verify_file.c +++ b/lib/libsecureboot/verify_file.c @@ -539,7 +539,7 @@ verify_file(int fd, const char *filename, off_t off, int severity, return (0); if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) { - if (rc != VE_NOT_CHECKED) + if (rc != VE_NOT_CHECKED && rc != VE_FINGERPRINT_NONE) return (rc); if (severity <= VE_GUESS)