xref: /freebsd/sbin/veriexec/veriexec.c (revision 99282790b7d01ec3c4072621d46a0d7302517ad4)
1 /*-
2  * Copyright (c) 2018, Juniper Networks, Inc.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
14  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
15  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
16  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
17  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
19  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 #include <sys/cdefs.h>
26 __FBSDID("$FreeBSD$");
27 
28 #include <stdlib.h>
29 #include <sysexits.h>
30 #include <unistd.h>
31 #include <paths.h>
32 #include <err.h>
33 #include <syslog.h>
34 #include <libsecureboot.h>
35 #include <libveriexec.h>
36 
37 #include "veriexec.h"
38 
39 int dev_fd = -1;
40 int ForceFlags = 0;
41 int Verbose = 0;
42 int VeriexecVersion = 0;
43 
44 const char *Cdir = NULL;
45 
46 static int
47 veriexec_load(const char *manifest)
48 {
49 	unsigned char *content;
50 	int rc;
51 
52 	content = verify_signed(manifest, VEF_VERBOSE);
53 	if (!content)
54 		errx(EX_USAGE, "cannot verify %s", manifest);
55 	if (manifest_open(manifest, content)) {
56 		rc = yyparse();
57 	} else {
58 		err(EX_NOINPUT, "cannot load %s", manifest);
59 	}
60 	free(content);
61 	return (rc);
62 }
63 
64 int
65 main(int argc, char *argv[])
66 {
67 	unsigned long ctl;
68 	int c;
69 	int x;
70 
71 	dev_fd = open(_PATH_DEV_VERIEXEC, O_WRONLY, 0);
72 
73 	while ((c = getopt(argc, argv, "C:i:x:vz:")) != -1) {
74 		switch (c) {
75 		case 'C':
76 			Cdir = optarg;
77 			break;
78 		case 'i':
79 			if (dev_fd < 0) {
80 				err(EX_UNAVAILABLE, "cannot open veriexec");
81 			}
82 			if (ioctl(dev_fd, VERIEXEC_GETSTATE, &x)) {
83 				err(EX_UNAVAILABLE,
84 				    "Cannot get veriexec state");
85 			}
86 			switch (optarg[0]) {
87 			case 'a':	/* active */
88 				ctl = VERIEXEC_STATE_ACTIVE;
89 				break;
90 			case 'e':	/* enforce */
91 				ctl = VERIEXEC_STATE_ENFORCE;
92 				break;
93 			case 'l':	/* loaded/locked */
94 				ctl = (strncmp(optarg, "lock", 4)) ?
95 				    VERIEXEC_STATE_LOCKED :
96 				    VERIEXEC_STATE_LOADED;
97 				break;
98 			default:
99 				errx(EX_USAGE, "unknown state %s", optarg);
100 				break;
101 			}
102 			exit((x & ctl) == 0);
103 			break;
104 		case 'v':
105 			Verbose++;
106 			break;
107 		case 'x':
108 			/*
109 			 * -x says all other args are paths to check.
110 			 */
111 			for (x = 0; optind < argc; optind++) {
112 				if (veriexec_check_path(argv[optind])) {
113 					warn("%s", argv[optind]);
114 					x = 2;
115 				}
116 			}
117 			exit(x);
118 			break;
119 		case 'z':
120 			switch (optarg[0]) {
121 			case 'a':	/* active */
122 				ctl = VERIEXEC_ACTIVE;
123 				break;
124 			case 'd':	/* debug* */
125 				ctl = (strstr(optarg, "off")) ?
126 				    VERIEXEC_DEBUG_OFF : VERIEXEC_DEBUG_ON;
127 				if (optind < argc && ctl == VERIEXEC_DEBUG_ON) {
128 					x = atoi(argv[optind]);
129 					if (x == 0)
130 						ctl = VERIEXEC_DEBUG_OFF;
131 				}
132 				break;
133 			case 'e':	/* enforce */
134 				ctl = VERIEXEC_ENFORCE;
135 				break;
136 			case 'g':
137 				ctl = VERIEXEC_GETSTATE; /* get state */
138 				break;
139 			case 'l':	/* lock */
140 				ctl = VERIEXEC_LOCK;
141 				break;
142 			default:
143 				errx(EX_USAGE, "unknown command %s", optarg);
144 				break;
145 			}
146 			if (dev_fd < 0) {
147 				err(EX_UNAVAILABLE, "cannot open veriexec");
148 			}
149 			if (ioctl(dev_fd, ctl, &x)) {
150 				err(EX_UNAVAILABLE, "cannot %s veriexec", optarg);
151 			}
152 			if (ctl == VERIEXEC_DEBUG_ON ||
153 			    ctl == VERIEXEC_DEBUG_OFF) {
154 				printf("debug is: %d\n", x);
155 			} else if (ctl == VERIEXEC_GETSTATE) {
156 				printf("%#o\n", x);
157 			}
158 			exit(EX_OK);
159 			break;
160 		}
161 	}
162 	openlog(getprogname(), LOG_PID, LOG_AUTH);
163 	if (ve_trust_init() < 1)
164 		errx(EX_OSFILE, "cannot initialize trust store");
165 #ifdef VERIEXEC_GETVERSION
166 	if (ioctl(dev_fd, VERIEXEC_GETVERSION, &VeriexecVersion)) {
167 		VeriexecVersion = 0;	/* unknown */
168 	}
169 #endif
170 
171 	for (; optind < argc; optind++) {
172 		if (veriexec_load(argv[optind])) {
173 			err(EX_DATAERR, "cannot load %s", argv[optind]);
174 		}
175 	}
176 	exit(EX_OK);
177 }
178