Initialize verbosity and debug level from env

For EFI at least, we can seed the environment
with VE_VERBOSE etc.

Reviewed by:	stevek imp
Sponsored by:	Juniper Networks
MFC after:	1 week
Differential Revision:  https://reviews.freebsd.org/D22135

lib/libsecureboot/verify_file.c

@@ -292,6 +292,28 @@ verify_tweak(int fd, off_t off, struct stat *stp,
 	}
 }
 
+#ifndef VE_DEBUG_LEVEL
+# define VE_DEBUG_LEVEL 0
+#endif
+
+static int
+getenv_int(const char *var, int def)
+{
+	const char *cp;
+	char *ep;
+	long val;
+
+	val = def;
+	cp = getenv(var);
+	if (cp && *cp) {
+		val = strtol(cp, &ep, 0);
+		if ((ep && *ep) || val != (int)val) {
+			val = def;
+		}
+	}
+	return (int)val;
+}
+
 /**
  * @brief verify an open file
  *
@@ -331,9 +353,8 @@ verify_file(int fd, const char *filename, off_t off, int severity)
 
 	if (verifying < 0) {
 		verifying = ve_trust_init();
-#ifdef VE_DEBUG_LEVEL
+		verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT);
-		ve_debug_set(VE_DEBUG_LEVEL);
+		ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL));
-#endif
 		/* initialize ve_status with default result */
 		rc = verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING;
 		ve_status_set(0, rc);

lib/libsecureboot/vets.c

@@ -240,7 +240,7 @@ ve_forbidden_digest_add(hash_data *digest, size_t num)
 
 static size_t
 ve_anchors_add(br_x509_certificate *xcs, size_t num, anchor_list *anchors,
-    char *anchors_name)
+    const char *anchors_name)
 {
 	br_x509_trust_anchor ta;
 	size_t u;