- log_dbg("Verification of data in userspace required.");
- r = VERITY_verify(cd, verity_hdr,
- root_hash, root_hash_size);
+ if (signature_description) {
+ log_err(cd, _("Root hash signature verification is not supported."));
+ return -EINVAL;
+ }
+
+ log_dbg(cd, "Verification of data in userspace required.");
+ r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size);
+
+ if (r == -EPERM && fec_device) {
+ log_dbg(cd, "Verification failed, trying to repair with FEC device.");
+ r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors);
+ if (r < 0)
+ log_err(cd, _("Errors cannot be repaired with FEC device."));
+ else if (fec_errors)
+ log_err(cd, _("Found %u repairable errors with FEC device."),
+ fec_errors);
+ }
+