#
f616d61a |
|
12-Feb-2024 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot do not report expected unverified files By default only report unverified files at severity VE_WANT and above. This inlcudes *.conf but not *.hints, *.cookie or *.tgz which get VE_TRY as their severity. If Verbose is set to 0, then VerifyFlags should default to 0 too. Thus the combination of module_verbose=0 VE_VEBOSE=0 is sufficient to make the loader almost totally silent. When verify_prep has to find_manifest and it is verified ok return VE_NOT_CHECKED to verify_file so that it can skip repeating verify_fd Also add better debugging output for is_verified and add_verify_status. vectx handle compressed modules When verifying a compressed module (.ko.gz or .ko.bz2) stat() reports the size as -1 (unknown). vectx_lseek needs to spot this during closing - and just read until EOF is hit. Note: because of the way libsa's open() works, verify_prep will see the path to be verified as module.ko not module.ko.bz2 etc. This is actually ok, because we need a separate module.ko.bz2 entry so that the package can be verified, and the hash for module.ko is of the uncompressed file which is what vectx will see. Re-work local.trust.mk so site.trust.mk need only set VE_SIGN_URL_LIST (if using the mentioned signing server) interp.c: restrict interactive input Apply the same restrictions to interactive input as for unverified conf and hints files. Use version.veriexec when LOADER_VERIEXEC is yes Reviewed by: kevans Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D43810
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
75e02c45 |
|
23-May-2023 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot ensure correct BUILD_UTC If using stat(1) on BUILD_UTC_FILE we should use -L incase it is a symlink. If we have new enough bmake though we can just use ${BUILD_UTC_FILE:mtime}
|
#
cc9e6590 |
|
18-Apr-2022 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge bearssl-20220418 Main change is a callback for checking validity period of certificates. Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5' Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc
|
#
9bee6a60 |
|
09-May-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot: make it easier to customize trust anchors Avoid making hash self-tests depend on X.509 certs. Include OpenPGP keys in trust store count. Reviewed by: stevek MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20208 |
#
13ea0450 |
|
05-Mar-2019 |
Marcin Wojtas <mw@FreeBSD.org> |
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093 |
#
02a4bc58 |
|
04-Mar-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Allow for reproducible build Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes. Default SOURCE_DATE_EPOCH to 2019-01-01 Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D19464 |
#
5fff9558 |
|
25-Feb-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add libsecureboot Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16335 |
#
9bee6a60 |
|
09-May-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot: make it easier to customize trust anchors Avoid making hash self-tests depend on X.509 certs. Include OpenPGP keys in trust store count. Reviewed by: stevek MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20208
|
#
13ea0450 |
|
05-Mar-2019 |
Marcin Wojtas <mw@FreeBSD.org> |
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093
|
#
02a4bc58 |
|
04-Mar-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Allow for reproducible build Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes. Default SOURCE_DATE_EPOCH to 2019-01-01 Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D19464
|
#
5fff9558 |
|
25-Feb-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add libsecureboot Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16335
|