Remove $FreeBSD$: one-line .c patternRemove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocationUEFI related headers were copied from edk2.A new build option "MK_LOADER_EFI_SECUREBOOT" was added
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocationUEFI related headers were copied from edk2.A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allowloading of trusted anchors from UEFI.Certificate revocation support is also introduced.The forbidden certificates are loaded from dbx variable.Verification fails in two cases:There is a direct match between cert in dbx and the one in the chain.The CA used to sign the chain is found in dbx.One can also insert a hash of TBS section of a certificate into dbx.In this case verifications fails only if a direct match with acertificate in chain is found.Submitted by: Kornel Duleba <mindal@semihalf.com>Reviewed by: sjgObtained from: SemihalfSponsored by: StormshieldDifferential Revision: https://reviews.freebsd.org/D19093
show more ...