| #
f616d61a |
| 12-Feb-2024 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot do not report expected unverified files
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY
libsecureboot do not report expected unverified files
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
show more ...
|
|
Revision tags: release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| #
d1dfe419 |
| 15-Apr-2023 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot allow site.trust.mk to override settings
The current content of local.trust.mk is mostly for example
purposes.
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0 |
|
| #
f2be828f |
| 20-Jul-2020 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Revert that!
|
| #
e17f5b1d |
| 20-Jul-2020 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Oops missed Makefile.config
|
|
Revision tags: release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
7f49ce7a |
| 28-Jun-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @349476
Sponsored by: The FreeBSD Foundation
|
| #
f9510887 |
| 27-Jun-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot: allow OpenPGP support to be dormant
Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.
Ensure we do not add duplicate keys to trust store.
libsecureboot: allow OpenPGP support to be dormant
Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.
Ensure we do not add duplicate keys to trust store.
Also allow reporting names of trust anchors added/revoked
We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.
Reviewed by: stevek
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20700
show more ...
|
| #
7648bc9f |
| 13-May-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @347527
Sponsored by: The FreeBSD Foundation
|
| #
9bee6a60 |
| 10-May-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
libsecureboot: make it easier to customize trust anchors
Avoid making hash self-tests depend on X.509 certs.
Include OpenPGP keys in trust store count.
Reviewed by: stevek
MFC after: 1 week
Sponsor
libsecureboot: make it easier to customize trust anchors
Avoid making hash self-tests depend on X.509 certs.
Include OpenPGP keys in trust store count.
Reviewed by: stevek
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D20208
show more ...
|
| #
2aaf9152 |
| 18-Mar-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead@r345275
|
| #
ff511f1f |
| 11-Mar-2019 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r344996
|
| #
13ea0450 |
| 06-Mar-2019 |
Marcin Wojtas <mw@FreeBSD.org> |
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation
UEFI related headers were copied from edk2.
A new build option "MK_LOADER_EFI_SECUREBOOT" was added
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation
UEFI related headers were copied from edk2.
A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow
loading of trusted anchors from UEFI.
Certificate revocation support is also introduced.
The forbidden certificates are loaded from dbx variable.
Verification fails in two cases:
There is a direct match between cert in dbx and the one in the chain.
The CA used to sign the chain is found in dbx.
One can also insert a hash of TBS section of a certificate into dbx.
In this case verifications fails only if a direct match with a
certificate in chain is found.
Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19093
show more ...
|
| #
b18a4cca |
| 05-Mar-2019 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r344786
|
| #
844fc3e9 |
| 04-Mar-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r344549 through r344775.
|
| #
5fff9558 |
| 26-Feb-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Add libsecureboot
Used by loader and veriexec
Depends on libbearssl
Reviewed by: emaste
Sponsored by: Juniper Networks
Differential Revision: D16335
|