History log of /freebsd/lib/libsecureboot/tests/tvo.c (Results 1 – 10 of 10)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: release/14.0.0
# 1d386b48 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/


Revision tags: release/13.2.0, release/12.4.0, release/13.1.0
# 66655411 18-Apr-2022 Simon J. Gerraty <sjg@FreeBSD.org>

Update libsecureboot

Preparation for updating bearssl, pull in updates to libsecureboot.

o fix handling of some out-of-memory cases

o allow more control over reporting of Verified/Unverified files

Update libsecureboot

Preparation for updating bearssl, pull in updates to libsecureboot.

o fix handling of some out-of-memory cases

o allow more control over reporting of Verified/Unverified files.
this helps boot time when console output is slow

o recheck verbose/debug level after reading any unverified file

o more debug support for vectx

o hash_string to support fake stat for tftp

o tests/tvo add -v to simply verify signatures

o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
verification in loader

o report date when certificate fails validity period checks

Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.

show more ...


Revision tags: release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0
# 16b90565 10-Mar-2020 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r358731 through r358831.


# afc571b1 08-Mar-2020 Simon J. Gerraty <sjg@FreeBSD.org>

veloader use vectx API for kernel and modules

The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to loa

veloader use vectx API for kernel and modules

The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform. On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by: imp,tsoome
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org//D23827

show more ...


Revision tags: release/12.1.0, release/11.3.0
# 0269ae4c 06-Jun-2019 Alan Somers <asomers@FreeBSD.org>

MFHead @348740

Sponsored by: The FreeBSD Foundation


# 980bde58 19-May-2019 Simon J. Gerraty <sjg@FreeBSD.org>

libsecureboot: allow control of when pseudo pcr is updated

During boot we only want to measure things which *must*
be verified - this should provide more deterministic ordering.

Reviewed by: stevek

libsecureboot: allow control of when pseudo pcr is updated

During boot we only want to measure things which *must*
be verified - this should provide more deterministic ordering.

Reviewed by: stevek
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D20297

show more ...


# 2aaf9152 18-Mar-2019 Alan Somers <asomers@FreeBSD.org>

MFHead@r345275


# b18a4cca 05-Mar-2019 Enji Cooper <ngie@FreeBSD.org>

MFhead@r344786


# 844fc3e9 04-Mar-2019 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r344549 through r344775.


# 5fff9558 26-Feb-2019 Simon J. Gerraty <sjg@FreeBSD.org>

Add libsecureboot

Used by loader and veriexec
Depends on libbearssl

Reviewed by: emaste
Sponsored by: Juniper Networks
Differential Revision: D16335