loader: Remove unused variable

Reported by: lwshu, ci@

loader: Add pnp functions for autoloading modules based on linker.hints

This adds some new commands to loader :

- pnpmatch
This takes a pnpinfo string as argument and tries to find a kernel modu

loader: Add pnp functions for autoloading modules based on linker.hints

This adds some new commands to loader :

- pnpmatch
This takes a pnpinfo string as argument and tries to find a kernel module
associated with it. -v and -d option are available and are the same as in
devmatch (v is verbose, d dumps the hints).
- pnpload
This takes a pnpinfo string as argument and tries to load a kernel module
associated with it.
- pnpautoload
This will attempt to load every kernel module for each buses. Each buses are
probed, the probe function will generate pnpinfo string and load kernel module
associated with it if it exists.

Only simplebus for FDT system is implemented for now.
Since we need the dtb and overlays to be applied before searching the tree
fdt_devmatch_next will load and apply the dtb + overlays.

All the pnp parsing code comes from devmatch and is the same at 99%.

Reviewed by: imp, kevans
Differential Revision: https://reviews.freebsd.org/D19498

show more ...

loader: fix memory handling errors in module.c

file_loadraw():
check for file_alloc() and strdup() results.
we leak 'name'.

mod_load() does leak 'filename'.

mod_loadkld() does not need to check fp

loader: fix memory handling errors in module.c

file_loadraw():
check for file_alloc() and strdup() results.
we leak 'name'.

mod_load() does leak 'filename'.

mod_loadkld() does not need to check fp, file_discard() does check.

show more ...

MFHead @347527

Sponsored by: The FreeBSD Foundation

loader: add file_remove() function to undo file_insert_tail().

346002 did miss the fact that we do not only undo the loadaddr, but also
we need to remove the inserted module. Implement file_remove()

loader: add file_remove() function to undo file_insert_tail().

346002 did miss the fact that we do not only undo the loadaddr, but also
we need to remove the inserted module. Implement file_remove() to do the job.

MFC after: 1w

show more ...

loader: mod_loadkld() error: we previously assumed 'last_file' could be null

The last_file variable is used to reset the loadaddr variable back to original
value; however, it is possible the last_fi

loader: mod_loadkld() error: we previously assumed 'last_file' could be null

The last_file variable is used to reset the loadaddr variable back to original
value; however, it is possible the last_file is NULL, so we can not blindly
trust it. But then again, we can just save the original loadaddr and use
the saved value for recovery.

MFC after: 1w

show more ...

loader: file_addmetadata() should check for memory allocation

malloc() can return NULL.

MFC after: 1w

loader: remove pointer checks before free() in module.c

free() does check for NULL argument, remove duplicate checks.

MFC after: 1w

loader: file_addmodule should check for memory allocation

strdup() can return NULL.

MFC after: 1w

loader: malloc+bzero is calloc

Replace malloc+bzero in module.c with calloc.

MFC after: 1w

MFHead@r345880

Create kernel module to parse Veriexec manifest based on envs

The current approach of injecting manifest into mac_veriexec is to
verify the integrity of it in userspace (veriexec (8)) and pass its
e

Create kernel module to parse Veriexec manifest based on envs

The current approach of injecting manifest into mac_veriexec is to
verify the integrity of it in userspace (veriexec (8)) and pass its
entries into kernel using a char device (/dev/veriexec).
This requires verifying root partition integrity in loader,
for example by using memory disk and checking its hash.
Otherwise if rootfs is compromised an attacker could inject their own data.

This patch introduces an option to parse manifest in kernel based on envs.
The loader sets manifest path and digest.
EVENTHANDLER is used to launch the module right after the rootfs is mounted.
It has to be done this way, since one might want to verify integrity of the init file.
This means that manifest is required to be present on the root partition.
Note that the envs have to be set right before boot to make sure that no one can spoof them.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19281

show more ...

MFHead@r345275

MFhead@r344996

stand/common/module: Apply style(9)

MFhead@r344786

Add -d flag to load command

When doing load -t manifest -d increments debug level

Reviewed by: stevek

Merge ^/head r344549 through r344775.

Enable veriexec for loader

This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec

Note: disabled by default.
Use is initially expected

Enable veriexec for loader

This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec

Note: disabled by default.
Use is initially expected to be by embeded vendors

Reviewed by: emaste, imp
Sponsored by: Juniper Networks
Differential Revision: D16336

show more ...

Merge ^/head r325663 through r325841.

Move sys/boot to stand. Fix all references to new location

Sponsored by: Netflix