|
Revision tags: release/14.0.0 |
|
| #
b2c76c41 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line nroff pattern
Remove /^\.\\"\s*\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
729ee789 |
| 02-May-2022 |
Ed Maste <emaste@FreeBSD.org> |
Remove stray .Pp from WITH_LOADER_EFI_SECUREBOOT description
MFC after: 3 days
Fixes: 13ea0450a9c8 ("Extend libsecureboot(old libve) to...")
Sponsored by: The FreeBSD Foundation
|
|
Revision tags: release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
2aaf9152 |
| 18-Mar-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead@r345275
|
| #
ff511f1f |
| 11-Mar-2019 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r344996
|
| #
13ea0450 |
| 06-Mar-2019 |
Marcin Wojtas <mw@FreeBSD.org> |
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation
UEFI related headers were copied from edk2.
A new build option "MK_LOADER_EFI_SECUREBOOT" was added
Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation
UEFI related headers were copied from edk2.
A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow
loading of trusted anchors from UEFI.
Certificate revocation support is also introduced.
The forbidden certificates are loaded from dbx variable.
Verification fails in two cases:
There is a direct match between cert in dbx and the one in the chain.
The CA used to sign the chain is found in dbx.
One can also insert a hash of TBS section of a certificate into dbx.
In this case verifications fails only if a direct match with a
certificate in chain is found.
Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19093
show more ...
|