Fix pkgfs stat so it satisfies libsecureboot
Needs ReviewPublic
Actions

Authored by sjg on Mar 11 2020, 8:20 PM.

Details

Reviewers

imp
tsoome
stevek

Group Reviewers

bhyve

Summary

We need a valid st_dev, st_ino and st_mtime
to correctly track which files have been verified
and to update our notion of time.

ve_utc_set(): ignore utc if it would jump our current time
by more than VE_UTC_MAX_JUMP (20 years).

Allow testing of install command via userboot.
Need to fix its stat implementation too.

bhyveload also needs stat fixed - due to change to userboot.h

Track the names of files we have hashed into pcr

For the purposes of measured boot, it is important
to be able to reproduce the hash reflected in
loader.ve.pcr
so loader.ve.hashed provides a list of names in the order they
were added.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 29953
Build 27770: arc lint + arc unit

Event Timeline

sjg created this revision.Mar 11 2020, 8:20 PM

Herald added a reviewer: bhyve. · View Herald TranscriptMar 11 2020, 8:20 PM

Herald added subscribers: bcran, rgrimes, imp. · View Herald Transcript

Harbormaster completed remote builds in B29881: Diff 69398.Mar 11 2020, 8:20 PM

sjg added reviewers: imp, tsoome, stevek.Mar 11 2020, 8:24 PM

Fix pkg_seek - can rewind within cache limit

Harbormaster completed remote builds in B29892: Diff 69412.Mar 12 2020, 7:03 AM

vectx_close: ensure we have hashed whole file

Harbormaster completed remote builds in B29910: Diff 69447.Mar 13 2020, 4:51 AM

generally this is OK. a bit of creeping featurism, but I think it may be needed to support the desired functionality.

lib/libsecureboot/vepcr.c
104	what is the consequence of memory allocation failure here?
156	how is memory allocation failure handled? Can ve_pcr_hashed_get callers code? Eg, what's one layer up and beyond that uses / needs loader.ve.hashed set and how will it react to not being set?

ve_pcr_update: check malloc failure

Harbormaster completed remote builds in B29953: Diff 69548.Mar 15 2020, 8:08 PM

sjg added inline comments.Mar 15 2020, 8:12 PM

lib/libsecureboot/vepcr.c
104	Per the update ;-) If malloc fails, the only fallout is if userland is trying to do measured boot. Any gap in hashed list will make it impossible to verify the pcr value reliably.
156	if malloc fails caller gets NULL and doesn't export `loader.ve.hashed` which only impacts userland if trying to do measured boot. Makes it harder for sure, not necessarily impossible.