Index: head/stand/common/boot.c =================================================================== --- head/stand/common/boot.c +++ head/stand/common/boot.c @@ -106,6 +106,10 @@ if (archsw.arch_autoload() != 0) return(CMD_ERROR); +#ifdef LOADER_VERIEXEC + verify_pcr_export(); /* for measured boot */ +#endif + /* Call the exec handler from the loader matching the kernel */ file_formats[fp->f_loader]->l_exec(fp); return(CMD_ERROR); Index: head/stand/common/bootstrap.h =================================================================== --- head/stand/common/bootstrap.h +++ head/stand/common/bootstrap.h @@ -330,6 +330,9 @@ /* Probe ZFS pool(s), if needed. */ void (*arch_zfs_probe)(void); + /* Return the hypervisor name/type or NULL if not virtualized. */ + const char *(*arch_hypervisor)(void); + /* For kexec-type loaders, get ksegment structure */ void (*arch_kexec_kseg_get)(int *nseg, void **kseg); }; @@ -344,6 +347,10 @@ #ifndef CTASSERT #define CTASSERT(x) _Static_assert(x, "compile-time assertion failed") +#endif + +#ifdef LOADER_VERIEXEC +#include #endif #endif /* !_BOOTSTRAP_H_ */ Index: head/stand/common/interp_forth.c =================================================================== --- head/stand/common/interp_forth.c +++ head/stand/common/interp_forth.c @@ -379,6 +379,13 @@ return(CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + close(fd); + sprintf(command_errbuf,"can't verify '%s'", filename); + return(CMD_ERROR); + } +#endif /* * Read the script into memory. */ Index: head/stand/common/interp_simple.c =================================================================== --- head/stand/common/interp_simple.c +++ head/stand/common/interp_simple.c @@ -96,6 +96,14 @@ return(CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + close(fd); + sprintf(command_errbuf,"can't verify '%s'", filename); + return(CMD_ERROR); + } +#endif + /* * Read the script into memory. */ Index: head/stand/common/load_elf.c =================================================================== --- head/stand/common/load_elf.c +++ head/stand/common/load_elf.c @@ -245,6 +245,12 @@ goto error; } +#ifdef LOADER_VERIEXEC + if (verify_file(ef->fd, filename, bytes_read, VE_MUST) < 0) { + err = EAUTH; + goto error; + } +#endif return (0); error: Index: head/stand/common/load_elf_obj.c =================================================================== --- head/stand/common/load_elf_obj.c +++ head/stand/common/load_elf_obj.c @@ -129,6 +129,13 @@ goto oerr; } +#ifdef LOADER_VERIEXEC + if (verify_file(ef.fd, filename, bytes_read, VE_MUST) < 0) { + err = EAUTH; + goto oerr; + } +#endif + kfp = file_findfile(NULL, __elfN(obj_kerneltype)); if (kfp == NULL) { printf("elf" __XSTRING(__ELF_WORD_SIZE) Index: head/stand/common/module.c =================================================================== --- head/stand/common/module.c +++ head/stand/common/module.c @@ -104,6 +104,8 @@ { struct preloaded_file *fp; char *typestr; + char *prefix; + char *skip; int dofile, dokld, ch, error; dokld = dofile = 0; @@ -114,11 +116,18 @@ command_errmsg = "no filename specified"; return (CMD_CRIT); } - while ((ch = getopt(argc, argv, "kt:")) != -1) { + prefix = skip = NULL; + while ((ch = getopt(argc, argv, "kp:s:t:")) != -1) { switch(ch) { case 'k': dokld = 1; break; + case 'p': + prefix = optarg; + break; + case 's': + skip = optarg; + break; case 't': typestr = optarg; dofile = 1; @@ -141,6 +150,12 @@ return (CMD_CRIT); } +#ifdef LOADER_VERIEXEC + if (strncmp(typestr, "manifest", 8) == 0) { + return (load_manifest(argv[1], prefix, skip, NULL)); + } +#endif + fp = file_findfile(argv[1], typestr); if (fp) { snprintf(command_errbuf, sizeof(command_errbuf), @@ -434,6 +449,15 @@ free(name); return(NULL); } + +#ifdef LOADER_VERIEXEC + if (verify_file(fd, name, 0, VE_MUST) < 0) { + sprintf(command_errbuf, "can't verify '%s'", name); + free(name); + close(fd); + return(NULL); + } +#endif if (archsw.arch_loadaddr != NULL) loadaddr = archsw.arch_loadaddr(LOAD_RAW, name, loadaddr); Index: head/stand/ficl/Makefile.depend =================================================================== --- head/stand/ficl/Makefile.depend +++ head/stand/ficl/Makefile.depend @@ -2,9 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - include \ - include/xlocale \ - lib/msun \ + stand/libsa \ .include Index: head/stand/ficl/ficl.h =================================================================== --- head/stand/ficl/ficl.h +++ head/stand/ficl/ficl.h @@ -1157,6 +1157,10 @@ DATA_SET(Xficl_compile_set, func) SET_DECLARE(Xficl_compile_set, ficlCompileFcn); +#ifdef LOADER_VERIEXEC +#include +#endif + #ifdef __cplusplus } #endif Index: head/stand/ficl/fileaccess.c =================================================================== --- head/stand/ficl/fileaccess.c +++ head/stand/ficl/fileaccess.c @@ -67,14 +67,21 @@ if (f == NULL) stackPushPtr(pVM->pStack, NULL); else +#ifdef LOADER_VERIEXEC + if (*mode == 'r' && + verify_file(fileno(f), filename, 0, VE_GUESS) < 0) { + fclose(f); + stackPushPtr(pVM->pStack, NULL); + } else +#endif { - ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE)); - strcpy(ff->filename, filename); - ff->f = f; - stackPushPtr(pVM->pStack, ff); + ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE)); + strcpy(ff->filename, filename); + ff->f = f; + stackPushPtr(pVM->pStack, ff); - fseek(f, 0, SEEK_SET); - } + fseek(f, 0, SEEK_SET); + } pushIor(pVM, f != NULL); } Index: head/stand/ficl32/Makefile.depend =================================================================== --- head/stand/ficl32/Makefile.depend +++ head/stand/ficl32/Makefile.depend @@ -2,9 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - include \ - include/xlocale \ - lib/msun \ + stand/libsa \ .include Index: head/stand/i386/loader/Makefile.depend =================================================================== --- head/stand/i386/loader/Makefile.depend +++ head/stand/i386/loader/Makefile.depend @@ -2,15 +2,12 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - include \ - include/xlocale \ - stand/ficl32 \ - stand/geli \ - stand/i386/btx/btx \ - stand/i386/btx/btxldr \ - stand/i386/btx/lib \ - stand/i386/libi386 \ - stand/libsa32 \ + stand/${MACHINE_CPUARCH}/btx/btx \ + stand/${MACHINE_CPUARCH}/btx/btxldr \ + stand/${MACHINE_CPUARCH}/btx/lib \ + stand/${MACHINE_CPUARCH}/libi386 \ + stand/ficl \ + stand/libsa \ .include Index: head/stand/liblua/Makefile =================================================================== --- head/stand/liblua/Makefile +++ head/stand/liblua/Makefile @@ -35,5 +35,8 @@ .if ${MACHINE_CPUARCH} == "amd64" && ${DO32:U0} == 0 CFLAGS+= -fPIC .endif +.if ${MK_LOADER_VERIEXEC} == "yes" +CFLAGS+= -I${SRCTOP}/lib/libsecureboot/h -DLOADER_VERIEXEC +.endif .include Index: head/stand/liblua/lstd.c =================================================================== --- head/stand/liblua/lstd.c +++ head/stand/liblua/lstd.c @@ -31,6 +31,10 @@ #include "lstd.h" #include "math.h" +#ifdef LOADER_VERIEXEC +#include +#endif + FILE * fopen(const char *filename, const char *mode) { @@ -75,6 +79,17 @@ close(fd); return (NULL); } + +#ifdef LOADER_VERIEXEC + /* only regular files and only reading makes sense */ + if (S_ISREG(st.st_mode) && !(m & O_WRONLY)) { + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + free(f); + close(fd); + return (NULL); + } + } +#endif f->fd = fd; f->offset = 0; Index: head/stand/libsa/Makefile =================================================================== --- head/stand/libsa/Makefile +++ head/stand/libsa/Makefile @@ -164,6 +164,11 @@ .include "${SASRC}/geli/Makefile.inc" .endif +.if ${MK_LOADER_VERIEXEC} == "yes" && ${MK_BEARSSL} == "yes" +.include "${SRCTOP}/lib/libbearssl/Makefile.libsa.inc" +.include "${SRCTOP}/lib/libsecureboot/Makefile.libsa.inc" +.endif + # Maybe ZFS .if ${MK_LOADER_ZFS} == "yes" .include "${SASRC}/zfs/Makefile.inc" Index: head/stand/libsa/Makefile.depend =================================================================== --- head/stand/libsa/Makefile.depend +++ head/stand/libsa/Makefile.depend @@ -2,10 +2,6 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - include \ - include/arpa \ - include/xlocale \ - lib/libbz2 \ .include Index: head/stand/libsa32/Makefile.depend =================================================================== --- head/stand/libsa32/Makefile.depend +++ head/stand/libsa32/Makefile.depend @@ -2,10 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - include \ - include/arpa \ - include/xlocale \ - lib/libbz2 \ + stand/libsa \ .include Index: head/stand/loader.mk =================================================================== --- head/stand/loader.mk +++ head/stand/loader.mk @@ -73,6 +73,10 @@ .error Unknown interpreter ${LOADER_INTERP} .endif +.if ${MK_LOADER_VERIEXEC} != "no" +CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h +.endif + .if defined(BOOT_PROMPT_123) CFLAGS+= -DBOOT_PROMPT_123 .endif