Page MenuHomeFreeBSD

Introduce new Secure Boot library
AbandonedPublic

Authored by mindal_semihalf.com on Jan 9 2019, 6:15 PM.

Details

Reviewers
trasz
cem
sjg
mw
Group Reviewers
secteam
Summary

It is primarly used in loader to verify kernel and its modules. Since making the OpenSSL work in loader proved to be problematic, it uses BearSSL instead. It is planned to use it to verify modules in kldload.

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

mindal_semihalf.com created this object with visibility "Custom Policy".
mindal_semihalf.com changed the visibility from "Custom Policy" to "Public (No Login Required)".
sjg added a comment.Jan 10 2019, 9:43 PM

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

In D18797#401557, @sjg wrote:

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

I like the idea of integrating both libraries, the problem is that right now I don't know how much effort it would take. I've also emailed you a more elaborate response.