Page MenuHomeFreeBSD

veriexec: handle VE_FINGERPRINT_IGNORE from vectx_open
Needs ReviewPublic

Authored by vangyzen on Jun 30 2021, 2:39 PM.

Details

Reviewers
sjg
stevek
dab
Summary

Entries marked as "no_hash" in the manifest will generate this "error"
code. It should be treated as success.

Test Plan

An mfsroot marked as no_hash was successfully loaded after this change.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 40186
Build 37075: arc lint + arc unit

Event Timeline

lib/libsecureboot/h/libsecureboot.h
90–95

Why did these definitions need to be moved to verify_file.h?

libsecureboot-priv.h already includes libsecureboot.h, so the definitions should have been available to those files where you added #include "verify_file.h". I suppose leaving them here would have required an #include "libsecureboot.h" in those files where you added #include "verify_file.h"?

Maybe the amount of change would have been a wash either way. It just sort of "feels right" to me to have the definitions in libsecureboot.h.

I know I didn't make this comment before, but I _thought_ about doing so. And so here we are. :-)

lib/libsecureboot/h/libsecureboot.h
90–95

Neither libsecureboot.h nor libsecureboot-priv.h is included in any stand/ code (despite the presence of #ifdef _STANDALONE in the former). Only verify_file.h is included in stand/, so that file seemed most appropriate for definitions needed in stand/. Furthermore, all other VE_* definitions are already in verify_file.h.

That being said, I'm honestly not sure of the best approach, and I'm not really sure of the distinction between these two header files. Maybe @sjg can comment on the design here.

There should be no need for anything outside libsecureboot to grok VE_FINGERPRINT_IGNORE, vectx should not return an error status in such a case.
But we (I) do not expect vectx to be used for anything which does not require a valid fingerprint.

Why would you want no_hash on mfsroot ? That opens a big vulnerability window.