D20297.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D20297.diff
View Options

	Index: head/lib/libsecureboot/h/libsecureboot.h
	===================================================================
	--- head/lib/libsecureboot/h/libsecureboot.h
	+++ head/lib/libsecureboot/h/libsecureboot.h
	@@ -81,6 +81,8 @@
	void ve_pcr_init(void);
	void ve_pcr_update(unsigned char *, size_t);
	ssize_t ve_pcr_get(unsigned char *, size_t);
	+int ve_pcr_updating_get(void);
	+void ve_pcr_updating_set(int);

	/* flags for verify_{asc,sig,signed} */
	#define VEF_VERBOSE 1
	Index: head/lib/libsecureboot/tests/tvo.c
	===================================================================
	--- head/lib/libsecureboot/tests/tvo.c
	+++ head/lib/libsecureboot/tests/tvo.c
	@@ -74,6 +74,9 @@
	}
	}

	+#ifdef VE_PCR_SUPPORT
	+ ve_pcr_updating_set(1);
	+#endif
	ve_self_tests();

	for ( ; optind < argc; optind++) {
	@@ -176,6 +179,10 @@
	}
	}
	}
	+#ifdef VE_PCR_SUPPORT
	+ verify_pcr_export();
	+ printf("pcr=%s\n", getenv("loader.ve.pcr"));
	+#endif
	return (0);
	}

	Index: head/lib/libsecureboot/vepcr.c
	===================================================================
	--- head/lib/libsecureboot/vepcr.c
	+++ head/lib/libsecureboot/vepcr.c
	@@ -43,6 +43,7 @@
	static const br_hash_class *pcr_md = NULL;
	static br_hash_compat_context pcr_ctx;
	static size_t pcr_hlen = 0;
	+static int pcr_updating;

	/**
	* @brief initialize pcr context
	@@ -53,18 +54,37 @@
	void
	ve_pcr_init(void)
	{
	+ pcr_updating = 0;
	pcr_hlen = br_sha256_SIZE;
	pcr_md = &br_sha256_vtable;
	pcr_md->init(&pcr_ctx.vtable);
	}

	/**
	+ * @brief get pcr_updating state
	+ */
	+int
	+ve_pcr_updating_get(void)
	+{
	+ return (pcr_updating);
	+}
	+
	+/**
	+ * @brief set pcr_updating state
	+ */
	+void
	+ve_pcr_updating_set(int updating)
	+{
	+ pcr_updating = updating;
	+}
	+
	+/**
	* @brief update pcr context
	*/
	void
	ve_pcr_update(unsigned char *data, size_t dlen)
	{
	- if (pcr_md)
	+ if (pcr_updating != 0 && pcr_md != NULL)
	pcr_md->update(&pcr_ctx.vtable, data, dlen);
	}

	Index: head/lib/libsecureboot/verify_file.c
	===================================================================
	--- head/lib/libsecureboot/verify_file.c
	+++ head/lib/libsecureboot/verify_file.c
	@@ -340,6 +340,14 @@
	if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) {
	if (severity <= VE_GUESS)
	severity = severity_guess(filename);
	+#ifdef VE_PCR_SUPPORT
	+ /*
	+ * Only update pcr with things that must verify
	+ * these tend to be processed in a more deterministic
	+ * order, which makes our pseudo pcr more useful.
	+ */
	+ ve_pcr_updating_set((severity == VE_MUST));
	+#endif
	if ((rc = verify_fd(fd, filename, off, &st)) >= 0) {
	if (verbose \|\| severity > VE_WANT) {
	#if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0

File Metadata

Mime Type: text/plain
Expires: Sun, Jan 19, 12:36 PM (12 h, 36 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15941150
Default Alt Text: D20297.diff (2 KB)

D20297.diffNo OneTemporaryActions

D20297.diffView Options

File Metadata

Event Timeline

D20297.diff
No OneTemporary
Actions

D20297.diff
View Options