Page MenuHomeFreeBSD
Files F144833991

D16336.id45506.diff
No OneTemporary
Actions

D16336.id45506.diff
View Options

Index: stand/common/boot.c
===================================================================
--- stand/common/boot.c
+++ stand/common/boot.c
@@ -106,6 +106,10 @@
if (archsw.arch_autoload() != 0)
return(CMD_ERROR);
+#ifdef LOADER_VERIEXEC
+ verify_pcr_export(); /* for measured boot */
+#endif
+
/* Call the exec handler from the loader matching the kernel */
file_formats[fp->f_loader]->l_exec(fp);
return(CMD_ERROR);
Index: stand/common/bootstrap.h
===================================================================
--- stand/common/bootstrap.h
+++ stand/common/bootstrap.h
@@ -324,6 +324,9 @@
/* Probe ZFS pool(s), if needed. */
void (*arch_zfs_probe)(void);
+ /* Return the hypervisor name/type or NULL if not virtualized. */
+ const char *(*arch_hypervisor)(void);
+
/* For kexec-type loaders, get ksegment structure */
void (*arch_kexec_kseg_get)(int *nseg, void **kseg);
};
@@ -340,4 +343,8 @@
#define CTASSERT(x) _Static_assert(x, "compile-time assertion failed")
#endif
+#ifdef LOADER_VERIEXEC
+#include <verify.h>
+#endif
+
#endif /* !_BOOTSTRAP_H_ */
Index: stand/common/interp_forth.c
===================================================================
--- stand/common/interp_forth.c
+++ stand/common/interp_forth.c
@@ -377,6 +377,13 @@
return(CMD_ERROR);
}
+#ifdef LOADER_VERIEXEC
+ if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
+ close(fd);
+ sprintf(command_errbuf,"can't verify '%s'", filename);
+ return(CMD_ERROR);
+ }
+#endif
/*
* Read the script into memory.
*/
Index: stand/common/interp_simple.c
===================================================================
--- stand/common/interp_simple.c
+++ stand/common/interp_simple.c
@@ -94,6 +94,14 @@
return(CMD_ERROR);
}
+#ifdef LOADER_VERIEXEC
+ if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
+ close(fd);
+ sprintf(command_errbuf,"can't verify '%s'", filename);
+ return(CMD_ERROR);
+ }
+#endif
+
/*
* Read the script into memory.
*/
Index: stand/common/load_elf.c
===================================================================
--- stand/common/load_elf.c
+++ stand/common/load_elf.c
@@ -245,6 +245,12 @@
goto error;
}
+#ifdef LOADER_VERIEXEC
+ if (verify_file(ef->fd, filename, bytes_read, VE_MUST) < 0) {
+ err = EAUTH;
+ goto error;
+ }
+#endif
return (0);
error:
Index: stand/common/load_elf_obj.c
===================================================================
--- stand/common/load_elf_obj.c
+++ stand/common/load_elf_obj.c
@@ -129,6 +129,13 @@
goto oerr;
}
+#ifdef LOADER_VERIEXEC
+ if (verify_file(ef.fd, filename, bytes_read, VE_MUST) < 0) {
+ err = EAUTH;
+ goto oerr;
+ }
+#endif
+
kfp = file_findfile(NULL, __elfN(obj_kerneltype));
if (kfp == NULL) {
printf("elf" __XSTRING(__ELF_WORD_SIZE)
Index: stand/common/module.c
===================================================================
--- stand/common/module.c
+++ stand/common/module.c
@@ -104,6 +104,8 @@
{
struct preloaded_file *fp;
char *typestr;
+ char *prefix;
+ char *skip;
int dofile, dokld, ch, error;
dokld = dofile = 0;
@@ -114,11 +116,18 @@
command_errmsg = "no filename specified";
return (CMD_CRIT);
}
- while ((ch = getopt(argc, argv, "kt:")) != -1) {
+ prefix = skip = NULL;
+ while ((ch = getopt(argc, argv, "kp:s:t:")) != -1) {
switch(ch) {
case 'k':
dokld = 1;
break;
+ case 'p':
+ prefix = optarg;
+ break;
+ case 's':
+ skip = optarg;
+ break;
case 't':
typestr = optarg;
dofile = 1;
@@ -141,6 +150,12 @@
return (CMD_CRIT);
}
+#ifdef LOADER_VERIEXEC
+ if (strncmp(typestr, "manifest", 8) == 0) {
+ return (load_manifest(argv[1], prefix, skip, NULL));
+ }
+#endif
+
fp = file_findfile(argv[1], typestr);
if (fp) {
snprintf(command_errbuf, sizeof(command_errbuf),
@@ -435,6 +450,15 @@
return(NULL);
}
+#ifdef LOADER_VERIEXEC
+ if (verify_file(fd, name, 0, VE_MUST) < 0) {
+ sprintf(command_errbuf, "can't verify '%s'", name);
+ free(name);
+ close(fd);
+ return(NULL);
+ }
+#endif
+
if (archsw.arch_loadaddr != NULL)
loadaddr = archsw.arch_loadaddr(LOAD_RAW, name, loadaddr);
Index: stand/defs.mk
===================================================================
--- stand/defs.mk
+++ stand/defs.mk
@@ -151,6 +151,9 @@
# Make sure we use the machine link we're about to create
CFLAGS+=-I.
+# size matters!
+CFLAGS+= -O1
+
all: ${PROG}
.if !defined(NO_OBJ)
Index: stand/ficl/Makefile.depend
===================================================================
--- stand/ficl/Makefile.depend
+++ stand/ficl/Makefile.depend
@@ -2,9 +2,7 @@
# Autogenerated - do NOT edit!
DIRDEPS = \
- include \
- include/xlocale \
- lib/msun \
+ stand/libsa \
.include <dirdeps.mk>
Index: stand/ficl/ficl.h
===================================================================
--- stand/ficl/ficl.h
+++ stand/ficl/ficl.h
@@ -1157,6 +1157,10 @@
DATA_SET(Xficl_compile_set, func)
SET_DECLARE(Xficl_compile_set, ficlCompileFcn);
+#ifdef LOADER_VERIEXEC
+#include <verify.h>
+#endif
+
#ifdef __cplusplus
}
#endif
Index: stand/ficl/fileaccess.c
===================================================================
--- stand/ficl/fileaccess.c
+++ stand/ficl/fileaccess.c
@@ -67,14 +67,21 @@
if (f == NULL)
stackPushPtr(pVM->pStack, NULL);
else
+#ifdef LOADER_VERIEXEC
+ if (*mode == 'r' &&
+ verify_file(fileno(f), filename, 0, VE_GUESS) < 0) {
+ fclose(f);
+ stackPushPtr(pVM->pStack, NULL);
+ } else
+#endif
{
- ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE));
- strcpy(ff->filename, filename);
- ff->f = f;
- stackPushPtr(pVM->pStack, ff);
+ ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE));
+ strcpy(ff->filename, filename);
+ ff->f = f;
+ stackPushPtr(pVM->pStack, ff);
- fseek(f, 0, SEEK_SET);
- }
+ fseek(f, 0, SEEK_SET);
+ }
pushIor(pVM, f != NULL);
}
Index: stand/ficl32/Makefile.depend
===================================================================
--- stand/ficl32/Makefile.depend
+++ stand/ficl32/Makefile.depend
@@ -2,9 +2,7 @@
# Autogenerated - do NOT edit!
DIRDEPS = \
- include \
- include/xlocale \
- lib/msun \
+ stand/libsa \
.include <dirdeps.mk>
Index: stand/i386/loader/Makefile
===================================================================
--- stand/i386/loader/Makefile
+++ stand/i386/loader/Makefile
@@ -1,5 +1,5 @@
# $FreeBSD$
-
+.if 0
HAVE_GELI= yes
LOADER_NET_SUPPORT?= yes
@@ -11,6 +11,10 @@
LOADER_UFS_SUPPORT?= yes
LOADER_GZIP_SUPPORT?= yes
LOADER_BZIP2_SUPPORT?= yes
+.else
+LOADER_NET_SUPPORT?= yes
+LOADER_UFS_SUPPORT?= yes
+.endif
.include <bsd.init.mk>
@@ -54,8 +58,8 @@
CFLAGS+= -I${BOOTSRC}/i386
# Debug me!
-#CFLAGS+= -g
-#LDFLAGS+= -g
+CFLAGS+= -g
+LDFLAGS+= -g
${LOADER}: ${LOADER}.bin ${BTXLDR} ${BTXKERN}
btxld -v -f aout -e ${LOADER_ADDRESS} -o ${.TARGET} -l ${BTXLDR} \
Index: stand/i386/loader/Makefile.depend
===================================================================
--- stand/i386/loader/Makefile.depend
+++ stand/i386/loader/Makefile.depend
@@ -2,15 +2,12 @@
# Autogenerated - do NOT edit!
DIRDEPS = \
- include \
- include/xlocale \
- stand/ficl32 \
- stand/geli \
- stand/i386/btx/btx \
- stand/i386/btx/btxldr \
- stand/i386/btx/lib \
- stand/i386/libi386 \
- stand/libsa32 \
+ stand/${MACHINE_CPUARCH}/btx/btx \
+ stand/${MACHINE_CPUARCH}/btx/btxldr \
+ stand/${MACHINE_CPUARCH}/btx/lib \
+ stand/${MACHINE_CPUARCH}/libi386 \
+ stand/ficl \
+ stand/libsa \
.include <dirdeps.mk>
Index: stand/i386/loader/main.c
===================================================================
--- stand/i386/loader/main.c
+++ stand/i386/loader/main.c
@@ -128,6 +128,7 @@
* We can use printf() etc. once this is done.
* If the previous boot stage has requested a serial console, prefer that.
*/
+ initial_howto |= RB_SERIAL; /* JUNOS */
bi_setboothowto(initial_howto);
if (initial_howto & RB_MULTIPLE) {
if (initial_howto & RB_SERIAL)
@@ -166,6 +167,7 @@
archsw.arch_readin = i386_readin;
archsw.arch_isainb = isa_inb;
archsw.arch_isaoutb = isa_outb;
+ archsw.arch_hypervisor = i386_hypervisor;
#ifdef LOADER_ZFS_SUPPORT
archsw.arch_zfs_probe = i386_zfs_probe;
Index: stand/libsa/Makefile
===================================================================
--- stand/libsa/Makefile
+++ stand/libsa/Makefile
@@ -155,4 +155,9 @@
.include "${SASRC}/geli/Makefile.inc"
.endif
+.if ${MK_LOADER_VERIEXEC} == "yes" && ${MK_BEARSSL} == "yes"
+.include "${SRCTOP}/lib/libbearssl/Makefile.libsa.inc"
+.include "${SRCTOP}/lib/libve/Makefile.libsa.inc"
+.endif
+
.include <bsd.lib.mk>
Index: stand/libsa/Makefile.depend
===================================================================
--- stand/libsa/Makefile.depend
+++ stand/libsa/Makefile.depend
@@ -2,10 +2,6 @@
# Autogenerated - do NOT edit!
DIRDEPS = \
- include \
- include/arpa \
- include/xlocale \
- lib/libbz2 \
.include <dirdeps.mk>
Index: stand/libsa32/Makefile.depend
===================================================================
--- stand/libsa32/Makefile.depend
+++ stand/libsa32/Makefile.depend
@@ -2,10 +2,7 @@
# Autogenerated - do NOT edit!
DIRDEPS = \
- include \
- include/arpa \
- include/xlocale \
- lib/libbz2 \
+ stand/libsa \
.include <dirdeps.mk>
Index: stand/loader.mk
===================================================================
--- stand/loader.mk
+++ stand/loader.mk
@@ -57,6 +57,10 @@
SRCS+= pnp.c
.endif
+.if ${MK_LOADER_VERIEXEC} != "no"
+CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libve/h
+.endif
+
# Forth interpreter
.if ${MK_LOADER_LUA} != "no"
SRCS+= interp_lua.c

File Metadata

Mime Type
text/plain
Expires
Sat, Feb 14, 5:43 AM (1 h, 38 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28689521
Default Alt Text
D16336.id45506.diff (9 KB)

Event Timeline