Changeset View
Standalone View
usr.sbin/binsign/binsign.8
- This file was added.
.\" | |||||
.\" Copyright (c) 2019 Stormshield. | |||||
0mp: I am not sure if it is important, but it's missing the SPDX tag. | |||||
.\" Copyright (c) 2019 Semihalf. | |||||
.\" All rights reserved. | |||||
.\" | |||||
Not Done Inline ActionsNo longer needed. See D15370 for example. 0mp: No longer needed. See D15370 for example. | |||||
.\" Redistribution and use in source and binary forms, with or without | |||||
.\" modification, are permitted provided that the following conditions | |||||
.\" are met: | |||||
.\" 1. Redistributions of source code must retain the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer. | |||||
.\" 2. Redistributions in binary form must reproduce the above copyright | |||||
.\" notice, this list of conditions and the following disclaimer in the | |||||
.\" documentation and/or other materials provided with the distribution. | |||||
.\" | |||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |||||
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |||||
.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |||||
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |||||
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |||||
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||||
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN | |||||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |||||
.\" POSSIBILITY OF SUCH DAMAGE. | |||||
.\" | |||||
.Dd January 2 2018 | |||||
Not Done Inline ActionsMissing $FreeBSD$ 0mp: Missing $FreeBSD$ | |||||
.Dt BINSIGN 8 | |||||
.Os | |||||
.Sh NAME | |||||
.Nm binsign | |||||
.Nd Secure Boot signing utility | |||||
.Sh SYNOPSIS | |||||
.Nm | |||||
.Fl c Ar cert | |||||
.Fl k Ar key | |||||
.Ar file | |||||
.Sh DESCRIPTION | |||||
The | |||||
.Nm | |||||
utility signs any type of file by appending a signature in PKCS#1 v2 standard | |||||
together with a certificate used for the signing to its end. | |||||
Loader can be configured to verify the kernel and modules integrity | |||||
Not Done Inline ActionsSo the result is an ELF file with extra stuff tacked on the end. How do existing tools (kernel, rtld, readelf, objcopy, etc.) treat this? emaste: So the result is an ELF file with extra stuff tacked on the end. How do existing tools (kernel… | |||||
Not Done Inline ActionsYes, that's essentially how it works. So far it seems that it doesn't break anything, that is signed files are loading and working properly. The readelf tool also processes them without complaining. Having said that the "cleaner" solution would be to create a new section, lets say ".signature" and store it there. The problem is that it would complicate the code and bear in mind that we have to process said signature in loader. Integrating a new library(probably libelf) with the loader would most likely be problematic. kd: Yes, that's essentially how it works. So far it seems that it doesn't break anything, that is… | |||||
signed with this tool. | |||||
Not Done Inline Actions.Xr loader 8 instead of Loader? Also, should we describe how to configure the loader? 0mp: `.Xr loader 8` instead of `Loader`?
Also, should we describe how to configure the loader? | |||||
.Sh EXIT STATUS | |||||
The | |||||
.Nm | |||||
utility exits 0 on success, and 1 if an error occurs. | |||||
.Sh EXAMPLES | |||||
.Nm | |||||
-c cert.der -k cert.key file | |||||
Not Done Inline ActionsCould you have a look at src/share/man/man5/style.mdoc.5 and try to format the examples sections similarly? 0mp: Could you have a look at `src/share/man/man5/style.mdoc.5` and try to format the examples… | |||||
.Pp | |||||
The cert.key and cert.der files have to contain a DER encoded | |||||
RSA private key and X509 certificate respectively. | |||||
Not Done Inline Actions.Pa cert.key 0mp: .Pa cert.key
and
.Pa cert.der | |||||
.Pp | |||||
.Sh SEE ALSO | |||||
Not Done Inline ActionsWould it be beneficial to reference the PKCS#1 v2 standard here? Similarly to how its done in CMSG_DATA(3) for example. 0mp: Would it be beneficial to reference the PKCS#1 v2 standard here? Similarly to how its done in… | |||||
.Xr loader 8 | |||||
Not Done Inline ActionsIt would be great to cross-reference this manual page from loader(8) and other related manuals (like uefisign(8) perhaps?). 0mp: It would be great to cross-reference this manual page from loader(8) and other related manuals… | |||||
.Sh HISTORY | |||||
The | |||||
.Nm | |||||
command appeared in | |||||
.Fx 13.0 . | |||||
.Sh AUTHORS | |||||
The | |||||
.Nm | |||||
utility was developed by | |||||
.An Kornel Duleba Aq Mt mindal@semihalf.com | |||||
under sponsorship from Stormshield. |
I am not sure if it is important, but it's missing the SPDX tag.