Page MenuHomeFreeBSD

Create binsign tool to sign binary files for Secure Boot
AbandonedPublic

Authored by kd on Jan 9 2019, 6:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 8, 10:04 AM
Unknown Object (File)
Fri, Nov 8, 9:46 AM
Unknown Object (File)
Sun, Oct 20, 3:59 PM
Unknown Object (File)
Oct 4 2024, 10:55 AM
Unknown Object (File)
Oct 3 2024, 7:00 PM
Unknown Object (File)
Oct 1 2024, 7:12 PM
Unknown Object (File)
Oct 1 2024, 4:43 PM
Unknown Object (File)
Sep 29 2024, 5:28 AM

Details

Reviewers
trasz
sjg
mw
0mp
cem
Group Reviewers
manpages
secteam
Summary

It uses BearSSL as cryptographic backend. It creates signature specified in PKCS#1 v2 standard. The signature together with a certificate is appended to the file.
It is used in Secure Boot implementation https://reviews.freebsd.org/D18797.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kd created this object with visibility "Custom Policy".
kd retitled this revision from Add tool to sign binary files to Create binsign tool to sign binary files for Secure Boot.Jan 9 2019, 6:28 PM
kd added reviewers: trasz, secteam, cem, sjg.
kd changed the visibility from "Custom Policy" to "Public (No Login Required)".

how is this different than uefisign(8)?

0mp requested changes to this revision.Jan 10 2019, 9:24 AM
0mp added a subscriber: 0mp.

From the man page side: could you confirm that igor (textproc/igor) and mandoc -Tlint do not produce any errors?

This revision now requires changes to proceed.Jan 10 2019, 9:24 AM
In D18799#401279, @imp wrote:

how is this different than uefisign(8)?

The uefisign is designed to work only with PE binaries, that is only ones that can be run directly in UEFI. You can read more about it here.

Update date to correct format and remove unnecessary leftover .Pp. After this change both igor and mandoc pass without a warning.

0mp requested changes to this revision.Jan 10 2019, 2:13 PM
In D18799#401347, @mindal_semihalf.com wrote:
In D18799#401279, @imp wrote:

how is this different than uefisign(8)?

The uefisign is designed to work only with PE binaries, that is only ones that can be run directly in UEFI. You can read more about it here.

Shouldn't we include a short comparison of those two utilities in the manual page?

usr.sbin/binsign/binsign.8
2

I am not sure if it is important, but it's missing the SPDX tag.

5

No longer needed. See D15370 for example.

27

Missing $FreeBSD$

44

.Xr loader 8 instead of Loader?

Also, should we describe how to configure the loader?

51

Could you have a look at src/share/man/man5/style.mdoc.5 and try to format the examples sections similarly?

54

.Pa cert.key
and
.Pa cert.der

56

Would it be beneficial to reference the PKCS#1 v2 standard here? Similarly to how its done in CMSG_DATA(3) for example.

57

It would be great to cross-reference this manual page from loader(8) and other related manuals (like uefisign(8) perhaps?).

usr.sbin/binsign/binsign.c
26

Missing $FreeBSD$.

This revision now requires changes to proceed.Jan 10 2019, 2:13 PM

Shouldn't we include a short comparison of those two utilities in the manual page?

At least there should be a .Xr between the tools.

usr.sbin/binsign/binsign.8
40–43

So the result is an ELF file with extra stuff tacked on the end. How do existing tools (kernel, rtld, readelf, objcopy, etc.) treat this?

Just a general suggestion: could you consider adding the "-o" option instead of overwriting the input file with a signed one, just like uefisign(8) does it? It makes it much easier to hook it into various automation things - build systems and such.

usr.sbin/binsign/binsign.8
40–43

Yes, that's essentially how it works. So far it seems that it doesn't break anything, that is signed files are loading and working properly. The readelf tool also processes them without complaining. Having said that the "cleaner" solution would be to create a new section, lets say ".signature" and store it there. The problem is that it would complicate the code and bear in mind that we have to process said signature in loader. Integrating a new library(probably libelf) with the loader would most likely be problematic.

Modify manpage according to @0mp suggestions and add output file option.