Oct 24 2019
Oct 10 2019
Oct 1 2019
Sep 16 2019
Sep 13 2019
Sep 5 2019
Aug 20 2019
The same thing happens currently for cstringQuoteIm(), which is where this
change comes from:
Aug 16 2019
Jul 17 2019
If additional things are found necessary to be added to the list (or handled otherwise), they can be added after the fact. But this gets the ball rolling and is definitely needed.
Jun 26 2019
May 24 2019
May 23 2019
May 21 2019
May 19 2019
Take care of review comments.
Also change the conditional in print_hypervisor_info() to explicitly check
for NUL character instead of treating a character as a boolean.
After discussion with sjg, we do not want to support veriexec without signing
May 18 2019
Abandon, since this has already been addressed.
I will update and commit with the requested changes.
May 17 2019
Return the size of the allocated space for the label, even if we copied in a smaller label.
May 16 2019
May 9 2019
Oct 20 2018
Added fdt_addresses.c and fdt_overlay.c
Build libfdt as static library only
Update to latest head libnames.mk changes.
Oct 19 2018
Removed kvm_clock_tsc_freq, per comments, as it is currently not needed.
Addressed review comments - added additional comments and save the first
hypervisor we found so we have some information even if we cannot find an
Sep 11 2018
I think it should be conditional on MK_FDT, but not on MK_GPL_DTC, because the library itself is BSD-licensed.
Jul 31 2018
Jul 25 2018
Fixed bhyve detection string, as pointed out by bryanv
Jul 19 2018
Removed duplicate comment and replaced it with a more appropriate one
that explains if CPUID2_HV is set, we are running in a hypervisor environment.
Jul 17 2018
The change in this review depends on some hypervisor detection changes that I don't think make sense anymore. @stevek has done the work to refactor this change on to HEAD that I hope he's able to submit soon.
Jul 14 2018
Jul 11 2018
Jun 28 2018
Jun 26 2018
Jun 20 2018
Jan 28 2018
Maybe as a separate change, but is it time to stop shipping lib32 by default as well?
Jan 9 2018
I think one of the few weaknesses I see is the way the hash result is cached.
Have you considered mitigations, such as:
- not caching hash results for remote volumes (e.g. NFS)?
It seems like this could use a man page to describe the mechanism. There are some subtleties that are not immediately obvious, such as the way that shared libraries are protected. In addition, the O_VERIFY flag should probably be documented in the open() man page with a pointer to the verified exec man page.
Dec 6 2017
Dec 1 2017
My only other thought is it would be nice to add a test case for this.
Nov 30 2017
looks good to me. IIRC, this isn't true for every architecture, but there's no reason I know of to disallow it there.
Nov 28 2017
Fine with me as well.
Oct 28 2017
The proposed patch would effectively disable all entropy gathering sources by default. Thus, systems would boot up without any entropy, save the cached entropy from last reboot. On freshly installed systems, there is no cached entropy. The state of the entropy subsystem would be subpar.
Oct 26 2017
D12301 takes care of things better.
Sep 23 2017
Sep 13 2017
Sep 9 2017
Makes sense. HWCAP_ARM_* values look sane.