Page MenuHomeFreeBSD

mindal_semihalf.com (Kornel Dulęba)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 19 2018, 1:41 PM (43 w, 4 d)

Recent Activity

Aug 21 2019

mindal_semihalf.com added a comment to D21190: Driver for Broadcom Secure Processing Unit..

Add a workaround for gnu dts.

Aug 21 2019, 11:52 AM

Aug 20 2019

mindal_semihalf.com created D21342: GICv2m: quirks for Broadcom NS2.
Aug 20 2019, 3:40 PM
mindal_semihalf.com created D21339: GICv2m: parse SPI_BASE and NUM_SPIS from DTS.
Aug 20 2019, 12:46 PM
mindal_semihalf.com created D21337: bnxt: Set max number of descriptors to a power of 2.
Aug 20 2019, 11:02 AM
mindal_semihalf.com created D21335: Implement MDIO mux with Broadcom NS2 PCIe PHY initialization.
Aug 20 2019, 7:39 AM

Aug 14 2019

mindal_semihalf.com added a comment to D21189: Driver for Broadcom PDC.

You can use __FreeBSD_version to toggle the non-xdma case. It looks like 1200020 is the first bump after xdma was added so you'd have:

#if __FreeBSD_version >= 1200020
/* XDMA code */
#else
/* Pre-XDMA code */
#endif
Aug 14 2019, 8:04 AM

Aug 13 2019

mindal_semihalf.com updated the diff for D21190: Driver for Broadcom Secure Processing Unit..
Aug 13 2019, 12:32 PM

Aug 9 2019

mindal_semihalf.com added a comment to D21189: Driver for Broadcom PDC.

Is there a reasion you're not using the xdma framework?

Aug 9 2019, 8:09 AM
mindal_semihalf.com added a comment to D21189: Driver for Broadcom PDC.

Keep files.arm64 sorted

Aug 9 2019, 8:06 AM

Aug 8 2019

mindal_semihalf.com created D21190: Driver for Broadcom Secure Processing Unit..
Aug 8 2019, 4:26 PM
mindal_semihalf.com created D21189: Driver for Broadcom PDC.
Aug 8 2019, 4:23 PM

Jul 15 2019

mindal_semihalf.com created D20952: stand: Verify files loaded in chain command.
Jul 15 2019, 9:43 AM

Jul 12 2019

mindal_semihalf.com added a comment to D20909: loader: ignore some variable settings if input unverified.
In D20909#453439, @sjg wrote:

How about the "chain" command?
Files loaded by it bypass verification, so we might to fix it by adding a hook to the veriexec instead.

Sorry not familiar with that one.
Got a pointer?
Also that would be a separate change no?

Jul 12 2019, 7:20 AM

Jul 11 2019

mindal_semihalf.com added a comment to D20909: loader: ignore some variable settings if input unverified.

How about the "chain" command?
Files loaded by it bypass verification, so we might to fix it by adding a hook to the veriexec instead.

Jul 11 2019, 9:36 AM

Jun 28 2019

mindal_semihalf.com added a comment to D20770: arm64: Move "segments" array from bus_dma_tag to bus_dmamap..

Can you be more specific about the flow that can lead to overwrite the segs array?

Basically if you have a lot of threads doing DMA loads on the same tag concurrently there is a small chance of the segs array being overwritten before it is read in the callback.
It is a rare race, but reproducible.

Hm, I'm not sure I see how that's supposed to happen. busdma_swi already takes a lock (dmat->common.lockfunc) to prevent issuing multiple loads on the same tag, thus there should be no overwriting while the caller callback is using tag->segs?

Well, I'm not sure how dusdma_swi can help us in this case.
If you go through the flow starting at bus_dmamap_load, then going into bounce_bus_dmamap_load_buffer no lock is acquired there.

Right, the lock is only used for the deferred callback.
I think this is fine, but should be done for x86 also at least (that's where arm64 busdma code is coming from). This expected behaviour should also be mentioned on the busdma man page.
I think the general expectation of busdma code is that you serialize loads when using the same tag, but I cannot find an explicit reference to it on the man page, and IMO the locking section is too vague and doesn't explicitly say that you are not supposed to issue concurrent load calls using the same tag.

Ok, so as you said we have two ways to proceed from here:

  1. Modify the manual to explicitly require the user to serialize all loads on the same tag.

Do we know if all existing drivers follow that rule?

  1. Move the segmets array on all architectures.

I could prepare the patch, but frankly I don't feel competent enough to make such design decision.

Right, I completely understand. I don't think however that modifying busdma behaviour only for arm64 is the right solution. Drivers built and tested on arm64 might then fail to work for other arches, and no one would know why.

Jun 28 2019, 1:58 PM
mindal_semihalf.com added a comment to D20770: arm64: Move "segments" array from bus_dma_tag to bus_dmamap..

Can you be more specific about the flow that can lead to overwrite the segs array?

Basically if you have a lot of threads doing DMA loads on the same tag concurrently there is a small chance of the segs array being overwritten before it is read in the callback.
It is a rare race, but reproducible.

Hm, I'm not sure I see how that's supposed to happen. busdma_swi already takes a lock (dmat->common.lockfunc) to prevent issuing multiple loads on the same tag, thus there should be no overwriting while the caller callback is using tag->segs?

Well, I'm not sure how dusdma_swi can help us in this case.
If you go through the flow starting at bus_dmamap_load, then going into bounce_bus_dmamap_load_buffer no lock is acquired there.

Right, the lock is only used for the deferred callback.
I think this is fine, but should be done for x86 also at least (that's where arm64 busdma code is coming from). This expected behaviour should also be mentioned on the busdma man page.
I think the general expectation of busdma code is that you serialize loads when using the same tag, but I cannot find an explicit reference to it on the man page, and IMO the locking section is too vague and doesn't explicitly say that you are not supposed to issue concurrent load calls using the same tag.

Jun 28 2019, 11:40 AM

Jun 27 2019

mindal_semihalf.com added a comment to D20770: arm64: Move "segments" array from bus_dma_tag to bus_dmamap..

Can you be more specific about the flow that can lead to overwrite the segs array?

Basically if you have a lot of threads doing DMA loads on the same tag concurrently there is a small chance of the segs array being overwritten before it is read in the callback.
It is a rare race, but reproducible.

Hm, I'm not sure I see how that's supposed to happen. busdma_swi already takes a lock (dmat->common.lockfunc) to prevent issuing multiple loads on the same tag, thus there should be no overwriting while the caller callback is using tag->segs?

Jun 27 2019, 2:40 PM

Jun 26 2019

mindal_semihalf.com added a comment to D20770: arm64: Move "segments" array from bus_dma_tag to bus_dmamap..

Isn't this also a problem on amd64?

Jun 26 2019, 2:58 PM
mindal_semihalf.com created D20770: arm64: Move "segments" array from bus_dma_tag to bus_dmamap..
Jun 26 2019, 1:22 PM

May 24 2019

mindal_semihalf.com abandoned D20373: stand: Add a call to verify_file from ficl..

Ok, I'm abandoning this in favor of your patch.

May 24 2019, 7:44 AM
mindal_semihalf.com accepted D20387: ficl pfopen: verify file.

Did some basic testing and it looks ok.

May 24 2019, 7:33 AM

May 23 2019

mindal_semihalf.com created D20373: stand: Add a call to verify_file from ficl..
May 23 2019, 10:01 AM

May 9 2019

mindal_semihalf.com accepted D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 11:39 AM

Apr 24 2019

mindal_semihalf.com abandoned D19962: stand: Don't verify entropy cache file..

Abandoned in favor of D20018.

Apr 24 2019, 1:09 PM

Apr 23 2019

mindal_semihalf.com accepted D20018: Allow no_hash to appear in manifest..

LGTM

Apr 23 2019, 9:44 AM
mindal_semihalf.com added a comment to D19962: stand: Don't verify entropy cache file..

In my opinion @sjg approach is better as it is more versatile. If no one opposes I'll abandon this review in a day or two.

Apr 23 2019, 9:00 AM

Apr 19 2019

mindal_semihalf.com created D19962: stand: Don't verify entropy cache file..
Apr 19 2019, 9:40 AM

Apr 12 2019

mindal_semihalf.com added a comment to D19713: tpm: Prevent session hijack..

I don't really know the internals of this driver (ideally this should be done by someone who is familiar with it), but are we sure that the write method is always called before a read? Also, if the discard callout is fired, should the owner tid be reset (because the contents is now discarded)?

Apr 12 2019, 8:12 AM

Apr 11 2019

mindal_semihalf.com added a reviewer for D19713: tpm: Prevent session hijack.: delphij.
Apr 11 2019, 11:06 AM

Apr 1 2019

mindal_semihalf.com updated the diff for D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Updates based on email exchange with @sjg.

Apr 1 2019, 9:51 AM

Mar 26 2019

mindal_semihalf.com created D19713: tpm: Prevent session hijack..
Mar 26 2019, 12:00 PM
mindal_semihalf.com created D19712: tpm: Add a cv_wait to the harvesting function..
Mar 26 2019, 11:57 AM

Mar 22 2019

mindal_semihalf.com added a comment to D19620: Add an option to use TPM as entropy source.

Remove style changes, they will be committed separately. Also update per feedback.

Mar 22 2019, 10:30 AM
mindal_semihalf.com updated the diff for D19620: Add an option to use TPM as entropy source.
Mar 22 2019, 10:18 AM

Mar 21 2019

mindal_semihalf.com added a reviewer for D19620: Add an option to use TPM as entropy source: secteam.
Mar 21 2019, 1:57 PM
mindal_semihalf.com added a reviewer for D19620: Add an option to use TPM as entropy source: security.
Mar 21 2019, 12:41 PM

Mar 18 2019

mindal_semihalf.com added a comment to D19620: Add an option to use TPM as entropy source.

Spelling in title.

Mar 18 2019, 9:40 AM
mindal_semihalf.com retitled D19620: Add an option to use TPM as entropy source from Add an option to TPM as entropy source to Add an option to use TPM as entropy source.
Mar 18 2019, 9:39 AM
mindal_semihalf.com created D19620: Add an option to use TPM as entropy source.
Mar 18 2019, 9:39 AM

Mar 15 2019

mindal_semihalf.com created D19595: sgx: Don't attach if EPC data is corrupted..
Mar 15 2019, 4:21 PM

Mar 5 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 5 2019, 3:31 PM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Rebase on r344784

Mar 5 2019, 3:28 PM

Mar 1 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 1 2019, 10:58 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Update style issues and add some comments.

Mar 1 2019, 10:42 AM

Feb 28 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 28 2019, 10:55 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Remove changes to how files with trusted certs are found in makefiles. Also calculate cert digests for revocation only when necessary.

Feb 28 2019, 10:47 AM

Feb 26 2019

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated and rebased on HEAD, since all related @sjg patches were upstreamed.

Feb 26 2019, 4:29 PM

Feb 25 2019

mindal_semihalf.com updated the diff for D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Moved libsecureboot changes to a new file and added a separate build option for new code in kernel.

Feb 25 2019, 12:04 PM

Feb 21 2019

mindal_semihalf.com created D19281: mac_veriexec: Create kernel module to parse manifest based on envs..
Feb 21 2019, 3:05 PM

Feb 11 2019

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated after email discussion with @sjg.

Feb 11 2019, 2:37 PM

Feb 7 2019

mindal_semihalf.com added a reviewer for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: imp.

Updated diff based on suggestions, also added imp to reviewers since he seems to be interested.

Feb 7 2019, 11:19 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 11:16 AM
mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 9:45 AM

Feb 6 2019

mindal_semihalf.com abandoned D18794: Introduce Build options for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18795: Build libbearssl for Secure Boot..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18797: Introduce new Secure Boot library.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18798: Implement Secure Boot in loader..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18799: Create binsign tool to sign binary files for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:03 PM
mindal_semihalf.com created D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:00 PM

Jan 25 2019

mindal_semihalf.com accepted D18937: Use TPM2 ACPI table to distinguish CRB and TIS..

Looks good to me. By the way could you tell me which TPM chip didn't work with the previous version of probe?

Jan 25 2019, 12:08 PM

Jan 22 2019

mindal_semihalf.com added inline comments to D16575: Add verifying loader for mac_veriexec.
Jan 22 2019, 12:49 PM

Jan 16 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 3:06 PM
mindal_semihalf.com added inline comments to D16337: Build options etc for libbearssl and libve.
Jan 16 2019, 11:50 AM
mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 11:43 AM

Jan 15 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 15 2019, 3:07 PM

Jan 14 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Modify manpage according to @0mp suggestions and add output file option.

Jan 14 2019, 4:09 PM

Jan 11 2019

mindal_semihalf.com added inline comments to D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 11 2019, 1:22 PM
mindal_semihalf.com added a comment to D18797: Introduce new Secure Boot library.
In D18797#401557, @sjg wrote:

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

Jan 11 2019, 12:49 PM

Jan 10 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Update date to correct format and remove unnecessary leftover .Pp. After this change both igor and mandoc pass without a warning.

Jan 10 2019, 11:40 AM
mindal_semihalf.com added a comment to D18799: Create binsign tool to sign binary files for Secure Boot.
In D18799#401279, @imp wrote:

how is this different than uefisign(8)?

Jan 10 2019, 11:21 AM

Jan 9 2019

mindal_semihalf.com added a reviewer for D18794: Introduce Build options for Secure Boot: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18795: Build libbearssl for Secure Boot.: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18797: Introduce new Secure Boot library: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: mw, wma.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added a reviewer for D18799: Create binsign tool to sign binary files for Secure Boot: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com retitled D18799: Create binsign tool to sign binary files for Secure Boot from Add tool to sign binary files to Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18797: Introduce new Secure Boot library: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18795: Build libbearssl for Secure Boot.: secteam, trasz, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18794: Introduce Build options for Secure Boot: cem, bdrewery.
Jan 9 2019, 6:28 PM
mindal_semihalf.com updated the summary of D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:19 PM
mindal_semihalf.com created D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:17 PM
mindal_semihalf.com created D18798: Implement Secure Boot in loader..
Jan 9 2019, 6:16 PM
mindal_semihalf.com created D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:15 PM
mindal_semihalf.com set the repository for D18795: Build libbearssl for Secure Boot. to rS FreeBSD src repository.
Jan 9 2019, 6:12 PM
mindal_semihalf.com updated the summary of D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:46 PM
mindal_semihalf.com created D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:28 PM
mindal_semihalf.com created D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 5:24 PM

Jan 7 2019

mindal_semihalf.com added a comment to D16335: Build libve for loader and sbin/veriexec.

Currently at Semihalf we work on a similar solution to make FreeBSD work with UEFI Secure Boot. The main difference is that instead of creating a manifest with files and their hashes a signature is appended to each file that is supposed to be verified. We also use BearSSL as the cryptographic backend.

Jan 7 2019, 4:07 PM

Dec 14 2018

mindal_semihalf.com created D18554: Fix alligment issue in uefisign..
Dec 14 2018, 2:34 PM

Dec 7 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Add commands with lower timeout to tpm20_get_timeout.
Also separate functions are now called when device is about to suspend and shutdown.

Dec 7 2018, 5:12 PM

Dec 5 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Move tpm_get_timeout to tpm20.c to remove duplication.

Dec 5 2018, 2:14 PM
mindal_semihalf.com added inline comments to D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Dec 5 2018, 10:39 AM

Dec 4 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Addressed @cem comments.

Dec 4 2018, 1:00 PM

Dec 3 2018

mindal_semihalf.com added a comment to D16334: Build libbearssl for loader and sbin/veriexec.

Are there any plans to integrate this patch with tree?

Dec 3 2018, 12:45 PM

Nov 19 2018

mindal_semihalf.com created D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Nov 19 2018, 4:01 PM