Page MenuHomeFreeBSD

mindal_semihalf.com (Kornel Dulęba)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 19 2018, 1:41 PM (26 w, 6 d)

Recent Activity

Fri, May 24

mindal_semihalf.com abandoned D20373: stand: Add a call to verify_file from ficl..

Ok, I'm abandoning this in favor of your patch.

Fri, May 24, 7:44 AM
mindal_semihalf.com accepted D20387: ficl pfopen: verify file.

Did some basic testing and it looks ok.

Fri, May 24, 7:33 AM

Thu, May 23

mindal_semihalf.com created D20373: stand: Add a call to verify_file from ficl..
Thu, May 23, 10:01 AM

Thu, May 9

mindal_semihalf.com accepted D20208: libsecureboot: make it easier to customize trust anchors.
Thu, May 9, 11:39 AM

Apr 24 2019

mindal_semihalf.com abandoned D19962: stand: Don't verify entropy cache file..

Abandoned in favor of D20018.

Apr 24 2019, 1:09 PM

Apr 23 2019

mindal_semihalf.com accepted D20018: Allow no_hash to appear in manifest..

LGTM

Apr 23 2019, 9:44 AM
mindal_semihalf.com added a comment to D19962: stand: Don't verify entropy cache file..

In my opinion @sjg approach is better as it is more versatile. If no one opposes I'll abandon this review in a day or two.

Apr 23 2019, 9:00 AM

Apr 19 2019

mindal_semihalf.com created D19962: stand: Don't verify entropy cache file..
Apr 19 2019, 9:40 AM

Apr 12 2019

mindal_semihalf.com added a comment to D19713: tpm: Prevent session hijack..

I don't really know the internals of this driver (ideally this should be done by someone who is familiar with it), but are we sure that the write method is always called before a read? Also, if the discard callout is fired, should the owner tid be reset (because the contents is now discarded)?

Apr 12 2019, 8:12 AM

Apr 11 2019

mindal_semihalf.com added a reviewer for D19713: tpm: Prevent session hijack.: delphij.
Apr 11 2019, 11:06 AM

Apr 1 2019

mindal_semihalf.com updated the diff for D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Updates based on email exchange with @sjg.

Apr 1 2019, 9:51 AM

Mar 26 2019

mindal_semihalf.com created D19713: tpm: Prevent session hijack..
Mar 26 2019, 12:00 PM
mindal_semihalf.com created D19712: tpm: Add a cv_wait to the harvesting function..
Mar 26 2019, 11:57 AM

Mar 22 2019

mindal_semihalf.com added a comment to D19620: Add an option to use TPM as entropy source.

Remove style changes, they will be committed separately. Also update per feedback.

Mar 22 2019, 10:30 AM
mindal_semihalf.com updated the diff for D19620: Add an option to use TPM as entropy source.
Mar 22 2019, 10:18 AM

Mar 21 2019

mindal_semihalf.com added a reviewer for D19620: Add an option to use TPM as entropy source: secteam.
Mar 21 2019, 1:57 PM
mindal_semihalf.com added a reviewer for D19620: Add an option to use TPM as entropy source: security.
Mar 21 2019, 12:41 PM

Mar 18 2019

mindal_semihalf.com added a comment to D19620: Add an option to use TPM as entropy source.

Spelling in title.

Mar 18 2019, 9:40 AM
mindal_semihalf.com retitled D19620: Add an option to use TPM as entropy source from Add an option to TPM as entropy source to Add an option to use TPM as entropy source.
Mar 18 2019, 9:39 AM
mindal_semihalf.com created D19620: Add an option to use TPM as entropy source.
Mar 18 2019, 9:39 AM

Mar 15 2019

mindal_semihalf.com created D19595: sgx: Don't attach if EPC data is corrupted..
Mar 15 2019, 4:21 PM

Mar 5 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 5 2019, 3:31 PM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Rebase on r344784

Mar 5 2019, 3:28 PM

Mar 1 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 1 2019, 10:58 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Update style issues and add some comments.

Mar 1 2019, 10:42 AM

Feb 28 2019

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 28 2019, 10:55 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Remove changes to how files with trusted certs are found in makefiles. Also calculate cert digests for revocation only when necessary.

Feb 28 2019, 10:47 AM

Feb 26 2019

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated and rebased on HEAD, since all related @sjg patches were upstreamed.

Feb 26 2019, 4:29 PM

Feb 25 2019

mindal_semihalf.com updated the diff for D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Moved libsecureboot changes to a new file and added a separate build option for new code in kernel.

Feb 25 2019, 12:04 PM

Feb 21 2019

mindal_semihalf.com added a parent revision for D19281: mac_veriexec: Create kernel module to parse manifest based on envs.: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 21 2019, 3:06 PM
mindal_semihalf.com added a child revision for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: D19281: mac_veriexec: Create kernel module to parse manifest based on envs..
Feb 21 2019, 3:06 PM
mindal_semihalf.com created D19281: mac_veriexec: Create kernel module to parse manifest based on envs..
Feb 21 2019, 3:05 PM

Feb 11 2019

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated after email discussion with @sjg.

Feb 11 2019, 2:37 PM

Feb 7 2019

mindal_semihalf.com added a reviewer for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: imp.

Updated diff based on suggestions, also added imp to reviewers since he seems to be interested.

Feb 7 2019, 11:19 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 11:16 AM
mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 9:45 AM

Feb 6 2019

mindal_semihalf.com added parent revisions for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: D16334: Build libbearssl for loader and sbin/veriexec, D16335: Build libve for loader and sbin/veriexec, D16336: Add calls to verify_file to loader., D16337: Build options etc for libbearssl and libve, D16575: Add verifying loader for mac_veriexec.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16335: Build libve for loader and sbin/veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16334: Build libbearssl for loader and sbin/veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16336: Add calls to verify_file to loader.: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16337: Build options etc for libbearssl and libve: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16575: Add verifying loader for mac_veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com abandoned D18794: Introduce Build options for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18795: Build libbearssl for Secure Boot..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18797: Introduce new Secure Boot library.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18798: Implement Secure Boot in loader..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18799: Create binsign tool to sign binary files for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:03 PM
mindal_semihalf.com created D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:00 PM

Jan 25 2019

mindal_semihalf.com accepted D18937: Use TPM2 ACPI table to distinguish CRB and TIS..

Looks good to me. By the way could you tell me which TPM chip didn't work with the previous version of probe?

Jan 25 2019, 12:08 PM

Jan 22 2019

mindal_semihalf.com added inline comments to D16575: Add verifying loader for mac_veriexec.
Jan 22 2019, 12:49 PM

Jan 16 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 3:06 PM
mindal_semihalf.com added inline comments to D16337: Build options etc for libbearssl and libve.
Jan 16 2019, 11:50 AM
mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 11:43 AM

Jan 15 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 15 2019, 3:07 PM

Jan 14 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Modify manpage according to @0mp suggestions and add output file option.

Jan 14 2019, 4:09 PM

Jan 11 2019

mindal_semihalf.com added inline comments to D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 11 2019, 1:22 PM
mindal_semihalf.com added a comment to D18797: Introduce new Secure Boot library.
In D18797#401557, @sjg wrote:

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

Jan 11 2019, 12:49 PM

Jan 10 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Update date to correct format and remove unnecessary leftover .Pp. After this change both igor and mandoc pass without a warning.

Jan 10 2019, 11:40 AM
mindal_semihalf.com added a comment to D18799: Create binsign tool to sign binary files for Secure Boot.
In D18799#401279, @imp wrote:

how is this different than uefisign(8)?

Jan 10 2019, 11:21 AM

Jan 9 2019

mindal_semihalf.com added a reviewer for D18794: Introduce Build options for Secure Boot: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18795: Build libbearssl for Secure Boot.: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18797: Introduce new Secure Boot library: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: mw, wma.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added a reviewer for D18799: Create binsign tool to sign binary files for Secure Boot: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com retitled D18799: Create binsign tool to sign binary files for Secure Boot from Add tool to sign binary files to Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18797: Introduce new Secure Boot library: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18795: Build libbearssl for Secure Boot.: secteam, trasz, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18794: Introduce Build options for Secure Boot: cem, bdrewery.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added a parent revision for D18795: Build libbearssl for Secure Boot.: D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18795: Build libbearssl for Secure Boot.: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added parent revisions for D18797: Introduce new Secure Boot library: D18794: Introduce Build options for Secure Boot, D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18797: Introduce new Secure Boot library: D18798: Implement Secure Boot in loader..
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a parent revision for D18798: Implement Secure Boot in loader.: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:20 PM
mindal_semihalf.com removed a parent revision for D18799: Create binsign tool to sign binary files for Secure Boot: D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com removed a child revision for D18794: Introduce Build options for Secure Boot: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added parent revisions for D18799: Create binsign tool to sign binary files for Secure Boot: D18797: Introduce new Secure Boot library, D18795: Build libbearssl for Secure Boot., D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18795: Build libbearssl for Secure Boot.: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18797: Introduce new Secure Boot library: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com updated the summary of D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:19 PM
mindal_semihalf.com created D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:17 PM
mindal_semihalf.com created D18798: Implement Secure Boot in loader..
Jan 9 2019, 6:16 PM
mindal_semihalf.com created D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:15 PM
mindal_semihalf.com set the repository for D18795: Build libbearssl for Secure Boot. to rS FreeBSD src repository.
Jan 9 2019, 6:12 PM
mindal_semihalf.com updated the summary of D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:46 PM
mindal_semihalf.com created D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:28 PM
mindal_semihalf.com created D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 5:24 PM

Jan 7 2019

mindal_semihalf.com added a comment to D16335: Build libve for loader and sbin/veriexec.

Currently at Semihalf we work on a similar solution to make FreeBSD work with UEFI Secure Boot. The main difference is that instead of creating a manifest with files and their hashes a signature is appended to each file that is supposed to be verified. We also use BearSSL as the cryptographic backend.

Jan 7 2019, 4:07 PM

Dec 14 2018

mindal_semihalf.com created D18554: Fix alligment issue in uefisign..
Dec 14 2018, 2:34 PM

Dec 7 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Add commands with lower timeout to tpm20_get_timeout.
Also separate functions are now called when device is about to suspend and shutdown.

Dec 7 2018, 5:12 PM

Dec 5 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Move tpm_get_timeout to tpm20.c to remove duplication.

Dec 5 2018, 2:14 PM
mindal_semihalf.com added inline comments to D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Dec 5 2018, 10:39 AM

Dec 4 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Addressed @cem comments.

Dec 4 2018, 1:00 PM

Dec 3 2018

mindal_semihalf.com added a comment to D16334: Build libbearssl for loader and sbin/veriexec.

Are there any plans to integrate this patch with tree?

Dec 3 2018, 12:45 PM

Nov 19 2018

mindal_semihalf.com created D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Nov 19 2018, 4:01 PM