Page MenuHomeFreeBSD

mindal_semihalf.com (Kornel Dulęba)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 19 2018, 1:41 PM (17 w, 1 d)

Recent Activity

Mon, Mar 18

mindal_semihalf.com added a comment to D19620: Add an option to use TPM as entropy source.

Spelling in title.

Mon, Mar 18, 9:40 AM
mindal_semihalf.com retitled D19620: Add an option to use TPM as entropy source from Add an option to TPM as entropy source to Add an option to use TPM as entropy source.
Mon, Mar 18, 9:39 AM
mindal_semihalf.com created D19620: Add an option to use TPM as entropy source.
Mon, Mar 18, 9:39 AM

Fri, Mar 15

mindal_semihalf.com created D19595: sgx: Don't attach if EPC data is corrupted..
Fri, Mar 15, 4:21 PM

Tue, Mar 5

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Tue, Mar 5, 3:31 PM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Rebase on r344784

Tue, Mar 5, 3:28 PM

Fri, Mar 1

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Fri, Mar 1, 10:58 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Update style issues and add some comments.

Fri, Mar 1, 10:42 AM

Thu, Feb 28

mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Thu, Feb 28, 10:55 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Remove changes to how files with trusted certs are found in makefiles. Also calculate cert digests for revocation only when necessary.

Thu, Feb 28, 10:47 AM

Tue, Feb 26

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated and rebased on HEAD, since all related @sjg patches were upstreamed.

Tue, Feb 26, 4:29 PM

Mon, Feb 25

mindal_semihalf.com updated the diff for D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Moved libsecureboot changes to a new file and added a separate build option for new code in kernel.

Mon, Feb 25, 12:04 PM

Thu, Feb 21

mindal_semihalf.com added a parent revision for D19281: mac_veriexec: Create kernel module to parse manifest based on envs.: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Thu, Feb 21, 3:06 PM
mindal_semihalf.com added a child revision for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: D19281: mac_veriexec: Create kernel module to parse manifest based on envs..
Thu, Feb 21, 3:06 PM
mindal_semihalf.com created D19281: mac_veriexec: Create kernel module to parse manifest based on envs..
Thu, Feb 21, 3:05 PM

Feb 11 2019

mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Updated after email discussion with @sjg.

Feb 11 2019, 2:37 PM

Feb 7 2019

mindal_semihalf.com added a reviewer for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: imp.

Updated diff based on suggestions, also added imp to reviewers since he seems to be interested.

Feb 7 2019, 11:19 AM
mindal_semihalf.com updated the diff for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 11:16 AM
mindal_semihalf.com added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 7 2019, 9:45 AM

Feb 6 2019

mindal_semihalf.com added parent revisions for D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation: D16334: Build libbearssl for loader and sbin/veriexec, D16335: Build libve for loader and sbin/veriexec, D16336: Add calls to verify_file to loader., D16337: Build options etc for libbearssl and libve, D16575: Add verifying loader for mac_veriexec.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16335: Build libve for loader and sbin/veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16334: Build libbearssl for loader and sbin/veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16336: Add calls to verify_file to loader.: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16337: Build options etc for libbearssl and libve: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com added a child revision for D16575: Add verifying loader for mac_veriexec: D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:30 PM
mindal_semihalf.com abandoned D18794: Introduce Build options for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18795: Build libbearssl for Secure Boot..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:05 PM
mindal_semihalf.com abandoned D18797: Introduce new Secure Boot library.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18798: Implement Secure Boot in loader..

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:04 PM
mindal_semihalf.com abandoned D18799: Create binsign tool to sign binary files for Secure Boot.

Abandoned in favor of https://reviews.freebsd.org/D19093

Feb 6 2019, 1:03 PM
mindal_semihalf.com created D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 1:00 PM

Jan 25 2019

mindal_semihalf.com accepted D18937: Use TPM2 ACPI table to distinguish CRB and TIS..

Looks good to me. By the way could you tell me which TPM chip didn't work with the previous version of probe?

Jan 25 2019, 12:08 PM

Jan 22 2019

mindal_semihalf.com added inline comments to D16575: Add verifying loader for mac_veriexec.
Jan 22 2019, 12:49 PM

Jan 16 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 3:06 PM
mindal_semihalf.com added inline comments to D16337: Build options etc for libbearssl and libve.
Jan 16 2019, 11:50 AM
mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 16 2019, 11:43 AM

Jan 15 2019

mindal_semihalf.com added inline comments to D16335: Build libve for loader and sbin/veriexec.
Jan 15 2019, 3:07 PM

Jan 14 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Modify manpage according to @0mp suggestions and add output file option.

Jan 14 2019, 4:09 PM

Jan 11 2019

mindal_semihalf.com added inline comments to D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 11 2019, 1:22 PM
mindal_semihalf.com added a comment to D18797: Introduce new Secure Boot library.
In D18797#401557, @sjg wrote:

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

Jan 11 2019, 12:49 PM

Jan 10 2019

mindal_semihalf.com updated the diff for D18799: Create binsign tool to sign binary files for Secure Boot.

Update date to correct format and remove unnecessary leftover .Pp. After this change both igor and mandoc pass without a warning.

Jan 10 2019, 11:40 AM
mindal_semihalf.com added a comment to D18799: Create binsign tool to sign binary files for Secure Boot.
In D18799#401279, @imp wrote:

how is this different than uefisign(8)?

Jan 10 2019, 11:21 AM

Jan 9 2019

mindal_semihalf.com added a reviewer for D18794: Introduce Build options for Secure Boot: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18795: Build libbearssl for Secure Boot.: mw.
Jan 9 2019, 6:32 PM
mindal_semihalf.com added a reviewer for D18797: Introduce new Secure Boot library: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: mw, wma.
Jan 9 2019, 6:31 PM
mindal_semihalf.com added a reviewer for D18799: Create binsign tool to sign binary files for Secure Boot: mw.
Jan 9 2019, 6:31 PM
mindal_semihalf.com retitled D18799: Create binsign tool to sign binary files for Secure Boot from Add tool to sign binary files to Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18798: Implement Secure Boot in loader.: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18797: Introduce new Secure Boot library: secteam, trasz, cem, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18795: Build libbearssl for Secure Boot.: secteam, trasz, sjg.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added reviewers for D18794: Introduce Build options for Secure Boot: cem, bdrewery.
Jan 9 2019, 6:28 PM
mindal_semihalf.com added a parent revision for D18795: Build libbearssl for Secure Boot.: D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18795: Build libbearssl for Secure Boot.: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:21 PM
mindal_semihalf.com added parent revisions for D18797: Introduce new Secure Boot library: D18794: Introduce Build options for Secure Boot, D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 6:21 PM
mindal_semihalf.com added a child revision for D18797: Introduce new Secure Boot library: D18798: Implement Secure Boot in loader..
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a parent revision for D18798: Implement Secure Boot in loader.: D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:20 PM
mindal_semihalf.com removed a parent revision for D18799: Create binsign tool to sign binary files for Secure Boot: D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com removed a child revision for D18794: Introduce Build options for Secure Boot: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added parent revisions for D18799: Create binsign tool to sign binary files for Secure Boot: D18797: Introduce new Secure Boot library, D18795: Build libbearssl for Secure Boot., D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18795: Build libbearssl for Secure Boot.: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18797: Introduce new Secure Boot library: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com added a child revision for D18794: Introduce Build options for Secure Boot: D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:20 PM
mindal_semihalf.com updated the summary of D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:19 PM
mindal_semihalf.com created D18799: Create binsign tool to sign binary files for Secure Boot.
Jan 9 2019, 6:17 PM
mindal_semihalf.com created D18798: Implement Secure Boot in loader..
Jan 9 2019, 6:16 PM
mindal_semihalf.com created D18797: Introduce new Secure Boot library.
Jan 9 2019, 6:15 PM
mindal_semihalf.com set the repository for D18795: Build libbearssl for Secure Boot. to rS FreeBSD src repository.
Jan 9 2019, 6:12 PM
mindal_semihalf.com updated the summary of D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:46 PM
mindal_semihalf.com created D18795: Build libbearssl for Secure Boot..
Jan 9 2019, 5:28 PM
mindal_semihalf.com created D18794: Introduce Build options for Secure Boot.
Jan 9 2019, 5:24 PM

Jan 7 2019

mindal_semihalf.com added a comment to D16335: Build libve for loader and sbin/veriexec.

Currently at Semihalf we work on a similar solution to make FreeBSD work with UEFI Secure Boot. The main difference is that instead of creating a manifest with files and their hashes a signature is appended to each file that is supposed to be verified. We also use BearSSL as the cryptographic backend.

Jan 7 2019, 4:07 PM

Dec 14 2018

mindal_semihalf.com created D18554: Fix alligment issue in uefisign..
Dec 14 2018, 2:34 PM

Dec 7 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Add commands with lower timeout to tpm20_get_timeout.
Also separate functions are now called when device is about to suspend and shutdown.

Dec 7 2018, 5:12 PM

Dec 5 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Move tpm_get_timeout to tpm20.c to remove duplication.

Dec 5 2018, 2:14 PM
mindal_semihalf.com added inline comments to D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Dec 5 2018, 10:39 AM

Dec 4 2018

mindal_semihalf.com updated the diff for D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..

Addressed @cem comments.

Dec 4 2018, 1:00 PM

Dec 3 2018

mindal_semihalf.com added a comment to D16334: Build libbearssl for loader and sbin/veriexec.

Are there any plans to integrate this patch with tree?

Dec 3 2018, 12:45 PM

Nov 19 2018

mindal_semihalf.com created D18048: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes..
Nov 19 2018, 4:01 PM