Page MenuHomeFreeBSD

sjg (Simon Gerraty)
User

Projects

User Details

User Since
Apr 9 2015, 9:27 PM (197 w, 2 d)

Recent Activity

Wed, Jan 16

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Rename libve to libsecureboot

Wed, Jan 16, 11:49 PM
sjg updated the diff for D16337: Build options etc for libbearssl and libve.

Fix src.libnames.mk

Wed, Jan 16, 11:49 PM
sjg added inline comments to D16337: Build options etc for libbearssl and libve.
Wed, Jan 16, 11:34 PM
sjg added inline comments to D16335: Build libve for loader and sbin/veriexec.
Wed, Jan 16, 11:30 PM
sjg added inline comments to D16337: Build options etc for libbearssl and libve.
Wed, Jan 16, 11:25 PM
sjg updated the diff for D16334: Build libbearssl for loader and sbin/veriexec.

Move some i62 methods to Makefile.libsa.inc

Wed, Jan 16, 5:38 PM

Tue, Jan 15

sjg committed rS343067: Fix STAGE_DIR.* to handle indirect *DIR variables..
Fix STAGE_DIR.* to handle indirect *DIR variables.
Tue, Jan 15, 11:38 PM
sjg closed D18847: Fix STAGE_DIR.* setting inline with recent changes..
Tue, Jan 15, 11:38 PM
sjg committed rS343066: Use .undef per variable.
Use .undef per variable
Tue, Jan 15, 11:36 PM
sjg closed D17251: Use .undef per variable.
Tue, Jan 15, 11:36 PM
sjg updated the diff for D16336: Add calls to verify_file to loader..

Update per feedback

Tue, Jan 15, 10:23 PM
sjg added a reviewer for D18847: Fix STAGE_DIR.* setting inline with recent changes.: bdrewery.
Tue, Jan 15, 10:18 PM
sjg created D18847: Fix STAGE_DIR.* setting inline with recent changes..
Tue, Jan 15, 10:17 PM
sjg updated the diff for D16575: Add verifying loader for mac_veriexec.

Renamed libve to libsecureboot

Tue, Jan 15, 6:23 PM
sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Rename libve to libsecureboot

Tue, Jan 15, 6:16 AM
sjg updated the diff for D16336: Add calls to verify_file to loader..

Update per feedback

Tue, Jan 15, 6:16 AM

Mon, Jan 14

sjg updated the diff for D16337: Build options etc for libbearssl and libve.

Update per feedback

Mon, Jan 14, 9:56 PM
sjg updated the diff for D16334: Build libbearssl for loader and sbin/veriexec.

Update to latest BearSSL

Mon, Jan 14, 9:55 PM

Thu, Jan 10

sjg added a comment to D18797: Introduce new Secure Boot library.

(sorry don't know how else to contact you ;-)
I'm thinking this should be merged with libve so we can work to a single API that loader calls to verify stuff.
The functionality you have is I think a subset of that in libve.
The name libve is far from ideal.
Do you have any objection to renaming it to libsecureboot as a first step?

Thu, Jan 10, 9:43 PM
sjg added inline comments to D16337: Build options etc for libbearssl and libve.
Thu, Jan 10, 6:12 PM

Wed, Jan 9

sjg added a comment to D18798: Implement Secure Boot in loader..

There is potentially a lot of overlap with D16335 libsecureboot could be a better name for that than libve.
It would be good to leverage both.

Wed, Jan 9, 7:32 PM

Tue, Jan 8

sjg added a comment to D16335: Build libve for loader and sbin/veriexec.

A tool to sign binaries was created. It simply appends an RSA PKCS#1 v2 signature together with a X509 certificate to the end of the file.
Loader was changed to allow only to load signed kernel and modules when Secure Boot mode is detected to have been enabled in UEFI. The trusted root certificates are obtained from UEFI DB authenticated variable. Also the DBX variable is searched for blacklisted certificates.

Tue, Jan 8, 11:55 PM
sjg added a comment to D16335: Build libve for loader and sbin/veriexec.

Currently at Semihalf we work on a similar solution to make FreeBSD work with UEFI Secure Boot. The main difference is that instead of creating a manifest with files and their hashes a signature is appended to each file that is supposed to be verified. We also use BearSSL as the cryptographic backend.

Tue, Jan 8, 11:18 PM

Tue, Dec 25

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Fix error message in vectx_open for VE_FINGERPRINT_UNKNOWN
verify - only panic if severity is above accepted threshold
(eg we are in strict mode)
Add comment to vepcr.c to explain why we use SHA256 when TPM
only supports SHA1

Tue, Dec 25, 9:52 PM
sjg added a comment to D16335: Build libve for loader and sbin/veriexec.

Back to the question of lib name...

Tue, Dec 25, 9:47 PM

Sun, Dec 23

sjg committed rS342376: Merge bmake-20181221.
Merge bmake-20181221
Sun, Dec 23, 1:06 AM

Sat, Dec 22

sjg committed rS342373: tag bmake-20181221.
tag bmake-20181221
Sat, Dec 22, 9:32 PM
sjg committed rS342372: Import bmake-20181221.
Import bmake-20181221
Sat, Dec 22, 9:32 PM

Dec 6 2018

sjg committed rS341652: Update bmake to version 20180919.
Update bmake to version 20180919
Dec 6 2018, 8:56 PM
sjg committed rS341610: tag bmake-20180919.
tag bmake-20180919
Dec 6 2018, 12:14 AM
sjg committed rS341609: Import bmake-20180919.
Import bmake-20180919
Dec 6 2018, 12:14 AM

Dec 5 2018

sjg added a comment to D16334: Build libbearssl for loader and sbin/veriexec.

Hello,

Are there any plans to integrate this patch with tree?

Dec 5 2018, 10:19 PM

Nov 16 2018

sjg closed D2729: Add __DEFAULT_DEPENDENT_OPTIONS support.

Oops this was committed in r284050

Nov 16 2018, 10:38 PM

Sep 20 2018

sjg added a reviewer for D17251: Use .undef per variable: bdrewery.
Sep 20 2018, 12:21 AM
sjg created D17251: Use .undef per variable.
Sep 20 2018, 12:20 AM

Sep 14 2018

sjg accepted D17170: Cross-reference style.Makefile(5) from make(1) and make.conf(5).
Sep 14 2018, 5:48 PM

Sep 11 2018

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

define OPENPGP_TAG_*

Sep 11 2018, 8:48 PM
sjg added inline comments to D16335: Build libve for loader and sbin/veriexec.
Sep 11 2018, 7:56 PM

Sep 10 2018

sjg added inline comments to D16335: Build libve for loader and sbin/veriexec.
Sep 10 2018, 8:20 PM

Sep 6 2018

sjg updated the diff for D16334: Build libbearssl for loader and sbin/veriexec.

remove check for MK_BEARSSL from Makefile

Sep 6 2018, 11:02 PM
sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

remove check for MK_BEARSSL from Makefile

Sep 6 2018, 11:02 PM
sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

size_t for 2nd arg to octets2hex

Sep 6 2018, 9:14 PM
sjg added inline comments to D16335: Build libve for loader and sbin/veriexec.
Sep 6 2018, 9:01 PM
sjg added inline comments to D16335: Build libve for loader and sbin/veriexec.
Sep 6 2018, 8:49 PM
sjg added a comment to D16335: Build libve for loader and sbin/veriexec.

cem (Conrad Meyer) <phabric-noreply@freebsd.org> wrote:

Sep 6 2018, 8:38 PM
sjg added a comment to D16575: Add verifying loader for mac_veriexec.

Adding xrefs to related reviews

Sep 6 2018, 12:24 PM
sjg updated the diff for D16337: Build options etc for libbearssl and libve.

Fix INTERNALLIB refs

Sep 6 2018, 12:24 PM
sjg added a comment to D16337: Build options etc for libbearssl and libve.

Sorry, should make all these reviews xref each other.
we have

Sep 6 2018, 12:24 PM
sjg added a comment to D16334: Build libbearssl for loader and sbin/veriexec.

Adding xrefs to related reviews

Sep 6 2018, 12:24 PM
sjg added a comment to D16336: Add calls to verify_file to loader..

Adding xrefs to related reviews

Sep 6 2018, 12:24 PM
sjg added a comment to D16335: Build libve for loader and sbin/veriexec.

Adding xrefs to related reviews

Sep 6 2018, 12:24 PM
sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Use file2c to embed certs/keys

Sep 6 2018, 12:24 PM
sjg updated the diff for D16334: Build libbearssl for loader and sbin/veriexec.

SHA1 required by OpenPGP for computing key id

Sep 6 2018, 12:24 PM

Aug 15 2018

sjg accepted D16724: Use -Oz/-Os for all loader/stand builds..

Works for me

Aug 15 2018, 6:04 PM

Aug 10 2018

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Set MANIFEST_SKIP if configured

Aug 10 2018, 12:54 AM

Aug 6 2018

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Run self tests from test app

Aug 6 2018, 10:56 PM

Aug 2 2018

sjg added reviewers for D16575: Add verifying loader for mac_veriexec: cem, jtl.

This depends on D16335
which depends on D16334
and D16337

Aug 2 2018, 11:43 PM
sjg created D16575: Add verifying loader for mac_veriexec.
Aug 2 2018, 11:40 PM
sjg committed rS337186: Update dirdeps.mk et al to latest.
Update dirdeps.mk et al to latest
Aug 2 2018, 9:34 PM
sjg closed D15701: Update dirdeps.mk et al to latest.
Aug 2 2018, 9:34 PM

Aug 1 2018

sjg updated the diff for D15701: Update dirdeps.mk et al to latest.

fix staging for csu

Aug 1 2018, 10:45 PM

Jul 19 2018

sjg added inline comments to D16334: Build libbearssl for loader and sbin/veriexec.
Jul 19 2018, 8:22 PM
sjg added inline comments to D16336: Add calls to verify_file to loader..
Jul 19 2018, 12:43 AM
sjg added reviewers for D16334: Build libbearssl for loader and sbin/veriexec: imp, cem.

and agc

Jul 19 2018, 12:40 AM
sjg added reviewers for D16335: Build libve for loader and sbin/veriexec: imp, cem.

and agc

Jul 19 2018, 12:39 AM
sjg added reviewers for D16336: Add calls to verify_file to loader.: imp, cem.

Cannot find agc - who I know should be interested

Jul 19 2018, 12:38 AM
sjg added a reviewer for D16337: Build options etc for libbearssl and libve: imp.
Jul 19 2018, 12:33 AM
sjg added a comment to D16155: Add veriexec to loader.

After discussion with imp, breaking this up to a set of smaller reviews:

Jul 19 2018, 12:32 AM
sjg created D16337: Build options etc for libbearssl and libve.
Jul 19 2018, 12:30 AM
sjg created D16336: Add calls to verify_file to loader..
Jul 19 2018, 12:30 AM
sjg created D16335: Build libve for loader and sbin/veriexec.
Jul 19 2018, 12:30 AM
sjg created D16334: Build libbearssl for loader and sbin/veriexec.
Jul 19 2018, 12:30 AM

Jul 18 2018

sjg updated the diff for D16155: Add veriexec to loader.

Allow no manifests if testing

Jul 18 2018, 7:41 PM

Jul 15 2018

sjg updated the diff for D16155: Add veriexec to loader.

Simplify config of manifest and signature search

Jul 15 2018, 9:58 PM

Jul 14 2018

sjg updated the diff for D16155: Add veriexec to loader.

Minimize BearSSL srcs compiled into libsa

Jul 14 2018, 1:06 AM
sjg added inline comments to D16155: Add veriexec to loader.
Jul 14 2018, 12:49 AM
sjg updated the diff for D16155: Add veriexec to loader.

Address imp feedback

Jul 14 2018, 12:47 AM

Jul 9 2018

sjg added a comment to D16155: Add veriexec to loader.

I spent an hour or so this morning responding to cem's comments above, only to find that email responses bounce.
I'm not going to type it all in again, some of your comments are hard to respond to without coming off as antagonistic...

Jul 9 2018, 2:17 AM

Jul 8 2018

sjg added inline comments to D16155: Add veriexec to loader.
Jul 8 2018, 11:36 PM
sjg updated the diff for D16155: Add veriexec to loader.

Address feedback

Jul 8 2018, 11:36 PM

Jul 6 2018

sjg added inline comments to D16155: Add veriexec to loader.
Jul 6 2018, 8:28 PM
sjg updated the diff for D16155: Add veriexec to loader.

Address style9 issues

Jul 6 2018, 5:51 AM
sjg updated the diff for D16155: Add veriexec to loader.

Address style9 issues

Jul 6 2018, 5:37 AM
sjg added inline comments to D16155: Add veriexec to loader.
Jul 6 2018, 5:35 AM
sjg added a reviewer for D16155: Add veriexec to loader: imp.
Jul 6 2018, 1:23 AM
sjg created D16155: Add veriexec to loader.
Jul 6 2018, 1:21 AM

Jun 20 2018

sjg updated the diff for D15701: Update dirdeps.mk et al to latest.

Address feedback

Jun 20 2018, 10:29 PM
sjg added inline comments to D15701: Update dirdeps.mk et al to latest.
Jun 20 2018, 10:26 PM

Jun 9 2018

sjg committed rS334868: Add st_mtime, st_ino and st_dev for ufs_stat.
Add st_mtime, st_ino and st_dev for ufs_stat
Jun 9 2018, 2:42 AM
sjg closed D15064: Add st_ino etc to libsa ufs_stat.
Jun 9 2018, 2:42 AM

Jun 8 2018

sjg added a reviewer for D15701: Update dirdeps.mk et al to latest: bdrewery.
Jun 8 2018, 1:48 AM
sjg created D15701: Update dirdeps.mk et al to latest.
Jun 8 2018, 1:46 AM

Jun 6 2018

sjg updated the diff for D15064: Add st_ino etc to libsa ufs_stat.

Tweak comments

Jun 6 2018, 6:22 PM

May 19 2018

sjg committed rS333820: Merge bmake-20180512.
Merge bmake-20180512
May 19 2018, 12:26 AM

May 18 2018

sjg committed rS333812: tag bmake-20180512.
tag bmake-20180512
May 18 2018, 7:50 PM
sjg committed rS333811: Import bmake-20180512.
Import bmake-20180512
May 18 2018, 7:50 PM

Apr 25 2018

sjg added inline comments to D15064: Add st_ino etc to libsa ufs_stat.
Apr 25 2018, 5:30 PM

Apr 18 2018

sjg added inline comments to D15064: Add st_ino etc to libsa ufs_stat.
Apr 18 2018, 7:22 PM

Apr 17 2018

sjg added inline comments to D15064: Add st_ino etc to libsa ufs_stat.
Apr 17 2018, 9:54 PM
sjg added inline comments to D15064: Add st_ino etc to libsa ufs_stat.
Apr 17 2018, 9:12 PM