Page MenuHomeFreeBSD

sjg (Simon Gerraty)
User

Projects

User Details

User Since
Apr 9 2015, 9:27 PM (222 w, 6 d)

Recent Activity

Yesterday

sjg committed rS350099: loader: ignore some variable settings if input unverified.
loader: ignore some variable settings if input unverified
Wed, Jul 17, 11:33 PM

Tue, Jul 16

D20952: stand: Verify files loaded in chain command is now accepted and ready to land.
Tue, Jul 16, 11:50 PM

Fri, Jul 12

sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

Take a look at i386/loader/chain.c, or for EFI version efi/loader/main.c:1418.
On EFI system I was able to chainload an EFI Shell without including any information about it in the manifest.
Accidentally the EFI version of chain command uses LoadImage/StartImage calls, which means that with Secure Boot enabled in firmware the binary will be verified there.

Fri, Jul 12, 7:17 PM

Thu, Jul 11

sjg committed rS349924: libsecureboot: avoid recusion in ve_trust_init.
libsecureboot: avoid recusion in ve_trust_init
Thu, Jul 11, 10:07 PM
sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

How about the "chain" command?
Files loaded by it bypass verification, so we might to fix it by adding a hook to the veriexec instead.

Thu, Jul 11, 6:35 PM

Wed, Jul 10

sjg added reviewers for D20909: loader: ignore some variable settings if input unverified: stevek, mindal_semihalf.com, mw.

This change prevents an unverified loader.conf from setting sensitive values

Wed, Jul 10, 9:47 PM
sjg created D20909: loader: ignore some variable settings if input unverified.
Wed, Jul 10, 9:46 PM
sjg committed rS349894: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Wed, Jul 10, 9:36 PM

Mon, Jul 1

sjg added inline comments to D20520: Normalize deployment tools usage and definitions.
Mon, Jul 1, 10:44 PM

Wed, Jun 26

sjg committed rS349446: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Wed, Jun 26, 11:33 PM
sjg closed D20700: libsecureboot: allow OpenPGP support to be dormant.
Wed, Jun 26, 11:33 PM

Wed, Jun 19

sjg added reviewers for D20700: libsecureboot: allow OpenPGP support to be dormant: stevek, mw, mindal_semihalf.com.
Wed, Jun 19, 7:24 PM
sjg created D20700: libsecureboot: allow OpenPGP support to be dormant.
Wed, Jun 19, 7:22 PM

May 30 2019

sjg committed rS348449: ficl pfopen: verify file.
ficl pfopen: verify file
May 30 2019, 11:44 PM

May 24 2019

sjg committed rS348249: ficl pfopen: verify file.
ficl pfopen: verify file
May 24 2019, 7:44 PM
sjg closed D20387: ficl pfopen: verify file.
May 24 2019, 7:44 PM

May 23 2019

sjg updated the diff for D20387: ficl pfopen: verify file.

stand.h needs to define O_ACCMODE

May 23 2019, 9:43 PM
sjg added a comment to D20387: ficl pfopen: verify file.

Good point

May 23 2019, 9:33 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Use O_ACCMODE

May 23 2019, 9:33 PM
sjg added reviewers for D20387: ficl pfopen: verify file: mindal_semihalf.com, stevek.
May 23 2019, 8:15 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Add ficl.mk

May 23 2019, 8:14 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Ok I never committed my changes to loader.c because I had some other junk in there so it would work with Junos - for testing.
See
https://reviews.freebsd.org/D20387

May 23 2019, 8:12 PM
sjg created D20387: ficl pfopen: verify file.
May 23 2019, 8:10 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Actually it would be better to call verify_file and THEN consider mode.
If the file is verified writing should not be allowed, if it is not verified reading should not be allowed.

May 23 2019, 7:53 PM
sjg added inline comments to D20373: stand: Add a call to verify_file from ficl..
May 23 2019, 7:45 PM

May 22 2019

sjg committed rS348131: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 22 2019, 11:23 PM
sjg committed rS348129: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 22 2019, 11:19 PM

May 19 2019

sjg committed rS347981: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 19 2019, 8:29 PM
sjg closed D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 19 2019, 8:29 PM
sjg committed rS347980: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 19 2019, 8:24 PM

May 17 2019

sjg retitled D20297: libsecureboot: allow control of when pseudo pcr is updated from libsecureboot: allow control of when pseuod pcr is updated to libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:24 PM
sjg added reviewers for D20297: libsecureboot: allow control of when pseudo pcr is updated: stevek, mindal_semihalf.com.
May 17 2019, 7:22 PM
sjg created D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:21 PM
sjg accepted D20295: Support for setting labels via veriexec.

Thanks!

May 17 2019, 7:16 PM

May 16 2019

sjg committed rS347759: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 16 2019, 4:15 PM

May 9 2019

sjg committed rS347408: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 9 2019, 10:25 PM
sjg closed D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 10:25 PM
sjg added reviewers for D20208: libsecureboot: make it easier to customize trust anchors: mindal_semihalf.com, mw, stevek.
May 9 2019, 12:58 AM
sjg created D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 12:56 AM

Apr 30 2019

sjg committed rS346977: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 30 2019, 11:01 PM

Apr 23 2019

sjg committed rS346604: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 23 2019, 8:25 PM
sjg added reviewers for D20018: Allow no_hash to appear in manifest.: imp, mw, mindal_semihalf.com.
Apr 23 2019, 12:24 AM
sjg created D20018: Allow no_hash to appear in manifest..
Apr 23 2019, 12:22 AM

Apr 20 2019

sjg added a comment to D19962: stand: Don't verify entropy cache file..

I sent mindal a diff earlier, in our manifest source files we have a no_hash token to indicate files which should not be verified.
The change I'm thinking of simply exposes that to loader
sbin/veriexec which feeds hashes to kernel skips files which have no hash/fingerprint,
this is fine for the kernel since if it doesn't verify something the kernel itself doesn't care.
The loader implementation is quite different though, and explicit indication of "do not verify" is potentially useful.
Of course most of the files that might apply to are *.conf and *.hints files which I dealt with implicitly.

Apr 20 2019, 11:25 PM
sjg added a comment to D19962: stand: Don't verify entropy cache file..

Would it be worth adding a means of explicitly marking a file in manifest as not to be verified?

Apr 20 2019, 7:17 PM

Apr 12 2019

sjg committed rS346169: Regenerate src.conf.5 for recent changes..
Regenerate src.conf.5 for recent changes.
Apr 12 2019, 8:35 PM
sjg committed rS346145: Add support for loader veriexec.
Add support for loader veriexec
Apr 12 2019, 1:03 AM

Apr 9 2019

sjg committed rS346070: Always report file with incorrect hash..
Always report file with incorrect hash.
Apr 9 2019, 10:20 PM

Apr 8 2019

sjg committed rS346032: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Apr 8 2019, 3:52 PM

Apr 5 2019

sjg committed rS345972: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Apr 5 2019, 11:34 PM

Apr 1 2019

sjg accepted D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Looks better

Apr 1 2019, 4:01 PM

Mar 23 2019

sjg committed rS344564: Add libbearssl.
Add libbearssl
Mar 23 2019, 6:34 PM
sjg closed D16334: Build libbearssl for loader and sbin/veriexec.
Mar 23 2019, 6:34 PM

Mar 11 2019

sjg committed rS345024: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Mar 11 2019, 8:41 PM
sjg closed D19512: tmpfs silently ignore pathconf ACL requests.
Mar 11 2019, 8:41 PM
sjg added a comment to D19512: tmpfs silently ignore pathconf ACL requests.

I applied this same patch to stable/11 and while ktace shows that tmpfs no longer returns EINVAL for fpathconf
original ktrace:

Mar 11 2019, 8:30 PM

Mar 9 2019

sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Add zfs and nandfs, note zfs_vnops.c:zfs_pathconf is not compatible with this change

Mar 9 2019, 5:18 PM

Mar 8 2019

sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

per feedback - not sure about zfs though

Mar 8 2019, 11:00 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Like this?

Mar 8 2019, 9:53 PM
sjg added a comment to D19512: tmpfs silently ignore pathconf ACL requests.
In D19512#417662, @kib wrote:
In D19512#417656, @sjg wrote:
In D19512#417632, @kib wrote:

You can remove handling of _PC_ACL_EXTENDED from nfs and zfs client vops.
You can remove any handling of _PC_ACL_EXTENDED and _PC_ACL_NFS4 from UFS wheh not compiled in (i.e. #else cases).

In the case of ufs this would get ugly no? The case would need to be within the #ifdef

No, as I said you drop #else part altogether.

Mar 8 2019, 9:50 PM
sjg removed reviewers for D19512: tmpfs silently ignore pathconf ACL requests: kib, jhb.
In D19512#417632, @kib wrote:

You can remove handling of _PC_ACL_EXTENDED from nfs and zfs client vops.
You can remove any handling of _PC_ACL_EXTENDED and _PC_ACL_NFS4 from UFS wheh not compiled in (i.e. #else cases).

Mar 8 2019, 9:32 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Add more cases

Mar 8 2019, 9:31 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

shift to vop_stdpathconf

Mar 8 2019, 8:39 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

fix patch skew

Mar 8 2019, 8:11 PM
sjg created D19512: tmpfs silently ignore pathconf ACL requests.
Mar 8 2019, 7:46 PM

Mar 4 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 10:05 PM
sjg committed rS344784: Allow for reproducible build.
Allow for reproducible build
Mar 4 2019, 10:04 PM
sjg closed D19464: Allow for reproducible build.
Mar 4 2019, 10:04 PM
sjg added a reviewer for D19464: Allow for reproducible build: emaste.
Mar 4 2019, 9:48 PM
sjg created D19464: Allow for reproducible build.
Mar 4 2019, 9:48 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 9:09 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 8:47 PM
sjg committed rS344780: Add -d flag to load command.
Add -d flag to load command
Mar 4 2019, 7:51 PM

Mar 3 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 3 2019, 5:02 PM

Mar 2 2019

sjg accepted D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

One minor nit left

Mar 2 2019, 7:18 PM

Feb 28 2019

sjg added a comment to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Looking better....

Feb 28 2019, 9:02 PM

Feb 26 2019

sjg accepted D16334: Build libbearssl for loader and sbin/veriexec.

this is committed

Feb 26 2019, 7:05 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 26 2019, 6:55 PM
sjg committed rS344568: Enable veriexec for loader.
Enable veriexec for loader
Feb 26 2019, 6:22 AM
sjg closed D16336: Add calls to verify_file to loader..
Feb 26 2019, 6:22 AM
sjg closed D16575: Add verifying loader for mac_veriexec.
Feb 26 2019, 6:17 AM
sjg committed rS344567: Add verifying manifest loader for mac_veriexec.
Add verifying manifest loader for mac_veriexec
Feb 26 2019, 6:17 AM
sjg committed rS344566: Enable build of libbearssl.
Enable build of libbearssl
Feb 26 2019, 6:11 AM
sjg closed D16337: Build options etc for libbearssl and libve.
Feb 26 2019, 6:11 AM
sjg committed rS344565: Add libsecureboot.
Add libsecureboot
Feb 26 2019, 6:09 AM
sjg closed D16335: Build libve for loader and sbin/veriexec.
Feb 26 2019, 6:09 AM

Feb 21 2019

sjg added a reviewer for D19281: mac_veriexec: Create kernel module to parse manifest based on envs.: stevek.
Feb 21 2019, 5:46 PM
sjg added a comment to D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

First off; The changes to verify_file* should really be in a separate file.
Also this should all be guarded by a knob, since in the absence of verifying loader it introduces a new attack vector.
Thus anyone using this should be doing so very deliberately.

Feb 21 2019, 5:33 PM

Feb 13 2019

sjg updated the diff for D16336: Add calls to verify_file to loader..

liblua/Makefile -I

Feb 13 2019, 5:03 PM
sjg updated the diff for D16336: Add calls to verify_file to loader..

liblua/Makefile

Feb 13 2019, 4:14 PM
sjg updated the diff for D16336: Add calls to verify_file to loader..

Hook lua fopen

Feb 13 2019, 12:05 AM

Feb 12 2019

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Only pass prefix to load_manifest if skip!=NULL

Feb 12 2019, 9:23 PM

Feb 11 2019

sjg updated the diff for D16335: Build libve for loader and sbin/veriexec.

Trim trailing ../ from prefix

Feb 11 2019, 10:47 PM

Feb 8 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 8 2019, 12:56 AM

Feb 6 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 6 2019, 8:34 PM

Jan 22 2019

sjg updated the diff for D16575: Add verifying loader for mac_veriexec.

Use libsecureboot

Jan 22 2019, 11:51 PM

Jan 21 2019

sjg committed rS343283: Done with initial BearSSL import.
Done with initial BearSSL import
Jan 21 2019, 8:25 PM
sjg committed rS343282: tag bearssl-6433cc2.
tag bearssl-6433cc2
Jan 21 2019, 8:24 PM
sjg committed rS343281: Import bearssl-6433cc2.
Import bearssl-6433cc2
Jan 21 2019, 8:24 PM
sjg committed rS343279: For initial BearSSL import.
For initial BearSSL import
Jan 21 2019, 8:23 PM