Page MenuHomeFreeBSD

sjg (Simon Gerraty)
User

Projects

User Details

User Since
Apr 9 2015, 9:27 PM (231 w, 5 d)

Recent Activity

Mon, Sep 16

sjg closed D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Mon, Sep 16, 12:32 AM
sjg committed rS352370: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Document logic for __DEFAULT_DEPENDENT_OPTIONS
Mon, Sep 16, 12:32 AM

Sat, Sep 14

sjg updated the diff for D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.

Use otherwise

Sat, Sep 14, 3:55 PM

Fri, Sep 13

sjg added reviewers for D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS: bdrewery, stevek.
Fri, Sep 13, 6:01 PM
sjg created D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Fri, Sep 13, 5:57 PM
sjg committed rS352273: Use file destdir for stage_as sets.
Use file destdir for stage_as sets
Fri, Sep 13, 5:54 AM

Fri, Sep 6

sjg committed rS351954: Use file destdir for stage_as sets.
Use file destdir for stage_as sets
Fri, Sep 6, 7:05 PM

Aug 16 2019

sjg added reviewers for D21283: Use file destdir for stage_as sets: bdrewery, brd.
Aug 16 2019, 1:02 AM
sjg created D21283: Use file destdir for stage_as sets.
Aug 16 2019, 1:02 AM

Aug 15 2019

sjg committed rS351067: Revert prior change till installworld sorted.
Revert prior change till installworld sorted
Aug 15 2019, 6:01 AM

Aug 14 2019

sjg committed rS351055: bsd.files.mk: fix targets to avoid directories.
bsd.files.mk: fix targets to avoid directories
Aug 14 2019, 10:33 PM

Jul 25 2019

sjg committed rS350312: loader: ignore some variable settings if input unverified.
loader: ignore some variable settings if input unverified
Jul 25 2019, 12:07 AM

Jul 17 2019

sjg committed rS350099: loader: ignore some variable settings if input unverified.
loader: ignore some variable settings if input unverified
Jul 17 2019, 11:33 PM

Jul 16 2019

D20952: stand: Verify files loaded in chain command is now accepted and ready to land.
Jul 16 2019, 11:50 PM

Jul 12 2019

sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

Take a look at i386/loader/chain.c, or for EFI version efi/loader/main.c:1418.
On EFI system I was able to chainload an EFI Shell without including any information about it in the manifest.
Accidentally the EFI version of chain command uses LoadImage/StartImage calls, which means that with Secure Boot enabled in firmware the binary will be verified there.

Jul 12 2019, 7:17 PM

Jul 11 2019

sjg committed rS349924: libsecureboot: avoid recusion in ve_trust_init.
libsecureboot: avoid recusion in ve_trust_init
Jul 11 2019, 10:07 PM
sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

How about the "chain" command?
Files loaded by it bypass verification, so we might to fix it by adding a hook to the veriexec instead.

Jul 11 2019, 6:35 PM

Jul 10 2019

sjg added reviewers for D20909: loader: ignore some variable settings if input unverified: stevek, mindal_semihalf.com, mw.

This change prevents an unverified loader.conf from setting sensitive values

Jul 10 2019, 9:47 PM
sjg created D20909: loader: ignore some variable settings if input unverified.
Jul 10 2019, 9:46 PM
sjg committed rS349894: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Jul 10 2019, 9:36 PM

Jul 1 2019

sjg added inline comments to D20520: Normalize deployment tools usage and definitions.
Jul 1 2019, 10:44 PM

Jun 26 2019

sjg committed rS349446: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Jun 26 2019, 11:33 PM
sjg closed D20700: libsecureboot: allow OpenPGP support to be dormant.
Jun 26 2019, 11:33 PM

Jun 19 2019

sjg added reviewers for D20700: libsecureboot: allow OpenPGP support to be dormant: stevek, mw, mindal_semihalf.com.
Jun 19 2019, 7:24 PM
sjg created D20700: libsecureboot: allow OpenPGP support to be dormant.
Jun 19 2019, 7:22 PM

May 30 2019

sjg committed rS348449: ficl pfopen: verify file.
ficl pfopen: verify file
May 30 2019, 11:44 PM

May 24 2019

sjg committed rS348249: ficl pfopen: verify file.
ficl pfopen: verify file
May 24 2019, 7:44 PM
sjg closed D20387: ficl pfopen: verify file.
May 24 2019, 7:44 PM

May 23 2019

sjg updated the diff for D20387: ficl pfopen: verify file.

stand.h needs to define O_ACCMODE

May 23 2019, 9:43 PM
sjg added a comment to D20387: ficl pfopen: verify file.

Good point

May 23 2019, 9:33 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Use O_ACCMODE

May 23 2019, 9:33 PM
sjg added reviewers for D20387: ficl pfopen: verify file: mindal_semihalf.com, stevek.
May 23 2019, 8:15 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Add ficl.mk

May 23 2019, 8:14 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Ok I never committed my changes to loader.c because I had some other junk in there so it would work with Junos - for testing.
See
https://reviews.freebsd.org/D20387

May 23 2019, 8:12 PM
sjg created D20387: ficl pfopen: verify file.
May 23 2019, 8:10 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Actually it would be better to call verify_file and THEN consider mode.
If the file is verified writing should not be allowed, if it is not verified reading should not be allowed.

May 23 2019, 7:53 PM
sjg added inline comments to D20373: stand: Add a call to verify_file from ficl..
May 23 2019, 7:45 PM

May 22 2019

sjg committed rS348131: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 22 2019, 11:23 PM
sjg committed rS348129: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 22 2019, 11:19 PM

May 19 2019

sjg committed rS347981: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 19 2019, 8:29 PM
sjg closed D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 19 2019, 8:29 PM
sjg committed rS347980: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 19 2019, 8:24 PM

May 17 2019

sjg retitled D20297: libsecureboot: allow control of when pseudo pcr is updated from libsecureboot: allow control of when pseuod pcr is updated to libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:24 PM
sjg added reviewers for D20297: libsecureboot: allow control of when pseudo pcr is updated: stevek, mindal_semihalf.com.
May 17 2019, 7:22 PM
sjg created D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:21 PM
sjg accepted D20295: Support for setting labels via veriexec.

Thanks!

May 17 2019, 7:16 PM

May 16 2019

sjg committed rS347759: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 16 2019, 4:15 PM

May 9 2019

sjg committed rS347408: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 9 2019, 10:25 PM
sjg closed D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 10:25 PM
sjg added reviewers for D20208: libsecureboot: make it easier to customize trust anchors: mindal_semihalf.com, mw, stevek.
May 9 2019, 12:58 AM
sjg created D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 12:56 AM

Apr 30 2019

sjg committed rS346977: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 30 2019, 11:01 PM

Apr 23 2019

sjg committed rS346604: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 23 2019, 8:25 PM
sjg added reviewers for D20018: Allow no_hash to appear in manifest.: imp, mw, mindal_semihalf.com.
Apr 23 2019, 12:24 AM
sjg created D20018: Allow no_hash to appear in manifest..
Apr 23 2019, 12:22 AM

Apr 20 2019

sjg added a comment to D19962: stand: Don't verify entropy cache file..

I sent mindal a diff earlier, in our manifest source files we have a no_hash token to indicate files which should not be verified.
The change I'm thinking of simply exposes that to loader
sbin/veriexec which feeds hashes to kernel skips files which have no hash/fingerprint,
this is fine for the kernel since if it doesn't verify something the kernel itself doesn't care.
The loader implementation is quite different though, and explicit indication of "do not verify" is potentially useful.
Of course most of the files that might apply to are *.conf and *.hints files which I dealt with implicitly.

Apr 20 2019, 11:25 PM
sjg added a comment to D19962: stand: Don't verify entropy cache file..

Would it be worth adding a means of explicitly marking a file in manifest as not to be verified?

Apr 20 2019, 7:17 PM

Apr 12 2019

sjg committed rS346169: Regenerate src.conf.5 for recent changes..
Regenerate src.conf.5 for recent changes.
Apr 12 2019, 8:35 PM
sjg committed rS346145: Add support for loader veriexec.
Add support for loader veriexec
Apr 12 2019, 1:03 AM

Apr 9 2019

sjg committed rS346070: Always report file with incorrect hash..
Always report file with incorrect hash.
Apr 9 2019, 10:20 PM

Apr 8 2019

sjg committed rS346032: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Apr 8 2019, 3:52 PM

Apr 5 2019

sjg committed rS345972: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Apr 5 2019, 11:34 PM

Apr 1 2019

sjg accepted D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

Looks better

Apr 1 2019, 4:01 PM

Mar 23 2019

sjg committed rS344564: Add libbearssl.
Add libbearssl
Mar 23 2019, 6:34 PM
sjg closed D16334: Build libbearssl for loader and sbin/veriexec.
Mar 23 2019, 6:34 PM

Mar 11 2019

sjg committed rS345024: Add _PC_ACL_* to vop_stdpathconf.
Add _PC_ACL_* to vop_stdpathconf
Mar 11 2019, 8:41 PM
sjg closed D19512: tmpfs silently ignore pathconf ACL requests.
Mar 11 2019, 8:41 PM
sjg added a comment to D19512: tmpfs silently ignore pathconf ACL requests.

I applied this same patch to stable/11 and while ktace shows that tmpfs no longer returns EINVAL for fpathconf
original ktrace:

Mar 11 2019, 8:30 PM

Mar 9 2019

sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Add zfs and nandfs, note zfs_vnops.c:zfs_pathconf is not compatible with this change

Mar 9 2019, 5:18 PM

Mar 8 2019

sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

per feedback - not sure about zfs though

Mar 8 2019, 11:00 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Like this?

Mar 8 2019, 9:53 PM
sjg added a comment to D19512: tmpfs silently ignore pathconf ACL requests.
In D19512#417662, @kib wrote:
In D19512#417656, @sjg wrote:
In D19512#417632, @kib wrote:

You can remove handling of _PC_ACL_EXTENDED from nfs and zfs client vops.
You can remove any handling of _PC_ACL_EXTENDED and _PC_ACL_NFS4 from UFS wheh not compiled in (i.e. #else cases).

In the case of ufs this would get ugly no? The case would need to be within the #ifdef

No, as I said you drop #else part altogether.

Mar 8 2019, 9:50 PM
sjg removed reviewers for D19512: tmpfs silently ignore pathconf ACL requests: kib, jhb.
In D19512#417632, @kib wrote:

You can remove handling of _PC_ACL_EXTENDED from nfs and zfs client vops.
You can remove any handling of _PC_ACL_EXTENDED and _PC_ACL_NFS4 from UFS wheh not compiled in (i.e. #else cases).

Mar 8 2019, 9:32 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

Add more cases

Mar 8 2019, 9:31 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

shift to vop_stdpathconf

Mar 8 2019, 8:39 PM
sjg updated the diff for D19512: tmpfs silently ignore pathconf ACL requests.

fix patch skew

Mar 8 2019, 8:11 PM
sjg created D19512: tmpfs silently ignore pathconf ACL requests.
Mar 8 2019, 7:46 PM

Mar 4 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 10:05 PM
sjg committed rS344784: Allow for reproducible build.
Allow for reproducible build
Mar 4 2019, 10:04 PM
sjg closed D19464: Allow for reproducible build.
Mar 4 2019, 10:04 PM
sjg added a reviewer for D19464: Allow for reproducible build: emaste.
Mar 4 2019, 9:48 PM
sjg created D19464: Allow for reproducible build.
Mar 4 2019, 9:48 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 9:09 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 4 2019, 8:47 PM
sjg committed rS344780: Add -d flag to load command.
Add -d flag to load command
Mar 4 2019, 7:51 PM

Mar 3 2019

sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Mar 3 2019, 5:02 PM

Mar 2 2019

sjg accepted D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

One minor nit left

Mar 2 2019, 7:18 PM

Feb 28 2019

sjg added a comment to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.

Looking better....

Feb 28 2019, 9:02 PM

Feb 26 2019

sjg accepted D16334: Build libbearssl for loader and sbin/veriexec.

this is committed

Feb 26 2019, 7:05 PM
sjg added inline comments to D19093: Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation.
Feb 26 2019, 6:55 PM
sjg committed rS344568: Enable veriexec for loader.
Enable veriexec for loader
Feb 26 2019, 6:22 AM
sjg closed D16336: Add calls to verify_file to loader..
Feb 26 2019, 6:22 AM
sjg closed D16575: Add verifying loader for mac_veriexec.
Feb 26 2019, 6:17 AM
sjg committed rS344567: Add verifying manifest loader for mac_veriexec.
Add verifying manifest loader for mac_veriexec
Feb 26 2019, 6:17 AM
sjg committed rS344566: Enable build of libbearssl.
Enable build of libbearssl
Feb 26 2019, 6:11 AM
sjg closed D16337: Build options etc for libbearssl and libve.
Feb 26 2019, 6:11 AM
sjg committed rS344565: Add libsecureboot.
Add libsecureboot
Feb 26 2019, 6:09 AM
sjg closed D16335: Build libve for loader and sbin/veriexec.
Feb 26 2019, 6:09 AM

Feb 21 2019

sjg added a reviewer for D19281: mac_veriexec: Create kernel module to parse manifest based on envs.: stevek.
Feb 21 2019, 5:46 PM
sjg added a comment to D19281: mac_veriexec: Create kernel module to parse manifest based on envs..

First off; The changes to verify_file* should really be in a separate file.
Also this should all be guarded by a knob, since in the absence of verifying loader it introduces a new attack vector.
Thus anyone using this should be doing so very deliberately.

Feb 21 2019, 5:33 PM