Page MenuHomeFreeBSD

sjg (Simon Gerraty)
User

Projects

User Details

User Since
Apr 9 2015, 9:27 PM (241 w, 1 d)

Recent Activity

Today

sjg retitled D22494: Update depends from Update dirdeps.mk and depends to Update depends.
Fri, Nov 22, 12:31 AM
sjg added a reviewer for D22495: Update dirdeps.mk and gendirdeps.mk: bdrewery.
Fri, Nov 22, 12:30 AM
sjg created D22495: Update dirdeps.mk and gendirdeps.mk.
Fri, Nov 22, 12:29 AM
sjg updated the diff for D22494: Update depends.

just depends

Fri, Nov 22, 12:27 AM
sjg added a reviewer for D22494: Update depends: bdrewery.
Fri, Nov 22, 12:18 AM
sjg created D22494: Update depends.
Fri, Nov 22, 12:17 AM

Yesterday

sjg updated the diff for D22469: Add Makefile.depend.options.

Add warning about not autogen

Thu, Nov 21, 10:34 PM

Wed, Nov 20

sjg added a reviewer for D22469: Add Makefile.depend.options: bdrewery.
Wed, Nov 20, 9:51 PM
sjg created D22469: Add Makefile.depend.options.
Wed, Nov 20, 9:49 PM

Tue, Nov 19

sjg added inline comments to D22382: Fix build race in bsd.files.mk.
Tue, Nov 19, 1:19 AM

Thu, Oct 31

sjg committed rS354230: Add support for hypervisor check on x86.
Add support for hypervisor check on x86
Thu, Oct 31, 9:33 PM
sjg committed rS354226: Initialize verbosity and debug level from env.
Initialize verbosity and debug level from env
Thu, Oct 31, 8:30 PM

Mon, Oct 28

sjg committed rS354138: Building head on stable/11 requires libzstd.
Building head on stable/11 requires libzstd
Mon, Oct 28, 8:45 PM

Thu, Oct 24

sjg committed rS354055: Guard reference to x86_hypervisor.
Guard reference to x86_hypervisor
Thu, Oct 24, 10:26 PM
sjg closed D22069: Add support for hypervisor check on x86.
Thu, Oct 24, 8:02 PM
sjg committed rS354043: Add support for hypervisor check on x86.
Add support for hypervisor check on x86
Thu, Oct 24, 8:02 PM
sjg committed rS354039: Allow loader.efi to identify non-standard boot setup.
Allow loader.efi to identify non-standard boot setup
Thu, Oct 24, 7:52 PM
sjg committed rS354038: Initialize verbosity and debug level from env.
Initialize verbosity and debug level from env
Thu, Oct 24, 7:50 PM
sjg closed D22135: Initialize verbosity and debug level from env.
Thu, Oct 24, 7:50 PM
sjg updated the diff for D22134: Building head on 11 needs libzstd.

Shift addition to _elftoolchain_libs

Thu, Oct 24, 7:40 PM
sjg added inline comments to D22134: Building head on 11 needs libzstd.
Thu, Oct 24, 7:35 PM
sjg added a reviewer for D22135: Initialize verbosity and debug level from env: stevek.
Thu, Oct 24, 1:00 AM
sjg created D22135: Initialize verbosity and debug level from env.
Thu, Oct 24, 1:00 AM
sjg added reviewers for D22134: Building head on 11 needs libzstd: imp, bdrewery.

Should addition of libzstd to _elftoolchain_libs be conditional on something?

Thu, Oct 24, 12:57 AM
sjg updated the diff for D22134: Building head on 11 needs libzstd.

Trim usr/include

Thu, Oct 24, 12:56 AM
sjg created D22134: Building head on 11 needs libzstd.
Thu, Oct 24, 12:54 AM

Oct 18 2019

sjg added inline comments to D22069: Add support for hypervisor check on x86.
Oct 18 2019, 11:06 PM
sjg updated the diff for D22069: Add support for hypervisor check on x86.

put x86,machine symlinks in include/

Oct 18 2019, 10:35 PM
sjg added inline comments to D22069: Add support for hypervisor check on x86.
Oct 18 2019, 12:28 AM

Oct 17 2019

sjg added a reviewer for D22069: Add support for hypervisor check on x86: bcran.
Oct 17 2019, 9:39 PM
sjg retitled D22069: Add support for hypervisor check on x86 from Allow loader.efi to identify non-standard boot setup to Add support for hypervisor check on x86.
Oct 17 2019, 8:51 PM
sjg added reviewers for D22069: Add support for hypervisor check on x86: imp, kevans, stevek.
Oct 17 2019, 8:50 PM
sjg updated the summary of D22069: Add support for hypervisor check on x86.
Oct 17 2019, 8:49 PM
sjg created D22069: Add support for hypervisor check on x86.
Oct 17 2019, 8:48 PM
sjg closed D22062: Allow loader.efi to identify non-standard boot setup.
Oct 17 2019, 8:40 PM
sjg committed rS353697: Allow loader.efi to identify non-standard boot setup.
Allow loader.efi to identify non-standard boot setup
Oct 17 2019, 8:40 PM

Oct 16 2019

sjg added reviewers for D22062: Allow loader.efi to identify non-standard boot setup: imp, kevans.
Oct 16 2019, 9:38 PM
sjg created D22062: Allow loader.efi to identify non-standard boot setup.
Oct 16 2019, 9:37 PM

Oct 8 2019

sjg committed rS353322: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR.
Need to use ${${_${group}DIR_${file}}} for STAGE_DIR
Oct 8 2019, 8:14 PM

Oct 1 2019

sjg committed rS352942: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR.
Need to use ${${_${group}DIR_${file}}} for STAGE_DIR
Oct 1 2019, 8:32 PM
sjg closed D21858: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR.
Oct 1 2019, 8:32 PM
sjg added reviewers for D21858: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR: bdrewery, stevek.
Oct 1 2019, 7:07 PM
sjg created D21858: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR.
Oct 1 2019, 7:06 PM

Sep 27 2019

sjg committed rS352782: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Document logic for __DEFAULT_DEPENDENT_OPTIONS
Sep 27 2019, 12:11 AM
sjg committed rS352781: Use .undef per variable.
Use .undef per variable
Sep 27 2019, 12:08 AM

Sep 16 2019

sjg closed D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Sep 16 2019, 12:32 AM
sjg committed rS352370: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Document logic for __DEFAULT_DEPENDENT_OPTIONS
Sep 16 2019, 12:32 AM

Sep 14 2019

sjg updated the diff for D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.

Use otherwise

Sep 14 2019, 3:55 PM

Sep 13 2019

sjg added reviewers for D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS: bdrewery, stevek.
Sep 13 2019, 6:01 PM
sjg created D21640: Document logic for __DEFAULT_DEPENDENT_OPTIONS.
Sep 13 2019, 5:57 PM
sjg committed rS352273: Use file destdir for stage_as sets.
Use file destdir for stage_as sets
Sep 13 2019, 5:54 AM

Sep 6 2019

sjg committed rS351954: Use file destdir for stage_as sets.
Use file destdir for stage_as sets
Sep 6 2019, 7:05 PM

Aug 16 2019

sjg added reviewers for D21283: Use file destdir for stage_as sets: bdrewery, brd.
Aug 16 2019, 1:02 AM
sjg created D21283: Use file destdir for stage_as sets.
Aug 16 2019, 1:02 AM

Aug 15 2019

sjg committed rS351067: Revert prior change till installworld sorted.
Revert prior change till installworld sorted
Aug 15 2019, 6:01 AM

Aug 14 2019

sjg committed rS351055: bsd.files.mk: fix targets to avoid directories.
bsd.files.mk: fix targets to avoid directories
Aug 14 2019, 10:33 PM

Jul 25 2019

sjg committed rS350312: loader: ignore some variable settings if input unverified.
loader: ignore some variable settings if input unverified
Jul 25 2019, 12:07 AM

Jul 17 2019

sjg committed rS350099: loader: ignore some variable settings if input unverified.
loader: ignore some variable settings if input unverified
Jul 17 2019, 11:33 PM

Jul 16 2019

D20952: stand: Verify files loaded in chain command is now accepted and ready to land.
Jul 16 2019, 11:50 PM

Jul 12 2019

sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

Take a look at i386/loader/chain.c, or for EFI version efi/loader/main.c:1418.
On EFI system I was able to chainload an EFI Shell without including any information about it in the manifest.
Accidentally the EFI version of chain command uses LoadImage/StartImage calls, which means that with Secure Boot enabled in firmware the binary will be verified there.

Jul 12 2019, 7:17 PM

Jul 11 2019

sjg committed rS349924: libsecureboot: avoid recusion in ve_trust_init.
libsecureboot: avoid recusion in ve_trust_init
Jul 11 2019, 10:07 PM
sjg added a comment to D20909: loader: ignore some variable settings if input unverified.

How about the "chain" command?
Files loaded by it bypass verification, so we might to fix it by adding a hook to the veriexec instead.

Jul 11 2019, 6:35 PM

Jul 10 2019

sjg added reviewers for D20909: loader: ignore some variable settings if input unverified: stevek, mindal_semihalf.com, mw.

This change prevents an unverified loader.conf from setting sensitive values

Jul 10 2019, 9:47 PM
sjg created D20909: loader: ignore some variable settings if input unverified.
Jul 10 2019, 9:46 PM
sjg committed rS349894: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Jul 10 2019, 9:36 PM

Jul 1 2019

sjg added inline comments to D20520: Normalize deployment tools usage and definitions.
Jul 1 2019, 10:44 PM

Jun 26 2019

sjg committed rS349446: libsecureboot: allow OpenPGP support to be dormant.
libsecureboot: allow OpenPGP support to be dormant
Jun 26 2019, 11:33 PM
sjg closed D20700: libsecureboot: allow OpenPGP support to be dormant.
Jun 26 2019, 11:33 PM

Jun 19 2019

sjg added reviewers for D20700: libsecureboot: allow OpenPGP support to be dormant: stevek, mw, mindal_semihalf.com.
Jun 19 2019, 7:24 PM
sjg created D20700: libsecureboot: allow OpenPGP support to be dormant.
Jun 19 2019, 7:22 PM

May 30 2019

sjg committed rS348449: ficl pfopen: verify file.
ficl pfopen: verify file
May 30 2019, 11:44 PM

May 24 2019

sjg committed rS348249: ficl pfopen: verify file.
ficl pfopen: verify file
May 24 2019, 7:44 PM
sjg closed D20387: ficl pfopen: verify file.
May 24 2019, 7:44 PM

May 23 2019

sjg updated the diff for D20387: ficl pfopen: verify file.

stand.h needs to define O_ACCMODE

May 23 2019, 9:43 PM
sjg added a comment to D20387: ficl pfopen: verify file.

Good point

May 23 2019, 9:33 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Use O_ACCMODE

May 23 2019, 9:33 PM
sjg added reviewers for D20387: ficl pfopen: verify file: mindal_semihalf.com, stevek.
May 23 2019, 8:15 PM
sjg updated the diff for D20387: ficl pfopen: verify file.

Add ficl.mk

May 23 2019, 8:14 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Ok I never committed my changes to loader.c because I had some other junk in there so it would work with Junos - for testing.
See
https://reviews.freebsd.org/D20387

May 23 2019, 8:12 PM
sjg created D20387: ficl pfopen: verify file.
May 23 2019, 8:10 PM
sjg added a comment to D20373: stand: Add a call to verify_file from ficl..

Actually it would be better to call verify_file and THEN consider mode.
If the file is verified writing should not be allowed, if it is not verified reading should not be allowed.

May 23 2019, 7:53 PM
sjg added inline comments to D20373: stand: Add a call to verify_file from ficl..
May 23 2019, 7:45 PM

May 22 2019

sjg committed rS348131: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 22 2019, 11:23 PM
sjg committed rS348129: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 22 2019, 11:19 PM

May 19 2019

sjg committed rS347981: libsecureboot: allow control of when pseudo pcr is updated.
libsecureboot: allow control of when pseudo pcr is updated
May 19 2019, 8:29 PM
sjg closed D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 19 2019, 8:29 PM
sjg committed rS347980: load_key_buf do not free data from dearmor.
load_key_buf do not free data from dearmor
May 19 2019, 8:24 PM

May 17 2019

sjg retitled D20297: libsecureboot: allow control of when pseudo pcr is updated from libsecureboot: allow control of when pseuod pcr is updated to libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:24 PM
sjg added reviewers for D20297: libsecureboot: allow control of when pseudo pcr is updated: stevek, mindal_semihalf.com.
May 17 2019, 7:22 PM
sjg created D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:21 PM
sjg accepted D20295: Support for setting labels via veriexec.

Thanks!

May 17 2019, 7:16 PM

May 16 2019

sjg committed rS347759: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 16 2019, 4:15 PM

May 9 2019

sjg committed rS347408: libsecureboot: make it easier to customize trust anchors.
libsecureboot: make it easier to customize trust anchors
May 9 2019, 10:25 PM
sjg closed D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 10:25 PM
sjg added reviewers for D20208: libsecureboot: make it easier to customize trust anchors: mindal_semihalf.com, mw, stevek.
May 9 2019, 12:58 AM
sjg created D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 12:56 AM

Apr 30 2019

sjg committed rS346977: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 30 2019, 11:01 PM

Apr 23 2019

sjg committed rS346604: Allow no_hash to appear in manifest..
Allow no_hash to appear in manifest.
Apr 23 2019, 8:25 PM
sjg added reviewers for D20018: Allow no_hash to appear in manifest.: imp, mw, mindal_semihalf.com.
Apr 23 2019, 12:24 AM
sjg created D20018: Allow no_hash to appear in manifest..
Apr 23 2019, 12:22 AM