HomeFreeBSD

Enable veriexec for loader

Description

Enable veriexec for loader

This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec

Note: disabled by default.
Use is initially expected to be by embeded vendors

Reviewed by: emaste, imp
Sponsored by: Juniper Networks
Differential Revision: D16336

Details

Committed
sjgFeb 26 2019, 6:22 AM
Reviewer
emaste
Differential Revision
D16336: Add calls to verify_file to loader.
Parents
rS344567: Add verifying manifest loader for mac_veriexec
Branches
Unknown
Tags
Unknown