mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 17:18:32 +00:00
13ea0450a9
UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093 |
||
|---|---|---|
| .. | ||
| colldef | ||
| ctypedef | ||
| dict | ||
| doc | ||
| dtrace | ||
| examples | ||
| i18n | ||
| keys | ||
| man | ||
| misc | ||
| mk | ||
| monetdef | ||
| msgdef | ||
| numericdef | ||
| security | ||
| sendmail | ||
| skel | ||
| snmp | ||
| syscons | ||
| tabset | ||
| termcap | ||
| tests | ||
| timedef | ||
| vt | ||
| zoneinfo | ||
| Makefile | ||
| Makefile.inc | ||