system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 10:48:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/lib/libsecureboot/h/verify_file.h
Simon J. Gerraty f616d61ab6 libsecureboot do not report expected unverified files 
By default only report unverified files at severity VE_WANT
and above.  This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.

If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of

	module_verbose=0
	VE_VEBOSE=0

is sufficient to make the loader almost totally silent.

When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd

Also add better debugging output for is_verified and add_verify_status.

vectx handle compressed modules

When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.

Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc.  This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.

Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)

interp.c: restrict interactive input

Apply the same restrictions to interactive input as for
unverified conf and hints files.

Use version.veriexec when LOADER_VERIEXEC is yes

Reviewed by:	kevans
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D43810
2024-02-12 14:35:01 -08:00

68 lines
2.9 KiB
C
Raw Blame History

/*-
* Copyright (c) 2017-2018, Juniper Networks, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _VERIFY_FILE_H_
#define _VERIFY_FILE_H_
#define VE_GUESS -1 /* let verify_file work it out */
#define VE_TRY 0 /* we don't mind if unverified */
#define VE_WANT 1 /* we want this verified */
#define VE_MUST 2 /* this must be verified */
#define VE_NOT_CHECKED -42
#define VE_VERIFIED 1 /* all good */
#define VE_UNVERIFIED_OK 0 /* not verified but that's ok */
#define VE_NOT_VERIFYING 2 /* we are not verifying */
/* suitable buf size for hash_string */
#ifndef SHA_DIGEST_LENGTH
# define SHA_DIGEST_LENGTH 20
#endif
struct stat;
int verify_prep(int, const char *, off_t, struct stat *, const char *);
void ve_debug_set(int);
char *ve_error_get(void);
void ve_efi_init(void);
void ve_status_set(int, int);
int ve_status_get(int);
int load_manifest(const char *, const char *, const char *, struct stat *);
int pass_manifest(const char *, const char *);
int pass_manifest_export_envs(void);
void verify_report(const char *, int, int, struct stat *);
int verify_file(int, const char *, off_t, int, const char *);
void verify_pcr_export(void);
int hash_string(char *s, size_t n, char *buf, size_t bufsz);
int is_verified(struct stat *);
void add_verify_status(struct stat *, int);
struct vectx;
struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *, const char *);
ssize_t vectx_read(struct vectx *, void *, size_t);
off_t vectx_lseek(struct vectx *, off_t, int);
int vectx_close(struct vectx *, int, const char *);
#endif /* _VERIFY_FILE_H_ */
Reference in a new issue View git blame Copy permalink