freebsd-src.git - FreeBSD sources

Age	Commit message (Collapse)	Author
2024-07-15	Remove residual blank line at start of Makefile	Warner Losh
	This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
2023-08-16	Remove $FreeBSD$: one-line sh pattern	Warner Losh
	Remove /^\s#[#!]?\s\$FreeBSD\$.*$\n/
2023-08-16	Remove $FreeBSD$: one-line .c pattern	Warner Losh
	Remove /^[\s]__FBSDID$"\$FreeBSD\$"$;?\s*\n/
2022-04-18	Update libsecureboot	Simon J. Gerraty
	Preparation for updating bearssl, pull in updates to libsecureboot. o fix handling of some out-of-memory cases o allow more control over reporting of Verified/Unverified files. this helps boot time when console output is slow o recheck verbose/debug level after reading any unverified file o more debug support for vectx o hash_string to support fake stat for tftp o tests/tvo add -v to simply verify signatures o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify verification in loader o report date when certificate fails validity period checks Reviewed by: stevek Sponsored by: Juniper Networks, Inc.
2020-03-08	veloader use vectx API for kernel and modules	Simon J. Gerraty
	The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org//D23827 Notes: svn path=/head/; revision=358744
2019-05-19	libsecureboot: allow control of when pseudo pcr is updated	Simon J. Gerraty
	During boot we only want to measure things which must be verified - this should provide more deterministic ordering. Reviewed by: stevek MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20297 Notes: svn path=/head/; revision=347981
2019-05-09	libsecureboot: make it easier to customize trust anchors	Simon J. Gerraty
	Avoid making hash self-tests depend on X.509 certs. Include OpenPGP keys in trust store count. Reviewed by: stevek MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20208 Notes: svn path=/head/; revision=347408
2019-03-04	Allow for reproducible build	Simon J. Gerraty
	Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes. Default SOURCE_DATE_EPOCH to 2019-01-01 Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D19464 Notes: svn path=/head/; revision=344784
2019-02-26	Add libsecureboot	Simon J. Gerraty
	Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16335 Notes: svn path=/head/; revision=344565