Preparation for updating bearssl, pull in updates to libsecureboot.
o fix handling of some out-of-memory cases
o allow more control over reporting of Verified/Unverified files.
this helps boot time when console output is slow
o recheck verbose/debug level after reading any unverified file
o more debug support for vectx
o hash_string to support fake stat for tftp
o tests/tvo add -v to simply verify signatures
o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
verification in loader
o report date when certificate fails validity period checks
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
set our guard value immediately.
also replace call to ve_trust_init in opgp_sig.c:initialize with
call to openpgp_trust_init.
Reported by: mindal@semihalf.com
Reviewed by: jhibbits obrien
MFC after: 1 week
Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.
Ensure we do not add duplicate keys to trust store.
Also allow reporting names of trust anchors added/revoked
We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.
Reviewed by: stevek
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20700