13ea0450a9
UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093 |
||
|---|---|---|
| .. | ||
| boot | ||
| bsdbox | ||
| build | ||
| bus_space | ||
| debugscripts | ||
| diag | ||
| ifnet | ||
| kerneldoc | ||
| LibraryReport | ||
| regression | ||
| sched | ||
| test | ||
| tools | ||
| install.sh | ||
| make_libdeps.sh | ||
| README | ||
| tinder.sh | ||
$FreeBSD$ This directory tree contains tools used for the maintenance and testing of FreeBSD. There is no toplevel Makefile structure since these tools are not meant to be built as part of the standard system, though there may be individual Makefiles in some of the subdirs. Please read the README files in the subdirs for further information.