freebsd-nq/stand
Marcin Wojtas 13ea0450a9 Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation
UEFI related headers were copied from edk2.

A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow
loading of trusted anchors from UEFI.

Certificate revocation support is also introduced.
The forbidden certificates are loaded from dbx variable.
Verification fails in two cases:

There is a direct match between cert in dbx and the one in the chain.
The CA used to sign the chain is found in dbx.
One can also insert a hash of TBS section of a certificate into dbx.
In this case verifications fails only if a direct match with a
certificate in chain is found.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision:	https://reviews.freebsd.org/D19093
2019-03-06 06:39:42 +00:00
..
arm Go back to one loader.conf 2018-02-26 03:16:47 +00:00
arm64 No need to make objects here. 2018-04-27 22:15:18 +00:00
common Add -d flag to load command 2019-03-04 19:50:59 +00:00
defaults Enable lualoader's kernel autodetection, disabled on install media 2018-10-11 17:17:54 +00:00
efi Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation 2019-03-06 06:39:42 +00:00
fdt stand: fdt: Drop some write-only assignments/variables and leaked bits 2018-08-23 18:01:34 +00:00
ficl Enable veriexec for loader 2019-02-26 06:22:10 +00:00
ficl32 Enable veriexec for loader 2019-02-26 06:22:10 +00:00
forth Regularize the Netflix copyright 2019-02-04 21:28:25 +00:00
i386 Enable veriexec for loader 2019-02-26 06:22:10 +00:00
kshim A more definitions to kernel emulation shim in order to build stand/usb. 2018-02-07 18:50:36 +00:00
liblua Enable veriexec for loader 2019-02-26 06:22:10 +00:00
liblua32 Add Lua as a scripting langauge to /boot/loader 2018-02-12 15:31:53 +00:00
libsa Enable veriexec for loader 2019-02-26 06:22:10 +00:00
libsa32 Enable veriexec for loader 2019-02-26 06:22:10 +00:00
lua lualoader: only clear the screen before first password prompt 2019-02-18 02:59:47 +00:00
man Improve formatting. 2018-08-15 11:39:13 +00:00
mips Unbreak mip64 build after r328437 2019-01-20 21:09:44 +00:00
ofw Stop using ../zfs/libzfs.h but instead use libzfs.h. 2018-07-08 07:42:58 +00:00
powerpc powerpc/boot: Move ubldr to /boot/uboot, and make this a separate filesystem 2019-02-18 01:57:47 +00:00
sparc64 MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel 2019-01-05 22:45:20 +00:00
uboot Fix the handling of legacy-format devices in the u-boot loaderdev variable. 2019-02-20 03:00:55 +00:00
usb Move the stand/usb test loader into its own directory. 2018-02-07 19:20:59 +00:00
userboot MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel 2019-01-05 22:45:20 +00:00
defs.mk Move inclusion of src.opts.mk later. 2018-12-03 17:51:10 +00:00
fdt.mk
ficl.mk Remove redundant defs.mk includes. They aren't needed. 2018-06-14 06:14:48 +00:00
loader.mk Enable veriexec for loader 2019-02-26 06:22:10 +00:00
lua.mk Do not include float interfaces when using libsa. 2018-02-23 04:04:25 +00:00
Makefile Move ZFS files into libsa 2018-07-08 07:42:49 +00:00
Makefile.amd64 Create LOADER_UBOOT, and LOADER_OFW. Move these options out of 2018-03-01 19:50:55 +00:00
Makefile.inc Minor flags cleanup 2017-12-02 00:06:58 +00:00
uboot.mk Unify metadata load files for arm, mips, powerpc, sparc64 2018-02-13 03:44:50 +00:00