d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
330f749452
freebsd-skq/stand/efi
History
mw 330f749452 Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation 
UEFI related headers were copied from edk2.

A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow
loading of trusted anchors from UEFI.

Certificate revocation support is also introduced.
The forbidden certificates are loaded from dbx variable.
Verification fails in two cases:

There is a direct match between cert in dbx and the one in the chain.
The CA used to sign the chain is found in dbx.
One can also insert a hash of TBS section of a certificate into dbx.
In this case verifications fails only if a direct match with a
certificate in chain is found.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision:	https://reviews.freebsd.org/D19093
2019-03-06 06:39:42 +00:00
..
boot1 MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel 2019-01-05 22:45:20 +00:00
fdt Remove now-unused variable after r328809 2018-02-04 17:31:50 +00:00
include loader.efi: efi variable rework and lsefi command added 2019-01-03 20:27:50 +00:00
libefi Allow reading the UEFI variable size 2019-02-08 14:56:28 +00:00
loader Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation 2019-03-06 06:39:42 +00:00
loader_4th Create a loader for each interpreter for x86 BIOS and all EFI 2018-08-14 18:44:41 +00:00
loader_lua Create a loader for each interpreter for x86 BIOS and all EFI 2018-08-14 18:44:41 +00:00
loader_simp Create a loader for each interpreter for x86 BIOS and all EFI 2018-08-14 18:44:41 +00:00
Makefile Create a loader for each interpreter for x86 BIOS and all EFI 2018-08-14 18:44:41 +00:00
Makefile.inc Hoist EFI_TARGET and SOURCE_DATE_EPOCH up into efi/Makefile.inc 2018-07-20 05:18:03 +00:00