From owner-svn-src-head@freebsd.org Wed Jun 20 06:21:41 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 822B510038EE; Wed, 20 Jun 2018 06:21:41 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "thawte SHA256 SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DFC3269F66; Wed, 20 Jun 2018 06:21:40 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5K6Icov016687; Tue, 19 Jun 2018 23:21:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=adIUtSVMoWiUKm+GvnU3G9lWPb6lZqBcyNG8pfU463w=; b=u8r5rUfpLMRp9fErQHgFEv6A0Bw7rSj29RdXVmU2Ta3sDBuA1Z3EhVtXwQkaKfgkRKiO NSmV7i0ivg1F/Nr6+nU35F4FdslUW+NWqdJynuesmH1fI3FWX7T0h9w/MX2uJU79zsmc l4BQnlvAGB2LkvP74ZMNKGaAnGbzsTMqpgXBhPWH1j2AyqvvsPT5AzbM14PsAsZBzxDD 8nPiqJFk/TzmudYD+QyIs18BlnCLZrYQimYWWmvAfMUDvLFaEwfUUpJzC4RgTpG76hU4 Ww/yUMGDr9kPCEB1ZkLAr0o1mdSo0UufytKh2zWP/iLGHgdfMetFK59+qG686NB16jh2 yQ== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0056.outbound.protection.outlook.com [207.46.163.56]) by mx0b-00273201.pphosted.com with ESMTP id 2jqd66g9up-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 19 Jun 2018 23:21:39 -0700 Received: from DM5PR05CA0033.namprd05.prod.outlook.com (2603:10b6:4:39::22) by DM5PR05MB3113.namprd05.prod.outlook.com (2603:10b6:3:c6::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.884.14; Wed, 20 Jun 2018 06:21:38 +0000 Received: from DM3NAM05FT042.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::208) by DM5PR05CA0033.outlook.office365.com (2603:10b6:4:39::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.884.16 via Frontend Transport; Wed, 20 Jun 2018 06:21:38 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender) Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by DM3NAM05FT042.mail.protection.outlook.com (10.152.98.156) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.884.14 via Frontend Transport; Wed, 20 Jun 2018 06:21:37 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 19 Jun 2018 23:21:14 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w5K6LDAU011941; Tue, 19 Jun 2018 23:21:13 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 2A3C76435E; Tue, 19 Jun 2018 23:21:04 -0700 (PDT) To: CC: "Stephen J. Kiernan" , src-committers , , , Subject: Re: svn commit: r335402 - head/sbin/veriexecctl In-Reply-To: References: <201806200108.w5K18sIR050132@repo.freebsd.org> Comments: In-reply-to: Conrad Meyer message dated "Tue, 19 Jun 2018 20:33:30 -0700." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Tue, 19 Jun 2018 23:21:04 -0700 Message-ID: <96021.1529475664@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39380400002)(376002)(39860400002)(346002)(396003)(2980300002)(199004)(189003)(97876018)(8676002)(478600001)(5660300001)(81156014)(81166006)(8746002)(47776003)(50226002)(8936002)(356003)(305945005)(106466001)(53416004)(76506005)(105596002)(2810700001)(2906002)(68736007)(97736004)(50466002)(11346002)(446003)(6916009)(2486003)(23676004)(26005)(77096007)(7126003)(229853002)(486006)(69596002)(476003)(126002)(6266002)(450100002)(6246003)(107886003)(59450400001)(316002)(86362001)(4326008)(54906003)(9686003)(55016002)(7696005)(53936002)(76176011)(2351001)(336012)(117636001)(186003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3113; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT042; 1:rQtFoOWaBgjwMwvJG7aOv56qeeJLhtapedjfgylrbKNXWSDXrwDQ0JqSs6FI9nMVXnXvhZ8+WCqeYafrw4BHqJBGtZ66SLZ6hdXgeebKe2FjdPFtEPGLHqBMk2W27DMp X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 859790e1-5ed8-4f0c-72e0-08d5d676145f X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(2017052603328)(7153060); SRVR:DM5PR05MB3113; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 3:NI81tSC8hLmKf1lXDc9+Uk1wMM390B1rqzO+HefZ+0zQENMQf2t1Dym1vaWZQUkDL6TVsfFs51K4BFnlyUlKmz3kaOKOwesGClj2MeXTed0oR9rAXHD1ycfatfOMvx7lzBgnokLs2Os7Khdv4PDM1l1Zba/zyjybzcNwSPKHFzPeJDCnoBthlHf9cVpivfh1jsJ1ktLhgOyrKn7+g1DOi59lRTY7A4WtENpyCgfE2RT9Ulw6Pr1ixiEFrEWB6MdC5/X1jn761qTwLl6keJD2/y0xqi82cDX9QXSZ/6LrTD1mgbB9lXcRQlFjTSBwr+YEUzFUvSJ0kFX4PIrO6Oq8AuDTtzLUaLrxvqEfjSquFyo=; 25:Spc3fyT2GbAqayixCXPiJhq9TCTNo43XlN+1xAbqTM9/Iftm11dHi2NYuZ5aVyJFDEyLbRgYsHiANU7Iv85Ysvx5Vzp3HoEb2KMBvgMApj9EsEivPUefkvD1jToEhrbb1rzQlhGwn2FQ6zABMI+cmmC1DWwH1Yy3CuR8cfqioh+4/wcibIp+ixpPQ+IRzgNaFVTIQtzRH11p/0Lm8CvX5m+b3hOaWb6QszBqZdgAvNoKy7MwinUIe6CqgtdxG4a8Wbco7n+xqG9BNE19aBG7E3Yii+Ht2b1IF7KAooqfvZ/VMShX8dh7Z7LUB2Q7XcdGDlP50SPQx0op3a9pD6dNWw== X-MS-TrafficTypeDiagnostic: DM5PR05MB3113: X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 31:NzTHvJ5QKQmm7SlSsVcgZOWAkUTi6uTl5zqwc6Eg5DTq9psjoVgvYhbTvuFu16O9swCs1keJEOeniyb5ckicm+qV1QSpN0T5xBnGVPK29tw78CWfWeyiYCipUYCbFTMkNoufAlIPBNDTe7z6U0Y9s3lioeiNQFwVaTF770ZspiO8pmZo5DwBiDbMG0QXmicVnk8hpSR9OHdWvgnD4ROOCsKeG3TvYFlyNgXdV7Aueq0=; 20:6KJENp5bMqcPvpDKCr8UMGNrNAoVW9L5uDQdKr/EPJN/Tdiyn6VpR1/YaXoGv3iRBdmSLve8hFSM6mcciLyz7rnNY75lXcfQInqnCxyDwYAVOi8uKXeG7OAtt9eI10yP6bCvU7CyK0+AOFzbJFPpwSn1rWY46CrOYcCl9CdpFs21p/E4gnxkn1bflfOrps7XLoLta4eC73sEHW5UovtDeEP2eibZPYuxuwlrFZUCSFfn06M2FqRCnx0oph6hrCdKCIvtSKiBvQaB1QowMBfWQZHf14FGx+FVk0NJC9HvANkqv4f6UQeticx9Xrej4Vq4+bUGbnTz7mMfFU4Ok4PwYpWJfNWAgaTuFovWDcbN/9oFySxAwIALz5vHYke5w5hz/cuO03ArX8yBO0Xd61b8hvSFcB1AfLppJ6LOb0MBHSoz6ZrJ2XF2SDighg29vfrVk+6ouzBwvsoneSXRP5qwzSbKAlfWbTcdwDEUgWS5OpphpWUE8dpAA7AITSUKiCZt X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(158342451672863); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:DM5PR05MB3113; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB3113; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 4:s0/1fz5WdvUJeN2DXrDa+HMY/g8L2+bw/cy57cDbwVvQezpEuvJuVJfjID8mLRGlWbrcuFoKkve50M+igvvdbW9dd/FXwsvBFzO05ugmKB3UJISwJLMLamVXN9X+TbyjomO9pgkTokpcmRZgp/btT3qCu1ttkZTZ6l9ujdOkLE7eLqb29u2DVSFcSUvOgeq3CEvd2k8n/hjq7SUeldib1sHc668CZ4M3tayZtFIK3SPyxGaznVpHy1v+qNqgpoM+blJ0MFjylOqdu37G+yP/+s6FXRafKHzSSCpapMOEdU9PURdDz4tS2LWSp/liRMDs X-Forefront-PRVS: 070912876F X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjA1TUIzMTEzOzIzOmYwV0hFRkpmcWtQWnZFakkrUjZCRWxwTUdp?= =?utf-8?B?dktsM1krWFlwWktoQXBVNEsrOVlSOTZKZGtEUE92Ujg0NS8zQnJxY3Arc1d1?= =?utf-8?B?aXJBbXc5cUxsY2x4OW80NHdqYjdidk9CaEJLdWJSeWp5Vk8wdit2UDdtbkxZ?= =?utf-8?B?dmd0UWNRLzV1NHRtd1N6d2ZrQ1dxaEQvSHZFU3F5azlRSHlJSnl2aTlISjg3?= =?utf-8?B?WEZkbUhCQVc4dmk5eWVqU3k4cTIyNFpGbUxDMUZscS8wdkRvcVp1TDdmVXFU?= =?utf-8?B?NklzS2FMRjF3VEFYeWg5SmZuS2dTNHp4NUkzWHhlczdzaGltV1VORXNYbitH?= =?utf-8?B?WUh4UktyS21DZTNXQlRycGcxV3luRWZzZnNSajFSMmhMRWVpL3NRYmVQdTdG?= =?utf-8?B?ZjlYV1Uyc0VnUkl1WWxqQzhaSGxnNWduQ2VtSVNzMUVCZElCQ25NUTZlZHBx?= =?utf-8?B?QkJQV08xUkkyUFV2MUJML0JxWk1LV3hKVy9ML05nWTR3L2dqdDY3Ry8rYWJ1?= =?utf-8?B?ZzJqVlBkTFZ1eTVOd1V2VFc4bXpNNkErTVA2RFdLNjdlajRIMDZTdTNkQkNw?= =?utf-8?B?U0xoL05veXVQZ1E2TkRnU2NwMDFDckZsVXVzWllNdnV0TGdURmE2SDFaTGI1?= =?utf-8?B?KzRFMjZDRWZXK1QzVFo4NEhrNittMzJLaTdFUVFocG9SaFlzOU5wZjVHSk5T?= =?utf-8?B?OUQyT2hiRWJHeVFIN2xGandFZG4ybUdieDN6MFpWNkl1eVlyS29ULzFvVGRP?= =?utf-8?B?TG5xYUdpUjN3RFFQV2l5aDZsNEdqZGFPdURNK2trQVQzNmZmeDY2aEdhcWV6?= =?utf-8?B?VWRHMG9aaEVrQjQxM1JzaFhMMGt6YWtQYktNSXJkWXovS0VtN1Z5dkU3cHNQ?= =?utf-8?B?UThxMi95dWhoZzlIOWh5aGZHMG5KNkNoR1RKd2ZDMHdtUVZSSUpkd1JoeEtM?= =?utf-8?B?VDl4SVdRY2puQ0RJclJvcDExc2lFempzVGxNMURzelhDSnczQnMrVVNwdEpZ?= =?utf-8?B?Yko3c2t5R3Q4TFdSS2NuUy9xbElTYjNwTXFFMmJIaUJjVUZlQVRJOEVKbVNj?= =?utf-8?B?aVN2ZGU4M0RVeTR3STRyRy80SGxKb0QwT1BYTGxnVVRlYmEzRmxBaEpxYWlu?= =?utf-8?B?TzZDMG43V2E1TTlJWTFHaWpyS0g2V2UwY3FRVUJCTGg4aW5kVGJHcUVEU2dV?= =?utf-8?B?cCtVV2cyZ00rZ2ZTWEJHVnE4RkRTV1g2YzdWWU0xUTZBTlpRdzVDL05IVEk0?= =?utf-8?B?U0N3cm05MGZKR0hPczlJNDZvQXM4SmFudXkyK2dvd0hiNU9CSGRZY2JCS0JJ?= =?utf-8?B?WmRmangwRUowcEhtUUErWWpqWmtkakNla2tXZFpxMkN2WlFoWmsxcDdiOXMx?= =?utf-8?B?THZWSEhFMS9JMkVZUlJDVEUvb0VqZlV2cmFnUXUyRVJmV1VnS0l4a3ovOUJy?= =?utf-8?B?dEh1WnlFbDhOcE5GRjMzSnpZeHBrNVd6L1ZORmxHeGlnUTQ3RnozbGN2c3g5?= =?utf-8?B?Sm01NklNQ1NTVnIycm9va2dBTFVlU2VkZU82Tk5PRXhIdE9uOVBDajJoQld0?= =?utf-8?B?STluQWhFc0NNczV1MmE2TkVZTXpaZzc4VEdYeUNxb2tMdjlNdkttcE5sajhr?= =?utf-8?B?Y3FkUTlYVWp1RUJNdkgrb1BqMjFSampjUkhpclJDK25WMVozOFRhNVJZT3BN?= =?utf-8?B?OWxlbkhsdnJXU0VSZllCakNST0M2dlZ6enhlV1lqYm5DQWRXQ2twUU1iZ2lk?= =?utf-8?B?cnJldjlQazZEV1lDeG82THZRM3I1aDNtcThrTmJPeDMvUzRwRm1OWWMzQ2Ft?= =?utf-8?B?ZWZ1MUZsR3d4NUViVzhRdVI5WHMzbmc4UzkxYXlGS3Q2NmMxTGdBeE9UV2tQ?= =?utf-8?Q?AVMFpnmAjBo=3D?= X-Microsoft-Antispam-Message-Info: yORKhVOlGLM3wpe14sVrbJVu6zP+E8jOpitXIRKX0wjwV1xVSfC/Mto7I0jwJ96H/0nyXU2kg1dMh8e23W2So9ORTHATbCcgezMMUcvXTSsSwCIXB/Ul6OTE93bh1ypQeoUm2DvwGyTcCIXkuvuCzWdHRK2/DBp1AbMVmsuTVg4KDcqtld57IwL3C7tZ1VEMF8E/kbMT+ay3aF00jBKE6cs8g1lP/h3wVG7p7Uu9ubG9Y5uqrj0+GvwqXm6RBi9uP/GTbZA9ipDm+I87a8C+Y2Jnhr0kCYxDKw5rSffKOud6pfTIPZIb5iS9xQJjugGeRtt9Yw6QOSec/XR45MRvCQ== X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 6:WKbxKTJ8eSdUiEM4+5J1r/241CNLU2KNbsGAlcby8a5YziaWHSQTpkGvL9CdPQX8Wj2vG6G6T517K/v/ZYsf/jLfyPxIhAoTuEnqnMhlSK0GWqcwtbcffBKwFCbve3YC40V/efjU9/YzQwo3/aPGsuvfTL8lcMhlV8ucnG7qZDg+7X/EgrG0/hHS72cLEoIHLoooVxAv90W3+T3SgJaOmX9ed4pY5LruwSlejsIgREaHE+pAW9kFVdQ0abqvT0Hq03d06ZFMwUsA2UlPKA3r26qAMQVsoLQ6cuhzZh6KZpcUWDOiTa3FuYKuMW7y5zJ/QaotUX3Of6uN9e23ZQQ+FRyabyVVmiD/zUs+CUtxpYs33cPYGgcqKxsUWRwDH5Cozx/6EdBz9ryp4I/YWS5s90IVO11iGKL3CgUmVft+xpka2qXiwq5P55KWb2HtvdTI4lqpcPFdIxsh3rg/45NB8Q==; 5:g9SBLFiQVtpPFaLvZinmKXBLyXXak74KFILUHqR74cOKuxCfAP1DrQ0PViTx+1iDYWNb0JhRsT9O8wADIIj3vw5QuxzGggANnoA8DZUpW57KZ+IwrgOb4Z+G1YwIwaU38dEiJ+YJ2jrruL6cb7JNVeFD9kTFCWdApzLqEBJSK3k=; 24:ZzAqIrmXSl6oY4I2f2yKks+qItAhZc14GhQAXA+EkZSK5VnW3orffLNc8J2R3oyDvwXglOA5aXNfzO/NpQ7ZqorQKFy7RWBe7Q1BeP0jyzY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3113; 7:zkwMdbGeFJC8+3hCi6FqK9hmWaebsQsdZOCc+3RCQJFz1gFqnm1ySOZVRiZIgvwBuSyf+UUbtCX2kQX36s7+Ge+DA5rTzP53jbY95/SsznJrxyAHFZnw5oCggPemljTIzJhchJGg3ylWQ0oJF3kEKONdavJrhxVxLrHxu9k4Wus27uKDUh1hh6KW0giS3QWKKpoy+ahtrWd1MSYL6Z1CrdUcMQyJw9k1KqXaxnZER1xzj43VbKqgZcQwKxqvm7JX X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2018 06:21:37.5952 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 859790e1-5ed8-4f0c-72e0-08d5d676145f X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3113 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-20_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806200072 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2018 06:21:41 -0000 Conrad Meyer wrote: > First and foremost: nothing is actually signed, anywhere. The The signing of manifests is external. The veriexecctl tool is I assume a straight copy of what's in NetBSD (I've not looked at it in at least a decade). A veriexec loader that leverages signed manifests requires some signing infra. That's a big topic all by itself. As I mentioned in my talk at BSDCan, the signing server we use is open source and handles pretty much anything OpenSSL can, as well as OpenPGP (and others). I also made a point of suggesting that the packages for base system include signed manifests. Tweaking the veriexec loader to only process manifests after verification is not hard - one of the first things I did when pulling veriexec into Junos almost 15 years ago. > As a corollary to the above, the name "signature file" is used > repeatedly in the code, which is misleading. The file contains hashes > (digests), not signatures (MACs). The file itself is unsigned. > Nothing about this has signatures. NetBSD refers to the hashes as fingerprints - AFAIK that terminology is retained. If the term signature is used to refer to anything other than the signed manifests that should be fixed. > There's absolutely no reason to use sha1 or ripemd in new designs. > These should be removed. Sorry I disagree - not with ripem (we never supported that or any of the non-NIST approved hashes), but sha1 is still approved by NIST for firmware integrity checks - which is what this is, and sha1 is cheaper than sha256. As I mentioned in my talk we've included support for sha256 for 10+ years, but do not plan to drop sha1 until NIST deprecate it for that purpose since boot time is a very sensitive subject for us. > The patchset is littered with style issues. One fairly obvious issue > is mixed indentation styles =E2=80=94 some files vary between space and t= ab > indentation from line to line. You can probably blame me for some of that. I only recently found a style9.el that does a half decent job of formatting per style(9). > Please revert this patchset. It's not ready. >=20 > Some suggestions for a second attempt: >=20 > - Maybe use HMACs instead of raw hashes Why? > - Maybe sign the source-of-trust file We do. As noted above, we cannot upstream that until FreeBSD has suitable signing infra. > - Fix the style issues > - Fix the compiler warnings at 6