From owner-svn-src-all@freebsd.org Tue Sep 3 14:08:20 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF613DDAC8; Tue, 3 Sep 2019 14:07:25 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N80Y3fgMz4QbF; Tue, 3 Sep 2019 14:07:25 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id CE0211B5EE; Tue, 3 Sep 2019 14:06:38 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id CEE49B188; Tue, 23 Apr 2019 20:25:29 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 39D9A89909; Tue, 23 Apr 2019 20:25:29 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 14755B16A; Tue, 23 Apr 2019 20:25:29 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id C2AFEB168 for ; Tue, 23 Apr 2019 20:25:26 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7A3A389905; Tue, 23 Apr 2019 20:25:26 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 367071AED; Tue, 23 Apr 2019 20:25:26 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3NKPQhH001938; Tue, 23 Apr 2019 20:25:26 GMT (envelope-from sjg@FreeBSD.org) Received: (from sjg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3NKPPaR001935; Tue, 23 Apr 2019 20:25:25 GMT (envelope-from sjg@FreeBSD.org) Message-Id: <201904232025.x3NKPPaR001935@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org using -f From: "Simon J. Gerraty" To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346604 - in head/lib/libsecureboot: . h X-SVN-Group: head X-SVN-Commit-Author: sjg X-SVN-Commit-Paths: in head/lib/libsecureboot: . h X-SVN-Commit-Revision: 346604 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 39D9A89909 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.973,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:08:20 -0000 X-Original-Date: Tue, 23 Apr 2019 20:25:25 +0000 (UTC) X-List-Received-Date: Tue, 03 Sep 2019 14:08:20 -0000 Author: sjg Date: Tue Apr 23 20:25:25 2019 New Revision: 346604 URL: https://svnweb.freebsd.org/changeset/base/346604 Log: Allow no_hash to appear in manifest. sbin/veriexec will ignore entries that have no hash anyway, but loader needs to be explicitly told that such files are ok to ignore (not verify). We will report as Unverified depending on verbose level, but with no reason - because we are not rejecting the file. Reviewed by: imp, mindal_semihalf Sponsored by: Juniper Networks MFC After: 1 week Differential Revision: https://reviews.freebsd.org//D20018 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/vectx.c head/lib/libsecureboot/veopen.c head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/h/libsecureboot.h ============================================================================== --- head/lib/libsecureboot/h/libsecureboot.h Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/h/libsecureboot.h Tue Apr 23 20:25:25 2019 (r346604) @@ -86,6 +86,7 @@ ssize_t ve_pcr_get(unsigned char *, size_t); #define VEF_VERBOSE 1 #define VE_FINGERPRINT_OK 1 +#define VE_FINGERPRINT_IGNORE 2 /* errors from verify_fd */ #define VE_FINGERPRINT_NONE -2 #define VE_FINGERPRINT_WRONG -3 Modified: head/lib/libsecureboot/vectx.c ============================================================================== --- head/lib/libsecureboot/vectx.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/vectx.c Tue Apr 23 20:25:25 2019 (r346604) @@ -120,7 +120,10 @@ vectx_open(int fd, const char *path, off_t off, struct ctx->vec_status = VE_FINGERPRINT_NONE; ve_error_set("%s: no entry", path); } else { - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + ctx->vec_status = VE_FINGERPRINT_IGNORE; + hashsz = 0; + } else if (strncmp(cp, "sha256=", 7) == 0) { ctx->vec_md = &br_sha256_vtable; hashsz = br_sha256_SIZE; cp += 7; @@ -150,11 +153,13 @@ vectx_open(int fd, const char *path, off_t off, struct *error = ctx->vec_status; ctx->vec_hashsz = hashsz; ctx->vec_want = cp; - ctx->vec_md->init(&ctx->vec_ctx.vtable); + if (hashsz > 0) { + ctx->vec_md->init(&ctx->vec_ctx.vtable); - if (hashsz > 0 && off > 0) { - lseek(fd, 0, SEEK_SET); - vectx_lseek(ctx, off, SEEK_SET); + if (off > 0) { + lseek(fd, 0, SEEK_SET); + vectx_lseek(ctx, off, SEEK_SET); + } } return (ctx); Modified: head/lib/libsecureboot/veopen.c ============================================================================== --- head/lib/libsecureboot/veopen.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/veopen.c Tue Apr 23 20:25:25 2019 (r346604) @@ -345,7 +345,9 @@ verify_fingerprint(int fd, const char *path, const cha size_t hlen; int n; - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + return (VE_FINGERPRINT_IGNORE); + } else if (strncmp(cp, "sha256=", 7) == 0) { md = &br_sha256_vtable; hlen = br_sha256_SIZE; cp += 7; @@ -423,6 +425,7 @@ verify_fd(int fd, const char *path, off_t off, struct rc = verify_fingerprint(fd, path, cp, off); switch (rc) { case VE_FINGERPRINT_OK: + case VE_FINGERPRINT_IGNORE: case VE_FINGERPRINT_UNKNOWN: return (rc); default: Modified: head/lib/libsecureboot/verify_file.c ============================================================================== --- head/lib/libsecureboot/verify_file.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/verify_file.c Tue Apr 23 20:25:25 2019 (r346604) @@ -343,10 +343,14 @@ verify_file(int fd, const char *filename, off_t off, i if ((rc = verify_fd(fd, filename, off, &st)) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 - printf("Verified %s %llu,%llu\n", filename, + printf("%serified %s %llu,%llu\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename, (long long)st.st_dev, (long long)st.st_ino); #else - printf("Verified %s\n", filename); + printf("%serified %s\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename); #endif } if (severity < VE_MUST) { /* not a kernel or module */