From owner-svn-src-all@freebsd.org  Fri Apr 12 01:03:07 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A147156E970;
 Fri, 12 Apr 2019 01:03:07 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1371D85527;
 Fri, 12 Apr 2019 01:03:07 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 08B971A408;
 Fri, 12 Apr 2019 01:03:07 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3C137e9053964;
 Fri, 12 Apr 2019 01:03:07 GMT (envelope-from sjg@FreeBSD.org)
Received: (from sjg@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3C1302P053933;
 Fri, 12 Apr 2019 01:03:00 GMT (envelope-from sjg@FreeBSD.org)
Message-Id: <201904120103.x3C1302P053933@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org
 using -f
From: "Simon J. Gerraty" <sjg@FreeBSD.org>
Date: Fri, 12 Apr 2019 01:03:00 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r346145 - in stable/12: contrib/bearssl etc/mtree include
 lib lib/libbearssl lib/libsecureboot lib/libsecureboot/tests sbin
 sbin/veriexec share/mk stand stand/common stand/ficl stand/fi...
X-SVN-Group: stable-12
X-SVN-Commit-Author: sjg
X-SVN-Commit-Paths: in stable/12: contrib/bearssl etc/mtree include lib
 lib/libbearssl lib/libsecureboot lib/libsecureboot/tests sbin sbin/veriexec
 share/mk stand stand/common stand/ficl stand/ficl32 stand/i386/loader st...
X-SVN-Commit-Revision: 346145
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 1371D85527
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.94 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.997,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.94)[-0.945,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 01:03:07 -0000

Author: sjg
Date: Fri Apr 12 01:03:00 2019
New Revision: 346145
URL: https://svnweb.freebsd.org/changeset/base/346145

Log:
  Add support for loader veriexec
  
  Also sbin/veriexec for mac_veriexec
  
  MFC r343281,344564-344568,344780,344784,345289,346070

Added:
  stable/12/contrib/bearssl/
     - copied from r344564, head/contrib/bearssl/
  stable/12/lib/libbearssl/
     - copied from r344564, head/lib/libbearssl/
  stable/12/lib/libsecureboot/
     - copied from r344565, head/lib/libsecureboot/
  stable/12/sbin/veriexec/
     - copied from r344567, head/sbin/veriexec/
  stable/12/tools/build/options/WITH_BEARSSL
     - copied unchanged from r344566, head/tools/build/options/WITH_BEARSSL
  stable/12/tools/build/options/WITH_LOADER_VERIEXEC
     - copied unchanged from r344566, head/tools/build/options/WITH_LOADER_VERIEXEC
  stable/12/tools/build/options/WITH_VERIEXEC
     - copied unchanged from r344566, head/tools/build/options/WITH_VERIEXEC
Modified:
  stable/12/etc/mtree/BSD.include.dist
  stable/12/include/Makefile
  stable/12/lib/Makefile
  stable/12/lib/libsecureboot/Makefile.inc
  stable/12/lib/libsecureboot/tests/Makefile
  stable/12/lib/libsecureboot/verify_file.c
  stable/12/sbin/Makefile
  stable/12/share/mk/src.libnames.mk
  stable/12/share/mk/src.opts.mk
  stable/12/stand/common/boot.c
  stable/12/stand/common/bootstrap.h
  stable/12/stand/common/interp_forth.c
  stable/12/stand/common/interp_simple.c
  stable/12/stand/common/load_elf.c
  stable/12/stand/common/load_elf_obj.c
  stable/12/stand/common/module.c
  stable/12/stand/ficl/Makefile.depend
  stable/12/stand/ficl/ficl.h
  stable/12/stand/ficl/fileaccess.c
  stable/12/stand/ficl32/Makefile.depend
  stable/12/stand/i386/loader/Makefile.depend
  stable/12/stand/liblua/Makefile
  stable/12/stand/liblua/lstd.c
  stable/12/stand/libsa/Makefile
  stable/12/stand/libsa/Makefile.depend
  stable/12/stand/libsa32/Makefile.depend
  stable/12/stand/loader.mk
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/etc/mtree/BSD.include.dist
==============================================================================
--- stable/12/etc/mtree/BSD.include.dist	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/etc/mtree/BSD.include.dist	Fri Apr 12 01:03:00 2019	(r346145)
@@ -160,6 +160,8 @@
         ..
         usb
         ..
+        veriexec
+        ..
         vkbd
         ..
         wi
@@ -353,6 +355,8 @@
         mac_mls
         ..
         mac_partition
+        ..
+        mac_veriexec
         ..
     ..
     ssp

Modified: stable/12/include/Makefile
==============================================================================
--- stable/12/include/Makefile	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/include/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -47,7 +47,7 @@ LSUBDIRS=	cam/ata cam/mmc cam/nvme cam/scsi \
 	dev/hwpmc dev/hyperv \
 	dev/ic dev/iicbus dev/io dev/mfi dev/mmc dev/nvme \
 	dev/ofw dev/pbio dev/pci ${_dev_powermac_nvram} dev/ppbus dev/smbus \
-	dev/speaker dev/tcp_log dev/vkbd dev/wi \
+	dev/speaker dev/tcp_log dev/veriexec dev/vkbd dev/wi \
 	fs/devfs fs/fdescfs fs/msdosfs fs/nandfs fs/nfs fs/nullfs \
 	fs/procfs fs/smbfs fs/udf fs/unionfs \
 	geom/cache geom/concat geom/eli geom/gate geom/journal geom/label \
@@ -60,6 +60,7 @@ LSUBDIRS=	cam/ata cam/mmc cam/nvme cam/scsi \
 	security/audit \
 	security/mac_biba security/mac_bsdextended security/mac_lomac \
 	security/mac_mls security/mac_partition \
+	security/mac_veriexec \
 	sys/disk \
 	ufs/ffs ufs/ufs
 
@@ -157,7 +158,7 @@ copies: .PHONY .META
 		done; \
 	fi
 .endfor
-.for i in ${LDIRS} ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci} ${LSUBSUBDIRS}
+.for i in ${LDIRS} ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci:Ndev/veriexec} ${LSUBSUBDIRS}
 	cd ${SRCTOP}/sys; \
 	${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 $i/*.h \
 	    ${SDESTDIR}${INCLUDEDIR}/$i
@@ -196,6 +197,9 @@ copies: .PHONY .META
 	cd ${SRCTOP}/sys/dev/pci; \
 	${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 pcireg.h \
 	    ${SDESTDIR}${INCLUDEDIR}/dev/pci
+	cd ${SRCTOP}/sys/dev/veriexec; \
+	${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 veriexec_ioctl.h \
+	    ${SDESTDIR}${INCLUDEDIR}/dev/veriexec
 	cd ${SRCTOP}/sys/fs/cd9660/; \
 	${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 *.h \
 	    ${SDESTDIR}${INCLUDEDIR}/isofs/cd9660
@@ -264,7 +268,7 @@ symlinks: .PHONY .META
 		${INSTALL_SYMLINK} ${TAG_ARGS} ../../../sys/$i/$$h ${SDESTDIR}${INCLUDEDIR}/$i; \
 	done
 .endfor
-.for i in ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci}
+.for i in ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci:Ndev/veriexec}
 	cd ${SRCTOP}/sys/$i; \
 	for h in *.h; do \
 		${INSTALL_SYMLINK} ${TAG_ARGS} ../../../../sys/$i/$$h ${SDESTDIR}${INCLUDEDIR}/$i; \
@@ -311,6 +315,11 @@ symlinks: .PHONY .META
 	for h in pcireg.h; do \
 		${INSTALL_SYMLINK} ${TAG_ARGS} ../../../../sys/dev/pci/$$h \
 		    ${SDESTDIR}${INCLUDEDIR}/dev/pci; \
+	done
+	cd ${SRCTOP}/sys/dev/veriexec; \
+	for h in veriexec_ioctl.h; do \
+		ln -fs ../../../../sys/dev/veriexec/$$h \
+		    ${SDESTDIR}${INCLUDEDIR}/dev/veriexec; \
 	done
 .for i in ${LSUBSUBDIRS}
 	cd ${SRCTOP}/sys/$i; \

Modified: stable/12/lib/Makefile
==============================================================================
--- stable/12/lib/Makefile	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/lib/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -133,6 +133,7 @@ SUBDIR_DEPEND_libpcap= ofed
 # NB: keep these sorted by MK_* knobs
 
 SUBDIR.${MK_ATM}+=	libngatm
+SUBDIR.${MK_BEARSSL}+=	libbearssl libsecureboot
 SUBDIR.${MK_BLACKLIST}+=libblacklist
 SUBDIR.${MK_BLUETOOTH}+=libbluetooth libsdp
 SUBDIR.${MK_BSNMP}+=	libbsnmp
@@ -208,6 +209,7 @@ SUBDIR.${MK_TESTS}+=	tests
 SUBDIR.${MK_UNBOUND}+=	libunbound
 SUBDIR.${MK_USB}+=	libusbhid libusb
 SUBDIR.${MK_OFED}+=	ofed
+SUBDIR.${MK_VERIEXEC}+=	libveriexec
 SUBDIR.${MK_ZFS}+=	libbe
 
 .if !make(install)

Modified: stable/12/lib/libsecureboot/Makefile.inc
==============================================================================
--- head/lib/libsecureboot/Makefile.inc	Tue Feb 26 06:09:10 2019	(r344565)
+++ stable/12/lib/libsecureboot/Makefile.inc	Fri Apr 12 01:03:00 2019	(r346145)
@@ -92,6 +92,19 @@ VE_HASH_KAT_STR?= vc_PEM
 XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR}
 .endif
 
+# this should be updated occassionally this is 2019-01-01Z
+SOURCE_DATE_EPOCH?= 1546329600
+.if ${MK_REPRODUCIBLE_BUILD} == "yes"
+BUILD_UTC?= ${SOURCE_DATE_EPOCH}
+.endif
+# BUILD_UTC provides a basis for the loader's notion of time
+# By default we use the mtime of BUILD_UTC_FILE
+.if empty(BUILD_UTC_FILE)
+BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE}
+.endif
+# you can of course set BUILD_UTC to any value you like
+BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}
+
 # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM.
 #
 # If we are doing self-tests, we define another arrary vc_PEM
@@ -110,9 +123,7 @@ ta.h: ${.ALLTARGETS:M[tv]*pem:O:u}
 	( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \
 	file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET}
 .endif
-.if !empty(BUILD_UTC_FILE)
-	echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP}
-.endif
+	echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP}
 
 # This header records our preference for signature extensions.
 vesigned.o vesigned.po vesigned.pico: vse.h

Modified: stable/12/lib/libsecureboot/tests/Makefile
==============================================================================
--- head/lib/libsecureboot/tests/Makefile	Tue Feb 26 06:09:10 2019	(r344565)
+++ stable/12/lib/libsecureboot/tests/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <src.opts.mk>
+
 PROG= tvo
 
 SRCS+= tvo.c

Modified: stable/12/lib/libsecureboot/verify_file.c
==============================================================================
--- head/lib/libsecureboot/verify_file.c	Tue Feb 26 06:09:10 2019	(r344565)
+++ stable/12/lib/libsecureboot/verify_file.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -368,7 +368,7 @@ verify_file(int fd, const char *filename, off_t off, i
 			return (rc);
 		}
 
-		if (severity || verbose)
+		if (severity || verbose || rc == VE_FINGERPRINT_WRONG)
 			printf("Unverified: %s\n", ve_error_get());
 		if (rc == VE_FINGERPRINT_UNKNOWN && severity < VE_MUST)
 			rc = VE_UNVERIFIED_OK;

Modified: stable/12/sbin/Makefile
==============================================================================
--- stable/12/sbin/Makefile	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/sbin/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -86,6 +86,7 @@ SUBDIR.${MK_PF}+=	pfctl
 SUBDIR.${MK_PF}+=	pflogd
 SUBDIR.${MK_QUOTAS}+=	quotacheck
 SUBDIR.${MK_ROUTED}+=	routed
+SUBDIR.${MK_VERIEXEC}+=	veriexec
 SUBDIR.${MK_ZFS}+=	bectl
 SUBDIR.${MK_ZFS}+=	zfsbootcfg
 

Modified: stable/12/share/mk/src.libnames.mk
==============================================================================
--- stable/12/share/mk/src.libnames.mk	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/share/mk/src.libnames.mk	Fri Apr 12 01:03:00 2019	(r346145)
@@ -209,6 +209,21 @@ _LIBRARIES+= \
 		osmvendor
 .endif
 
+.if ${MK_BEARSSL} == "yes"
+_INTERNALLIBS+= \
+		bearssl \
+		secureboot \
+
+LIBBEARSSL?=	${LIBBEARSSLDIR}/libbearssl${PIE_SUFFIX}.a
+LIBSECUREBOOT?=	${LIBSECUREBOOTDIR}/libsecureboot${PIE_SUFFIX}.a
+.endif
+
+.if ${MK_VERIEXEC} == "yes"
+_INTERNALLIBS+= veriexec
+
+LIBVERIEXEC?=	${LIBVERIEXECDIR}/libveriexec${PIE_SUFFIX}.a
+.endif
+
 # Each library's LIBADD needs to be duplicated here for static linkage of
 # 2nd+ order consumers.  Auto-generating this would be better.
 _DP_80211=	sbuf bsdxml

Modified: stable/12/share/mk/src.opts.mk
==============================================================================
--- stable/12/share/mk/src.opts.mk	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/share/mk/src.opts.mk	Fri Apr 12 01:03:00 2019	(r346145)
@@ -191,6 +191,7 @@ __DEFAULT_YES_OPTIONS = \
     ZONEINFO
 
 __DEFAULT_NO_OPTIONS = \
+    BEARSSL \
     BSD_GREP \
     CLANG_EXTRAS \
     DTRACE_TESTS \
@@ -214,6 +215,8 @@ __DEFAULT_NO_OPTIONS = \
 __DEFAULT_DEPENDENT_OPTIONS= \
 	CLANG_FULL/CLANG \
 	LLVM_TARGET_ALL/CLANG \
+	LOADER_VERIEXEC/BEARSSL \
+	VERIEXEC/BEARSSL \
 
 # MK_*_SUPPORT options which default to "yes" unless their corresponding
 # MK_* variable is set to "no".

Modified: stable/12/stand/common/boot.c
==============================================================================
--- stable/12/stand/common/boot.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/boot.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -106,6 +106,10 @@ command_boot(int argc, char *argv[])
 	if (archsw.arch_autoload() != 0)
 		return(CMD_ERROR);
 
+#ifdef LOADER_VERIEXEC
+	verify_pcr_export();		/* for measured boot */
+#endif
+
 	/* Call the exec handler from the loader matching the kernel */
 	file_formats[fp->f_loader]->l_exec(fp);
 	return(CMD_ERROR);

Modified: stable/12/stand/common/bootstrap.h
==============================================================================
--- stable/12/stand/common/bootstrap.h	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/bootstrap.h	Fri Apr 12 01:03:00 2019	(r346145)
@@ -330,6 +330,9 @@ struct arch_switch
     /* Probe ZFS pool(s), if needed. */
     void	(*arch_zfs_probe)(void);
 
+    /* Return the hypervisor name/type or NULL if not virtualized. */
+    const char *(*arch_hypervisor)(void);
+
     /* For kexec-type loaders, get ksegment structure */
     void	(*arch_kexec_kseg_get)(int *nseg, void **kseg);
 };
@@ -344,6 +347,10 @@ time_t	time(time_t *tloc);
 
 #ifndef CTASSERT
 #define	CTASSERT(x)	_Static_assert(x, "compile-time assertion failed")
+#endif
+
+#ifdef LOADER_VERIEXEC
+#include <verify_file.h>
 #endif
 
 #endif /* !_BOOTSTRAP_H_ */

Modified: stable/12/stand/common/interp_forth.c
==============================================================================
--- stable/12/stand/common/interp_forth.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/interp_forth.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -282,6 +282,12 @@ bf_init(void)
 
 	/* try to load and run init file if present */
 	if ((fd = open("/boot/boot.4th", O_RDONLY)) != -1) {
+#ifdef LOADER_VERIEXEC
+		if (verify_file(fd, "/boot/boot.4th", 0, VE_GUESS) < 0) {
+			close(fd);
+			return;
+		}
+#endif
 		(void)ficlExecFD(bf_vm, fd);
 		close(fd);
 	}
@@ -378,6 +384,13 @@ interp_include(const char *filename)
 		return(CMD_ERROR);
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
+		close(fd);
+		sprintf(command_errbuf,"can't verify '%s'", filename);
+		return(CMD_ERROR);
+	}
+#endif
 	/*
 	 * Read the script into memory.
 	 */

Modified: stable/12/stand/common/interp_simple.c
==============================================================================
--- stable/12/stand/common/interp_simple.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/interp_simple.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -96,6 +96,14 @@ interp_include(const char *filename)
 		return(CMD_ERROR);
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
+		close(fd);
+		sprintf(command_errbuf,"can't verify '%s'", filename);
+		return(CMD_ERROR);
+	}
+#endif
+
 	/*
 	 * Read the script into memory.
 	 */

Modified: stable/12/stand/common/load_elf.c
==============================================================================
--- stable/12/stand/common/load_elf.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/load_elf.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -245,6 +245,12 @@ __elfN(load_elf_header)(char *filename, elf_file_t ef)
 		goto error;
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(ef->fd, filename, bytes_read, VE_MUST) < 0) {
+	    err = EAUTH;
+	    goto error;
+	}
+#endif
 	return (0);
 
 error:

Modified: stable/12/stand/common/load_elf_obj.c
==============================================================================
--- stable/12/stand/common/load_elf_obj.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/load_elf_obj.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -129,6 +129,13 @@ __elfN(obj_loadfile)(char *filename, uint64_t dest,
 		goto oerr;
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (verify_file(ef.fd, filename, bytes_read, VE_MUST) < 0) {
+	    err = EAUTH;
+	    goto oerr;
+	}
+#endif
+
 	kfp = file_findfile(NULL, __elfN(obj_kerneltype));
 	if (kfp == NULL) {
 		printf("elf" __XSTRING(__ELF_WORD_SIZE)

Modified: stable/12/stand/common/module.c
==============================================================================
--- stable/12/stand/common/module.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/common/module.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -104,9 +104,11 @@ command_load(int argc, char *argv[])
 {
     struct preloaded_file *fp;
     char	*typestr;
-    int		dofile, dokld, ch, error;
+    char	*prefix;
+    char	*skip;
+    int		dflag, dofile, dokld, ch, error;
 
-    dokld = dofile = 0;
+    dflag = dokld = dofile = 0;
     optind = 1;
     optreset = 1;
     typestr = NULL;
@@ -114,11 +116,21 @@ command_load(int argc, char *argv[])
 	command_errmsg = "no filename specified";
 	return (CMD_CRIT);
     }
-    while ((ch = getopt(argc, argv, "kt:")) != -1) {
+    prefix = skip = NULL;
+    while ((ch = getopt(argc, argv, "dkp:s:t:")) != -1) {
 	switch(ch) {
+	case 'd':
+	    dflag++;
+	    break;
 	case 'k':
 	    dokld = 1;
 	    break;
+	case 'p':
+	    prefix = optarg;
+	    break;
+	case 's':
+	    skip = optarg;
+	    break;
 	case 't':
 	    typestr = optarg;
 	    dofile = 1;
@@ -141,6 +153,14 @@ command_load(int argc, char *argv[])
 	    return (CMD_CRIT);
 	}
 
+#ifdef LOADER_VERIEXEC
+	if (strncmp(typestr, "manifest", 8) == 0) {
+	    if (dflag > 0)
+		ve_debug_set(dflag);
+	    return (load_manifest(argv[1], prefix, skip, NULL));
+	}
+#endif
+
 	fp = file_findfile(argv[1], typestr);
 	if (fp) {
 		snprintf(command_errbuf, sizeof(command_errbuf),
@@ -434,6 +454,15 @@ file_loadraw(const char *fname, char *type, int insert
 	free(name);
 	return(NULL);
     }
+
+#ifdef LOADER_VERIEXEC
+    if (verify_file(fd, name, 0, VE_MUST) < 0) {
+	sprintf(command_errbuf, "can't verify '%s'", name);
+	free(name);
+	close(fd);
+	return(NULL);
+    }
+#endif
 
     if (archsw.arch_loadaddr != NULL)
 	loadaddr = archsw.arch_loadaddr(LOAD_RAW, name, loadaddr);

Modified: stable/12/stand/ficl/Makefile.depend
==============================================================================
--- stable/12/stand/ficl/Makefile.depend	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/ficl/Makefile.depend	Fri Apr 12 01:03:00 2019	(r346145)
@@ -2,9 +2,7 @@
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	include \
-	include/xlocale \
-	lib/msun \
+	stand/libsa \
 
 
 .include <dirdeps.mk>

Modified: stable/12/stand/ficl/ficl.h
==============================================================================
--- stable/12/stand/ficl/ficl.h	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/ficl/ficl.h	Fri Apr 12 01:03:00 2019	(r346145)
@@ -1157,6 +1157,10 @@ typedef void ficlCompileFcn(FICL_SYSTEM *);
 	DATA_SET(Xficl_compile_set, func)
 SET_DECLARE(Xficl_compile_set, ficlCompileFcn);
 
+#ifdef LOADER_VERIEXEC
+#include <verify_file.h>
+#endif
+
 #ifdef __cplusplus
 }
 #endif

Modified: stable/12/stand/ficl/fileaccess.c
==============================================================================
--- stable/12/stand/ficl/fileaccess.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/ficl/fileaccess.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -67,14 +67,21 @@ static void ficlFopen(FICL_VM *pVM, char *writeMode) /
     if (f == NULL)
         stackPushPtr(pVM->pStack, NULL);
     else
+#ifdef LOADER_VERIEXEC
+	if (*mode == 'r' &&
+	    verify_file(fileno(f), filename, 0, VE_GUESS) < 0) {
+	    fclose(f);
+	    stackPushPtr(pVM->pStack, NULL);
+	} else
+#endif
         {
-        ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE));
-        strcpy(ff->filename, filename);
-        ff->f = f;
-        stackPushPtr(pVM->pStack, ff);
+	    ficlFILE *ff = (ficlFILE *)malloc(sizeof(ficlFILE));
+	    strcpy(ff->filename, filename);
+	    ff->f = f;
+	    stackPushPtr(pVM->pStack, ff);
 
-        fseek(f, 0, SEEK_SET);
-        }
+	    fseek(f, 0, SEEK_SET);
+	}
     pushIor(pVM, f != NULL);
 }
 

Modified: stable/12/stand/ficl32/Makefile.depend
==============================================================================
--- stable/12/stand/ficl32/Makefile.depend	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/ficl32/Makefile.depend	Fri Apr 12 01:03:00 2019	(r346145)
@@ -2,9 +2,7 @@
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	include \
-	include/xlocale \
-	lib/msun \
+	stand/libsa \
 
 
 .include <dirdeps.mk>

Modified: stable/12/stand/i386/loader/Makefile.depend
==============================================================================
--- stable/12/stand/i386/loader/Makefile.depend	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/i386/loader/Makefile.depend	Fri Apr 12 01:03:00 2019	(r346145)
@@ -2,15 +2,12 @@
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	include \
-	include/xlocale \
-	stand/ficl32 \
-	stand/geli \
-	stand/i386/btx/btx \
-	stand/i386/btx/btxldr \
-	stand/i386/btx/lib \
-	stand/i386/libi386 \
-	stand/libsa32 \
+	stand/${MACHINE_CPUARCH}/btx/btx \
+	stand/${MACHINE_CPUARCH}/btx/btxldr \
+	stand/${MACHINE_CPUARCH}/btx/lib \
+	stand/${MACHINE_CPUARCH}/libi386 \
+	stand/ficl \
+	stand/libsa \
 
 
 .include <dirdeps.mk>

Modified: stable/12/stand/liblua/Makefile
==============================================================================
--- stable/12/stand/liblua/Makefile	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/liblua/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -35,5 +35,8 @@ CFLAGS+= -I${BOOTSRC}/include -I${LIBLUASRC} -I${LUASR
 .if ${MACHINE_CPUARCH} == "amd64" && ${DO32:U0} == 0
 CFLAGS+=	-fPIC
 .endif
+.if ${MK_LOADER_VERIEXEC} == "yes"
+CFLAGS+= -I${SRCTOP}/lib/libsecureboot/h -DLOADER_VERIEXEC
+.endif
 
 .include <bsd.lib.mk>

Modified: stable/12/stand/liblua/lstd.c
==============================================================================
--- stable/12/stand/liblua/lstd.c	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/liblua/lstd.c	Fri Apr 12 01:03:00 2019	(r346145)
@@ -31,6 +31,10 @@ __FBSDID("$FreeBSD$");
 #include "lstd.h"
 #include "math.h"
 
+#ifdef LOADER_VERIEXEC
+#include <verify_file.h>
+#endif
+
 FILE *
 fopen(const char *filename, const char *mode)
 {
@@ -75,6 +79,17 @@ fopen(const char *filename, const char *mode)
 		close(fd);
 		return (NULL);
 	}
+
+#ifdef LOADER_VERIEXEC
+	/* only regular files and only reading makes sense */
+	if (S_ISREG(st.st_mode) && !(m & O_WRONLY)) {
+		if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
+			free(f);
+			close(fd);
+			return (NULL);
+		}
+	}
+#endif
 
 	f->fd = fd;
 	f->offset = 0;

Modified: stable/12/stand/libsa/Makefile
==============================================================================
--- stable/12/stand/libsa/Makefile	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/libsa/Makefile	Fri Apr 12 01:03:00 2019	(r346145)
@@ -164,6 +164,11 @@ SRCS+=  explicit_bzero.c
 .include "${SASRC}/geli/Makefile.inc"
 .endif
 
+.if ${MK_LOADER_VERIEXEC} == "yes" && ${MK_BEARSSL} == "yes"
+.include "${SRCTOP}/lib/libbearssl/Makefile.libsa.inc"
+.include "${SRCTOP}/lib/libsecureboot/Makefile.libsa.inc"
+.endif
+
 # Maybe ZFS
 .if ${MK_LOADER_ZFS} == "yes"
 .include "${SASRC}/zfs/Makefile.inc"

Modified: stable/12/stand/libsa/Makefile.depend
==============================================================================
--- stable/12/stand/libsa/Makefile.depend	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/libsa/Makefile.depend	Fri Apr 12 01:03:00 2019	(r346145)
@@ -2,10 +2,6 @@
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	include \
-	include/arpa \
-	include/xlocale \
-	lib/libbz2 \
 
 
 .include <dirdeps.mk>

Modified: stable/12/stand/libsa32/Makefile.depend
==============================================================================
--- stable/12/stand/libsa32/Makefile.depend	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/libsa32/Makefile.depend	Fri Apr 12 01:03:00 2019	(r346145)
@@ -2,10 +2,7 @@
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	include \
-	include/arpa \
-	include/xlocale \
-	lib/libbz2 \
+	stand/libsa \
 
 
 .include <dirdeps.mk>

Modified: stable/12/stand/loader.mk
==============================================================================
--- stable/12/stand/loader.mk	Fri Apr 12 00:53:30 2019	(r346144)
+++ stable/12/stand/loader.mk	Fri Apr 12 01:03:00 2019	(r346145)
@@ -73,6 +73,10 @@ SRCS+=	interp_simple.c
 .error Unknown interpreter ${LOADER_INTERP}
 .endif
 
+.if ${MK_LOADER_VERIEXEC} != "no"
+CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
+.endif
+
 .if defined(BOOT_PROMPT_123)
 CFLAGS+=	-DBOOT_PROMPT_123
 .endif

Copied: stable/12/tools/build/options/WITH_BEARSSL (from r344566, head/tools/build/options/WITH_BEARSSL)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/tools/build/options/WITH_BEARSSL	Fri Apr 12 01:03:00 2019	(r346145, copy of r344566, head/tools/build/options/WITH_BEARSSL)
@@ -0,0 +1,11 @@
+.\" $FreeBSD$
+Build the BearSSL library.
+.Pp
+BearSSL is a tiny SSL library suitable for embedded environments.
+For details see
+.Lk http://www.BearSSL.org/
+.Pp
+This library is currently only used to perform
+signature verification and related operations
+for Verified Exec and
+.Xr loader 8 .

Copied: stable/12/tools/build/options/WITH_LOADER_VERIEXEC (from r344566, head/tools/build/options/WITH_LOADER_VERIEXEC)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/tools/build/options/WITH_LOADER_VERIEXEC	Fri Apr 12 01:03:00 2019	(r346145, copy of r344566, head/tools/build/options/WITH_LOADER_VERIEXEC)
@@ -0,0 +1,7 @@
+.\" $FreeBSD$
+Enable building
+.Xr loader 8
+with support for verifcation similar to Verified Exec.
+.Pp
+It depends on
+.Va WITH_BEARSSL

Copied: stable/12/tools/build/options/WITH_VERIEXEC (from r344566, head/tools/build/options/WITH_VERIEXEC)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/12/tools/build/options/WITH_VERIEXEC	Fri Apr 12 01:03:00 2019	(r346145, copy of r344566, head/tools/build/options/WITH_VERIEXEC)
@@ -0,0 +1,9 @@
+.\" $FreeBSD$
+Enable building
+.Xr veriexec 8
+which loads the contents of verified manifests into the kernel
+for use by
+.Xr mac_veriexec 4
+.Pp
+It depends on
+.Va WITH_BEARSSL