From owner-svn-src-all@freebsd.org  Tue Apr 30 23:01:15 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2260F15A0EF8;
 Tue, 30 Apr 2019 23:01:15 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BB1386BE72;
 Tue, 30 Apr 2019 23:01:14 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8F2CF18A0A;
 Tue, 30 Apr 2019 23:01:14 +0000 (UTC) (envelope-from sjg@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3UN1Es9053919;
 Tue, 30 Apr 2019 23:01:14 GMT (envelope-from sjg@FreeBSD.org)
Received: (from sjg@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3UN1DXS053915;
 Tue, 30 Apr 2019 23:01:13 GMT (envelope-from sjg@FreeBSD.org)
Message-Id: <201904302301.x3UN1DXS053915@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org
 using -f
From: "Simon J. Gerraty" <sjg@FreeBSD.org>
Date: Tue, 30 Apr 2019 23:01:13 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r346977 - in stable/12/lib/libsecureboot: . h
X-SVN-Group: stable-12
X-SVN-Commit-Author: sjg
X-SVN-Commit-Paths: in stable/12/lib/libsecureboot: . h
X-SVN-Commit-Revision: 346977
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: BB1386BE72
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.96)[-0.959,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 23:01:15 -0000

Author: sjg
Date: Tue Apr 30 23:01:13 2019
New Revision: 346977
URL: https://svnweb.freebsd.org/changeset/base/346977

Log:
  Allow no_hash to appear in manifest.
  
  sbin/veriexec will ignore entries that have no hash anyway,
  but loader needs to be explicitly told that such files are
  ok to ignore (not verify).
  
  We will report as Unverified depending on verbose level,
  but with no reason - because we are not rejecting the file.
  
  MFC r346604

Modified:
  stable/12/lib/libsecureboot/h/libsecureboot.h
  stable/12/lib/libsecureboot/vectx.c
  stable/12/lib/libsecureboot/veopen.c
  stable/12/lib/libsecureboot/verify_file.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/lib/libsecureboot/h/libsecureboot.h
==============================================================================
--- stable/12/lib/libsecureboot/h/libsecureboot.h	Tue Apr 30 21:38:38 2019	(r346976)
+++ stable/12/lib/libsecureboot/h/libsecureboot.h	Tue Apr 30 23:01:13 2019	(r346977)
@@ -86,6 +86,7 @@ ssize_t ve_pcr_get(unsigned char *, size_t);
 #define VEF_VERBOSE		1
 
 #define VE_FINGERPRINT_OK	1
+#define VE_FINGERPRINT_IGNORE	2
 /* errors from verify_fd */
 #define VE_FINGERPRINT_NONE	-2
 #define VE_FINGERPRINT_WRONG	-3

Modified: stable/12/lib/libsecureboot/vectx.c
==============================================================================
--- stable/12/lib/libsecureboot/vectx.c	Tue Apr 30 21:38:38 2019	(r346976)
+++ stable/12/lib/libsecureboot/vectx.c	Tue Apr 30 23:01:13 2019	(r346977)
@@ -120,7 +120,10 @@ vectx_open(int fd, const char *path, off_t off, struct
 		ctx->vec_status = VE_FINGERPRINT_NONE;
 		ve_error_set("%s: no entry", path);
 	} else {
-		if (strncmp(cp, "sha256=", 7) == 0) {
+		if (strncmp(cp, "no_hash", 7) == 0) {
+			ctx->vec_status = VE_FINGERPRINT_IGNORE;
+			hashsz = 0;
+		} else if (strncmp(cp, "sha256=", 7) == 0) {
 			ctx->vec_md = &br_sha256_vtable;
 			hashsz = br_sha256_SIZE;
 			cp += 7;
@@ -150,11 +153,13 @@ vectx_open(int fd, const char *path, off_t off, struct
 	*error = ctx->vec_status;
 	ctx->vec_hashsz = hashsz;
 	ctx->vec_want = cp;
-	ctx->vec_md->init(&ctx->vec_ctx.vtable);
+	if (hashsz > 0) {
+		ctx->vec_md->init(&ctx->vec_ctx.vtable);
 
-	if (hashsz > 0 && off > 0) {
-		lseek(fd, 0, SEEK_SET);
-		vectx_lseek(ctx, off, SEEK_SET);
+		if (off > 0) {
+			lseek(fd, 0, SEEK_SET);
+			vectx_lseek(ctx, off, SEEK_SET);
+		}
 	}
 	return (ctx);
 

Modified: stable/12/lib/libsecureboot/veopen.c
==============================================================================
--- stable/12/lib/libsecureboot/veopen.c	Tue Apr 30 21:38:38 2019	(r346976)
+++ stable/12/lib/libsecureboot/veopen.c	Tue Apr 30 23:01:13 2019	(r346977)
@@ -345,7 +345,9 @@ verify_fingerprint(int fd, const char *path, const cha
 	size_t hlen;
 	int n;
 
-	if (strncmp(cp, "sha256=", 7) == 0) {
+	if (strncmp(cp, "no_hash", 7) == 0) {
+		return (VE_FINGERPRINT_IGNORE);
+	} else if (strncmp(cp, "sha256=", 7) == 0) {
 		md = &br_sha256_vtable;
 		hlen = br_sha256_SIZE;
 		cp += 7;
@@ -423,6 +425,7 @@ verify_fd(int fd, const char *path, off_t off, struct 
 	rc = verify_fingerprint(fd, path, cp, off);
 	switch (rc) {
 	case VE_FINGERPRINT_OK:
+	case VE_FINGERPRINT_IGNORE:
 	case VE_FINGERPRINT_UNKNOWN:
 		return (rc);
 	default:

Modified: stable/12/lib/libsecureboot/verify_file.c
==============================================================================
--- stable/12/lib/libsecureboot/verify_file.c	Tue Apr 30 21:38:38 2019	(r346976)
+++ stable/12/lib/libsecureboot/verify_file.c	Tue Apr 30 23:01:13 2019	(r346977)
@@ -343,10 +343,14 @@ verify_file(int fd, const char *filename, off_t off, i
 		if ((rc = verify_fd(fd, filename, off, &st)) >= 0) {
 			if (verbose || severity > VE_WANT) {
 #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0
-				printf("Verified %s %llu,%llu\n", filename,
+				printf("%serified %s %llu,%llu\n",
+				    (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V",
+				    filename,
 				    (long long)st.st_dev, (long long)st.st_ino);
 #else
-				printf("Verified %s\n", filename);
+				printf("%serified %s\n",
+				    (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V",
+				    filename);
 #endif
 			}
 			if (severity < VE_MUST) { /* not a kernel or module */