Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Aug 2017 16:43:03 -0600
From:      Ian Lepore <ian@freebsd.org>
To:        "Simon J. Gerraty" <sjg@juniper.net>, freebsd-arch@freebsd.org
Cc:        gtetlow@freebsd.org, Ed Maste <emaste@freebsd.org>, Steve Kiernan <stevek@juniper.net>, Baptiste Daroussin <bapt@freebsd.org>, Toomas Soome <tsoome@freebsd.org>, Allan Jude <AllanJude@freebsd.org>, Edward Tomasz =?iso-8859-2?Q?Napiera=B3a?= <trasz@freebsd.org>
Subject:   Re: Import BearSSL ? (Adding verification to loader)
Message-ID:  <1504132983.56799.90.camel@freebsd.org>
In-Reply-To: <24256.1504130148@kaos.jnpr.net>
References:  <44449.1497382261@kaos.jnpr.net> <CAPyFy2BEhPEsFJNj2Gfieb%2BDJ-O9nWR6%2Bwpu-5Ahfia69ohfcQ@mail.gmail.com> <24256.1504130148@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 2017-08-30 at 14:55 -0700, Simon J. Gerraty wrote:
> Hi,
>=20
> Background:
>=20
> I've been adding what amounts to a mini "verified exec" to the freebsd
> loader for use in Junos.
>=20
> What this means is that the loader verifies the kernel and all the
> modules before loading them, and can reject anything for which a
> registered fingerprint (eg. sha1 hash) does not match.
>=20
>=20
[...]
> The question is what to do - for upstreaming any of this.
> Assuming of course anyone is interested in this functionality.
>=20
> The changes to the loader itself are trivial.
> Most of the code is in libve (naming stuff is hard) which handles
> fingerprint loading, lookup and of course verifying signatures using
> code from; libbearssl - which is just a reachover build of BearSSL.
>=20
> I have it setup such that BearSSL need not be part of the tree at all s=
o
> there is no burning need to import it; lib/libbearssl will simply not
> build if ${BEARSSL} isn't defined and pointing to a BearSSL tree.
>=20
> From an internal paper-work point-of-view, contrib/bearssl is attractiv=
e
> to me ;-), but it could just as easily be in ports no where at all.
>=20
> If it were in contrib, then it would be feasible to leverage it for
> other uses in the loader that currently use libmd etc for hashing.
>=20
> Discuss ?
>=20
> Thanks
> --sjg

We need this exact feature (verification of kernel and modules) for an
upcoming product at work. =A0Including the library code in contrib
certainly sounds attractive to me, too.

I wouldn't be surprised if interest in this goes beyond those of us
building embedded appliances.

-- Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1504132983.56799.90.camel>