From owner-freebsd-arch@freebsd.org  Fri Oct 20 02:03:29 2017
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F90DE4CB65
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Fri, 20 Oct 2017 02:03:29 +0000 (UTC)
 (envelope-from eric@metricspace.net)
Received: from mail.metricspace.net (mail.metricspace.net
 [IPv6:2001:470:1f11:617::107])
 by mx1.freebsd.org (Postfix) with ESMTP id 343DD632C3
 for <freebsd-arch@freebsd.org>; Fri, 20 Oct 2017 02:03:29 +0000 (UTC)
 (envelope-from eric@metricspace.net)
Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown
 [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate) (Authenticated sender: eric)
 by mail.metricspace.net (Postfix) with ESMTPSA id A90D32890
 for <freebsd-arch@freebsd.org>; Fri, 20 Oct 2017 02:03:28 +0000 (UTC)
Subject: Re: boot1.efi future
To: freebsd-arch@freebsd.org
References: <CANCZdfqWSqjdRGetoiscEKJ_dNf3JgOQ2S9mzA0v1mP9PGAy=g@mail.gmail.com>
 <44307.1508432567@kaos.jnpr.net>
 <CANCZdfrdKTDZW8y2YLng9rLmawwcDEJ=7tf5K-yh6=aDuCGg_w@mail.gmail.com>
 <CANCZdfqvAVoKHef36fAhpDhuaO-VoDjkYUHP9QcLp5_wyOpCng@mail.gmail.com>
From: Eric McCorkle <eric@metricspace.net>
Message-ID: <56a95153-e970-990c-d3f1-453be4da7150@metricspace.net>
Date: Thu, 19 Oct 2017 22:03:28 -0400
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CANCZdfqvAVoKHef36fAhpDhuaO-VoDjkYUHP9QcLp5_wyOpCng@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 02:03:29 -0000

On 10/19/2017 13:18, Warner Losh wrote:
> On Oct 19, 2017 10:03 AM, "Simon J. Gerraty" <sjg@juniper.net> wrote:
> 
> Warner Losh <imp@bsdimp.com> wrote:
>> There's lots of details to get right before we can make the final switch,
>> but I think it's in the interest of the project to do so.
> 
> Just one comment that may or may not be relevant depending on the overal
> plan.
> 
> I've implemented verification in the freebsd loader, along the lines
> previously mentioned, for us this pretty much closes the secure-boot
> gap - loader verifies kernel and its initial rootfs so init and etc/rc.
> Which then gets us to mac_veriexec.
> 
> From that pov the initial boot bits can change as you like without
> affecting the above.  Is that the plan?
> 
> It only matters I guess in terms of the effort to upstream - assuming
> there is interest from other embedded vendors.

Do I assume correctly that this is based on the NetBSD mac-based
verification stuff?  ie. Not the public-key crypto stuff I've talked about?