From owner-freebsd-arch@freebsd.org Fri Oct 20 05:06:20 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 306B0E4FD84 for ; Fri, 20 Oct 2017 05:06:20 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0119.outbound.protection.outlook.com [104.47.36.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B6BD16809F for ; Fri, 20 Oct 2017 05:06:18 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SSpsTOXRU2Fyq0lAzM0FJ2RB/PdDzfLDLrWufUCoqCM=; b=ZLtsmc0ksvtqfavVD8WfP23V59a+of/33I39qws8sl6kzYHoRX3J7cO0OAtwLlrr7XbbyE8dB9tGuJ7e00uY1AoeU0ygHIVlKW2NwIgCbbvU7J3QNrIXqGqNOhHYquRJfKFTWgu4eVsYxmz5GnPXyb3IqLylVmDGo33GbS4cEE8= Received: from BY2PR05CA041.namprd05.prod.outlook.com (10.141.250.31) by DM5PR05MB3612.namprd05.prod.outlook.com (10.174.243.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 05:06:17 +0000 Received: from DM3NAM05FT047.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::205) by BY2PR05CA041.outlook.office365.com (2a01:111:e400:2c5f::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.156.3 via Frontend Transport; Fri, 20 Oct 2017 05:06:16 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT047.mail.protection.outlook.com (10.152.98.161) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.20.156.4 via Frontend Transport; Fri, 20 Oct 2017 05:06:16 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 19 Oct 2017 22:05:51 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v9K55pNg030014; Thu, 19 Oct 2017 22:05:51 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 63412385567; Thu, 19 Oct 2017 22:05:51 -0700 (PDT) To: Eric McCorkle CC: , Subject: Re: boot1.efi future In-Reply-To: <56a95153-e970-990c-d3f1-453be4da7150@metricspace.net> References: <44307.1508432567@kaos.jnpr.net> <56a95153-e970-990c-d3f1-453be4da7150@metricspace.net> Comments: In-reply-to: Eric McCorkle message dated "Thu, 19 Oct 2017 22:03:28 -0400." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <82994.1508475951.1@kaos.jnpr.net> Date: Thu, 19 Oct 2017 22:05:51 -0700 Message-ID: <82995.1508475951@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(346002)(39860400002)(376002)(2980300002)(199003)(24454002)(189002)(86362001)(68736007)(229853002)(53936002)(6266002)(316002)(54906003)(16586007)(107886003)(6246003)(47776003)(97736004)(50226002)(97756001)(117636001)(93886005)(9686003)(4326008)(55016002)(46406003)(77096006)(76176999)(478600001)(7126002)(2906002)(105596002)(106466001)(189998001)(23726003)(53416004)(97876018)(50466002)(305945005)(69596002)(8936002)(76506005)(5660300001)(81166006)(356003)(81156014)(8676002)(7696004)(6916009)(2810700001)(2950100002)(50986999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3612; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT047; 1:ISiCdkD9UXR3jvqgc+P6+Ukw6eeCcESoG7BBZ4DzJllGbHCwnlG2l/x+KlK1u27hdTRE1YbLkeN71oQoVfdnGMw2i0R7jbkLj8d71ZhodfN6twT/nFPTPQiPS/rKKZVm X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 24048f34-1787-4d4a-4a9c-08d517784b15 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:DM5PR05MB3612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3612; 3:R3ImpHWgH9eycjAwil5ec5/zOEFJIY36MlvyIDRWzw6QArJuEv7xi/wjhkP78qQ2shflgnPjXbmXSt/g3GltVoQ1vx4LPqUEVUrizK/JeYJbJ6daplSa7McNH75YRWDGE4jM12PFmyWNZXwPZsptenYdxubIR91Ezx27Er7P4o80syjz/GbBSKXmWx99Gj1l83eu5x1EiVhK9QvWfassWDRnM1+BtuoQMOqjmwOsnqIvOD344zLuzKOzBYraUR3evWQq4VcxtDVU04d6bnFPVsfXR13c9B+ccso1ef1zf563aJDbn2es3HcJt65RKbA9P+pbbEYVpPm9KedFjnX6MWrs5CPWWtrLqbIw/HNDASc=; 25:JQnfbo5SNbcr+m/t5zzz/Mts+Pc1w25dAaXRUfETZU/M0mBd4jkvxcCT9VYXCLJtXvLbwXcHTBosIoOYv6ZQn4zx2wL6qiUpGZpMxu6KNOtWn5Zfl/ZwDtkO7mF2/LfzyQRgFXyJq6tmZK2LrYFXvE3TrvH1HrIHWxFPU8hDJin/CGFxk9gNEHOGicd+BH3EIe355CcDc/xrmNp8feuH4YuLBKQYKimf4NYzQP8dJqJYMVAPv87gfZ8kbfayYlMq3qEa404uOEwWzW2nnb1gDuAIOOdtqh7YBz5Dv7sIzWi8VJIzkX/pLNQfAn3SIdhFSiPKyxRe8suSacwKnob3kg== X-MS-TrafficTypeDiagnostic: DM5PR05MB3612: X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3612; 31:gWFQOIkk65/ilC4DcMAF603RvODEnzbOo+8GyGo9sR9lzkZP31SR/nWBQkkWJvh7dKz3je2QKEXuY+t6cfrSnqG4n2ek/02lqf/xdh9XFIM8SDaAjoTGPh0UFaB81Mzkmx/EeyYf3R+dDAh1ufBSSQYjvles3UKX0DNdh5gPCgmXYBcg8QtHwoCzGYCYhbckueoJIxbdSLRAFv4mYXkCk8OWDqeRSbTvy/PRKHLmw9g=; 20:L7UxkisAIX7XLMgS3yt7vsBzBBcUqN3yEEtXcH+4A7jzN8xUm3QKlx6YuEr/1ovyn9hZy1AklwcueX7CEv++S8M0WbEOVcM90pJeckuIL2SKXLfHRxx+IT0ff6jIUI4wQkrcnKUel2xONk6k7QoI2vbgayUdoYbZKzfe+Xn6fkJv+C5QCU+3Ky9QU9BeQMXO6N4sKsRzgdPM51ZVG583j1PzaJYwVGxLfbS8EHUI5jOURFOwi9WoqsDMnFS4peOztd8ouq15UqzjOMNkYPjsW1kxdBug+lWfLbGQ5oHtJIL43D6nmHFexJ+07j/N18JSEsZacmND+Eg3xJz+6ZP0VxIhNSa7YqHQRxcqE5QWM33jUFavpFdGKpkUV+HSdou1lMBiRgEDfA+3HC3BHHkRUQx9DLwhW/dwyY/f11Z3lXKEaUn1kCTIAO8PNGvMWwkKuFz/1P2dinfHALZnNUVW1OBhkM2/A/DLJiUKKMLlI3PnDcUAle2oHl+KOEzKe1sL X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(3002001)(10201501046)(93006095)(93003095)(6055026)(6041248)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR05MB3612; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR05MB3612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3612; 4:tk2D+UkIZpcL9ey2aQ7pXwCRIKp3907RNa1vQTA8AMjvH3XoeR/JXBKKx70bU5Ztum9OaHXH9HNs7sYwQ+4sPh4zGgjgoy+/1+NnVvpT95DNRAgkASDRpRgV5BcTgVWADnZ+YSwBCdi6NJENiUTkRnuUNL6AI8pWGL71NE5pqgb8UhtUah9g/ZdwJqs0mTdcH/gmnzNzNSg5AetouZHSS6UDCPQ+5ZfcA5UHWBUyTBj5/p7TFF85lmxmXDpbQU27 X-Forefront-PRVS: 0466CA5A45 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR05MB3612; 23:s3LGzF3AUyf4dHZT3G57iXIgNbiWkcjwyTZJLcc5J?= =?us-ascii?Q?vNpoWoBPPYnOuE/Qo0J6+3Ao91Rcvc4CWm4WRbdgc8dx974xuxthI9j+FMCQ?= =?us-ascii?Q?arGroXN64bVIZIJaOQy6VFWKVyU9ar0cO/Ieyph1rEoesO3SV5TJDflrA894?= =?us-ascii?Q?epNYv8SYyoo0wxI6u7zh3XxQvAx+Ta911P6N2yegcrbZ27WiTyCkVb9wb5Do?= =?us-ascii?Q?DdYPksDwr2s7lo6GPRV4rMl3qDPOj420yhcGoQWSp6GcRRwBu7vfSl8ldKxl?= =?us-ascii?Q?bPVf/aR+Sqk9QHPcIIG93GNPpm306U2NZLYWZ59vaNL73056b5ltIlYnXtWP?= =?us-ascii?Q?uuavt4rVk38h+viHrBcjKOmFmA8Z3RQb36C021WRy44DqUqaCvkjAuPQiLnr?= =?us-ascii?Q?WwOLn1S27DdYYhX+nfzznVYbql1qx5TXXqX1s6H2LrC3g9ng6d17c17hZXdx?= =?us-ascii?Q?dWgr+WzNhQJcywWdlTTg2JlRqzG6HUyYp0gKiattgZPTbsIf3sRViSG8O63a?= =?us-ascii?Q?w5FZaXcuRSG90iE6UqAHjYnRxJ9UpKQVvIoxTdmY+gPNlLib7tU4UEklGNci?= =?us-ascii?Q?ENhVsX67o+0xWNQiCXV31VIqtj9IiKx0/JO2vcWloJSGOk96QJTYiVfRrl1A?= =?us-ascii?Q?u+qJjtwyHJjLF2bAWTt/HtJXUg3ryWNCwXx55gAYO2H8AVJtEmYLNWDHJJ1m?= =?us-ascii?Q?oaZ1FSEBgbkqh9u2Qxk01gjfM0X90yloTm12TuWFGOAarnfwLX+y5ICrmcn6?= =?us-ascii?Q?fHoSB+F6u9rwFG1X4Hc7CWD0qWsv5S1PQjFIq6pbBI81l467J9jyJkatBCY2?= =?us-ascii?Q?trb29yFsuZ0qzhv6PhR7PopaVp/vdTSKpsZo84pBRW0EEZTDv2cKAPGQAcJl?= =?us-ascii?Q?BDzzNKcKe+lGbdD6eCrOi9b/VE7ljT1fu7OQrc2qHkf7rOKrXOFQHsxfFGRf?= =?us-ascii?Q?FEjwmngssRoS9R9Q7nagxttaB8ujW2lMminu6HXH9Zp6U/bYtP9VpdMmmx6d?= =?us-ascii?Q?9fQftDNMdCDmfn3e/nlHeWWFDLAo+LsiQzHHSQJqbFVo5VXN0vzRuTIp6d0j?= =?us-ascii?Q?3Ln+k+20ILMM71L7JKgbcUcvNO8Cel0Y78vKyhdqxp8IgQ4hn8+F+hQPP4k1?= =?us-ascii?Q?MXf4ZOxnK9fjuAt6AN+cbEUajZUEM8sG0Ynwx1eYyA2ycE7iLDF2nQxxcaw+?= =?us-ascii?Q?uVaj7ssy/QFBZqdNdqnd+bfS0Jrf/ElEnMsuCYG5KPu1de/IEBxuxJM6Zind?= =?us-ascii?Q?8oWtNZf5Yxsrptsn9/qrDvRTvFAja59rvtXdaJY?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3612; 6:hjVaHvshB6oJ7QAPiL+fAizWh9+Oq+2XqxeW/wJK0X91acdSg2GYiDIqdKotKg20VguoDH/2xB55eY0E8aWu73yuqdy39cb6Q6t6U/VqLvMUuZKU037XUYiCpnErbNf/Hx1K3F3sIJBGnwBGX832QjvfvPufelgXzji03vXIqQ/MJrEyTcBHmBEj9iLmOb7CoOeUEWOZ5+DnK0EioD/iOEhIKLl1oQSsM+T/BOJyN1Rf78GjEneASiOItLa5n0jeupQuIc+KLoTC2K09H2ruZnHRX4bCKI7RZENClxFoP1wvyRpYj8GVEEl8s0Di/VF/ZvI8EcGvjpoyMKEAImjDRA==; 5:9NKe3TNituaLlJ8zJDbFjt2d60/LdxjnkpmuaPa2UZ/vQs4iuM9XpEG/yPHWyRdyvyKcUFO1GfDz1aayBd839qmd9npYsaNl8exfCYVWVxk05w88oJB2idXGXdLoFsymN6QVROOeLXAOeqhute9GMQ==; 24:72gSRwOK4aQPbbvSukpbPaI35DZ2X+9Yb636wceezNQPYiLNlNJ27hCuYy4y4ULDn2ll/RufMsJXHzHxBv3n3mRMpCpg9pY8WIE0slWvKME=; 7:q7bOi1ZhMp+44jIfeIYAHMJnP1GtniOKaWPDWbMfmFvx3dfhz2U7BL8QufdXf/f5MAvoapFqt5oSXTPUNlfVxLMlOQg/UST+iZ+lTVQdJ5l53EqAj0FZ2kC2SjqbZbXhbrMnU2s9bnCfm08Glur2Fd7qJhEKmEGVq/rS8WCFHMNxsubUYh3ADl6zxHktpsYRmj5CvsS1TcfCPHNMj9JOX90DovczUm7UNub6n8p6MX8= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 05:06:16.2869 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 24048f34-1787-4d4a-4a9c-08d517784b15 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3612 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 05:06:20 -0000 Eric McCorkle wrote: > > I've implemented verification in the freebsd loader, along the lines > > previously mentioned, for us this pretty much closes the secure-boot > > gap - loader verifies kernel and its initial rootfs so init and etc/rc. > > Which then gets us to mac_veriexec. > > Do I assume correctly that this is based on the NetBSD mac-based > verification stuff? ie. Not the public-key crypto stuff I've talked about? I didn't want to thread-jack... I've not looked at what's in NetBSD in this area for a decade at least, but I ported the original veriexec from NetBSD to Junos about a dozen years or so ago. More recently stevek re-implemented it for FreeBSD 10's MAC framework - the diffs (most of them anyway) have been sitting in phabricator for a year or so... The loader implementation shares no code with the above, but uses the same verification model and leverages the same signed manifests. Thus it retains all the flexibility of using X.509 certificate chains to verify the signatures on the manifests. This is very important for us, because it allows a 10 year old binary to verify the latest signatures - provided that the RootCA certs have not changed. For Junos the loader knows two RootCA's one for RSA and one for ECDSA - that's all it needs. We can tollerate more limited signing methods for the loader itself, to fit in to various secure BIOS/boot environments, but from there we want all the flexibility we can get. --sjg