Date: Wed, 30 Aug 2017 16:43:03 -0600 From: Ian Lepore <ian@freebsd.org> To: "Simon J. Gerraty" <sjg@juniper.net>, freebsd-arch@freebsd.org Cc: gtetlow@freebsd.org, Ed Maste <emaste@freebsd.org>, Steve Kiernan <stevek@juniper.net>, Baptiste Daroussin <bapt@freebsd.org>, Toomas Soome <tsoome@freebsd.org>, Allan Jude <AllanJude@freebsd.org>, Edward Tomasz =?iso-8859-2?Q?Napiera=B3a?= <trasz@freebsd.org> Subject: Re: Import BearSSL ? (Adding verification to loader) Message-ID: <1504132983.56799.90.camel@freebsd.org> In-Reply-To: <24256.1504130148@kaos.jnpr.net> References: <44449.1497382261@kaos.jnpr.net> <CAPyFy2BEhPEsFJNj2Gfieb%2BDJ-O9nWR6%2Bwpu-5Ahfia69ohfcQ@mail.gmail.com> <24256.1504130148@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2017-08-30 at 14:55 -0700, Simon J. Gerraty wrote:
> Hi,
>
> Background:
>
> I've been adding what amounts to a mini "verified exec" to the freebsd
> loader for use in Junos.
>
> What this means is that the loader verifies the kernel and all the
> modules before loading them, and can reject anything for which a
> registered fingerprint (eg. sha1 hash) does not match.
>
>
[...]
> The question is what to do - for upstreaming any of this.
> Assuming of course anyone is interested in this functionality.
>
> The changes to the loader itself are trivial.
> Most of the code is in libve (naming stuff is hard) which handles
> fingerprint loading, lookup and of course verifying signatures using
> code from; libbearssl - which is just a reachover build of BearSSL.
>
> I have it setup such that BearSSL need not be part of the tree at all so
> there is no burning need to import it; lib/libbearssl will simply not
> build if ${BEARSSL} isn't defined and pointing to a BearSSL tree.
>
> From an internal paper-work point-of-view, contrib/bearssl is attractive
> to me ;-), but it could just as easily be in ports no where at all.
>
> If it were in contrib, then it would be feasible to leverage it for
> other uses in the loader that currently use libmd etc for hashing.
>
> Discuss ?
>
> Thanks
> --sjg
We need this exact feature (verification of kernel and modules) for an
upcoming product at work. Including the library code in contrib
certainly sounds attractive to me, too.
I wouldn't be surprised if interest in this goes beyond those of us
building embedded appliances.
-- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1504132983.56799.90.camel>