CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	sjg <sjg@FreeBSD.org>
	Wed, 25 Mar 2020 19:12:19 +0000 (19:12 +0000)
committer	sjg <sjg@FreeBSD.org>
	Wed, 25 Mar 2020 19:12:19 +0000 (19:12 +0000)
commit	59b95f1bfb0eded0d3bdd2900a649648619e6f58
tree	78969ebac620eb68b5a22beb561b91e35c99db70	tree \| snapshot
parent	e9e0879bd76049aa7cae6d08896477415eb493d6	commit \| diff

Fix pkgfs stat so it satisfies libsecureboot

We need a valid st_dev, st_ino and st_mtime
to correctly track which files have been verified
and to update our notion of time.

ve_utc_set(): ignore utc if it would jump our current time
by more than VE_UTC_MAX_JUMP (20 years).

Allow testing of install command via userboot.
Need to fix its stat implementation too.

bhyveload also needs stat fixed - due to change to userboot.h

Call ve_error_get() from vectx_close() when hash is wrong.

Track the names of files we have hashed into pcr

For the purposes of measured boot, it is important
to be able to reproduce the hash reflected in
loader.ve.pcr
so loader.ve.hashed provides a list of names in the order they
were added.

Reviewed by: imp
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org//D24027

lib/libsecureboot/h/libsecureboot.h		diff \| blob \| history
lib/libsecureboot/vectx.c		diff \| blob \| history
lib/libsecureboot/veopen.c		diff \| blob \| history
lib/libsecureboot/vepcr.c		diff \| blob \| history
lib/libsecureboot/verify_file.c		diff \| blob \| history
lib/libsecureboot/vets.c		diff \| blob \| history
stand/common/install.c		diff \| blob \| history
stand/libsa/pkgfs.c		diff \| blob \| history
stand/userboot/test/test.c		diff \| blob \| history
stand/userboot/userboot.h		diff \| blob \| history
stand/userboot/userboot/conf.c		diff \| blob \| history
stand/userboot/userboot/host.c		diff \| blob \| history
usr.sbin/bhyveload/bhyveload.c		diff \| blob \| history