src/lib/libsecureboot/openpgp, branch stable/13 FreeBSD source tree Remove $FreeBSD$: one-line sh pattern 2023-08-23T17:43:30+00:00 Warner Losh imp@FreeBSD.org 2023-08-22T01:32:01+00:00 023fc80ee38a117fa65b2ccb2abf8bdc7dbd6fd9 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit d0b2dbfa0ecf) 
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

Similar commit in main:
(cherry picked from commit d0b2dbfa0ecf)
Remove $FreeBSD$: one-line .c pattern 2023-08-23T17:43:26+00:00 Warner Losh imp@FreeBSD.org 2023-08-22T01:31:41+00:00 3d497e17ebd33fe0f58d773e35ab994d750258d6 Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/ Similar commit in main: (cherry picked from commit 1d386b48a555) 
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

Similar commit in main:
(cherry picked from commit 1d386b48a555)
Remove $FreeBSD$: one-line .h pattern 2023-08-23T17:43:22+00:00 Warner Losh imp@FreeBSD.org 2023-08-22T01:31:13+00:00 34041aac835a0bce462bccb7e0239c0ba092f872 Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit 42b388439bd3) 
Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/

Similar commit in main:
(cherry picked from commit 42b388439bd3)
lib/libsecureboot: Fix some typos 2023-04-14T07:26:10+00:00 Elyes HAOUAS ehaouas@noos.fr 2021-03-22T17:16:06+00:00 fbdf463375fa3fd57a76caa036efe7ec6a77a7c5 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Pull Request: https://github.com/freebsd/freebsd-src/pull/544 (cherry picked from commit cb25444c05071463d7f690590ed6288b015ec0fb) 
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Pull Request:	https://github.com/freebsd/freebsd-src/pull/544
(cherry picked from commit cb25444c05071463d7f690590ed6288b015ec0fb)
Update libsecureboot 2023-04-14T05:19:33+00:00 Simon J. Gerraty sjg@FreeBSD.org 2022-04-18T19:53:53+00:00 103a7c734a6732bc78af30da3cfb5d613888be78 Preparation for updating bearssl, pull in updates to libsecureboot. o fix handling of some out-of-memory cases o allow more control over reporting of Verified/Unverified files. this helps boot time when console output is slow o recheck verbose/debug level after reading any unverified file o more debug support for vectx o hash_string to support fake stat for tftp o tests/tvo add -v to simply verify signatures o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify verification in loader o report date when certificate fails validity period checks Reviewed by: stevek Sponsored by: Juniper Networks, Inc. (cherry picked from commit 666554111a7e6b4c1a9a6ff2e73f12cd582573bb) 
Preparation for updating bearssl, pull in updates to libsecureboot.

o fix handling of some out-of-memory cases

o allow more control over reporting of Verified/Unverified files.
  this helps boot time when console output is slow

  o recheck verbose/debug level after reading any unverified file

o more debug support for vectx

o hash_string to support fake stat for tftp

o tests/tvo add -v to simply verify signatures

o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
  verification in loader

o report date when certificate fails validity period checks

Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.

(cherry picked from commit 666554111a7e6b4c1a9a6ff2e73f12cd582573bb)
libsecureboot: avoid recusion in ve_trust_init 2019-07-11T22:06:59+00:00 Simon J. Gerraty sjg@FreeBSD.org 2019-07-11T22:06:59+00:00 3ae2a848aeea53aedf625bdb540ad9a5a4a42551 set our guard value immediately. also replace call to ve_trust_init in opgp_sig.c:initialize with call to openpgp_trust_init. Reported by: mindal@semihalf.com Reviewed by: jhibbits obrien MFC after: 1 week 
set our guard value immediately.
also replace call to ve_trust_init in opgp_sig.c:initialize with
call to openpgp_trust_init.

Reported by:	mindal@semihalf.com
Reviewed by:	jhibbits obrien
MFC after:	1 week
libsecureboot: allow OpenPGP support to be dormant 2019-06-26T23:33:32+00:00 Simon J. Gerraty sjg@FreeBSD.org 2019-06-26T23:33:32+00:00 f9510887eeb5ad2eab96b48c41631886f8f33ad6 Since we can now add OpenPGP trust anchors at runtime, ensure the latent support is available. Ensure we do not add duplicate keys to trust store. Also allow reporting names of trust anchors added/revoked We only do this for loader and only after initializing trust store. Thus only changes to initial trust store will be logged. Reviewed by: stevek MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D20700 
Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.

Ensure we do not add duplicate keys to trust store.

Also allow reporting names of trust anchors added/revoked

We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.

Reviewed by:	stevek
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20700
load_key_buf do not free data from dearmor 2019-05-19T20:24:17+00:00 Simon J. Gerraty sjg@FreeBSD.org 2019-05-19T20:24:17+00:00 e5ec655d6796974a79f51967b55de84b297994db The data returned by dearmor is referenced by the key leave it alone! Reviewed by: stevek MFC after: 2 days 
The data returned by dearmor is referenced by the key
leave it alone!

Reviewed by:	stevek
MFC after:	2 days
libsecureboot: make it easier to customize trust anchors 2019-05-09T22:25:12+00:00 Simon J. Gerraty sjg@FreeBSD.org 2019-05-09T22:25:12+00:00 9bee6a6083228d0e6abfb991fdbb4edf020fd438 Avoid making hash self-tests depend on X.509 certs. Include OpenPGP keys in trust store count. Reviewed by: stevek MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D20208 
Avoid making hash self-tests depend on X.509 certs.
Include OpenPGP keys in trust store count.

Reviewed by:	stevek
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org/D20208
Add libsecureboot 2019-02-26T06:09:10+00:00 Simon J. Gerraty sjg@FreeBSD.org 2019-02-26T06:09:10+00:00 5fff9558a43aaac53da41dc23c250c4e84f6fb02 Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16335 
Used by loader and veriexec
Depends on libbearssl

Reviewed by:	emaste
Sponsored by:	Juniper Networks
Differential Revision:	D16335