Import BearSSL ? (Adding verification to loader)
Ian Lepore
ian at freebsd.org
Wed Aug 30 22:43:19 UTC 2017
On Wed, 2017-08-30 at 14:55 -0700, Simon J. Gerraty wrote:
> Hi,
>
> Background:
>
> I've been adding what amounts to a mini "verified exec" to the freebsd
> loader for use in Junos.
>
> What this means is that the loader verifies the kernel and all the
> modules before loading them, and can reject anything for which a
> registered fingerprint (eg. sha1 hash) does not match.
>
>
[...]
> The question is what to do - for upstreaming any of this.
> Assuming of course anyone is interested in this functionality.
>
> The changes to the loader itself are trivial.
> Most of the code is in libve (naming stuff is hard) which handles
> fingerprint loading, lookup and of course verifying signatures using
> code from; libbearssl - which is just a reachover build of BearSSL.
>
> I have it setup such that BearSSL need not be part of the tree at all so
> there is no burning need to import it; lib/libbearssl will simply not
> build if ${BEARSSL} isn't defined and pointing to a BearSSL tree.
>
> From an internal paper-work point-of-view, contrib/bearssl is attractive
> to me ;-), but it could just as easily be in ports no where at all.
>
> If it were in contrib, then it would be feasible to leverage it for
> other uses in the loader that currently use libmd etc for hashing.
>
> Discuss ?
>
> Thanks
> --sjg
We need this exact feature (verification of kernel and modules) for an
upcoming product at work. Including the library code in contrib
certainly sounds attractive to me, too.
I wouldn't be surprised if interest in this goes beyond those of us
building embedded appliances.
-- Ian
More information about the freebsd-arch
mailing list