svn commit: r335402 - head/sbin/veriexecctl

Simon J. Gerraty sjg at juniper.net
Wed Jun 20 06:21:41 UTC 2018 

Conrad Meyer <cem at freebsd.org> wrote:
> First and foremost: nothing is actually signed, anywhere.  The

The signing of manifests is external.  The veriexecctl tool is I assume
a straight copy of what's in NetBSD (I've not looked at it in at least a
decade).

A veriexec loader that leverages signed manifests requires some signing
infra.  That's a big topic all by itself.

As I mentioned in my talk at BSDCan, the signing server we use is open
source and handles pretty much anything OpenSSL can, as well as OpenPGP
(and others).
I also made a point of suggesting that the packages for base system
include signed manifests.

Tweaking the veriexec loader to only process manifests after
verification is not hard - one of the first things I did when pulling
veriexec into Junos almost 15 years ago.

> As a corollary to the above, the name "signature file" is used
> repeatedly in the code, which is misleading.  The file contains hashes
> (digests), not signatures (MACs).  The file itself is unsigned.
> Nothing about this has signatures.

NetBSD refers to the hashes as fingerprints - AFAIK that terminology is
retained.

If the term signature is used to refer to anything other than the signed
manifests that should be fixed.

> There's absolutely no reason to use sha1 or ripemd in new designs.
> These should be removed.

Sorry I disagree - not with ripem (we never supported that or any of the
non-NIST approved hashes), but sha1 is still approved by NIST for
firmware integrity checks - which is what this is, and sha1 is cheaper
than sha256.

As I mentioned in my talk we've included support for sha256 for 10+
years, but do not plan to drop sha1 until NIST deprecate it for that
purpose since boot time is a very sensitive subject for us.

> The patchset is littered with style issues.  One fairly obvious issue
> is mixed indentation styles — some files vary between space and tab
> indentation from line to line.

You can probably blame me for some of that.
I only recently found a style9.el that does a half decent job of
formatting per style(9).

> Please revert this patchset.  It's not ready.
> 
> Some suggestions for a second attempt:
> 
> - Maybe use HMACs instead of raw hashes

Why?

> - Maybe sign the source-of-trust file

We do.  As noted above, we cannot upstream that until FreeBSD has
suitable signing infra.

> - Fix the style issues
> - Fix the compiler warnings at 6

More information about the svn-src-all mailing list