src/lib/libsecureboot/openpgp, branch release/14.4.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F14.4.0 2025-02-18T18:41:07Z libsecureboot: Report failure for unsupported hash algorithm 2025-02-18T18:41:07Z Huwyler simon.huwyler@gmail.com 2025-01-17T14:55:15Z urn:sha1:0ea2924f8126bb32ee704b071a87185140297ab3 Reviewed by: sjg Pull request: https://github.com/freebsd/freebsd-src/pull/1574 (cherry picked from commit caaeab697bf98bf96e2fa8cb4a1e22240511fbcc) Remove $FreeBSD$: one-line sh pattern 2023-08-16T17:55:03Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03Z urn:sha1:d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Remove $FreeBSD$: one-line .c pattern 2023-08-16T17:54:42Z Warner Losh imp@FreeBSD.org 2023-08-16T17:54:42Z urn:sha1:1d386b48a555f61cb7325543adbbb5c3f3407a66 Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/ Remove $FreeBSD$: one-line .h pattern 2023-08-16T17:54:23Z Warner Losh imp@FreeBSD.org 2023-08-16T17:54:23Z urn:sha1:42b388439bd3795e09258c57a74ce9eec3651c7b Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/ libsecureboot: avoid set but not used errors 2023-06-30T06:52:17Z Simon J. Gerraty sjg@FreeBSD.org 2023-06-30T06:52:17Z urn:sha1:56f3f2d2491e30f369f9461c3cb2a366bdffbe1d Reviewed by: stevek lib/libsecureboot: Fix some typos 2022-11-11T15:38:39Z Elyes HAOUAS ehaouas@noos.fr 2021-03-22T17:16:06Z urn:sha1:cb25444c05071463d7f690590ed6288b015ec0fb Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Pull Request: https://github.com/freebsd/freebsd-src/pull/544 Update libsecureboot 2022-04-18T19:54:15Z Simon J. Gerraty sjg@FreeBSD.org 2022-04-18T19:53:53Z urn:sha1:666554111a7e6b4c1a9a6ff2e73f12cd582573bb Preparation for updating bearssl, pull in updates to libsecureboot. o fix handling of some out-of-memory cases o allow more control over reporting of Verified/Unverified files. this helps boot time when console output is slow o recheck verbose/debug level after reading any unverified file o more debug support for vectx o hash_string to support fake stat for tftp o tests/tvo add -v to simply verify signatures o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify verification in loader o report date when certificate fails validity period checks Reviewed by: stevek Sponsored by: Juniper Networks, Inc. libsecureboot: avoid recusion in ve_trust_init 2019-07-11T22:06:59Z Simon J. Gerraty sjg@FreeBSD.org 2019-07-11T22:06:59Z urn:sha1:3ae2a848aeea53aedf625bdb540ad9a5a4a42551 set our guard value immediately. also replace call to ve_trust_init in opgp_sig.c:initialize with call to openpgp_trust_init. Reported by: mindal@semihalf.com Reviewed by: jhibbits obrien MFC after: 1 week libsecureboot: allow OpenPGP support to be dormant 2019-06-26T23:33:32Z Simon J. Gerraty sjg@FreeBSD.org 2019-06-26T23:33:32Z urn:sha1:f9510887eeb5ad2eab96b48c41631886f8f33ad6 Since we can now add OpenPGP trust anchors at runtime, ensure the latent support is available. Ensure we do not add duplicate keys to trust store. Also allow reporting names of trust anchors added/revoked We only do this for loader and only after initializing trust store. Thus only changes to initial trust store will be logged. Reviewed by: stevek MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D20700 load_key_buf do not free data from dearmor 2019-05-19T20:24:17Z Simon J. Gerraty sjg@FreeBSD.org 2019-05-19T20:24:17Z urn:sha1:e5ec655d6796974a79f51967b55de84b297994db The data returned by dearmor is referenced by the key leave it alone! Reviewed by: stevek MFC after: 2 days