aboutsummaryrefslogtreecommitdiff
path: root/lib/libsecureboot/efi
Commit message (Collapse)AuthorAgeFilesLines
* stand: Fix secureboot buildWarner Losh2025-11-174-711/+1
| | | | | | | | | | | | | | | | | | Make libesecureboot build, enabled when WITH_BEARSSL=y WITH_LOADER_EFI_SECUREBOOT=y. Copy EDK2 files related to secure boot to sys/contrib/edk2 and delete duplicates under libsecreboot/efi/include. Adjust efi_variables.c to build in the new environment. Undefine MIN and MAX before include sys/param.h in libsecureboot.h. I'm not sure that sys/param.h is needed here, but either the param.h or the Base.h definitions are fine. Fix include paths to reflect the new way. Fixes: 43b8edb32051 Sponsored by: Netflix
* Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-165-10/+0
| | | | Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
* Remove $FreeBSD$: two-line .h patternWarner Losh2023-08-161-2/+0
| | | | Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
* Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and ↵Marcin Wojtas2019-03-065-0/+1069
implement revocation UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093 Notes: svn path=/head/; revision=344840
generated by cgit v1.3 (git 2.53.0) at 2026-04-08 07:35:19 +0000