| #
3e15b01d |
|
22-Feb-2024 |
Warner Losh <imp@FreeBSD.org> |
libsa: Remove redundant sys/cdefs.h
Sponsored by: Netflix
|
| #
dcc20bce |
|
28-Jan-2024 |
Warner Losh <imp@FreeBSD.org> |
stand: Use modern function definitions
Use modern function definitions for functions with no args.
Sponsored by: Netflix
|
| #
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| #
c5f01980 |
|
25-Feb-2023 |
Robert Wing <rew@FreeBSD.org> |
stand: fix buffer overflow in getrootmount()
Reviewed by: imp, allanjude
Sponsored By: Beckhoff Automation GmbH & Co. KG
Sponsored By: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38734
|
| #
49f6a83e |
|
08-Apr-2022 |
Gordon Bergling <gbe@FreeBSD.org> |
stand: Remove a double word in a source code comment
- s/be be/be/
MFC after: 3 days
|
| #
537a44bf |
|
30-May-2021 |
Colin Percival <cperciva@FreeBSD.org> |
stand/common command_boot: Pass tslog to kernel
Pass the recorded tslog buffer to the kernel as a "preloaded module".
Reviewed by: kevans
|
| #
c46f7610 |
|
13-Dec-2020 |
Jessica Clarke <jrtc27@FreeBSD.org> |
loader: Print autoboot countdown immediately, not at 9
For the first second otime and ntime are equal so no message gets
printed. Instead we should print the countdown right from the start,
although we do it at the end of the first iteration so that if a key has
already been pressed then the message is suppressed.
Reviewed by: imp
Approved by: imp
Differential Revision: https://reviews.freebsd.org/D26935
|
| #
b0fefb25 |
|
02-Apr-2019 |
Marcin Wojtas <mw@FreeBSD.org> |
Create kernel module to parse Veriexec manifest based on envs
The current approach of injecting manifest into mac_veriexec is to
verify the integrity of it in userspace (veriexec (8)) and pass its
entries into kernel using a char device (/dev/veriexec).
This requires verifying root partition integrity in loader,
for example by using memory disk and checking its hash.
Otherwise if rootfs is compromised an attacker could inject their own data.
This patch introduces an option to parse manifest in kernel based on envs.
The loader sets manifest path and digest.
EVENTHANDLER is used to launch the module right after the rootfs is mounted.
It has to be done this way, since one might want to verify integrity of the init file.
This means that manifest is required to be present on the root partition.
Note that the envs have to be set right before boot to make sure that no one can spoof them.
Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19281
|
| #
8df8b2d3 |
|
25-Feb-2019 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Enable veriexec for loader
This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec
Note: disabled by default.
Use is initially expected to be by embeded vendors
Reviewed by: emaste, imp
Sponsored by: Juniper Networks
Differential Revision: D16336
|
| #
c96ac12e |
|
13-Jul-2018 |
Warner Losh <imp@FreeBSD.org> |
Transition to boot_env_to_howto and boot_howto_to_env in the boot
loader.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16205
|
| #
3db6d179 |
|
09-Jun-2018 |
Kyle Evans <kevans@FreeBSD.org> |
stand: One more trivial consolidation (setting environment from howto)
|
| #
593e2c6e |
|
09-Jun-2018 |
Kyle Evans <kevans@FreeBSD.org> |
stand: Consolidate checking for boot flags driven by environment vars
e.g. boot_mute, boot_single, boot_verbose, and friends; we checked for these
in multiple places, consolidate into common/ and allow a setting of "NO" for
any of these to turn them off. This allows systems with multiple
loader.conf(5) or loader.conf(5) overlay systems to easily turn off
variables in later processed files by setting it to NO.
Reported by: Nick Wolff @ iXsystems
Reviewed by: imp
|
| #
073193ed |
|
31-May-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Fix build of stand with base gcc
* Make autoboot() a static function in stand/common/boot.c, so it does
not shadow local variables in gptboot.c and zfsboot.c.
* Remove -Winline from the Makefiles for gptboot, gptzfsboot and
zfsboot, as gcc will always fail to inline some functions, and there
is nothing we can do about it.
* For gcc <= 4.2.1, silence -Wuninitialized for isoboot, as it produces
a false positive warning.
* Remove deprecated and unnecessary -mcpu=i386 flag from stand/defs.mk,
as there is already a -march=i386 flag further in the file.
Reviewed by: imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D15628
|
| #
16bb6523 |
|
08-Feb-2018 |
Warner Losh <imp@FreeBSD.org> |
Move to tabs for indentation and to 8-space notches, per style(9).
4 space indentation with a mix of tabs and spaces is a hassle. Update
to project-standard hard-tabs with 8-space indentation in these files.
This matches the new code coming in better as well.
|
| #
1065f77a |
|
23-Jan-2018 |
Warner Losh <imp@FreeBSD.org> |
Fix some resource leaks.
Always free dev and fstyp before strduping new values to assign to
them. Free them at the end of the loop. This keeps them from leaking
for mal-formed /etc/fstab lines.
CID: 1007777, 1007778, 1007779
Sponsored by: Netflix
|
| #
ca987d46 |
|
14-Nov-2017 |
Warner Losh <imp@FreeBSD.org> |
Move sys/boot to stand. Fix all references to new location
Sponsored by: Netflix
|