Diffusion FreeBSD src repository 32d22bbf32b8

Add -S option to veriexec
32d22bbf32b8
Actions

Description

Add -S option to veriexec

During software installation, use veriexec -S to strictly
enforce certificate validity checks (notBefore, notAfter).

Otherwise ignore certificate validity period.
It is generally unacceptible for the Internet to stop working
just because someone did not upgrade their infrastructure for a decade.

Details

Provenance

sjg	Authored on Jul 19 2022, 3:59 PM
gbe	Committed on Apr 14 2023, 7:25 AM

Reviewer

sebastien.bini_stormshield.eu

Differential Revision

D35758: Add -S option to veriexec

Parents

rG9c95cd930378: libsecureboot: Do not propagate empty string

Branches

Unknown

Tags

Unknown

Event Timeline

gbe committed rG32d22bbf32b8: Add -S option to veriexec (authored by sjg).Apr 14 2023, 7:25 AM

gbe added an edge: D35758: Add -S option to veriexec.

Changes (5)

Path

Size

lib/

libsecureboot/

Makefile.depend.host

libsecureboot.h

vets.c

sbin/

veriexec/

veriexec.8

veriexec.c

rG32d22bbf32b8

View Options

lib/libsecureboot/Makefile.depend.host

View Options

lib/libsecureboot/h/libsecureboot.h

View Options

lib/libsecureboot/vets.c

View Options

sbin/veriexec/veriexec.8

View Options

Add -S option to veriexec32d22bbf32b8Actions

Description

Details

Event Timeline

Changes (5)

rG32d22bbf32b8

lib/libsecureboot/Makefile.depend.host

lib/libsecureboot/h/libsecureboot.h

lib/libsecureboot/vets.c

sbin/veriexec/veriexec.8

sbin/veriexec/veriexec.c

Add -S option to veriexec
32d22bbf32b8
Actions