Import BearSSL ? (Adding verification to loader)
Daniel Eischen
deischen at freebsd.org
Thu Aug 31 01:34:45 UTC 2017
On Wed, 30 Aug 2017, Ian Lepore wrote:
> On Wed, 2017-08-30 at 14:55 -0700, Simon J. Gerraty wrote:
>> Hi,
>>
>> Background:
>>
>> I've been adding what amounts to a mini "verified exec" to the freebsd
>> loader for use in Junos.
>>
>> What this means is that the loader verifies the kernel and all the
>> modules before loading them, and can reject anything for which a
>> registered fingerprint (eg. sha1 hash) does not match.
[ ... ]
>
> We need this exact feature (verification of kernel and modules) for an
> upcoming product at work. Including the library code in contrib
> certainly sounds attractive to me, too.
>
> I wouldn't be surprised if interest in this goes beyond those of us
> building embedded appliances.
Indeed, why couldn't it be enabled by default for FreeBSD.org
packaged distribs? Or am I jumping the gun by a few years?
--
DE
More information about the freebsd-arch
mailing list