Marcin Wojtas 13ea0450a9 Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation ... UEFI related headers were copied from edk2. A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow loading of trusted anchors from UEFI. Certificate revocation support is also introduced. The forbidden certificates are loaded from dbx variable. Verification fails in two cases: There is a direct match between cert in dbx and the one in the chain. The CA used to sign the chain is found in dbx. One can also insert a hash of TBS section of a certificate into dbx. In this case verifications fails only if a direct match with a certificate in chain is found. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19093		2019-03-06 06:39:42 +00:00
..
cross-build	Allow building mkimg as cross-tool	2017-03-03 01:56:55 +00:00
make_check
mk	Merge ^/head r344549 through r344775.	2019-03-04 19:14:32 +00:00
options	Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation	2019-03-06 06:39:42 +00:00
beinstall.sh	beinstall: try to save progress from pkg updates.	2018-12-27 23:27:48 +00:00
check-links.sh	Allow specifying an alternative LD_LIBRARY_PATH for the ldd(1) lookup.	2016-01-19 22:42:16 +00:00
dummy.c
futimens.c	build: Add legacy support for futimens() and utimensat().	2016-06-09 21:57:34 +00:00
Makefile	Add capsicum_helpers.h to -legacy if needed	2018-11-19 18:58:34 +00:00
Makefile.depend	META_MODE: Remove DEP_RELDIR from Makefile.depend files.	2015-09-25 19:26:08 +00:00
stat.h	build: Add legacy support for futimens() and utimensat().	2016-06-09 21:57:34 +00:00
stdlib.h	Provide reallocarray() in -legacy, if needed, to allow building head on	2015-05-15 22:19:35 +00:00
strings.h	Fix buildworld on FreeBSD 10	2018-07-16 11:03:05 +00:00
utimensat.c	build: Add legacy support for futimens() and utimensat().	2016-06-09 21:57:34 +00:00