From nobody Tue Aug 06 23:30:27 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdqKw14D5z5S8P2; Tue, 06 Aug 2024 23:30:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdqKw0W3tz4mV0; Tue, 6 Aug 2024 23:30:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722987028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wOQ59n7MkKwQFHSJm1unAn0QvhQkvzx+3eKELbBmtHU=; b=IexS3mzFcEJ4MKu7e56/QYDBtEhMfOW7zF1JyC1O88MRJc7n5qBSpdTLLP1Qyq6DFIiwB8 fwMQSh0SDzqEb38wClISLEB874VqrFvUj6NROE+q1+qopV8CxoWVneNaDhwLDY5Sz7iz7r V6wb4rpMqfmtDvUQbeuvcHFvKUxJ4vfdgC2ccOdoVCkJ/d6M9ssUymaQ1sm/JX3ZG6b9Y2 jZDKQVlG25uW1AmyWyunbwtu017ND+gvU2jhOimLTF5qfC6x4PocecxtVY5sf4AAn2eZ0U tZtyWD9OcgUV0zoKBwv142GRjMHmndoo/+QkjMUWRWJKXmFwT2CRaB4fIjHxBA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722987028; a=rsa-sha256; cv=none; b=ENsOqjD+yITlF0KX1af22pmlyjOgZ6C/fv1Ld/CugWdAwxET1FIelqkpModGyc6ckWr7/h HEH9BtN0/RIz0Y+qcAiVLbpBNy6K3qd6FyTzet9c6K17ifWD5oo3dxkQYn05wW+iqGnfR0 uk2k+CxpAmVXwaFXsqM75EVD4syNJhqZrhbAn+oyjWyXKlIhifbJejW0SvuFvb7q8uqBgP B2h9lkPsxf/onJCS9/kLBsWNZVtQjbzl6oAvVLSmFIsIiL/kh6/sIHH+u2firLm+PSNA6n QjX73l0uONu0PgK9jAV6omOAPoIrozGmbtaqGE07Bv4FEaLzXXmhFIg2sqNvPQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722987028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wOQ59n7MkKwQFHSJm1unAn0QvhQkvzx+3eKELbBmtHU=; b=iscg8IHxmYwiwzY3MGK3zLzc2KcrxvnsTX6oShtcQmTIX1jfLDiEpYerLddjiB90W9VC8u OILn/S3Y5zDnK0FwQ8JFT+HPHCp7WZR32TdiL7ZfkhAWlTlIoHyoumNZP6p18T0LRotxuX qeqb00ylVqTWoc6mEgc0rL6eVTV55bdp1GWSd1VcsoYrOLEz36eVYP6FfuyAuEhsDausaB Py1whN/TSiwu1SvuJtf/6cnTAE8wOBzafh+i3aZ/K+7nt5WbJzfZ2vjd7solRA7Fe2T0Xv 90de0RNUUri/+9yzOQ7R1S9qiGnIHdGnTkeOxhn9GqgEYQBeNEjemeS4sz+gfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WdqKw00SbzRTW; Tue, 6 Aug 2024 23:30:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 476NURBN080791; Tue, 6 Aug 2024 23:30:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 476NURrx080788; Tue, 6 Aug 2024 23:30:27 GMT (envelope-from git) Date: Tue, 6 Aug 2024 23:30:27 GMT Message-Id: <202408062330.476NURrx080788@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: 7ee781e2bfc2 - main - loader: Document that WITH_BEARSSL may need other tweaks List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7ee781e2bfc2558060dec95564414a0bff4415c1 Auto-Submitted: auto-generated The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=7ee781e2bfc2558060dec95564414a0bff4415c1 commit 7ee781e2bfc2558060dec95564414a0bff4415c1 Author: Warner Losh AuthorDate: 2024-08-05 21:16:37 +0000 Commit: Warner Losh CommitDate: 2024-08-06 23:22:36 +0000 loader: Document that WITH_BEARSSL may need other tweaks /boot/loader is right up aginst the 500k limit we have to make sure everything works in a wide variety of environments. However, adding WITH_BEARSSL can push it over the edge since we are so close to the limit with it enabled. One may also need to increase LOADERSIZE when enabling it. It's often safe to go much higher, especially when you don't plan on using pxeldr. Document this trade off here. MFC After: 3 days Sponsored by: Netflix Reviewed by: sjg, markj Differential Revision: https://reviews.freebsd.org/D46211 --- tools/build/options/WITH_BEARSSL | 19 +++++++++++++++++++ tools/build/options/WITH_LOADER_VERIEXEC | 2 ++ 2 files changed, 21 insertions(+) diff --git a/tools/build/options/WITH_BEARSSL b/tools/build/options/WITH_BEARSSL index 6a4447d723ed..9dcebbf1ae30 100644 --- a/tools/build/options/WITH_BEARSSL +++ b/tools/build/options/WITH_BEARSSL @@ -8,3 +8,22 @@ This library is currently only used to perform signature verification and related operations for Verified Exec and .Xr loader 8 . +.Pp +Due to size constraints, one may need to set +.Va LOADERSIZE +larger than the +default 500000, although often loader is under the 500k limit even with +this option. +Setting +.Va LOADERSIZE +larger than 500000 may cause +.Xr pxeboot 8 +to be too large to work. +Careful testing of the loader in the target environment when built with a larger +limit to establish safe limits is critical because different BIOS environments +reserve differing amounts of the low 640k space, making a precise limit for +everybody impossible. +.Pp +See also +.Va WITH_LOADER_PXEBOOT +for other considerations. diff --git a/tools/build/options/WITH_LOADER_VERIEXEC b/tools/build/options/WITH_LOADER_VERIEXEC index a50ff9a317e6..d784df968949 100644 --- a/tools/build/options/WITH_LOADER_VERIEXEC +++ b/tools/build/options/WITH_LOADER_VERIEXEC @@ -4,3 +4,5 @@ with support for verification similar to Verified Exec. .Pp Depends on .Va WITH_BEARSSL . +May require a larger +.Va LOADERSIZE .