From nobody Tue Aug 13 17:31:39 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wjz2g4KRbz5T5xw; Tue, 13 Aug 2024 17:31:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wjz2g23gCz4Z93; Tue, 13 Aug 2024 17:31:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723570299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BdfCTqxZ4nK1mMHFpKjtTKX/m07iOHI+H01cRY4DUoc=; b=BrYZyqrLJdGP+PXeTi4xxusARJRQIP5CySk5JQb9FimDr5rxJP4n4UcyM4nB7XYk/aR16I zoQiRDs+yugpygJS6gkiqFZVJucDUba22GJV357kduSuv5OkjLPRxEUt8ADTKlSjgCDlxJ nTq3SbmOlihoyPGIW6KpF5qJW8FUBnu1R4zWXj/nKmSU3dWoclmnu3U4409QO1/tYqCfmj S7KnJJ75p7MYQ3WciwvtntHavcHyC+uiu5OEQWrZkKXsj5j0CRuDln9xGnH6EIu9oHNH6j 35nLZ88xlxjj2XcNutO6uv0g8PfmEfAhvwi/BKs40dhLHi+2TTfGdi20clRxkg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723570299; a=rsa-sha256; cv=none; b=v1pJeyyLAFwuM4qhXaZDkkWRKlkF9eWWJlbQif56dX+xgusZAfGVHo6Wa9Ui97uifCS1rR MN3J7jGbKZwPYWQpyAMyFugsJf2iHuEDa+fogBgsbtjWjofQ4Ji6A0SHmWBbmMzYoZNtGp Afc+7fIHgXx6Saa0ckHvHyRhfTQP8EYYvv1rOOi4RUoL8AUUE8xXwG30O28KM5iLnVFybV GnwJ/LbkuEvIqsxIx1PJkWmSOFkVBCC2Zy8j890jtua+5Mp8CHZvcFYAM9DDVLm96pLIYT 1EhWKAY/3Sb+jOKzJ7nlQD108J5G/JF2Se3z33oD7OLVv1iPyyzO6BAClbFDhA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723570299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BdfCTqxZ4nK1mMHFpKjtTKX/m07iOHI+H01cRY4DUoc=; b=a20BYqmw2BQrHxmuZOwdhWWcS7Byter/ZWj8oaVQm0yh2Elr50kEELdYS+eYb0f1dEORql 70R49AeJ3vZ5cmtTMo58HH1ORTnwLTtCBIEIYdR2XaEti3duWJhVJ6MfM2wj4lf/EYnERJ ty8gzVPIz3h3HQdMcKog4Huz2iDdLCHrCqrtzSu2q28gf4A/I5kxBKgS3LemYD7ZZu1s5Z fAOnjDd7uqDtQQySX0l9BjkE4TgjYfW5NKz2PBY6ylxRBwcdQxbxsQQ5rc6tdBjRKAXfsY NCvPMkjqAqmIhKmI7SbcsG7gBeFZXlsfMwQLeG1HInWfKCNcDBv/3RFMQ4xkGA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wjz2g1h2kzKvB; Tue, 13 Aug 2024 17:31:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47DHVdv9050991; Tue, 13 Aug 2024 17:31:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47DHVdPP050988; Tue, 13 Aug 2024 17:31:39 GMT (envelope-from git) Date: Tue, 13 Aug 2024 17:31:39 GMT Message-Id: <202408131731.47DHVdPP050988@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Warner Losh Subject: git: b013b81a03ba - stable/14 - loader: Document that WITH_BEARSSL may need other tweaks List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b013b81a03bad3741c50523ba5bcd9445429dbd6 Auto-Submitted: auto-generated The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=b013b81a03bad3741c50523ba5bcd9445429dbd6 commit b013b81a03bad3741c50523ba5bcd9445429dbd6 Author: Warner Losh AuthorDate: 2024-08-05 21:16:37 +0000 Commit: Warner Losh CommitDate: 2024-08-13 17:31:38 +0000 loader: Document that WITH_BEARSSL may need other tweaks /boot/loader is right up aginst the 500k limit we have to make sure everything works in a wide variety of environments. However, adding WITH_BEARSSL can push it over the edge since we are so close to the limit with it enabled. One may also need to increase LOADERSIZE when enabling it. It's often safe to go much higher, especially when you don't plan on using pxeldr. Document this trade off here. MFC After: 3 days Sponsored by: Netflix Reviewed by: sjg, markj Differential Revision: https://reviews.freebsd.org/D46211 (cherry picked from commit 7ee781e2bfc2558060dec95564414a0bff4415c1) --- tools/build/options/WITH_BEARSSL | 19 +++++++++++++++++++ tools/build/options/WITH_LOADER_VERIEXEC | 2 ++ 2 files changed, 21 insertions(+) diff --git a/tools/build/options/WITH_BEARSSL b/tools/build/options/WITH_BEARSSL index 6a4447d723ed..9dcebbf1ae30 100644 --- a/tools/build/options/WITH_BEARSSL +++ b/tools/build/options/WITH_BEARSSL @@ -8,3 +8,22 @@ This library is currently only used to perform signature verification and related operations for Verified Exec and .Xr loader 8 . +.Pp +Due to size constraints, one may need to set +.Va LOADERSIZE +larger than the +default 500000, although often loader is under the 500k limit even with +this option. +Setting +.Va LOADERSIZE +larger than 500000 may cause +.Xr pxeboot 8 +to be too large to work. +Careful testing of the loader in the target environment when built with a larger +limit to establish safe limits is critical because different BIOS environments +reserve differing amounts of the low 640k space, making a precise limit for +everybody impossible. +.Pp +See also +.Va WITH_LOADER_PXEBOOT +for other considerations. diff --git a/tools/build/options/WITH_LOADER_VERIEXEC b/tools/build/options/WITH_LOADER_VERIEXEC index a50ff9a317e6..d784df968949 100644 --- a/tools/build/options/WITH_LOADER_VERIEXEC +++ b/tools/build/options/WITH_LOADER_VERIEXEC @@ -4,3 +4,5 @@ with support for verification similar to Verified Exec. .Pp Depends on .Va WITH_BEARSSL . +May require a larger +.Va LOADERSIZE .