From nobody Tue Aug 06 23:35:34 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdqS41Mx7z5S8sp for ; Tue, 06 Aug 2024 23:35:48 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdqS34gx5z4p7l for ; Tue, 6 Aug 2024 23:35:47 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-36bb2047bf4so631844f8f.2 for ; Tue, 06 Aug 2024 16:35:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722987346; x=1723592146; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6qWahXMh70rKGWkCfEJis9fvLl8RLixQcSh4kcqOVfU=; b=eJlqDu+ueYzlEFtrAvXA8Pd0P8S9y64FarNR12GevtCcSUMyHreGpIpmRmNNkPDs6u x/rk941D2BYb3wbpsWadQwOE+3hCz9Hvy1hQ08o2bRSu7/dQtbptHfSSvqVOl67989p9 XiSTdA+vm3WvsTLCm1iyvFeWPMAisHzN0DFHji0s3XLQhhvSMZ7s5h9VD+CbjiUAQuZK 38RvyXk2Q3tolGaiTBW/veS/N7y5+F8bLdkY/8ORKD188B6QugWJd/VT9KS8xq5b18by m4fv9gQYneZ06WhjQMraE8CqaDcu2ZayTXPhNXG/XgxxLoHRGDY+zRpqvXQGsxEiVzaU 2CCA== X-Forwarded-Encrypted: i=1; AJvYcCVa4mLqtcRqTgYM8f93OhnjfZ+mgUAc9phdk55n1I148UM7Wy9lS5Zi3KLB+3vajO7LnM/dwkRkuzpgaFsF6mrLUR+ddsyMbsUtvLM+cUS9cw== X-Gm-Message-State: AOJu0YwZrVgNj60lHtiqbMBbOqxeRehA7/RUEnjAbHXlUp+XfFTHIBHK 8ZplxYBV/DjhJ/Aag0jq0fjPgNNODpZ7sMxhnMIxFsrRTTi/jL1ZzYd3QEJk7muM1hDHRZqu1BL p X-Google-Smtp-Source: AGHT+IHrJ5PTfs/J5gtizmK6cma9cNdHz8w3cOi3Z8a2W9OMTtOt5rDuVY41m3vCJuvm3yzhYVJibQ== X-Received: by 2002:adf:e98a:0:b0:368:3751:de3 with SMTP id ffacd0b85a97d-36bbc10d051mr10405598f8f.31.1722987345287; Tue, 06 Aug 2024 16:35:45 -0700 (PDT) Received: from smtpclient.apple ([131.111.5.201]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36bbd169697sm14181576f8f.107.2024.08.06.16.35.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Aug 2024 16:35:44 -0700 (PDT) Content-Type: text/plain; charset=utf-8 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\)) Subject: Re: git: 7ee781e2bfc2 - main - loader: Document that WITH_BEARSSL may need other tweaks From: Jessica Clarke In-Reply-To: <202408062330.476NURrx080788@gitrepo.freebsd.org> Date: Wed, 7 Aug 2024 00:35:34 +0100 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <71670C64-CE80-47B1-809D-AFACA9C3E8FF@freebsd.org> References: <202408062330.476NURrx080788@gitrepo.freebsd.org> To: Warner Losh X-Mailer: Apple Mail (2.3776.700.51) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4WdqS34gx5z4p7l On 7 Aug 2024, at 00:30, Warner Losh wrote: >=20 > The branch main has been updated by imp: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D7ee781e2bfc2558060dec95564414a0b= ff4415c1 >=20 > commit 7ee781e2bfc2558060dec95564414a0bff4415c1 > Author: Warner Losh > AuthorDate: 2024-08-05 21:16:37 +0000 > Commit: Warner Losh > CommitDate: 2024-08-06 23:22:36 +0000 >=20 > loader: Document that WITH_BEARSSL may need other tweaks >=20 > /boot/loader is right up aginst the 500k limit we have to make sure > everything works in a wide variety of environments. However, adding > WITH_BEARSSL can push it over the edge since we are so close to the > limit with it enabled. One may also need to increase LOADERSIZE = when > enabling it. It's often safe to go much higher, especially when you > don't plan on using pxeldr. Document this trade off here. Can you please mention i386/amd64/x86/whatever and BIOS up front in the descriptions here? As it stands it reads like a lot of historic FreeBSD documentation that assumes you=E2=80=99re dealing with x86 + BIOS. Jess > MFC After: 3 days > Sponsored by: Netflix > Reviewed by: sjg, markj > Differential Revision: https://reviews.freebsd.org/D46211 > --- > tools/build/options/WITH_BEARSSL | 19 +++++++++++++++++++ > tools/build/options/WITH_LOADER_VERIEXEC | 2 ++ > 2 files changed, 21 insertions(+) >=20 > diff --git a/tools/build/options/WITH_BEARSSL = b/tools/build/options/WITH_BEARSSL > index 6a4447d723ed..9dcebbf1ae30 100644 > --- a/tools/build/options/WITH_BEARSSL > +++ b/tools/build/options/WITH_BEARSSL > @@ -8,3 +8,22 @@ This library is currently only used to perform > signature verification and related operations > for Verified Exec and > .Xr loader 8 . > +.Pp > +Due to size constraints, one may need to set > +.Va LOADERSIZE > +larger than the > +default 500000, although often loader is under the 500k limit even = with > +this option. > +Setting > +.Va LOADERSIZE > +larger than 500000 may cause > +.Xr pxeboot 8 > +to be too large to work. > +Careful testing of the loader in the target environment when built = with a larger > +limit to establish safe limits is critical because different BIOS = environments > +reserve differing amounts of the low 640k space, making a precise = limit for > +everybody impossible. > +.Pp > +See also > +.Va WITH_LOADER_PXEBOOT > +for other considerations. > diff --git a/tools/build/options/WITH_LOADER_VERIEXEC = b/tools/build/options/WITH_LOADER_VERIEXEC > index a50ff9a317e6..d784df968949 100644 > --- a/tools/build/options/WITH_LOADER_VERIEXEC > +++ b/tools/build/options/WITH_LOADER_VERIEXEC > @@ -4,3 +4,5 @@ with support for verification similar to Verified = Exec. > .Pp > Depends on > .Va WITH_BEARSSL . > +May require a larger > +.Va LOADERSIZE .