Re: git: e962b37bf0ff - main - bhyve: Do not enable PCI BAR decoding if a boot ROM is present

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Fri, 06 Sep 2024 16:30:07 UTC
On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote:
> On 9/5/24 22:10, Shawn Webb wrote:
> > Hey Mark,
> > 
> > This commit seems to force me to now pass "-o pci.enable_bars=true" to
> > all my VMs on amd64. I wonder if that might be a POLA violation. I
> > didn't realize that I needed to set that until I bisected the src
> > tree, looking for the commit that broke bhyve for me.
> > 
> > Is changing the default here really worth it for amd64? If so, I'm
> > thinking this should be in both RELNOTES and UPDATING. I now have to
> > propigate re-enabling this across my entire infrastructure.
> > 
> > Thanks,
> 
> That should only be true if you are using an older UEFI firmware that did
> not program BARs.  Are you seeing this on stock FreeBSD, and which version
> of the UEFI ROM are you using?

Ah, thanks for the hint, John! My UEFI edk2 bhyve package is years out
of date. I guess I need to pay more attention to what `pkg upgrade`
does NOT upgrade:

hbsd-laptop-02[shawn]:/home/shawn $ pkg info | grep bhyve
uefi-edk2-bhyve-g20210226_1,2  UEFI EDK2 firmware for bhyve
uefi-edk2-bhyve-devel-g20190424_1 UEFI-EDK2 firmware for bhyve

hbsd-laptop-02[shawn]:/home/shawn $ pkg search bhyve
edk2-bhyve-g202308_5           EDK2 Firmware for bhyve

I'm building some packages on my laptop right now. Once that finishes,
I'll go ahead and upgrade to the new package, retest, and report.

If this is indeed the problem (I suspect it is), I apologize for the
noise. Thanks, though, for the hint and the help. :-)

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc