From nobody Wed May 31 20:01:22 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QWgD66Mycz4XWkm for ; Wed, 31 May 2023 20:02:46 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QWgD631czz3jtX for ; Wed, 31 May 2023 20:02:46 +0000 (UTC) (envelope-from sjg@juniper.net) Authentication-Results: mx1.freebsd.org; none Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34VGaDA7022727; Wed, 31 May 2023 13:02:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : content-transfer-encoding : date : message-id; s=PPS1017; bh=oB5mOsEiaLNAijE+B5xwKn/tCRy7EbBN/M+VTwAwF1A=; b=BnM7wmvRaCdCFUx4ET7fSz2+Gb2xI6exSuRfU2DuRK/lFyPHYo4BzzVPkoZX62CkCYDr BAoL7hjp9k+PpQ64pCRxA4AILPMaPOo1+GRwiPrlqNXa75HXDfvaWodxM6VIOnQxyldU IQEzj7wGjTs52rnBMZnzXB0dkbbM9/L8V3PU84Y6ZzfJMde7ydwjkqPX04eCHfPn1nqN h5+sIbYA6mjH6rAHReGyBUUOIH18/udGWraFYdhSTdVxQy8vR5f0R0WLgA++ypv/aFui ijRjlZg9tlK171wMkyijfeNGA4958++/ixkubDoNJNO6d3XR0SPPjfohUNPgI8kdj32B +g== Received: from dm4pr02cu001.outbound.protection.outlook.com (mail-centralusazlp17012020.outbound.protection.outlook.com [40.93.13.20]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3qx394sbfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 31 May 2023 13:02:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CwU8wPkRGOOxTeYmzqQQzpWWvqXu1uxSLSLq3HVoUPcuUQHURuQCg/3QheIEeWUMCEqW4cIwL72kS/2PWLpDVe2Pift88d1fT+PfEDSohhXb4CbQOm6GD1sttqMPygpVf288N5hGp21fj5XtYb8/UCXCMtyz+aHTL4LElgDj6nZ/cMG4ILOf2WBntcVhJ5Rgh4i08V6tSiATuXt5Sod3+q3G+FbpNYU7lZZBJlb4dyr0EHzDsOtzbJ4fcLOWEZxgoM6jEd1ipn7sOSiB/4gxH8OeWICZflXHk6Wmz+KTgy8cq03L2SoT5vnnUyfwPLMM2Bgg5lmupsH3g01XAjcrwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oB5mOsEiaLNAijE+B5xwKn/tCRy7EbBN/M+VTwAwF1A=; b=V0ZrymsUPxLVIt+zOAqzLYr4OyKD21ZxMhDsIh42RsC0k71PSWQFPF0jzV0A+Us30b93JuTe1gOF7ArBHOPRJIlnqPiVBtmp690yw4jjaFbV9auZbDXajIgzn6+NHdjAYx3YOewxkejzKlIUChkuRb02iwUU9HUsjMdHiZWVxD3O476ctpKtT8+13iXBiYw1u7aNn0T7TxbLPL4cwvFAwY+vsD7dKQ45JC/OIxPQeU6gmDJz3pVEqT5FLOKbAEibxGp7uaPkwkB3DbsOrM/d4rCMKPQd5/bW/cnzD9BuNe3rAWj/paHyKa9LINqU+PRkT7s6vTEcWJU+Ba+Ph+wttQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.15) smtp.rcpttodomain=walstatt-de.de smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oB5mOsEiaLNAijE+B5xwKn/tCRy7EbBN/M+VTwAwF1A=; b=IdUPvcJdhPLGhdgESFe1EmBHpAelc9YfXiXGDXwic1dOepfR/TESsnWS5+Cnxujd47Los9bdM0j60axACVEhtPxk3TTRZJKj+FX7NRuW2+vFFbto1TO1M4CSOf4MFHvub04qTriPyFW/xRCbkNaH48ZKC3HNxHZcBS0b4F5AvsY= Received: from BN8PR12CA0034.namprd12.prod.outlook.com (2603:10b6:408:60::47) by DM4PR05MB10170.namprd05.prod.outlook.com (2603:10b6:8:17f::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.24; Wed, 31 May 2023 20:02:41 +0000 Received: from BN8NAM12FT099.eop-nam12.prod.protection.outlook.com (2603:10b6:408:60:cafe::16) by BN8PR12CA0034.outlook.office365.com (2603:10b6:408:60::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.23 via Frontend Transport; Wed, 31 May 2023 20:02:41 +0000 X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.15) smtp.mailfrom=juniper.net; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender) Received: from p-exchfe-eqx-02.jnpr.net (66.129.239.15) by BN8NAM12FT099.mail.protection.outlook.com (10.13.183.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.7 via Frontend Transport; Wed, 31 May 2023 20:02:40 +0000 Received: from p-exchbe-eqx-02.jnpr.net (10.104.9.15) by p-exchfe-eqx-02.jnpr.net (10.104.9.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21; Wed, 31 May 2023 15:02:39 -0500 Received: from p-exchbe-eqx-01.jnpr.net (10.104.9.14) by p-exchbe-eqx-02.jnpr.net (10.104.9.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21; Wed, 31 May 2023 15:02:39 -0500 Received: from p-mailhub01.juniper.net (10.104.20.6) by p-exchbe-eqx-01.jnpr.net (10.104.9.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21 via Frontend Transport; Wed, 31 May 2023 15:02:39 -0500 Received: from kaos.jnpr.net (kaos.jnpr.net [172.23.255.201]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 34VK2cG9022033; Wed, 31 May 2023 13:02:38 -0700 (envelope-from sjg@juniper.net) Received: by kaos.jnpr.net (Postfix, from userid 1377) id 2EE628F0DF; Wed, 31 May 2023 13:01:22 -0700 (PDT) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 2E7888EF7B; Wed, 31 May 2023 13:01:22 -0700 (PDT) To: Warner Losh CC: FreeBSD User , FreeBSD CURRENT , Subject: Re: WITH_BEARSSL: -8112 bytes available In-Reply-To: References: <20230529105854.1903226d@thor.intern.walstatt.dynvpn.de> Comments: In-reply-to: Warner Losh message dated "Wed, 31 May 2023 12:15:12 -0600." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 28.2 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <98576.1685563282.1@kaos.jnpr.net> Content-Transfer-Encoding: quoted-printable Date: Wed, 31 May 2023 13:01:22 -0700 Message-ID: <27.1685563282@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM12FT099:EE_|DM4PR05MB10170:EE_ X-MS-Office365-Filtering-Correlation-Id: 6bd83869-71d6-4c70-fa91-08db6211fd85 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wuphOhSRpDyQK/zNrsXJdnonIgNGijMiJYO0lD4sN1OvkafWvXc/BPRJ5HRgusRJnUciM6goWoL9T6b7qFpwLjud4ibt2BglDaq6zh9zKDctf2D9UsNRkCpayoUyN+B9sVaOYYMPiVVIhtwgdO4LXXj0aCPuFagM5esGNxMdT4yEjCAHG6dcBtqqK2cifExtuXrekAvaba9qe/KiQuYwjuTRguJNh3Q7dbhpn+NHyUQ0fmmnJ8Iv9kTHPLWWvgUI6lWfyklL6TvX9Tobf6JB4uNjaQherdRsV0srHwKBj09IFmyX3BCYVDAtbM3t5m1mScY5h563OmlS1nj/xpDni1iVGlRjTPXY+jXY7Pratq9Whag0afSI7ddQD+/7JZzO/falpsGRez21a31Aj/XUsWEmOtU7LBMqth6Y3gz0lnBaZ3aVUm6MnPjTy4I1z8kuGKd4CwmBX4gpQwO3tyjk6yD1X40FgyaLBXpakwLhqUnRc2SFrszWY3tR+03SjuPhkj6ieP1SD2MWCwj3IgV6liJixXtcB6TPFvIV7jB/Y9F9IN5TRLlAgtei/Hg2d4foB7bFTgYBkCmXPEp9yuV0yzwCqH8h6lBbTDng2PrmQTA+cqCswY5GwVavjJ6a4lKLWiXwUdJKdc3xWG7NTd3x8Bkfb2Cat5JKO2TdojqDQY0xMXjn3wkGOZezaPdcx19Eckqyyb7hmVqfLHJ7w2wYQLH0EbcUXNcvj9L4DXU+52iu3jmi+j4gj8KyKDvxoAizVZytfc+zzfgopmHbSn0AIw== X-Forefront-Antispam-Report: CIP:66.129.239.15;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:p-exchfe-eqx-02.jnpr.net;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(376002)(39860400002)(136003)(346002)(396003)(451199021)(40470700004)(46966006)(36840700001)(47076005)(55016003)(36860700001)(336012)(40480700001)(83380400001)(82740400003)(6916009)(70586007)(70206006)(9686003)(26005)(7696005)(107886003)(478600001)(7126003)(54906003)(6266002)(186003)(86362001)(40460700003)(2906002)(5660300002)(8936002)(8676002)(356005)(4326008)(81166007)(41300700001)(316002)(82310400005)(36900700001);DIR:OUT;SFP:1102; X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2023 20:02:40.8876 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6bd83869-71d6-4c70-fa91-08db6211fd85 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4;Ip=[66.129.239.15];Helo=[p-exchfe-eqx-02.jnpr.net] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT099.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR05MB10170 X-Proofpoint-GUID: 3Nan75dF_9ZUy9i4t75VXO6238aAEwkq X-Proofpoint-ORIG-GUID: 3Nan75dF_9ZUy9i4t75VXO6238aAEwkq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-31_14,2023-05-31_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 phishscore=0 bulkscore=0 adultscore=0 malwarescore=0 impostorscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=504 clxscore=1011 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305310170 X-Rspamd-Queue-Id: 4QWgD631czz3jtX X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:22843, ipnet:67.231.152.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N > the loader program. You may also have to disable the lua build, since it= uses more stack and is just a smidge > larger than the forth build. _simp will be the smallest of them > all. On my system, without bearssl, I see: Back when I first did the LOADER_VERIEXEC bits, I found lua pushed things over the edge. We use 4th anyway, and will likely be stuck with it for another decade at least. > -r-xr-xr-x 3 root wheel 503808 May 22 15:25 /boot/loader_lua > -r-xr-xr-x 1 root wheel 446464 May 22 15:25 /boot/loader_4th > -r-xr-xr-x 1 root wheel 385024 May 22 15:25 /boot/loader_simp > which suggests a ~60k bump for adding forth and ~115k bump for lua. So t= he 560,000 may need to be 625,000 > which is living life on the edge for 4th, and simply too big for lua. > = > I'd be open to adding docs on this, since I don't think this option is c= urrently documented since I added it > to experiment around with a good value. My own experiments found somewhere around 550k to be the limit. > And no, I really do not want to support 'loadable modules'. BIOS > booting is on the way out, and people = > that want to do complex stuff in the boot loader will simply have to > do that in UEFI or maybe kboot/LinuxBoot. = > There's low RoI on adding this complexity, imho. We'd be better off, > imho, making things like the graphics = > console optional since the fonts and code for that free up about 30k > in stupid experiments that I've done Yes. For those of us with serial only consoles, the graphics stuff is pure overhead. > Without the extras and ZFS, you might have bearssl and lua together even= ... FWIW our i386 loader with BEARSSL and LOADER_VERIEXEC and 4th rather than lua is 312K I can get that down to 308K by dropping LOADER_EXT2FS_SUPPORT which I am pretty sure we don't need. If I enable lua and disable 4th, the loader is still only 352K in our stable/12 branch and 364K in main I just did a quick test on a VM - that loader_lua was able to load kernel ok, so looks promising. Of course we have 8k lines of 4th that would need translating to lua before I could be sure. --sjg