From nobody Wed Jul 31 14:48:15 2024 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WYw2953m2z5S23q for ; Wed, 31 Jul 2024 14:48:17 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WYw294LRVz4mb3; Wed, 31 Jul 2024 14:48:17 +0000 (UTC) (envelope-from jhb@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722437297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vud9r+LFmrGVI7W8OL0IrmlDIGjx8XKfPIPBub5jDEU=; b=Ex/3f+xF6nJy8GnF8mThBopYcS5llcQuC7QAXSyrF8ks8qcI0avXvLdp3OkZD3ZUYZVnmN GdBEB3GdhNs49A09E3LNJpIv4ZS84NAbaVMRwryLrjveX65NUMcYvgPuh7tNporA3I+/gT mtr3cRyk699MZ4iGw/6oC6UzYei9ZMzQ/s04vTrAJUKWmIuQlclzT/5yt3cNRaWYU/2eaJ bC0154p9k0QkHAjksGK//TpkFUSZO3MPqZS8m4vbWregZ43b3TLtIYYDLzIeJGlzowfmZV /zopuifj6RF3193RqGUp+y9Pxquc4XBqHzbRVBOrzpz5aji37vJPEOL1IEUUIA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722437297; a=rsa-sha256; cv=none; b=Ebb1nz4AgFHCcfOkBLYuA/3FOF+ra2SexnOtZzJZU2zay0idFZmXpwn2hhFZ3TDqDy4l3n L3vfVU/kHb93GPVIfKi3X5p/r2JGGXizW2GadVSL7AzxTnYkmqgMEu/h9g00QTC3MVwvKT N+2lqTfpOMbvJ4LX3aBFQ7nLUe7qNL9z9XXhEnpeHzBP4Og9W4N9ma+QToTswlsGhOpz9/ 14+EAlTcP+Na0slcym6NHpSoyiYjoH+2l+qjX0ZZoBpryw9y2VJYxq2DzMfg52Kz4dMUEo //LMO8CmBHulZWd8Sffk+lEjpPqkWGKmSdibyzCuQcQSkAW6x1k8CEFTrTMHZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1722437297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vud9r+LFmrGVI7W8OL0IrmlDIGjx8XKfPIPBub5jDEU=; b=aaIUCudSIzRPoljt/9ovFLGVji2d5Nw8SRM7/maMiZu9MhAzaYZfdfa15paJnvIKL5vgHH OX4PYRsBVjqW3MUYR0rvC38xgDbheJT2r1/L/bKcRJYrTOT+L6b5buscEThTwSxSMXzvKI J1DxpRAfGtwbsyMpKRtEaNYB5ijo5nzWLnvOqmwuTTU/KuZUrScjG9l7ssKn7LQso6HdjK Kp8UW0NkCD0Rw3X9ZBLL/SLGShI95x6EcMnS1zZTNj17mRCYbH/be2DmXQrjsd+D7PAlNv wgZI8BSwFG7zP5KeckoR+VuiIy4onUGtfjAhikmREk6z3qyIiNbo6h23jrU8gw== Received: from [IPV6:2601:5c0:4200:b830:acf4:e2b:3120:f19] (unknown [IPv6:2601:5c0:4200:b830:acf4:e2b:3120:f19]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WYw292ndlz1B14; Wed, 31 Jul 2024 14:48:17 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Message-ID: <281e4030-565c-41be-9fcd-401db30e7ff8@FreeBSD.org> Date: Wed, 31 Jul 2024 10:48:15 -0400 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: aesni_load present in /boot/loader.conf on arm64 Content-Language: en-US To: freebsd-current@freebsd.org References: From: John Baldwin Cc: Allan Jude , Mark Johnston In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 7/31/24 08:15, void wrote: > Hi, > > Looking at man 4 aesni it appears this pertains to intel and AMD only? > is its prescence on arm64 a bug? > > It seems to be added to /boot/loader.conf by default. > > The method I used to install is to boot to the latest snapshot at > the time, then plug in a usb3 disk, ran bsdinstall to that disk, > rebooted (this booted initially to the installer image), mounted the > msdos partition on /mnt. moved the /boot/efi/efi from the installed-to > disk out of the way, copied everything in /mnt to /boot/efi, > moved the /boot/efi/efi back to where it originally was, halted the machine and > removed the installer image. This was to achieve zfs-on-root. > > Maybe something about the way I installed meant aesni was added? Looks like bsdinstall hardcodes aesni without doing an architecture check for both ZFS and geli. Probably the bits of the zfsboot script referencing aesni need to switch on the architecture. The trick is that depending on the architecture you may want to load more than one module. For 14 I think you could get by with something like: crypto_kld() { case `uname -m` in amd64|i386) echo "aesni" ;; arm64) echo "armv8crypto" ;; *) echo "" } Then in the other parts of zfsboot call this function and treat it as a list of modules. On main I think you would want 32-bit arm and powerpc64 to list ossl, and you might want to include ossl for x86 and arm64 as well (eventually ossl should replace aesni and armv8crypto IMO). Side topic: the ossl(4) manpage in main is stale and needs to be updated to reflect armv7 and powerpc64 support. I'm not sure yet if it supports AES-GCM for armv8 as well. -- John Baldwin