GELI BIOS weirdness

Eric McCorkle eric at metricspace.net
Mon Feb 13 21:44:11 UTC 2017 

On 02/13/2017 16:37, Dimitry Andric wrote:
> Yeah, but I'm interested in the symbols, otherwise it becomes hard to
> follow.  Also, I've looked at my own copy of gptboot.o, and it doesn't
> contain those bytes at all.  That said, my gptboot sources also don't
> have the lines:

What version of the compiler are you using?

Mine:

$ clang --version
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on
LLVM 3.8.0)
Target: x86_64-unknown-freebsd12.0
Thread model: posix
InstalledDir: /usr/bin


> 
>   if (!(sc->sc_flags & G_ELI_FLAG_AUTH))
>          sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize);
>   else {
> 
> The only use of G_ELI_FLAG_AUTH is in sys/boot/geli/geliboot.c:
> 
>                 /* Store the keys */
>                 bcopy(mkey, geli_e->sc.sc_mkey, sizeof(geli_e->sc.sc_mkey));
>                 bcopy(mkey, geli_e->sc.sc_ivkey, sizeof(geli_e->sc.sc_ivkey));
>                 mkp = mkey + sizeof(geli_e->sc.sc_ivkey);
>                 if ((geli_e->sc.sc_flags & G_ELI_FLAG_AUTH) == 0) {
>                         bcopy(mkp, geli_e->sc.sc_ekey, G_ELI_DATAKEYLEN);
>                 } else {
> 
> but the assembly for the rest of the geli_attach() function looks pretty
> reasonable.
> 
> -Dimitry
> 
>> On 13 Feb 2017, at 22:32, Conrad Meyer <cem at freebsd.org> wrote:
>> "objdump -D -b binary -Mx86-64 -mi386 foo.bin" should work fine (no
>> symbols, though...).
>>
>> Best,
>> Conrad
>>
>> On Mon, Feb 13, 2017 at 1:16 PM, Dimitry Andric <dim at freebsd.org> wrote:
>>> On 13 Feb 2017, at 21:58, Eric McCorkle <eric at metricspace.net> wrote:
>>>>
>>>> On 02/13/2017 15:36, Dimitry Andric wrote:
>>>>
>>>>> This disassembles to:
>>>>>
>>>>>  0:   66 0f 38 f6 f0          adcx   %eax,%esi
>>>>>  5:   31 c6                   xor    %eax,%esi
>>>>>  7:   8b 4d 14                mov    0x14(%ebp),%ecx
>>>>>  a:   89 cf                   mov    %ecx,%edi
>>>>>  c:   c1 ff 1f                sar    $0x1f,%edi
>>>>>  f:   8b                      .byte 0x8b
>>>>
>>>> Note that this was truncated, so the sar and .byte are probably a
>>>> truncated instruction.
>>>>
>>>> Also, when I had printfs in place, I could see the call instructions.
>>>>
>>>>> My first guess would be that the code simply jumped into garbage.  But
>>>>> can you post the complete .o file somewhere for inspection?
>>>>
>>>> Attached.
>>>> <gptboot>
>>>
>>> Can you please post the file before it's been stripped and objcopied
>>> from ELF to binary format?  That makes it a lot easier to disassemble
>>> and analyze... :)
>>>
>>> -Dimitry
>>>
>> _______________________________________________
>> freebsd-hackers at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170213/ee11ac70/attachment-0001.sig>

More information about the freebsd-hackers mailing list