Page MenuHomeFreeBSD

Add uefisign and friends to MK_EFI
ClosedPublic

Authored by sbruno on Apr 26 2018, 5:36 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 17, 10:05 AM
Unknown Object (File)
Mon, Oct 13, 11:23 PM
Unknown Object (File)
Tue, Oct 7, 12:50 AM
Unknown Object (File)
Mon, Sep 29, 8:34 PM
Unknown Object (File)
Sep 19 2025, 11:21 PM
Unknown Object (File)
Sep 16 2025, 4:54 PM
Unknown Object (File)
Sep 16 2025, 4:58 AM
Unknown Object (File)
Sep 15 2025, 8:57 AM
Subscribers
None

Details

Summary

Yet another knob for making our distro that much smaller.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

while you're here, maybe it's time to do the uefisign -> efisign with a legacy link.

This revision is now accepted and ready to land.Apr 26 2018, 5:39 PM
In D15211#320576, @imp wrote:

while you're here, maybe it's time to do the uefisign -> efisign with a legacy link.

I'm not sure what you mean. I don't know anything about efisign (is it a stable/11 file)?

In D15211#320576, @imp wrote:

while you're here, maybe it's time to do the uefisign -> efisign with a legacy link.

I'm not sure what you mean. I don't know anything about efisign (is it a stable/11 file)?

Rename uefisign to efisign and create a compat link back to uefisign so that we have consistent names for efi* applications. =)

Regenerate after some of the pkg base stuff hit the tree.

This revision now requires review to proceed.May 30 2018, 4:20 PM
In D15211#320576, @imp wrote:

while you're here, maybe it's time to do the uefisign -> efisign with a legacy link.

Huh? I don't know what this means. :-( Was there a time when there was an "efisign" binary and we haven't cleaned it up?

No, we've always just used efiFOO for the efi programs.

In D15211#329987, @imp wrote:

No, we've always just used efiFOO for the efi programs.

Oh, so you're saying that "uefisign" should be a symlink to efisign? I don't know the background here.

In D15211#329987, @imp wrote:

No, we've always just used efiFOO for the efi programs.

Oh, so you're saying that "uefisign" should be a symlink to efisign? I don't know the background here.

Yeah, we had efi in the loader from before UEFI existed, and now also have efibootmgr, efidp and efivar userland binaries.

In D15211#329987, @imp wrote:

No, we've always just used efiFOO for the efi programs.

Oh, so you're saying that "uefisign" should be a symlink to efisign? I don't know the background here.

Yeah, we had efi in the loader from before UEFI existed, and now also have efibootmgr, efidp and efivar userland binaries.

Ok, can someone else who knows more about this take that as an action item? I just want to get this knob into base so I don't have to load a 96MB ramdisk over TFTP.

share/examples/Makefile
34 ↗(On Diff #43142)

No corresponding conditional LDIRS+=uefisign?

Ok, can someone else who knows more about this take that as an action item?

Yes, just go ahead without worrying about efi vs uefi in this review.

For reference I think the history is:

  1. We had EFI support in the loader to support ia64 long before UEFI existed
  2. uefisign was added to support UEFI secure boot, which did not exist in EFI
  3. other efi* tools were added for EFI variables etc. - these things did exist in EFI, but were just not implemented in FreeBSD until long after UEFI existed
usr.sbin/Makefile
124 ↗(On Diff #43142)

I am now seriously confused. After building my image I still have these three tools in my install directory. Something isn't right.

Add missing LDIRS for uefisign

Exclude MK_EFI things if OPENSSL is unset with some better
syntax.

um

WITHOUT_EFI="YES" seems to do nothing.

root@lab:/home/sbruno/bsd/fbsd_head # env | grep SRCCONF
SRCCONF=/home/sbruno/bsd/src.conf.efitest
root@lab:/home/sbruno/bsd/fbsd_head # cat ${SRCCONF}
WTTHOUT_EFI="YES"
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old DESTDIR=/tftpboot/netboot
>>> Removing old files (only deletes safe to delete libs)
>>> Old files removed
>>> Removing old directories
>>> Old directories removed
To remove old libraries run 'make delete-old-libs'.
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old MK_EFI=no DESTDIR=/tftpboot/netboot                                                                                                                                                    
>>> Removing old files (only deletes safe to delete libs)
remove /tftpboot/netboot/usr/sbin/efibootmgr?
usr.sbin/Makefile
124 ↗(On Diff #43212)

No. This isn't correct. You want to just add:

.if ${MK_OPENSSL} != "no"
SUBDIR.${MK_EFI}+= uefisign
.endif

hrm ... WITH_EFI="NO" has zero effect as well. So, I'm stumped.

root@lab:/home/sbruno/bsd/fbsd_head # setenv SRCCONF /home/sbruno/bsd/src.conf.efitest
root@lab:/home/sbruno/bsd/fbsd_head # env | grep SRCCONF
SRCCONF=/home/sbruno/bsd/src.conf.efitest
root@lab:/home/sbruno/bsd/fbsd_head # cat ${SRCCONF}
WTTH_EFI="NO"
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old DESTDIR=/tftpboot/netboot
>>> Removing old files (only deletes safe to delete libs)
>>> Old files removed
>>> Removing old directories
>>> Old directories removed
To remove old libraries run 'make delete-old-libs'.
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old MK_EFI=no DESTDIR=/tftpboot/netboot                                                                                                                                                    
>>> Removing old files (only deletes safe to delete libs)
remove /tftpboot/netboot/usr/sbin/efibootmgr?

Is setting it in the environment expected to work? What about make SRCCONF=/foo/bar/baz ...?

Don't nuke *all* the efi tools if OPENSSL isn't installed. (imp)

Is setting it in the environment expected to work? What about make SRCCONF=/foo/bar/baz ...?

Yah, __MAKE_CONF in the evironment is works too.

Ok, wow.

root@lab:/home/sbruno/bsd/fbsd_head # env | grep SRCCONF
SRCCONF=/home/sbruno/bsd/src.conf.efitest
root@lab:/home/sbruno/bsd/fbsd_head # cat ${SRCCONF}
WTTHOUT_EFI="YES"
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old DESTDIR=/tftpboot/netboot
>>> Removing old files (only deletes safe to delete libs)
>>> Old files removed
>>> Removing old directories
>>> Old directories removed
To remove old libraries run 'make delete-old-libs'.
root@lab:/home/sbruno/bsd/fbsd_head # make delete-old MK_EFI=no DESTDIR=/tftpboot/netboot                                                                                                                                                    
>>> Removing old files (only deletes safe to delete libs)
remove /tftpboot/netboot/usr/sbin/efibootmgr?

Note that WTTHOUT_EFI="YES" is not WITHOUT_EFI="YES"

Damn fonts.

This all works as it should now.

tools/build/mk/OptionalObsoleteFiles.inc
1618–1621 ↗(On Diff #43233)

sort in alpha order

This revision is now accepted and ready to land.Jun 19 2018, 7:10 PM
This revision was automatically updated to reflect the committed changes.