Page MenuHomeFreeBSD

kern: add an option for preserving the early kenv
ClosedPublic

Authored by kevans on Jun 20 2021, 8:57 PM.

Details

Summary

Some downstream configurations do not store secrets in the
early (loader/static) environments and desire a way to preserve these
for diagnostic reasons. Provide an option to do so.

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb added inline comments.
sys/conf/options
1024

Given there's only a single option, I don't know that we need this single-line header. I don't really anticipate a large number of kenv options that warrant a header.

1028

I would drop "theoretically" as it's too dismissive. One could perhaps say, "potentially" but that's only slightly better. If we wanted to provide a caveat I think the caveat should explain which situations aren't insecure. For example, something like "This option is insecure except in controlled environments where the static environment's contents are known to be safe."

This revision is now accepted and ready to land.Jun 21 2021, 4:37 PM
kevans marked 2 inline comments as done.

Address commentary from jhb

This revision now requires review to proceed.Jun 27 2021, 3:07 AM
This revision is now accepted and ready to land.Jun 27 2021, 3:09 AM