kern: add an option for preserving the early kenv
ClosedPublic
Actions

Authored by kevans on Jun 20 2021, 8:57 PM.

Details

Reviewers

mhorne
allanjude
jah
jhb
imp

Group Reviewers

NetApp

Commits

rG7a129c973b5b: kern: add an option for preserving the early kenv

Summary

Some downstream configurations do not store secrets in the
early (loader/static) environments and desire a way to preserve these
for diagnostic reasons. Provide an option to do so.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kevans created this revision.Jun 20 2021, 8:57 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 20 2021, 8:57 PM

kevans requested review of this revision.Jun 20 2021, 8:57 PM

Harbormaster completed remote builds in B40005: Diff 91147.Jun 20 2021, 8:57 PM

kevans added a child revision: D30835: kenv: allow listing of static kernel environments.Jun 20 2021, 8:57 PM

allanjude added a subscriber: NetApp.Jun 21 2021, 3:16 PM

jhb accepted this revision.Jun 21 2021, 4:37 PM

jhb added inline comments.

sys/conf/options
1025	Given there's only a single option, I don't know that we need this single-line header. I don't really anticipate a large number of kenv options that warrant a header.
1029	I would drop "theoretically" as it's too dismissive. One could perhaps say, "potentially" but that's only slightly better. If we wanted to provide a caveat I think the caveat should explain which situations aren't insecure. For example, something like "This option is insecure except in controlled environments where the static environment's contents are known to be safe."