Page MenuHomeFreeBSD

kern: add an option for preserving the early kenv

Authored by kevans on Jun 20 2021, 8:57 PM.



Some downstream configurations do not store secrets in the
early (loader/static) environments and desire a way to preserve these
for diagnostic reasons. Provide an option to do so.

Diff Detail

R10 FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb added inline comments.

Given there's only a single option, I don't know that we need this single-line header. I don't really anticipate a large number of kenv options that warrant a header.


I would drop "theoretically" as it's too dismissive. One could perhaps say, "potentially" but that's only slightly better. If we wanted to provide a caveat I think the caveat should explain which situations aren't insecure. For example, something like "This option is insecure except in controlled environments where the static environment's contents are known to be safe."

This revision is now accepted and ready to land.Jun 21 2021, 4:37 PM
kevans marked 2 inline comments as done.

Address commentary from jhb

This revision now requires review to proceed.Jun 27 2021, 3:07 AM
This revision is now accepted and ready to land.Jun 27 2021, 3:09 AM