bsdinstall: Stop loading cryptodev for ZFS installations
ClosedPublic
Actions

Authored by markj on May 8 2024, 3:11 PM.

Details

Reviewers

des
allanjude
kevans

Commits

rGffbaa453c191: bsdinstall: Stop loading cryptodev for ZFS installations

Summary

zfs doesn't actually depend on cryptodev, and most arm64 kernel configs include std.dev, which includes "device crypto" anyway.
This config works around a problem with kldxref, not with the loader, and this is believed to be fixed.
Loading cryptodev creates /dev/crypto, which gives unprivileged users access to the kernel's opencrypto framework. Very few applications need it, so we're needlessly increasing the kernel's surface area.

Thus, stop auto-loading cryptodev.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 57618
Build 54506: arc lint + arc unit

Event Timeline

markj created this revision.May 8 2024, 3:11 PM

Herald added subscribers: jrtc27, imp. · View Herald TranscriptMay 8 2024, 3:11 PM

Harbormaster completed remote builds in B57618: Diff 138254.May 8 2024, 3:11 PM

markj requested review of this revision.May 8 2024, 3:11 PM

des accepted this revision.May 8 2024, 3:16 PM

This revision is now accepted and ready to land.May 8 2024, 3:16 PM

allanjude accepted this revision.May 8 2024, 3:16 PM

kevans accepted this revision.May 8 2024, 3:17 PM

You might want to clarify the first bullet point in the commit message: the second part of the sentence seems like a non sequitur or a typo if the reader does not realize that zfs depends on crypto, which is different from cryptodev.

Closed by commit rGffbaa453c191: bsdinstall: Stop loading cryptodev for ZFS installations (authored by markj). · Explain WhyMay 8 2024, 4:11 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGffbaa453c191: bsdinstall: Stop loading cryptodev for ZFS installations.