Page MenuHomeFreeBSD

loader: Document that WITH_BEARSSL may need other tweaks
ClosedPublic

Authored by imp on Aug 2 2024, 4:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 4:33 AM
Unknown Object (File)
Mon, Oct 28, 6:21 AM
Unknown Object (File)
Oct 4 2024, 1:31 AM
Unknown Object (File)
Oct 2 2024, 8:56 PM
Unknown Object (File)
Oct 2 2024, 7:47 PM
Unknown Object (File)
Oct 2 2024, 5:07 PM
Unknown Object (File)
Oct 2 2024, 11:30 AM
Unknown Object (File)
Oct 1 2024, 3:42 PM
Subscribers

Details

Summary

/boot/loader is right up aginst the 500k limit we have to make sure
everything works in a wide variety of environments. However, adding
WITH_BEARSSL can push it over the edge since we are so close to the
limit with it enabled. One may also need to increase LOADERSIZE when
enabling it. It's often safe to go much higher, especially when you
don't plan on using pxeldr. Document this trade off here.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

imp requested review of this revision.Aug 2 2024, 4:34 PM

This is fine with me, thank you. I was just trying to debug a veriexec problem that was reported to me, and found that while a WITH_BEARSSL= build succeeded yesterday, it failed today, so I just wanted to let you know. I don't have strong opinions on the right way to handle it.

tools/build/options/WITH_BEARSSL
15

I'd maybe clarify that this applies specifically to x86 platforms.

This revision is now accepted and ready to land.Aug 2 2024, 4:44 PM

update per review, mostly ldr->boot

This revision now requires review to proceed.Aug 2 2024, 11:37 PM

FWIW this is why we are stuck on using 4th ;-). LOADER_VERIEXEC is more important to us than LUA

This revision is now accepted and ready to land.Aug 2 2024, 11:59 PM
In D46211#1053759, @sjg wrote:

FWIW this is why we are stuck on using 4th ;-). LOADER_VERIEXEC is more important to us than LUA

Yea... I'd heard... Looking for ways to trim BIOS loader, but so far, I've had trouble reclaiming more than a k or two.

tools/build/options/WITH_BEARSSL
15

I did for pxeboot. I'm not sure the details here.