Page MenuHomeFreeBSD
Differential D46211

loader: Document that WITH_BEARSSL may need other tweaks
ClosedPublic
Actions

Authored by imp on Aug 2 2024, 4:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 4:33 AM
Unknown Object (File)
Mon, Oct 28, 6:21 AM
Unknown Object (File)
Oct 4 2024, 1:31 AM
Unknown Object (File)
Oct 2 2024, 8:56 PM
Unknown Object (File)
Oct 2 2024, 7:47 PM
Unknown Object (File)
Oct 2 2024, 5:07 PM
Unknown Object (File)
Oct 2 2024, 11:30 AM
Unknown Object (File)
Oct 1 2024, 3:42 PM
View All 31 Files
Subscribers
dab

Details

Reviewers
markj
sjg
stevek
Commits
rGb013b81a03ba: loader: Document that WITH_BEARSSL may need other tweaks
rG7ee781e2bfc2: loader: Document that WITH_BEARSSL may need other tweaks
Summary

/boot/loader is right up aginst the 500k limit we have to make sure
everything works in a wide variety of environments. However, adding
WITH_BEARSSL can push it over the edge since we are so close to the
limit with it enabled. One may also need to increase LOADERSIZE when
enabling it. It's often safe to go much higher, especially when you
don't plan on using pxeldr. Document this trade off here.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

imp created this revision.Aug 2 2024, 4:34 PM
Herald added a subscriber: dab. · View Herald TranscriptAug 2 2024, 4:34 PM
imp requested review of this revision.Aug 2 2024, 4:34 PM
Harbormaster completed remote builds in B58921: Diff 141741.Aug 2 2024, 4:34 PM
markj accepted this revision.Aug 2 2024, 4:44 PM

This is fine with me, thank you. I was just trying to debug a veriexec problem that was reported to me, and found that while a WITH_BEARSSL= build succeeded yesterday, it failed today, so I just wanted to let you know. I don't have strong opinions on the right way to handle it.

tools/build/options/WITH_BEARSSL
15

I'd maybe clarify that this applies specifically to x86 platforms.

This revision is now accepted and ready to land.Aug 2 2024, 4:44 PM
markj added reviewers: sjg, stevek.Aug 2 2024, 4:44 PM
imp updated this revision to Diff 141756.Aug 2 2024, 11:37 PM

update per review, mostly ldr->boot

This revision now requires review to proceed.Aug 2 2024, 11:37 PM
Harbormaster completed remote builds in B58926: Diff 141756.Aug 2 2024, 11:37 PM
sjg accepted this revision.Aug 2 2024, 11:59 PM

FWIW this is why we are stuck on using 4th ;-). LOADER_VERIEXEC is more important to us than LUA

This revision is now accepted and ready to land.Aug 2 2024, 11:59 PM
imp added a comment.Aug 3 2024, 12:02 AM
In D46211#1053759, @sjg wrote:

FWIW this is why we are stuck on using 4th ;-). LOADER_VERIEXEC is more important to us than LUA

Yea... I'd heard... Looking for ways to trim BIOS loader, but so far, I've had trouble reclaiming more than a k or two.

imp added inline comments.Aug 3 2024, 12:15 AM
tools/build/options/WITH_BEARSSL
15

I did for pxeboot. I'm not sure the details here.

Closed by commit rG7ee781e2bfc2: loader: Document that WITH_BEARSSL may need other tweaks (authored by imp). · Explain WhyAug 6 2024, 11:30 PM
This revision was automatically updated to reflect the committed changes.
imp added a commit: rG7ee781e2bfc2: loader: Document that WITH_BEARSSL may need other tweaks.
imp added a commit: rGb013b81a03ba: loader: Document that WITH_BEARSSL may need other tweaks.Aug 13 2024, 5:32 PM

Revision Contents
Changeset List

PathSize
tools/
build/
options/
19 lines
2 lines

Diff 141873

View Options

tools/build/options/WITH_BEARSSL

Loading...
View Options

tools/build/options/WITH_LOADER_VERIEXEC

Loading...