If you have time, could you refresh this, I'd like to look at it again.

In D7600#229139, @delphij wrote:

Thanks for the work! (I thought this was already landed last year :)

The change looks good to me (and I appreciate it as a step forward -- duplicated copies of cryptographic code is a big headache for us) overall.

(Totally optional: I wonder if the cryptoboot library could be folded into libstand? Or is there some specific reasons we have to create a new library instead? I'm asking because doing so would avoid building it multiple times, and the license of the source are all BSD compatible.)

I did not want to push it too hastily, one thing is the same concern about if it is good to have separate lib - the problem there is all this mess with options to pick/drop the features and for first step I just wanted to make it (libcryptoboot) very visible, so that maybe some better ideas will pop. The second issue is really about the build options (-Os versus -Oz). And then we have the alternate platforms next to x86:)

So in an sense, it still may be good idea to split this patch more. The libstand by itself does not really help about multiple builds, because we need 32-bit for bios and 64 (+32 in future?) for UEFI, + one for userboot (bhyve). But in any case, I did name it an experiment for purpose:)