Page MenuHomeFreeBSD

Add WITH_LOADER_VERIEXEC_VECTX description
ClosedPublic

Authored by brooks on Mar 9 2023, 6:55 PM.
Tags
None
Referenced Files
F133183884: D39002.diff
Thu, Oct 23, 6:33 PM
Unknown Object (File)
Fri, Oct 10, 7:20 AM
Unknown Object (File)
Fri, Oct 10, 1:28 AM
Unknown Object (File)
Fri, Oct 10, 1:27 AM
Unknown Object (File)
Fri, Oct 10, 1:27 AM
Unknown Object (File)
Fri, Oct 10, 1:27 AM
Unknown Object (File)
Thu, Oct 9, 11:43 PM
Unknown Object (File)
Thu, Oct 9, 9:06 PM
Subscribers

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 50253
Build 47145: arc lint + arc unit

Event Timeline

brooks requested review of this revision.Mar 9 2023, 6:55 PM
tools/build/options/WITH_LOADER_VERIEXEC_VECTX
3

"thus verifying" sounds to me like it implies that hashing implies verification which is a little confusing, maybe hashing and verifying? But TBH I don't quite understand what this option is :)

5–7

makeman generates some variants of this automatically (although it will probably be the inverse, that WITHOUT_LOADER_VERIEXEC forces WITHOUT_LOADER_VERIEXEC_VECTX)

tools/build/options/WITH_LOADER_VERIEXEC_VECTX
3

I copied this text from @sjg's comment on the PR, but I agree "hashing and verifying" is more straightforward.

5–7

I think the implication is that it's a no-op without WITH_LOADER_VERIEXEC. There's kind of a gap in the framework here in that only WITHOUT_LOADER_VERIEXEC_VECTX is generally useful to set since it's effectively the default unless WITH_LOADER_VERIEXEC is set.

The generated stuff is IMO mostly noise (the .Bl block after the line mentioning WITH_BEARSSL):

.It Va WITH_LOADER_VERIEXEC
Enable building
.Xr loader 8
with support for verification similar to Verified Exec.
.Pp
Depends on
.Va WITH_BEARSSL .
When set, these options are also in effect:
.Pp
.Bl -inset -compact
.It Va WITH_LOADER_EFI_SECUREBOOT
(unless
.Va WITHOUT_LOADER_EFI_SECUREBOOT
is set explicitly)
.It Va WITH_LOADER_VERIEXEC_VECTX
(unless
.Va WITHOUT_LOADER_VERIEXEC_VECTX
is set explicitly)
.El

OK, we can always adjust as we fine-tune makeman (ref. discussion of duplicate options etc. taking place on the commits mailing list)

This revision is now accepted and ready to land.Mar 9 2023, 7:39 PM
This revision was automatically updated to reflect the committed changes.
brooks marked an inline comment as done.