From owner-freebsd-current@freebsd.org Thu Feb 22 06:18:45 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0605DF061ED for ; Thu, 22 Feb 2018 06:18:45 +0000 (UTC) (envelope-from tommi.pernila@gmail.com) Received: from mail-qt0-f177.google.com (mail-qt0-f177.google.com [209.85.216.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 800A36EACC; Thu, 22 Feb 2018 06:18:44 +0000 (UTC) (envelope-from tommi.pernila@gmail.com) Received: by mail-qt0-f177.google.com with SMTP id c19so5044612qtm.7; Wed, 21 Feb 2018 22:18:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2GK3sqi4DajJglAPwj8DGxb16guKB/KTSfOtza+GQSs=; b=dp3/B6bDrlAmyVXIbH4yv4PuHeZOeUckCG2DFtd7MuWGprX/ZrySNJvy4r7uDsY2rj 2V295vZr4VIJXxYHHZYZcuwLVVyCQ0v1mJtADgUdF+Ei+4MQBUQHT7wiGifNZo/54w/u 9kfUftvd9lnGiz4GsFiyxddPBfS5SX3wmaF1AaN0YZGfuN8w9iEyOFGEYsOD7A+QTShV IwAuKG2n9eYBgztAP8Z9+ph0ZyIV2kq38KaDKrdHcVTDt3o0oJWq+uXjY4iyHRXlv2Ch 0jXv0vhrfDZ6I5klIn+VXQuA9d4dq7rP87g0kQOKtuboMquKsArdM/33nqCMByKvvAk7 JJRw== X-Gm-Message-State: APf1xPA/Iq75/kB+eAJDzFpPo6aaMTPQn149ZPj3fL+cN5vcJu2+EQOe em3KYGNJe8a4XbHj4iywjdbkfq58fwdC7TNBBSY= X-Google-Smtp-Source: AH8x2255XO3fvjPBJgBGr885X56wcQZQ37+D5XeSAlbdDMrzahK1RzgQ1MmrTZi0TjoWP8HBqJ7JJeF+C8iNWaxwTlo= X-Received: by 10.237.62.26 with SMTP id l26mr9080264qtf.143.1519280317615; Wed, 21 Feb 2018 22:18:37 -0800 (PST) MIME-Version: 1.0 References: <0e75a2ba-9a59-8301-a678-68a822025bd6@metricspace.net> <9df63df2-9d61-4106-f360-347411869b41@metricspace.net> In-Reply-To: From: Tommi Pernila Date: Thu, 22 Feb 2018 06:18:26 +0000 Message-ID: Subject: Re: GELI with UEFI supporting Boot Environments goes to HEAD when? To: Eric McCorkle Cc: Warner Losh , "[ScaleEngine] Allan Jude" , freebsd-current , imp@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 06:18:45 -0000 Awesome, thanks for the update and the work that you have done! Now we just need some more reviewers eyes on the code :) Br, Tommi On Thu, 22 Feb 2018 at 2.03, Eric McCorkle wrote: > FYI, I just IFC'ed everything, and the current patches are still fine. > > Also, the full GELI + standalone loader has been deployed on one of my > laptops for some time now. > > On 02/21/2018 18:15, Eric McCorkle wrote: > > The GELI work could be merged at this point, though it won't be usable > > without an additional patch to enable loader-only operation. The > > patches are currently up for review: > > > > This is the order in which they'd need to be merged: > > > > > > https://reviews.freebsd.org/D12732 > > > > This one changes the efipart device. Toomas Soome identified some > > problems, which I have addressed. He has not re-reviewed it, however. > > > > > > https://reviews.freebsd.org/D12692 > > > > This adds some crypto code needed for GELI. It simply adds new code, > > and doesn't conflict with anything. > > > > > > https://reviews.freebsd.org/D12698 > > > > This adds the EFI KMS interface code, and has the EFI loader pass keys > > into the keybuf interface. > > > > > > I can't post the main GELI driver until those get merged, as it depends > > on them. It can be found on the geli branch on my github freebsd > > repository, however. > > > > > > Additionally, you need this patch, which allows loader.efi to function > > when installed directly to the ESP: > > > > https://reviews.freebsd.org/D13497 > > > > On 02/20/2018 22:56, Tommi Pernila wrote: > >> Hi Eric, > >> > >> could you provide a brief update how the work is going? > >> > >> > >> Br, > >> > >> Tommi > >> > >> > >> On Nov 16, 2017 04:29, "Eric McCorkle" >> > wrote: > >> > >> Right, so basically, the remaining GELI patches are against loader, > and > >> most of them can go in independently of the work on removing boot1. > >> There's a unanimous consensus on getting rid of boot1 which > includes its > >> original author, so that's going to happen. > >> > >> > >> For GELI, we have the following (not necessarily in order): > >> > >> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf > >> interactions > >> b) Modifications to the efipart driver > >> c) boot crypto > >> d) GELI partition types (not strictly necessary) > >> > >> Then there's the GELI driver itself. (a) and (c) are good to land, > (b) > >> needs some more work after Toomas Soome pointed out a legitimate > >> problem, and (d) actually needs a good bit more code (but again, > it's > >> more cosmetic). Additionally, the GELI driver will need further > mods to > >> efipart to be written (nothing too big). But we could go ahead > with (a) > >> and (c), as they've already been proven to work. > >> > >> I'd wanted to have this stuff shaped up sooner, but I'm preoccupied > with > >> the 7th RISC-V workshop at the end of the month. > >> > >> Once this stuff is all in, loader should handle any GELI volumes it > >> finds, and it should Just Work once boot1 is gone. > >> > >> > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to " > freebsd-current-unsubscribe@freebsd.org" > > >