From owner-freebsd-current@freebsd.org Mon Mar 30 03:04:07 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6443526F387 for ; Mon, 30 Mar 2020 03:04:07 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rHNS0Hdjz45cw; Mon, 30 Mar 2020 03:03:51 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02U2vshQ014030; Sun, 29 Mar 2020 20:03:17 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2108.outbound.protection.outlook.com [104.47.58.108]) by mx0a-00273201.pphosted.com with ESMTP id 3025kpj0rj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 29 Mar 2020 20:03:17 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WyS+8vEHsenKHi5VSOTreiRezwkiITljOcWP/iA3GAfZ8/r/en1mrTsSnH164PQE/K3BjXEYbfbzk54jwZ/2EbSyX6RWyEwhOUhRpjPtaM0JrOjEV7Nx/GfX4jC/wBTkb4XSExDeCZy3TUoDaegRMENrlvrC/rzD9WJtiI/tpDJXavLPGPDebeRmpX7M6PSKjEMrVARxM+FoBEC3cZNEVAXuiIgf1qY+W2PO2wMLfPQRQmzSkJNEEgFyC41PqjF8o+KrFJeQQO/toPp6kbuQ/aa47vsEEgMZbDxtTO2L4f2BJ4UV44hFT2weSWF3Aqh+0abZaAmzze35EX/1IzJBUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QbMJzhYGtZgSh6Uh1VG/BHvdBrrgVh4HrIYvnmCLWsE=; b=nRd7Fx/wA+MUDW9lG2k9fHTCfSopIgJs+1T6zGhgOVh3VCxEzSBn8VVhP6jFur2TiSdu0WQmLG6+Q8Mi95hxcOoqHvalxxdnQFRxm+0aCzJQ6G+9jihvEqx1gnKaFPuTQAUl1rewHVPfJxRlOqPlf9IgmbdY8Q+IwLLduCAM9V7TFf7Obncb2U3NElnZOSHBjPmVtchgAniT43gZjZwx6l056ADc0S1KYELOPvauMABXC+TV4+EzxCTT+9ZmBySk1faNlBkzSTpKUHS+LyXMLuNhyAhSYc3jeoo3PhlBgYhuKGRiFFm1GnaYlkAH6zqsixaf9aJzNpCr+Feqh6NSMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.12) smtp.rcpttodomain=dec.sakura.ne.jp smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none Received: from DM5PR21CA0026.namprd21.prod.outlook.com (2603:10b6:3:ed::12) by BN3PR05MB2755.namprd05.prod.outlook.com (2a01:111:e400:7bb8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Mon, 30 Mar 2020 03:03:14 +0000 Received: from DM3NAM05FT040.eop-nam05.prod.protection.outlook.com (2603:10b6:3:ed:cafe::93) by DM5PR21CA0026.outlook.office365.com (2603:10b6:3:ed::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.0 via Frontend Transport; Mon, 30 Mar 2020 03:03:14 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.12 as permitted sender) Received: from P-EXFEND-EQX-01.jnpr.net (66.129.242.12) by DM3NAM05FT040.mail.protection.outlook.com (10.152.98.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2878.11 via Frontend Transport; Mon, 30 Mar 2020 03:03:13 +0000 Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 29 Mar 2020 20:02:37 -0700 Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sun, 29 Mar 2020 20:02:37 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.23.50.162]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 02U32a3W017078; Sun, 29 Mar 2020 20:02:36 -0700 (envelope-from sjg@juniper.net) Received: by kaos.jnpr.net (Postfix, from userid 1377) id 7FBF43D1F8; Sun, 29 Mar 2020 20:02:36 -0700 (PDT) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 7E1A63D1F7; Sun, 29 Mar 2020 20:02:36 -0700 (PDT) To: Nathan Whitehorn CC: Kyle Evans , Rebecca Cran , Tomoaki AOKI , FreeBSD Current , , Subject: Re: When will the FreeBSD (u)EFI work? In-Reply-To: <675a41c7-46c1-f548-b285-e5ede55db76a@freebsd.org> References: <318FDBAF-448F-4C55-A9A8-69D71A73E43B@me.com> <344e85545cfc47c9835fc5918e5b1dc1@udns.ultimatedns.net> <20200329211137.012a8fd62b58525b027bcfb6@dec.sakura.ne.jp> <40bacb99-d463-cbad-3ccf-b3ddd6856d10@bsdio.com> <675a41c7-46c1-f548-b285-e5ede55db76a@freebsd.org> Comments: In-reply-to: Nathan Whitehorn message dated "Sun, 29 Mar 2020 19:33:49 -0700." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <12697.1585537356.1@kaos.jnpr.net> Date: Sun, 29 Mar 2020 20:02:36 -0700 Message-ID: <16728.1585537356@kaos.jnpr.net> X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.242.12; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFTY:; SFS:(10019020)(4636009)(39860400002)(376002)(346002)(136003)(396003)(46966005)(6266002)(81166006)(70586007)(70206006)(26005)(81156014)(8676002)(107886003)(4326008)(86362001)(47076004)(6916009)(8936002)(4744005)(5660300002)(7126003)(2906002)(316002)(336012)(9686003)(478600001)(356004)(82740400003)(54906003)(7696005)(26826003)(55016002)(186003); DIR:OUT; SFP:1102; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b76608e3-78f4-411b-c937-08d7d456e32c X-MS-TrafficTypeDiagnostic: BN3PR05MB2755: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 0358535363 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P4fn5euVBQbP+cvJDdqe5ACEVY+D952l1N7sz0T+vzkCPz2OC1T6jtWDiZn41XGMNX+pGbkJVGm8ZcvOJcIFhjETM+frsuoDmpug0TqeDrXr7wlAqe2aY2QckO22mP+gn2vzVrjraErh4tSmuLhqo7E0ytDFMVyMqpmV+J7svJSX2a02SIYGLMAZVutwUFQLBOVww4MfgQOLzpl6LOidgzS/WJil0rTjkk06x5g+Xul/9sUCJh8p6q5T/hSYu5YZq1j/9+Qt3qn7XwtrZkrfmG8QOhlahTKdzBzgAtF4NFwxm7sB/DImFn+1YZOqXuQylnhMFhDNIUx+Vq/78anSuEAXPuQdIFnptHFUhazHLxEPEc2ROg2QnPP1fykwYx6lxbQc6PYelXIXTPlrJgfcpryrASVaIlvWXA+VvY/hidsAxZwj3mN1nI9+M355V07y3uV5h0G8v75qQ0O1vA0CeuXvAZKnrhvtRNCHc7odikNdhsYd42/Jes+0ASxG+iG2eijdjft5OowIhK53NJNrMw== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2020 03:03:13.8654 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b76608e3-78f4-411b-c937-08d7d456e32c X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.12]; Helo=[P-EXFEND-EQX-01.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR05MB2755 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-29_10:2020-03-27, 2020-03-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 bulkscore=0 adultscore=0 mlxlogscore=901 phishscore=0 impostorscore=0 malwarescore=0 clxscore=1011 suspectscore=0 mlxscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003300026 X-Rspamd-Queue-Id: 48rHNS0Hdjz45cw X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.78 / 15.00]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[juniper.net:s=PPS1017,juniper.net:s=selector1]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:208.84.65.16]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-1.68)[ip: (-3.95), ipnet: 208.84.65.0/24(-1.97), asn: 26211(-2.43), country: US(-0.05)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[juniper.net:+]; DMARC_POLICY_ALLOW(-0.50)[juniper.net,reject]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_IN_DNSWL_LOW(-0.10)[16.65.84.208.list.dnswl.org : 127.0.3.1]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:26211, ipnet:208.84.65.0/24, country:US]; ARC_ALLOW(-1.00)[i=1]; RCVD_COUNT_SEVEN(0.00)[10]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 03:04:07 -0000 Nathan Whitehorn wrote: > It's basically this that has been the problem: we need a way to manage > updates of the EFI loader in this situation, which we don't currently > have. The ESP needs to be mounted at a standard point, > installworld/freebsd-update/etc. need to know to replace files there, we > need to fall back cleanly on older systems, etc. The original (failed -- Actually if you are doing secure boot, the *last* thing you want is to update /efi/boot with an unsigned update. So I would think it should be done as a unique operation - do you don't do it accidentally. At least that's how I'm handling it for embedded devices.