From owner-svn-src-head@freebsd.org Mon Mar 9 06:11:08 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 03D64259114; Mon, 9 Mar 2020 06:11:08 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48bSX92Yqlz3G3S; Mon, 9 Mar 2020 06:11:04 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1583734260; bh=jwZAb1bsetxz2T9nVH067T0TYlaEqtdXEfuORz+MSHs=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References; b=dOXjc/NHRh5Mx8i8G7aCjNoVl+6QF2Mzu9PWFBBrVDmP9B1n5Dhj/wNNnIvP5mfJw Lfc8+drRrMao7J57EObdYIH4iQqib0MPGvI3o2/8d9qDDSsvqR3suT2JBE1RjueHNY 0cZwADwEQpMUniILAkRCgCeFCmKWwGABQ1wDronI= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from freyja ([79.192.162.249]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MCbEf-1j2hN80xHP-009cza; Mon, 09 Mar 2020 07:05:57 +0100 Date: Mon, 9 Mar 2020 07:05:46 +0100 From: "O. Hartmann" To: "Simon J. Gerraty" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 st... Message-ID: <20200309070540.7b3c9ce6@freyja> In-Reply-To: <202003081742.028HghCd086246@repo.freebsd.org> References: <202003081742.028HghCd086246@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:Uc++ZlipL9YNh+SJSCezatTCI86bwMnF8JzpGgweYmJP4+2/eyi kH4k0x0rnRT2NBv8tZtPVqlLZo0oIbuZTLJjZpXZWZdSJ2ivp0a796hhSGVFptYvUWNzF0x NAm3GcrOAzpo423X/fzCRvFgDx4SXFnEIl3aj+4wyqFOly/BngbJCQMJ9trIzuEYM8HcjHC 1mSY3OHqBom5XIBSis9UQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:OlsBZ11gDS0=:mJ/6HFUZwuOIQAHReirQru 2bv/aw4BHwGhxjY95tBf8yQmAwv6ucyleTMk8S2ENKtFqH2LSVDRP8/wdtM1Uag0WsHFVOJ1Q URH/5fRnXbwbElWXbs7KWwH5A2+Z/KtH3G9JuwLBjkbRbwvJSLogpowcewlROCjGFnYOZstwv RgREbW9UabY3blli3WtUX+G9ecOV2unWF6BVcEFxrHHQc4V4y0PnV42BgI833wUyUEWOBntpU mpyf+jKyZW8War5bfToUzNjTlGLT7jP6znUt5LTUtteD6jBvBOQkXtIlBcNp56LBP8KTp0cc5 khkpX16Umjw7I2xDhpo25ve8BDrKn+s3vENpgKcVc43Fris/HVeLs2en5Vhtj4aJlYjnFxMk4 DkMs5gSo2maqPofR5uP1r27BnQ4JEHiiWcQeQb+eDCo5GINeF0RVHL026xmNp8npzMkvycSz2 cwty2XsXLwd3wTX5dKTD19FbuBwKTvA4bmXuM0h19sY2Xk44GJvyaaEZGWKSvidcdxW9tK3Z9 0MbWdB7y+Ly5fhWw1T1P886QmgJ10vIaU6ds48YQ07CDGaOWdpT3W5K+OaJJ6JOWxNoHqbOJS 5kAFA6FoFO7KtTiRa9tqRpm3Gx6gpK3lBKyj1rrTZpH7JAlRwmXQTi2wZwS27FnmjK9NSKOrQ mqNp0I148kQxuHv7SPbtbqNI9TKVY8EP5/Gk6trdyJyNYm+iq964oZgPdU0g6pwvELcfkB02g TKL61YnY2vowV6DHdEwAtQZdaNDdTKjrEtWeau4R0u2wwIJCpOOhX9erJ6V5dwe0Gi6Evjmci iaAAJ6GbpyHg+osCOlDvdGGHd4J8Y04H/eXydg++9XbjXQPux6RBtTdFMGULzWL1gvH1GQUKI O6gUquoRyqAYKw9XuMjQshEKbLtySzwhpsj/vnK5GTRpOlcOdlJMj4iWfXhn78G7jDjeQZ0cM CmXOSYtgTwxvmIbTNx8flj6VPWsPyhjgsbKdqzQFzkBV+e9/TrrjWgCcEBcfNb32lBPiozzy5 aALDsLuZXA7Hc46PbPPlviAHtUGwz9vqhiyMhRpOwFQSXCdjj6yDJWLnI/mIZ7DVUp56TKX3W KUmNme7sx4f/ZYJb62QsOvTnO5UtoSaWJOUnwkr/LHp1AuwqtyVl4/WPQigkLpz+y1Yfphncf nfH2WNVbEH7/stTrSZzbkLeTD2IAoWkja387ZsdBLu48Q53fi43ZyIxrVAod17kK27V759xXx FYgYDH/wDlUCN13jO X-Rspamd-Queue-Id: 48bSX92Yqlz3G3S X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=dOXjc/NH; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.15.19) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [-2.95 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; RECEIVED_SPAMHAUS_PBL(0.00)[249.162.192.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[walstatt.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-1.12)[ip: (-6.65), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.17), country: DE(-0.02)]; DKIM_TRACE(0.00)[gmx.net:+]; NEURAL_HAM_MEDIUM(-0.92)[-0.922,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[19.15.227.212.list.dnswl.org : 127.0.3.1]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2020 06:11:08 -0000 On Sun, 8 Mar 2020 17:42:43 +0000 (UTC) "Simon J. Gerraty" wrote: > Author: sjg > Date: Sun Mar 8 17:42:42 2020 > New Revision: 358744 > URL: https://svnweb.freebsd.org/changeset/base/358744 > > Log: > veloader use vectx API for kernel and modules > > The vectx API, computes the hash for verifying a file as it is read. > This avoids the overhead of reading files twice - once to verify, then > again to load. > > For doing an install via loader, avoiding the need to rewind > large files is critical. > > This API is only used for modules, kernel and mdimage as these are the > biggest files read by the loader. > The reduction in boot time depends on how expensive the I/O is > on any given platform. On a fast VM we see 6% improvement. > > For install via loader the first file to be verified is likely to be t= he > kernel, so some of the prep work (finding manifest etc) done by > verify_file() needs to be factored so it can be reused for > vectx_open(). > > For missing or unrecognized fingerprint entries, we fail > in vectx_open() unless verifying is disabled. > > Otherwise fingerprint check happens in vectx_close() and > since this API is only used for files which must be verified > (VE_MUST) we panic if we get an incorrect hash. > > Reviewed by: imp,tsoome > MFC after: 1 week > Sponsored by: Juniper Networks > Differential Revision: https://reviews.freebsd.org//D23827 > > Modified: > head/lib/libsecureboot/h/libsecureboot.h > head/lib/libsecureboot/h/verify_file.h > head/lib/libsecureboot/tests/tvo.c > head/lib/libsecureboot/vectx.c > head/lib/libsecureboot/verify_file.c > head/share/mk/src.opts.mk > head/stand/common/bootstrap.h > head/stand/common/interp_forth.c > head/stand/common/interp_simple.c > head/stand/common/load_elf.c > head/stand/common/load_elf_obj.c > head/stand/common/misc.c > head/stand/common/module.c > head/stand/efi/loader/arch/i386/i386_copy.c > head/stand/efi/loader/copy.c > head/stand/efi/loader/loader_efi.h > head/stand/efi/loader/main.c > head/stand/ficl/loader.c > head/stand/i386/libi386/i386_copy.c > head/stand/i386/libi386/libi386.h > head/stand/i386/loader/chain.c > head/stand/libofw/libofw.h > head/stand/libofw/ofw_copy.c > head/stand/loader.mk > head/stand/mips/beri/loader/arch.c > head/stand/powerpc/kboot/main.c > head/stand/uboot/lib/copy.c > head/stand/uboot/lib/libuboot.h > head/stand/userboot/userboot/copy.c > head/stand/userboot/userboot/libuserboot.h > > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org" [... deleted ...] buildworld seems to be broken on this commit: [...] =2D-- all_subdir_stand --- =2D-- lstd.o --- /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function c= all, expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { ~~~~~~~~~~~ ^ /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' decla= red here int verify_file(int, const char *, off_t, int, const char *); ^ 1 error generated. [...] Building host is CURRENT, FreeBSD 13.0-CURRENT #118 r358695: Fri Mar 6 12:48:00 CET 2020 amd64: kind regards, oh