From owner-freebsd-hackers@freebsd.org Mon Feb 13 21:44:11 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8A68CDE2F6 for ; Mon, 13 Feb 2017 21:44:11 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (207-172-209-83.c3-0.arl-ubr1.sbo-arl.ma.static.cable.rcn.com [207.172.209.83]) by mx1.freebsd.org (Postfix) with ESMTP id A8D1C1909; Mon, 13 Feb 2017 21:44:11 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 2D6C41E22; Mon, 13 Feb 2017 21:44:05 +0000 (UTC) Subject: Re: GELI BIOS weirdness To: Dimitry Andric , cem@freebsd.org References: <6874308d-8892-2f03-d125-418949fd472c@metricspace.net> <919F6E39-476C-44B5-93EA-447D855921DE@FreeBSD.org> Cc: "freebsd-hackers@freebsd.org" From: Eric McCorkle Message-ID: Date: Mon, 13 Feb 2017 16:44:01 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3u4MwgRJFF54xpWJsp8MJU7gobSBHIpTI" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 21:44:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3u4MwgRJFF54xpWJsp8MJU7gobSBHIpTI Content-Type: multipart/mixed; boundary="9RtrCT0DOsnPc1CG4IihXHPsGfFPOSf0X"; protected-headers="v1" From: Eric McCorkle To: Dimitry Andric , cem@freebsd.org Cc: "freebsd-hackers@freebsd.org" Message-ID: Subject: Re: GELI BIOS weirdness References: <6874308d-8892-2f03-d125-418949fd472c@metricspace.net> <919F6E39-476C-44B5-93EA-447D855921DE@FreeBSD.org> In-Reply-To: --9RtrCT0DOsnPc1CG4IihXHPsGfFPOSf0X Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 02/13/2017 16:37, Dimitry Andric wrote: > Yeah, but I'm interested in the symbols, otherwise it becomes hard to > follow. Also, I've looked at my own copy of gptboot.o, and it doesn't > contain those bytes at all. That said, my gptboot sources also don't > have the lines: What version of the compiler are you using? Mine: $ clang --version FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0) Target: x86_64-unknown-freebsd12.0 Thread model: posix InstalledDir: /usr/bin >=20 > if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) > sc->sc_mediasize -=3D (sc->sc_mediasize % sc->sc_sectorsize); > else { >=20 > The only use of G_ELI_FLAG_AUTH is in sys/boot/geli/geliboot.c: >=20 > /* Store the keys */ > bcopy(mkey, geli_e->sc.sc_mkey, sizeof(geli_e->sc.sc_mk= ey)); > bcopy(mkey, geli_e->sc.sc_ivkey, sizeof(geli_e->sc.sc_i= vkey)); > mkp =3D mkey + sizeof(geli_e->sc.sc_ivkey); > if ((geli_e->sc.sc_flags & G_ELI_FLAG_AUTH) =3D=3D 0) {= > bcopy(mkp, geli_e->sc.sc_ekey, G_ELI_DATAKEYLEN= ); > } else { >=20 > but the assembly for the rest of the geli_attach() function looks prett= y > reasonable. >=20 > -Dimitry >=20 >> On 13 Feb 2017, at 22:32, Conrad Meyer wrote: >> "objdump -D -b binary -Mx86-64 -mi386 foo.bin" should work fine (no >> symbols, though...). >> >> Best, >> Conrad >> >> On Mon, Feb 13, 2017 at 1:16 PM, Dimitry Andric wrot= e: >>> On 13 Feb 2017, at 21:58, Eric McCorkle wrote:= >>>> >>>> On 02/13/2017 15:36, Dimitry Andric wrote: >>>> >>>>> This disassembles to: >>>>> >>>>> 0: 66 0f 38 f6 f0 adcx %eax,%esi >>>>> 5: 31 c6 xor %eax,%esi >>>>> 7: 8b 4d 14 mov 0x14(%ebp),%ecx >>>>> a: 89 cf mov %ecx,%edi >>>>> c: c1 ff 1f sar $0x1f,%edi >>>>> f: 8b .byte 0x8b >>>> >>>> Note that this was truncated, so the sar and .byte are probably a >>>> truncated instruction. >>>> >>>> Also, when I had printfs in place, I could see the call instructions= =2E >>>> >>>>> My first guess would be that the code simply jumped into garbage. = But >>>>> can you post the complete .o file somewhere for inspection? >>>> >>>> Attached. >>>> >>> >>> Can you please post the file before it's been stripped and objcopied >>> from ELF to binary format? That makes it a lot easier to disassemble= >>> and analyze... :) >>> >>> -Dimitry >>> >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.= org" >=20 --9RtrCT0DOsnPc1CG4IihXHPsGfFPOSf0X-- --3u4MwgRJFF54xpWJsp8MJU7gobSBHIpTI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQRELMWN3SgpoYkrmidWwohAqoAEjQUCWKIoogAKCRBWwohAqoAE jRN2AQDQdlFP0fp3/+nN9PLEKXOfT4f9/8ykQPzxW+bLBYDKxwEAuElU7wDWvuU5 DDr1b/XiYpHZuyjtMtlH7C9cVUbwrAU= =z/8/ -----END PGP SIGNATURE----- --3u4MwgRJFF54xpWJsp8MJU7gobSBHIpTI--