From owner-freebsd-current@freebsd.org Mon Jul 9 16:28:55 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 597BB1037622 for ; Mon, 9 Jul 2018 16:28:55 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0280177B53; Mon, 9 Jul 2018 16:28:55 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from Ticonderoga.HML3.ScaleEngine.net (senat1-01.HML3.ScaleEngine.net [209.51.186.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: allanjude) by smtp.freebsd.org (Postfix) with ESMTPSA id AB5F0C242; Mon, 9 Jul 2018 16:28:54 +0000 (UTC) (envelope-from allanjude@freebsd.org) Subject: Re: GELI with UEFI supporting Boot Environments goes to HEAD when? To: Ian Lepore , Oliver Pinter , Eric McCorkle Cc: Warner Losh , Tommi Pernila , freebsd-current , Warner Losh References: <0e75a2ba-9a59-8301-a678-68a822025bd6@metricspace.net> <9df63df2-9d61-4106-f360-347411869b41@metricspace.net> <5ba11024-e99b-86e1-48b7-125fb80b4001@metricspace.net> <1531078307.1336.22.camel@freebsd.org> From: Allan Jude Message-ID: <06cb8190-7a04-5c92-8fb9-637d1a80758f@freebsd.org> Date: Mon, 9 Jul 2018 12:28:33 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1531078307.1336.22.camel@freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2018 16:28:55 -0000 I will look at updating the rootgen.sh script this evening, to support creating more flexible ESP partitions, so we can drop the loader.efi into an msdosfs directly. On 07/08/2018 15:31, Ian Lepore wrote: > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote: >> Hi! >> >> Have you or Warner any update on this code? >> >> On Thursday, April 12, 2018, Eric McCorkle >> wrote: >> > > Are you aware of https://reviews.freebsd.org/D15743 ? > > That's my changes to add geli support to loader(8) in an architecture- > agnostic way, so that "it just works" for all platforms and flavors of > loader. It has been succesfully tested on armv6/7 (ubldr) and on x86 > using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The > only variations that aren't tested yet are the uefi flavors, because > the current rootgen.sh script for assembling test images is still using > boot1.efi and I don't know enough about efi myself to update the script > to make it assemble images the new way Warner envisions. > > -- Ian > >>> >>> I'm in the middle of moving to a new apartment right now.  It's >>> going to >>> be a bit before I can get to this. >>> >>> On 04/11/2018 20:31, Warner Losh wrote: >>>> >>>> OK. I've pushed in the main part of it. The additional work I >>>> have >>>> shouldn't affect any of this stuff.  I was going to look at what >>>> part(s) >>>> of your open reviewed needed to be redone tomorrow and send you >>>> feedback, but if you wanted to get a start before then, I'm happy >>>> to >>>> answer questions. All the rest of my work is going to be >>>> selecting the >>>> root partition when we're told to us a specific partition, so >>>> will be >>>> very constrained. >>>> >>>> Warner >>>> >>>> On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle >>> net >>>> > wrote: >>>> >>>>     I think the thing to do at this point is to wait for the >>>> current >>> work on >>>> >>>>     loader.efi to land, then adapt my patches to apply against >>>> that work. >>>> >>>>     On 04/11/2018 15:06, Warner Losh wrote: >>>>     > Still reviewing the code. I'm worried it's too i386 >>>> specific and it >>>>     > conflicts with some work I'm doing. I'll have a list of >>>> actionable >>>>     > critiques this week. >>>>     > >>>>     > Warner >>>>     > >>>>     > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter >>>>     > >>>      >>>>     >>>     >> >>>>     > wrote: >>>>     > >>>>     >     Hi! >>>>     > >>>>     >     Is there any update regarding the rebase or the >>>> inclusion to >>> base >>>> >>>>     >     system? >>>>     >     On 3/28/18, Eric McCorkle >>> >> eric@metricspace.net> >>>> >>>>     >     >>> et>>> >>> wrote: >>>> >>>>     >     > I'll do another rebase from head just to be sure >>>>     >     > >>>>     >     > On March 28, 2018 3:23:23 PM EDT, Warner Losh < >>> imp@bsdimp.com >>>> >>>>     >     >> wrote: >>>>     >     >>It's on my list for nexr, finally. I have an >>>> alternate patch >>> for >>>> >>>>     >     >>loader.efi >>>>     >     >>from ESP, but i don't think it will affect the GELI >>>> stuff. I >>> have some >>>> >>>>     >     >>time >>>>     >     >>slotted for integration issues though. >>>>     >     >> >>>>     >     >>I am quite mindful of the freeze dates.... I  have >>>> some uefi >>> boot >>>> >>>>     >     >>loader >>>>     >     >>protocol changes that I need to get in. >>>>     >     >> >>>>     >     >>Warner >>>>     >     >> >>>>     >     >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" < >>> tommi.pernila@iki.fi >>>> >>>>     >     >>> fi>>> >>> wrote: >>>> >>>>     >     >> >>>>     >     >>> Awesome, thanks for the update and the work that >>>> you have >>> done! >>>> >>>>     >     >>> >>>>     >     >>> Now we just need some more reviewers eyes on the >>>> code :) >>>>     >     >>> >>>>     >     >>> Br, >>>>     >     >>> >>>>     >     >>> Tommi >>>>     >     >>> >>>>     >     >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle < >>> eric@metricspace.net >>>> >>>>     >     >>> et>>> >>>>     >     >>wrote: >>>>     >     >>> >>>>     >     >>>> FYI, I just IFC'ed everything, and the current >>>> patches >>>>     are still >>>>     >     >>fine. >>>>     >     >>>> >>>>     >     >>>> Also, the full GELI + standalone loader has been >>>> deployed >>>>     on one of >>>>     >     >>my >>>>     >     >>>> laptops for some time now. >>>>     >     >>>> >>>>     >     >>>> On 02/21/2018 18:15, Eric McCorkle wrote: >>>>     >     >>>> > The GELI work could be merged at this point, >>>> though it >>>>     won't be >>>>     >     >>usable >>>>     >     >>>> > without an additional patch to enable loader- >>>> only >>>>     operation.  The >>>>     >     >>>> > patches are currently up for review: >>>>     >     >>>> > >>>>     >     >>>> > This is the order in which they'd need to be >>>> merged: >>>>     >     >>>> > >>>>     >     >>>> > >>>>     >     >>>> > https://reviews.freebsd.org/D12732 >>>>      >>>>     >     >>>     > >>>>     >     >>>> > >>>>     >     >>>> > This one changes the efipart device.  Toomas >>>> Soome >>>>     identified >>>>     >     some >>>>     >     >>>> > problems, which I have addressed.  He has not >>>>     re-reviewed it, >>>>     >     >>however. >>>>     >     >>>> > >>>>     >     >>>> > >>>>     >     >>>> > https://reviews.freebsd.org/D12692 >>>>      >>>>     >     >>>     > >>>>     >     >>>> > >>>>     >     >>>> > This adds some crypto code needed for GELI.  It >>>> simply >>>>     adds new >>>>     >     >>code, >>>>     >     >>>> > and doesn't conflict with anything. >>>>     >     >>>> > >>>>     >     >>>> > >>>>     >     >>>> > https://reviews.freebsd.org/D12698 >>>>      >>>>     >     >>>     > >>>>     >     >>>> > >>>>     >     >>>> > This adds the EFI KMS interface code, and has >>>> the EFI >>>>     loader pass >>>>     >     >>keys >>>>     >     >>>> > into the keybuf interface. >>>>     >     >>>> > >>>>     >     >>>> > >>>>     >     >>>> > I can't post the main GELI driver until those >>>> get >>>>     merged, as it >>>>     >     >>depends >>>>     >     >>>> > on them.  It can be found on the geli branch on >>>> my >>>>     github freebsd >>>>     >     >>>> > repository, however. >>>>     >     >>>> > >>>>     >     >>>> > >>>>     >     >>>> > Additionally, you need this patch, which allows >>>>     loader.efi to >>>>     >     >>function >>>>     >     >>>> > when installed directly to the ESP: >>>>     >     >>>> > >>>>     >     >>>> > https://reviews.freebsd.org/D13497 >>>>      >>>>     >     >>>     > >>>>     >     >>>> > >>>>     >     >>>> > On 02/20/2018 22:56, Tommi Pernila wrote: >>>>     >     >>>> >> Hi Eric, >>>>     >     >>>> >> >>>>     >     >>>> >> could you provide a brief update how the work >>>> is going? >>>>     >     >>>> >> >>>>     >     >>>> >> >>>>     >     >>>> >> Br, >>>>     >     >>>> >> >>>>     >     >>>> >> Tommi >>>>     >     >>>> >> >>>>     >     >>>> >> >>>>     >     >>>> >> On Nov 16, 2017 04:29, "Eric McCorkle" >>>>      >>>>     >     >>> et>> >>>>     >     >>>> >> >>>      >>>     >>> >>>>     >     wrote: >>>>     >     >>>> >> >>>>     >     >>>> >>     Right, so basically, the remaining GELI >>>> patches >>>>     are against >>>>     >     >>>> loader, and >>>>     >     >>>> >>     most of them can go in independently of the >>>> work >>>>     on removing >>>>     >     >>boot1. >>>>     >     >>>> >>     There's a unanimous consensus on getting >>>> rid of >>>>     boot1 which >>>>     >     >>>> includes its >>>>     >     >>>> >>     original author, so that's going to happen. >>>>     >     >>>> >> >>>>     >     >>>> >> >>>>     >     >>>> >>     For GELI, we have the following (not >>>> necessarily >>>>     in order): >>>>     >     >>>> >> >>>>     >     >>>> >>     a) Adding the KMS interfaces, pseudo- >>>> device, and >>>>     kernel >>>>     >     >>keybuf >>>>     >     >>>> >>     interactions >>>>     >     >>>> >>     b) Modifications to the efipart driver >>>>     >     >>>> >>     c) boot crypto >>>>     >     >>>> >>     d) GELI partition types (not strictly >>>> necessary) >>>>     >     >>>> >> >>>>     >     >>>> >>     Then there's the GELI driver itself.  (a) >>>> and (c) >>> are >>>> >>>>     >     good to >>>>     >     >>>> land, (b) >>>>     >     >>>> >>     needs some more work after Toomas Soome >>>> pointed >>> out a >>>> >>>>     >     >>legitimate >>>>     >     >>>> >>     problem, and (d) actually needs a good bit >>>> more >>>>     code (but >>>>     >     >>again, >>>>     >     >>>> it's >>>>     >     >>>> >>     more cosmetic).  Additionally, the GELI >>>> driver >>>>     will need >>>>     >     >>further >>>>     >     >>>> mods to >>>>     >     >>>> >>     efipart to be written (nothing too >>>> big).  But we >>>>     could go >>>>     >     >>ahead >>>>     >     >>>> with (a) >>>>     >     >>>> >>     and (c), as they've already been proven to >>>> work. >>>>     >     >>>> >> >>>>     >     >>>> >>     I'd wanted to have this stuff shaped up >>>> sooner, >>>>     but I'm >>>>     >     >>>> preoccupied with >>>>     >     >>>> >>     the 7th RISC-V workshop at the end of the >>>> month. >>>>     >     >>>> >> >>>>     >     >>>> >>     Once this stuff is all in, loader should >>>> handle >>>>     any GELI >>>>     >     >>volumes it >>>>     >     >>>> >>     finds, and it should Just Work once boot1 >>>> is gone. >>>>     >     >>>> >> >>>>     >     >>>> >> >>>>     >     >>>> > _______________________________________________ >>>>     >     >>>> > freebsd-current@freebsd.org >>>>      >>>>     >     >>>     > mailing list >>>>     >     >>>> > https://lists.freebsd.org/mailman/listinfo/freeb >>>> sd- >>> current >>>> >>>>      >>>>     >     >>> rent >>>>     > >>>>     >     >>>> > To unsubscribe, send any mail to >>> "freebsd-current-unsubscribe@ >>>> >>>>     >     >>>> freebsd.org >>>> " >>>>     >     >>>> > >>>>     >     >>>> >>>>     >     >>> >>>>     >     > >>>>     >     > -- >>>>     >     > Sent from my Android device with K-9 Mail. Please >>>> excuse my >>> brevity. >>>> >>>>     >     > _______________________________________________ >>>>     >     > freebsd-current@freebsd.org >>>>      >>>>     >>>     > >>>>     >     mailing list >>>>     >     > https://lists.freebsd.org/mailman/listinfo/freebsd-cu >>>> rrent >>>>      >>>>     >     >>> rent >>>>     > >>>>     >     > To unsubscribe, send any mail to >>>>     >     "freebsd-current-unsubscribe@freebsd.org >>>>      >>>>     >     >>>     >" >>>>     >     > >>>>     > >>>>     > >>>> >>>> >>> >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd >> .org" -- Allan Jude