Date: Wed, 6 Mar 2019 20:10:23 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344853 - head/share/man/man5 Message-ID: <201903062010.x26KANQv062983@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Wed Mar 6 20:10:23 2019 New Revision: 344853 URL: https://svnweb.freebsd.org/changeset/base/344853 Log: Regenerate src.conf.5 for recent changes. Updates include removal of DRM2 and addition of several options related to secure booting. Modified: head/share/man/man5/src.conf.5 Modified: head/share/man/man5/src.conf.5 ============================================================================== --- head/share/man/man5/src.conf.5 Wed Mar 6 18:19:27 2019 (r344852) +++ head/share/man/man5/src.conf.5 Wed Mar 6 20:10:23 2019 (r344853) @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd February 15, 2019 +.Dd March 6, 2019 .Dt SRC.CONF 5 .Os .Sh NAME @@ -137,6 +137,33 @@ This must be set in the environment, make command line .Pa /etc/src-env.conf , not .Pa /etc/src.conf . +.It Va WITH_BEARSSL +Build the BearSSL library. +.Pp +BearSSL is a tiny SSL library suitable for embedded environments. +For details see +.Lk http://www.BearSSL.org/ +.Pp +This library is currently only used to perform +signature verification and related operations +for Verified Exec and +.Xr loader 8 . +When set, these options are also in effect: +.Pp +.Bl -inset -compact +.It Va WITH_LOADER_EFI_SECUREBOOT +(unless +.Va WITHOUT_LOADER_EFI_SECUREBOOT +is set explicitly) +.It Va WITH_LOADER_VERIEXEC +(unless +.Va WITHOUT_LOADER_VERIEXEC +is set explicitly) +.It Va WITH_VERIEXEC +(unless +.Va WITHOUT_VERIEXEC +is set explicitly) +.El .It Va WITHOUT_BHYVE Set to not build or install .Xr bhyve 8 , @@ -1216,6 +1243,11 @@ option should be used rather than this in most cases. .Pp This is a default setting on amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe. +.It Va WITH_LOADER_EFI_SECUREBOOT +Enable building +.Xr loader 8 +with support for verification based on certificates obtained from UEFI. +.Pp .It Va WITH_LOADER_FIREWIRE Enable firewire support in /boot/loader on x86. This option is a nop on all other platforms. @@ -1267,6 +1299,21 @@ Set to build with extra verbose debugging in the loade May explode already nearly too large loader over the limit. Use with care. +.It Va WITH_LOADER_VERIEXEC +Enable building +.Xr loader 8 +with support for verifcation similar to Verified Exec. +.Pp +It depends on +.Va WITH_BEARSSL +When set, these options are also in effect: +.Pp +.Bl -inset -compact +.It Va WITH_LOADER_EFI_SECUREBOOT +(unless +.Va WITHOUT_LOADER_EFI_SECUREBOOT +is set explicitly) +.El .It Va WITHOUT_LOADER_ZFS Set to not build ZFS file system boot loader support. .It Va WITHOUT_LOCALES @@ -1405,10 +1452,6 @@ Set to build .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and sparc64/sparc64. -.It Va WITH_MODULE_DRM -Enable creation of old drm video modules. -.It Va WITH_MODULE_DRM2 -Enable creation of old drm2 video modules. .It Va WITH_NAND Set to build the NAND Flash components. .It Va WITHOUT_NDIS @@ -1869,6 +1912,15 @@ Set to not build user accounting tools such as .Xr lastlogin 8 and .Xr utx 8 . +.It Va WITH_VERIEXEC +Enable building +.Xr veriexec 8 +which loads the contents of verified manifests into the kernel +for use by +.Xr mac_veriexec 4 +.Pp +It depends on +.Va WITH_BEARSSL .It Va WITHOUT_VI Set to not build and install vi, view, ex and related programs. .It Va WITHOUT_VT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903062010.x26KANQv062983>