From owner-svn-src-head@freebsd.org Fri Nov 10 23:54:53 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20219E5421C; Fri, 10 Nov 2017 23:54:53 +0000 (UTC) (envelope-from imp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8AEE869064; Fri, 10 Nov 2017 23:54:50 +0000 (UTC) (envelope-from imp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vAANsnBe075209; Fri, 10 Nov 2017 23:54:49 GMT (envelope-from imp@FreeBSD.org) Received: (from imp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vAANsmPJ075195; Fri, 10 Nov 2017 23:54:48 GMT (envelope-from imp@FreeBSD.org) Message-Id: <201711102354.vAANsmPJ075195@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: imp set sender to imp@FreeBSD.org using -f From: Warner Losh Date: Fri, 10 Nov 2017 23:54:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r325693 - in head: . share/mk sys/boot sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/gptzfsboot sys/boot/i386/libi386 sys/boot/i386/loader sys/boot/i386/zfsboot sys/boot/i386/zfsloa... X-SVN-Group: head X-SVN-Commit-Author: imp X-SVN-Commit-Paths: in head: . share/mk sys/boot sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/gptzfsboot sys/boot/i386/libi386 sys/boot/i386/loader sys/boot/i386/zfsboot sys/boot/i386/zfsloader sys/boot/sparc64/load... X-SVN-Commit-Revision: 325693 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Nov 2017 23:54:53 -0000 Author: imp Date: Fri Nov 10 23:54:48 2017 New Revision: 325693 URL: https://svnweb.freebsd.org/changeset/base/325693 Log: Move LOADER_{NO,}_GELI_SUPPORT to MK_LOADER_GELI Transition to WITH/WITHOUT_LOADER_GELI to flag support or not of GELI in the boot loaders. Add HAVE_GELI so components can flag they need support (since it's too large to include everywhere). Add temporary warnings for the old forms to ease transition. Also, update test script to build without GELI on x86. Sponsored by: Netflix Added: head/tools/build/options/WITHOUT_LOADER_GEIL (contents, props changed) Modified: head/UPDATING head/share/mk/src.opts.mk head/sys/boot/defs.mk head/sys/boot/geli/Makefile head/sys/boot/i386/gptboot/Makefile head/sys/boot/i386/gptzfsboot/Makefile head/sys/boot/i386/libi386/Makefile head/sys/boot/i386/loader/Makefile head/sys/boot/i386/zfsboot/Makefile head/sys/boot/i386/zfsloader/Makefile head/sys/boot/sparc64/loader/Makefile head/sys/boot/sparc64/zfsloader/Makefile head/tools/boot/universe.sh Modified: head/UPDATING ============================================================================== --- head/UPDATING Fri Nov 10 23:54:41 2017 (r325692) +++ head/UPDATING Fri Nov 10 23:54:48 2017 (r325693) @@ -53,7 +53,8 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: 201711xx: The LOADER_FIREWIRE_SUPPORT build variable as been renamed to - WITH_LOADER_FIREWIRE (or WITHOUT_LOADER_FIREWIRE). + WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed + to WITH/OUT_LOADER_GELI. 20171106: The naive and non-compliant support of posix_fallocate(2) in ZFS Modified: head/share/mk/src.opts.mk ============================================================================== --- head/share/mk/src.opts.mk Fri Nov 10 23:54:41 2017 (r325692) +++ head/share/mk/src.opts.mk Fri Nov 10 23:54:48 2017 (r325693) @@ -119,6 +119,7 @@ __DEFAULT_YES_OPTIONS = \ LIB32 \ LIBPTHREAD \ LIBTHR \ + LOADER_GELI \ LOCALES \ LOCATE \ LPR \ Modified: head/sys/boot/defs.mk ============================================================================== --- head/sys/boot/defs.mk Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/defs.mk Fri Nov 10 23:54:48 2017 (r325693) @@ -85,10 +85,26 @@ CFLAGS+= -DLOADER_GPT_SUPPORT .if ${LOADER_MBR_SUPPORT:Uyes} == "yes" CFLAGS+= -DLOADER_MBR_SUPPORT .endif -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT + +# GELI Support, with backward compat hooks +.if defined(HAVE_GELI) +.if defined(LOADER_NO_GELI_SUPPORT) +MK_LOADER_GELI=no +.warning "Please move from LOADER_NO_GELI_SUPPORT to WITHOUT_LOADER_GELI" .endif +.if defined(LOADER_GELI_SUPPORT) +MK_LOADER_GELI=yes +.warning "Please move from LOADER_GELI_SUPPORT to WITH_LOADER_GELI" .endif +.if ${MK_LOADER_GELI} == "yes" +CFLAGS+= -DLOADER_GELI_SUPPORT +CFLAGS+= -I${BOOTSRC}/geli +LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a +.endif +.endif +.endif + +CFLAGS+= -I${SYSDIR} # All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc # or powerpc64. Modified: head/sys/boot/geli/Makefile ============================================================================== --- head/sys/boot/geli/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/geli/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -49,5 +49,9 @@ SRCS+= rijndael-alg-fst.c rijndael-api-fst.c rijndael CFLAGS+= -D_STAND SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c +# aes +.PATH: ${SYSDIR}/opencrypto +SRCS+= xform_aes_xts.c + .include .include Modified: head/sys/boot/i386/gptboot/Makefile ============================================================================== --- head/sys/boot/i386/gptboot/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/gptboot/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GELI= yes + .include .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC} @@ -41,14 +43,6 @@ CFLAGS+=-DBOOTPROG=\"gptboot\" \ CFLAGS.gcc+= --param max-inline-insns-single=100 -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -OPENCRYPTO_XTS= xform_aes_xts.o -.endif - LD_FLAGS+=${LD_FLAGS_BIN} CLEANFILES= gptboot @@ -66,12 +60,12 @@ gptldr.out: gptldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o CLEANFILES+= gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \ - cons.o util.o ${OPENCRYPTO_XTS} + cons.o ${OPENCRYPTO_XTS} gptboot.bin: gptboot.out ${OBJCOPY} -S -O binary gptboot.out ${.TARGET} -gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o util.o ${OPENCRYPTO_XTS} +gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o ${OPENCRYPTO_XTS} ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32} gptboot.o: ${SASRC}/ufsread.c Modified: head/sys/boot/i386/gptzfsboot/Makefile ============================================================================== --- head/sys/boot/i386/gptzfsboot/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/gptzfsboot/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GPT= yes + .include .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \ @@ -48,14 +50,6 @@ CFLAGS+= -Wno-tentative-definition-incomplete-type LIBZFSBOOT=${BOOTOBJ}/zfs32/libzfsboot.a .else LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a -.endif - -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -OPENCRYPTO_XTS= xform_aes_xts.o .endif CFLAGS.gcc+= --param max-inline-insns-single=100 Modified: head/sys/boot/i386/libi386/Makefile ============================================================================== --- head/sys/boot/i386/libi386/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/libi386/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,5 +1,8 @@ # $FreeBSD$ +HAVE_GPT= yes +HAVE_GELI= yes + .include LIB= i386 @@ -23,12 +26,6 @@ CFLAGS+= -DCOMSPEED=${BOOT_COMCONSOLE_SPEED} .ifdef(BOOT_BIOSDISK_DEBUG) # Make the disk code more talkative CFLAGS+= -DDISK_DEBUG -.endif - -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -# Decrypt encrypted drives -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli .endif .if !defined(BOOT_HIDE_SERIAL_NUMBERS) Modified: head/sys/boot/i386/loader/Makefile ============================================================================== --- head/sys/boot/i386/loader/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/loader/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GELI= yes + LOADER_NET_SUPPORT?= yes LOADER_NFS_SUPPORT?= yes LOADER_TFTP_SUPPORT?= yes @@ -36,15 +38,6 @@ HAVE_ISABUS= yes .if ${MK_LOADER_FIREWIRE} == "yes" CFLAGS+= -DLOADER_FIREWIRE_SUPPORT LIBFIREWIRE= ${BOOTOBJ}/i386/libfirewire/libfirewire.a -.endif - -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -SRCS+= xform_aes_xts.c -CFLAGS+= -I${SYSDIR} -D_STAND .endif # Always add MI sources Modified: head/sys/boot/i386/zfsboot/Makefile ============================================================================== --- head/sys/boot/i386/zfsboot/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/zfsboot/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,6 +1,6 @@ # $FreeBSD$ -LOADER_GELI_SUPPORT=no +HAVE_GELI=yes .include @@ -60,7 +60,7 @@ zfsldr.out: zfsldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o CLEANFILES+= zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \ - zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o util.o + zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o # We currently allow 128k bytes for zfsboot - in practice it could be # any size up to 3.5Mb but keeping it fixed size simplifies zfsldr. @@ -82,8 +82,8 @@ zfsboot.ldr: zfsboot.bin: zfsboot.out ${OBJCOPY} -S -O binary zfsboot.out ${.TARGET} -zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o util.o - ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBSA32} +zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o + ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBGELIBOOT} ${LIBSA32} SRCS= zfsboot.c Modified: head/sys/boot/i386/zfsloader/Makefile ============================================================================== --- head/sys/boot/i386/zfsloader/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/i386/zfsloader/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -5,6 +5,5 @@ NEWVERSWHAT= "ZFS enabled bootstrap loader" x86 LOADER_ONLY= yes HAVE_ZFS= yes -.include -.include "${BOOTSRC}/i386/loader/Makefile" +.include "${.CURDIR}/../loader/Makefile" Modified: head/sys/boot/sparc64/loader/Makefile ============================================================================== --- head/sys/boot/sparc64/loader/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/sparc64/loader/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -22,6 +22,7 @@ VERSION_FILE= ${.CURDIR}/../loader/version INSTALLFLAGS= -b # Architecture-specific loader code +.PATH: ${BOOTSRC}/sparc64/loader SRCS= locore.S main.c metadata.c vers.c .if ${LOADER_DEBUG} == "yes" Modified: head/sys/boot/sparc64/zfsloader/Makefile ============================================================================== --- head/sys/boot/sparc64/zfsloader/Makefile Fri Nov 10 23:54:41 2017 (r325692) +++ head/sys/boot/sparc64/zfsloader/Makefile Fri Nov 10 23:54:48 2017 (r325693) @@ -1,7 +1,5 @@ # $FreeBSD$ -.PATH: ${.CURDIR}/../loader - PROG= zfsloader NEWVERSWHAT= "ZFS enabled bootstrap loader" sparc64 HAVE_ZFS= yes Modified: head/tools/boot/universe.sh ============================================================================== --- head/tools/boot/universe.sh Fri Nov 10 23:54:41 2017 (r325692) +++ head/tools/boot/universe.sh Fri Nov 10 23:54:48 2017 (r325693) @@ -63,7 +63,7 @@ for i in \ sparc64/sparc64 \ ; do ta=${i##*/} - dobuild $ta _.boot.${ta}.noZFS.log "MK_ZFS=no" + dobuild $ta _.boot.${ta}.no_zfs.log "MK_ZFS=no" done # Build with firewire @@ -73,4 +73,13 @@ for i in \ ; do ta=${i##*/} dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes" +done + +# Build without GELI +for i in \ + amd64/amd64 \ + i386/i386 \ + ; do + ta=${i##*/} + dobuild $ta _.boot.${ta}.no_geli.log "MK_LOADER_GELI=no" done Added: head/tools/build/options/WITHOUT_LOADER_GEIL ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITHOUT_LOADER_GEIL Fri Nov 10 23:54:48 2017 (r325693) @@ -0,0 +1,2 @@ +.\" $FreeBSD$ +Disable inclusion of GELI crypto support in the boot chain binaries.