From owner-freebsd-current@freebsd.org Mon Mar 30 06:02:31 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2E1A627499D for ; Mon, 30 Mar 2020 06:02:31 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48rMLM1zgMz4FpW for ; Mon, 30 Mar 2020 06:02:19 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qt1-x82a.google.com with SMTP id t17so14118789qtn.12 for ; Sun, 29 Mar 2020 23:02:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WWkDgOyF3DyUYmVc5BmZ7TXUnM+J3I7CcI/K5v9Xi+A=; b=HwqdKha+h4UIxhldHrLUzC+9xOcK9d+h/VWOlPhuHHxNt0W52vmhTbr83GfQ/Da6Qt sA61VzecP2NX4u/eiVL6tYgjdWbv0vrmCb1/8VU0/MMjOg8MqY3l0wa4Adk3aA1Ho1Ji HvJz7IVvwRPxjIJZhJE1RYfoDsMu9rekzR0ld68tRAkaVb82ffbgfcyc3rQuKES4WOpb W1HxB0o60tKdQ/qs7CMtLcd0/Q3eMrfcg9GOAB1B+ZRbc9xBARsdKJp4NEb155FhSdtO 6Iy0G+AzRnTcMh3yBx79pX78rT2mG4EIgT2+WN4EF8xIPgw3IyetznRHplBxxl+liOWQ zX6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WWkDgOyF3DyUYmVc5BmZ7TXUnM+J3I7CcI/K5v9Xi+A=; b=d5jdGyeoXyI8L1fv3GaFvElxyh38fse3jTYZRj33aBmP1RswyhdCzxEIevNaIJqUtR hwEHxwRfrghSy5gQRRWcyGSVhFEiUw9j3fxStcEEHCMr14NhyHVfARdaEFyWKT1bKCeB LuyM/s7JmYz3DelO4IJrPRl8WU8RO3i0qLzb+0Z2XVCrYfwohY9n2gONsYnHBudq6oiu jOFatxXAUtiZqNAsjxMxmYhuN7mJCNmVeSNhee1maFwhbf3aHz5ZoR6crb5r6R/1kU/i i3ZIMTTJIZrBGD6dP7VpDJfPSdypd54CExYsv/XvZ7Cb67EgQBhdUwfB93jJz+Kjzx6P nSGw== X-Gm-Message-State: ANhLgQ3OHDq1obC58X0dzqm1XYTMsgq6dmDic/Ns9QO9eXvamOJIQkxn xqmyTqJ3oo6lf/v6C+RtWFcrJ/I/wl4T4QYB7b+weQ== X-Google-Smtp-Source: ADFU+vsb8KBHF4cFerxrw+NcbomncMnB0ie2XpDlWTV5mX1ZfdnDpyou4jrMMDkRh9hH/4PqCp0M+aPam6H+NMody28= X-Received: by 2002:ac8:224c:: with SMTP id p12mr9859122qtp.32.1585548130074; Sun, 29 Mar 2020 23:02:10 -0700 (PDT) MIME-Version: 1.0 References: <18df34fe-6256-6e68-ead5-481e83a501fe@freebsd.org> <4C050E22-E571-47ED-87A1-FE1BAC69A073@bsdio.com> <89419.1585539869@kaos.jnpr.net> In-Reply-To: <89419.1585539869@kaos.jnpr.net> From: Warner Losh Date: Mon, 30 Mar 2020 00:01:59 -0600 Message-ID: Subject: Re: When will the FreeBSD (u)EFI work? To: "Simon J. Gerraty" Cc: Rebecca Cran , Nathan Whitehorn , Kyle Evans , Tomoaki AOKI , FreeBSD Current , Chris H X-Rspamd-Queue-Id: 48rMLM1zgMz4FpW X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdimp-com.20150623.gappssmtp.com header.s=20150623 header.b=HwqdKha+; dmarc=none; spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2607:f8b0:4864:20::82a) smtp.mailfrom=wlosh@bsdimp.com X-Spamd-Result: default: False [-3.04 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; IP_SCORE(-2.04)[ip: (-9.33), ipnet: 2607:f8b0::/32(-0.36), asn: 15169(-0.46), country: US(-0.05)]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[bsdimp.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[bsdimp-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[a.2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCPT_COUNT_SEVEN(0.00)[7]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2020 06:02:31 -0000 On Sun, Mar 29, 2020 at 9:44 PM Simon J. Gerraty wrote: > Warner Losh wrote: > > True, but as we move from boot1.efi to loader.efi, the need will > > grow... Even if we keep boot1.efi, loader.efi will be needed for > > interesting secure systems, so we can't cop-out like we have in the > > past. > > Sigh, that would force me to have to add verification to boot1.efi ;-) > > Personally I'm quite happy with installing loader.efi as bootx64.efi > to avoid that. > Yea. That's why we really want to move in this direction.... > I treat it as a separately published component, independent of the > loaders used on non-uefi platforms. So the fact that I have to build it > from head, matters little. > > The loader should be largely independent of the rest of the system, and > was until lua came along. Eg we can successfully verify and load a > stable/6 based system using loader built from stable/11. > For at least some platforms we cannot use lua, as it takes up headroom > we need for verifying modules. > I think the Forth loader can still load old kernel binaries, at least back to the ELF cut-over, though the Forth words have changed a bit over time, so there may be some issues there... Warner