Date: Fri, 6 Jul 2018 10:07:43 -0700 From: Conrad Meyer <cem@freebsd.org> To: "Simon J. Gerraty" <sjg@juniper.net> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: [Differential] D16155: Add veriexec to loader Message-ID: <CAG6CVpVc6cCURhNsCoqQXv1OcrHrvU90YdFEvTvk4=-1gyR=0g@mail.gmail.com> In-Reply-To: <93705.1530850590@kaos.jnpr.net> References: <differential-rev-PHID-DREV-jfitweed3urwpaigoztb-req@FreeBSD.org> <84d9b7dd268a8cb64b51e4c49753bed8@localhost.localdomain> <93705.1530850590@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Simon, On Thu, Jul 5, 2018 at 9:16 PM, Simon J. Gerraty <sjg@juniper.net> wrote: > +freebsd-arch since I refuse to top-post via phab, and this all warrants > a discussion anyway... Please follow-up in Phabricator, or there is little point in using it. (I don't know where the "top-post" characterization comes from =E2=80=94 phabricator presents conversations top-to-bottom, in the same fashion as bottom posting.) Without getting into point-by-point specifics, I'll address a couple (meta-)issues of that come up multiple times in the conversation: 1. It's unclear in what context files are used (loader, userspace, and/or kernel). Some files in directories are built in multiple contexts, but not others, and the contexts aren't clear from the pathnames. That lead(s) to some confusion. For crypto review you really want clarity. It is almost certainly better to break this into several pieces. I.e., the mechanical build system changes to import bearssl can be separated out; you could maybe add loader-only verification code next, then bring in the kernel pieces, then userspace (as separate reviews). You know this work better than I do; how you choose to split it is up to you. But I would encourage smaller pieces. 2. A lot of the responses to my questions or comments are "JunOS does (or has done) it this way." Those are great rationales for Juniper continuing to use the existing design in its commercial product! But this isn't JunOS, and booting JunOS is useless to FreeBSD. If all you want to do with the changes is boot JunOS, I don't see any reason to include it in FreeBSD. If your concern is that the implementations will diverge slightly, well, they will. That's sort of the nature of being a downstream commercial product of FreeBSD. For anything removed in FreeBSD (i.e., obsolete SHA1 support, or even RSA/ECDSA signatures) that you need to retain in JunOS, you can still include that as a small local patch in JunOS. We do not want crufty 2003 crypto in FreeBSD. 3. It is an unreasonable response to question or critique to refer reviewers to a 60 minute video of a talk. If you addressed that specific question or concern in your talk, and want to provide *a specific timestamp and duration* in the video stream, great. I'm happy to watch a short, specific clip, if that is your preferred media for representing a few sentences. But I'm not going to sit down and watch a 60 minute talk just to dig for the response to a specific concern, which may or may not even be addressed. Thanks, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpVc6cCURhNsCoqQXv1OcrHrvU90YdFEvTvk4=-1gyR=0g>