From owner-freebsd-arch@freebsd.org Fri Jul 6 17:14:49 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7B30103C64D for ; Fri, 6 Jul 2018 17:14:48 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-it0-f66.google.com (mail-it0-f66.google.com [209.85.214.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 731488BEA1 for ; Fri, 6 Jul 2018 17:14:48 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-it0-f66.google.com with SMTP id j185-v6so17828924ite.1 for ; Fri, 06 Jul 2018 10:14:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=rIg2B9QNYFiGeGzbMqe+O6qCWf0YLnAX2W78FjrIJzk=; b=FY68JMSJtZCQEIHzd0Pvu+j2CpLLDCxBExaYyOeO7eUWXI2ZtZbKSh+ucllA66ig2u 9G9Up4DBc5768S+D9rDaqR5HaYmk5UWNUyE1fP1u5QXaD84ItsovRy21DGUBWBAG2G1U uw0YkRK54qZ0uykYzJH933R07uEzM3a66Ht+DNjqYvxGeyPSjLLx1cQgTWlV3JnwOj2V xFjfuTPl+9i+eJidY+KDM7n64OAMYVbLeB3t1sy7VlhgIPwjZOQuuJrcjN/OuTL9ghue TWfTrTFREFkFO2JkAfXZ9qQES/3WwI8eIxffVjEGERtzAsrqlGgD7RL0sxr08wUa57K5 JhaQ== X-Gm-Message-State: APt69E19mu9/xWPYrF6dIE2hksEEJTh+DV2x5aTvpmhgqHBWpQkdJ6oB uWDWGd8hi+6x6O6gq5DfFwlfT6+x X-Google-Smtp-Source: AAOMgpeXeTjyFvbe+OplDVoQB6sKOm5RHUNSYci2eIKC+6BdDn+SVP7p/7p65B/E8PRPKjp9BmF+JA== X-Received: by 2002:a24:e1c4:: with SMTP id n187-v6mr9008633ith.115.1530896864433; Fri, 06 Jul 2018 10:07:44 -0700 (PDT) Received: from mail-it0-f41.google.com (mail-it0-f41.google.com. [209.85.214.41]) by smtp.gmail.com with ESMTPSA id o20-v6sm3799228ioa.83.2018.07.06.10.07.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Jul 2018 10:07:44 -0700 (PDT) Received: by mail-it0-f41.google.com with SMTP id s7-v6so17376970itb.4 for ; Fri, 06 Jul 2018 10:07:44 -0700 (PDT) X-Received: by 2002:a24:ed4a:: with SMTP id r71-v6mr8742964ith.53.1530896864102; Fri, 06 Jul 2018 10:07:44 -0700 (PDT) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 2002:a02:7e0a:0:0:0:0:0 with HTTP; Fri, 6 Jul 2018 10:07:43 -0700 (PDT) In-Reply-To: <93705.1530850590@kaos.jnpr.net> References: <84d9b7dd268a8cb64b51e4c49753bed8@localhost.localdomain> <93705.1530850590@kaos.jnpr.net> From: Conrad Meyer Date: Fri, 6 Jul 2018 10:07:43 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [Differential] D16155: Add veriexec to loader To: "Simon J. Gerraty" Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2018 17:14:49 -0000 Hi Simon, On Thu, Jul 5, 2018 at 9:16 PM, Simon J. Gerraty wrote: > +freebsd-arch since I refuse to top-post via phab, and this all warrants > a discussion anyway... Please follow-up in Phabricator, or there is little point in using it. (I don't know where the "top-post" characterization comes from =E2=80=94 phabricator presents conversations top-to-bottom, in the same fashion as bottom posting.) Without getting into point-by-point specifics, I'll address a couple (meta-)issues of that come up multiple times in the conversation: 1. It's unclear in what context files are used (loader, userspace, and/or kernel). Some files in directories are built in multiple contexts, but not others, and the contexts aren't clear from the pathnames. That lead(s) to some confusion. For crypto review you really want clarity. It is almost certainly better to break this into several pieces. I.e., the mechanical build system changes to import bearssl can be separated out; you could maybe add loader-only verification code next, then bring in the kernel pieces, then userspace (as separate reviews). You know this work better than I do; how you choose to split it is up to you. But I would encourage smaller pieces. 2. A lot of the responses to my questions or comments are "JunOS does (or has done) it this way." Those are great rationales for Juniper continuing to use the existing design in its commercial product! But this isn't JunOS, and booting JunOS is useless to FreeBSD. If all you want to do with the changes is boot JunOS, I don't see any reason to include it in FreeBSD. If your concern is that the implementations will diverge slightly, well, they will. That's sort of the nature of being a downstream commercial product of FreeBSD. For anything removed in FreeBSD (i.e., obsolete SHA1 support, or even RSA/ECDSA signatures) that you need to retain in JunOS, you can still include that as a small local patch in JunOS. We do not want crufty 2003 crypto in FreeBSD. 3. It is an unreasonable response to question or critique to refer reviewers to a 60 minute video of a talk. If you addressed that specific question or concern in your talk, and want to provide *a specific timestamp and duration* in the video stream, great. I'm happy to watch a short, specific clip, if that is your preferred media for representing a few sentences. But I'm not going to sit down and watch a 60 minute talk just to dig for the response to a specific concern, which may or may not even be addressed. Thanks, Conrad