From owner-freebsd-arch@freebsd.org Fri Jul 6 20:01:48 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5AD5C10264A7 for ; Fri, 6 Jul 2018 20:01:48 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "thawte SHA256 SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B80EF9493F; Fri, 6 Jul 2018 20:01:47 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w66K0ZJT029640; Fri, 6 Jul 2018 13:01:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=w3hX5tpvBhMfY0bwYBWul4pPyPNSKDqW8xSv64V1LT4=; b=LuW2rGsrOhZJqwGpPGpVIv1VM6PuZu8mKv+TwfM+6dL0uWh03NlDmmdrMmK1d/3P3xPM J3R2eMTjXQ9JGBlS+ZLyM7dtuShm46ej3zHQUuSVSCDgYw6Bb0Em5ZzSPwu0sl4+9eYv 2YfV3koVZs9qiE9AqzaSNw8hmbWrvfSzhF8OjjvYVq1ys563uko7cC3pKvmUoh0J2ThI G0yax80Ve0Zgbegta3iie4P3FMQ32qpwUdskBe+ws+YQfFCK3tju2exDnB8J74PUV7DH knNDAcJojmRIToOD8Ldah7jkZ4FIr5YPbyvHz+QLMRxZgb5z/1Flw93wHgw92GxbFxEa 4w== Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0015.outbound.protection.outlook.com [216.32.180.15]) by mx0b-00273201.pphosted.com with ESMTP id 2k2cex0ahq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 06 Jul 2018 13:01:46 -0700 Received: from SN1PR0501CA0035.namprd05.prod.outlook.com (2a01:111:e400:52fe::45) by BY2PR05MB616.namprd05.prod.outlook.com (2a01:111:e400:2c45::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.13; Fri, 6 Jul 2018 20:01:44 +0000 Received: from CO1NAM05FT025.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::201) by SN1PR0501CA0035.outlook.office365.com (2a01:111:e400:52fe::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.952.8 via Frontend Transport; Fri, 6 Jul 2018 20:01:43 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT025.mail.protection.outlook.com (10.152.96.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.930.2 via Frontend Transport; Fri, 6 Jul 2018 20:01:43 +0000 Received: from P-EXFEND-EQX-01.jnpr.net (10.104.8.54) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 6 Jul 2018 13:01:21 -0700 Received: from P-EMFE01C-SAC.jnpr.net (172.24.192.43) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Fri, 6 Jul 2018 13:01:21 -0700 Received: from p-mailhub01.juniper.net (10.47.226.20) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Fri, 6 Jul 2018 13:01:21 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w66K1KGk027927; Fri, 6 Jul 2018 13:01:20 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 7DCC16427F; Fri, 6 Jul 2018 13:01:20 -0700 (PDT) To: CC: "freebsd-arch@freebsd.org" , Subject: Re: [Differential] D16155: Add veriexec to loader In-Reply-To: References: <84d9b7dd268a8cb64b51e4c49753bed8@localhost.localdomain> <93705.1530850590@kaos.jnpr.net> Comments: In-reply-to: Conrad Meyer message dated "Fri, 06 Jul 2018 10:07:43 -0700." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <21122.1530907280.1@kaos.jnpr.net> Date: Fri, 6 Jul 2018 13:01:20 -0700 Message-ID: <21993.1530907280@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(396003)(136003)(376002)(39860400002)(2980300002)(199004)(189003)(25584004)(26005)(16586007)(97736004)(53416004)(23726003)(316002)(93886005)(55016002)(356003)(76506005)(68736007)(97756001)(5660300001)(9686003)(81156014)(81166006)(54906003)(47776003)(8676002)(478600001)(8936002)(50226002)(77096007)(126002)(446003)(476003)(2906002)(97876018)(305945005)(86362001)(6266002)(11346002)(7126003)(2810700001)(486006)(450100002)(4326008)(6916009)(229853002)(2351001)(6246003)(53936002)(107886003)(106466001)(105596002)(336012)(50466002)(7696005)(6346003)(76176011)(14444005)(186003)(69596002)(46406003)(117636001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR05MB616; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; CO1NAM05FT025; 1:vUP+cgH+okng6WYhOBLbu+qRZZVoXBLm+JPj4BK0CSY9KLEaAGTduNbmjEJuV8dSzIgFDgLm9W+kDCC9I+h8pQDdesGI2KO3IwnHDFETKLVa+Pwp5/YV3S8JJqEOTRKX X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: af9dcccd-1a43-4ea7-23f9-08d5e37b4bd8 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060); SRVR:BY2PR05MB616; X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB616; 3:kzgKxfQivaWzXtaQP7TkQK4KJ5Zr9rBVDGZn+WOjB8+UCCI492vcWaWXkLBvnv9Xb/oXGjzKu+U0MzQPFDItPqq4mQWHofXBraDQ9c8sLLR3guQ0b6OBRogmh4mffPqCtMljqFsTCHxaXMdDKtnihU1kRzXVE0xzN2md472EygnPFxZLzrDgUpHKXVo3qHiQOdpOJfRVMEIv8f29mydurVdXylMPj+paa8ePBMrDrz0O3W/RVSK9DsW57ZmaYJr3emUXTWmUhMk1UL1sgU4C+x9Hli6iV6tyrPKyOaAkw85wMq541ydJ7mWkprsIX2WtTKUOQdM8eAfAtujMGe3WSjQI5bKih049GanZtNJcFxA=; 25:j0XzfsgfzWLxNFGJksHgDRiwnXnAowodkB8hMx7jNJ6G/K5m0njxE0THPZ9NcCx2PZiQNV43oO3sjQkRXJ50cRlJNdbVdVLJzL+gBPHXOoG31P8O7Kp3xn+vQBPVUNGhSdvQPmsf0EF3ORp3ANFbpOElibMiRjbCcUZZ33aH+1yVoPxU/ZHqFxrZfOKHVl7Hzc84l9eJbhZlYoQm3aPmfC+LYqAx9anLXlfQlUW2F/dJ+573xQ1pJqGu8I9Ff+Eh2FhW1ydqzotOj9KDVLWwLAeO87Vlu5FVszJItXPrwU4gzLLxDxcHwWYqoM1Mga18hwuYG+QF2zwhvCMD4AQC9g== X-MS-TrafficTypeDiagnostic: BY2PR05MB616: X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB616; 31:QkTnvb+2QblrA2/rREZ9Sj6/myAUmmjVkd2khRtMoYiN656FmEgfeffSvLhjnARlsS6Jl5MLK6MMQ++9q14XfnjaN7Xmrrziz/quG3OoMSCbZrCTHhU0mpPOFqpgeVY4caSVoEjHfm3bDADQNLomswQej86k8sDo2E2YNe0T8LzcFpKeh00L5P3sRxDGWo0oseff1lMilO72EYXbpCXtfPpDd6tqeVu1s9VwIUPudfU=; 20:jMhsQOlnfOaiAAkN6WU/wYCOA+ghAAGhCBnf4Lqcw902G9iAuE71gCCAvFfx/5J+9XHX+L3HLThGF8+L7YAzQWhKJN8SnmV7S7IwFRvLe9k2gWgLTzn5JYSkjjpF9Ml3TcCYXtni/jYfP2V9E1pD0d2wH6CtMNEIain1fPoWYRdqV+bJS3SC5YxjOKe3+qqnl72FVP36QBSy7GEVFppHRHXOq6BRvkxs3qPziiYTXIjw1znf0QQRuHsRgLEgAQfmVZYOrntbpMUVIHsVNOu/UOLDAcH8LyjQF5Yal2nd4snVzdNqWxoTQv0jGB2Qh/ii/DePP/4nr8PAgiZcWWlHi2lYlRtyWxhi/ibLztOWJPOabZ1BjZmNRO5Mmt/NE9Rj+l2J1FuszhIow4Ol8Ab14zXsTMLo2lAQdQ6iLdJfNq7mD2hVcGVuPZYRj4RXU+u1/NZqmALenNOwiLVBvljKVAMfiWBV24v/SUEXq7Y8As62CM8QOM2H1PB83tRVlSRG X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231291)(944501410)(52105095)(3002001)(10201501046)(93006095)(93003095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:BY2PR05MB616; BCL:0; PCL:0; RULEID:; SRVR:BY2PR05MB616; X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB616; 4:VPafx2HVUDOLALYXcV0MtOQMtJyc+G8SlVF6/zMwvBlLrqN1TtcH0F3rqyZ5AmImeB3d+s2gvayokq6LinywAGOPRZU1Yd6wSW7/PQ+E2HYJqXzOmXCuIk4dUbiMQu/PIa/nNd9Jk9zdc2xMQdHYKvD7erP3gNOKkq5l2qqNevWfoYWGOSuvqwQIjwut/G5S5EtKyDi6sRrkJLYhqRhHz+LmTVqNyR5Y0Fl/tvmtgMv/0dG5GI6cx5ohyGXB+FRNRu6yYmsGunf/aP+EDFx3JA== X-Forefront-PRVS: 0725D9E8D0 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR05MB616; 23:PwhNDanXKE8lZiPsMyP5xVDoHygEMLS43VqrIoIbTY?= =?us-ascii?Q?TDYI34ngkhzHhk00yAD5MmzUunbYmvna4EWrwUL6JzXn2NJBQnqVvaFyN4nF?= =?us-ascii?Q?XGZxwnfrb/EMsa9QS0vkpK8Fd2xd+Oguwmgr31txKIHW4TY4CJsT1wiImKIc?= =?us-ascii?Q?t4E0fGeiPtTTBCia7HXesfgmJe1J8w1uzHJYb3P6tQ6LE9UDinT+LSs6p73D?= =?us-ascii?Q?QYHQKzvDoI0WMcnW/x2ix1Dvm6YHXgdWwWQQcOYcerGoLrc0inL66tJ2jYn0?= =?us-ascii?Q?dewCaRMkgjb9cLBzHguChGDm05GYDSDx8vbeb30imNtl+NtdzfztQqr6nB06?= =?us-ascii?Q?XukePQi/TTCpUdfIFL5b5YUp/hNpA4x6+tqyGy4egPAftDFTZQt2dyRkMdBi?= =?us-ascii?Q?U/4DbcZHD5pRTooRb/zdU2yoy7DHd3T0sAkDIErdE8x0+ATYN97/bkp1lauL?= =?us-ascii?Q?JBOurBpV53ef3IJopZlLYneKc+TwqvjimyKIdEvgTMXl7XE8FJxbNfZJ3Vfy?= =?us-ascii?Q?Ri6hrziWfbP4hJlqD0RtTxqsO4b7zNYszxXFmcQ2+XDNVL8CB6dc0al+bLNE?= =?us-ascii?Q?AjnrXvj5bMgXp/aNZWZ1e7peA3YX2NNeYvsTxeXIhNvKYQSaB1cA3B4zgIdn?= =?us-ascii?Q?Q5tNhmfotEZDq4dqGDsZSDUS+RRJDCCfmHoplm7GPeRBx/sZEtx2eCFiyRSt?= =?us-ascii?Q?uHbZeiGDLSJRD6Ko1YvJdqPseG9eCIXGpCp5DIh+BJfYx/a3T/GIgobsNxdF?= =?us-ascii?Q?iKM4uKOdj2ITGyc1qwHp1CAgZun3V3T4sS9dE9lamjiDycuDqf5TI1HnwPF3?= =?us-ascii?Q?AAcaU60nlDVFJvCuBNWqXp7MJ4YoHxhqYQBdiCz6zDXkitzz2RuUrpMKoOIE?= =?us-ascii?Q?sGwZhWUCZzSauuwDdheohIdEKa/FCuf45wJNLAKSCLuM+rwTpuey/aoSmrc0?= =?us-ascii?Q?zSHl1w0TfPcT5UyNmi3Errtc+y8p9vC5/NWcDuMohTvu4p+x+jBfIlqvlA1b?= =?us-ascii?Q?bmZ7rm7cn1jyGgVVlGbnFPg7Qp8lJdyTiXrSuGQRlaQvk5W1+WInMBgZOB4f?= =?us-ascii?Q?2FFF5Dq65wUB0Sl6TuN/gL4nxhppkfzRYO7HqeVLxoA1XTm9J1FE6VO117bu?= =?us-ascii?Q?8yaki6auZk85nMn4pa6OEJu5p+xtxlb7xqBL4p5EdkKZDYhvvoyu1FroCdw2?= =?us-ascii?Q?arup+9WhqA3D3odqgix3eGb59iWmvLo1rQ0YKBP7mHgv3fgxJRO3ywYJYfxt?= =?us-ascii?Q?spAqbK5R1vH+qT0aMt+JXE6MnEUd6aZ1v/YGAn005dW+XmuRQOa+L9BEHfBJ?= =?us-ascii?Q?hGRdL9AZG2v+81WIWosH7MvoNTZp5A6yjt50J0OEi2x6S61JMaR6yJddNqHA?= =?us-ascii?Q?5MFy9GhnxUGvqRv3pTE4Xeq0eXHCWbkSKBpRFItU+rrCLIJ9boMk0YkW8pk2?= =?us-ascii?Q?DVheQU4k1Wfr53Hoaql92u8oNUNE8=3D?= X-Microsoft-Antispam-Message-Info: l80/jP2CNx1qIHm/s4SNmRqhqYQPhWllH9ZNDjUOq34xOtA74F+cp9Bpoexpb5lspWYeb0MLz7XkhhMm3yxMhASJTeNl8hTT/XDIVUBOXLZ1UDQS2rl97/dDPltG1jxhf9NlaC5Lioh8potRjUePOFjpmeDP8RzPoYvICbB0tD+SS7vLwnMIuvs+NOYFtaoH/ZX5fP0qV+k/ZKla7APIVNB2gY7/eq7pQ14HKmS5aJHJ2trxLGODi/YI4RpMfjvtt4H94htTIeJ4GSgFQt8u6nRmbbcDQqCJKat5EG62f6GXnDV5HD7llq5IuUrKx+9MiEinVn6AXJZfeN+Zl/MWJvP7X1y9XENOrKuRcZ6Ll7k= X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB616; 6:Sf9a8tSlhN2TcMgs6225Kq7rFmaaW7KInDzuht4yalRib3X94UvSModTMZOyV/sBH6c4f0w9wzXgmicx6RrqAXJdllHdMuIfEOH4CpcraMiS86KVfCOVsv2or1WCXoPnPK5CYjeUq49jL2ybY2M+7nFMiNMaQ2ta8S+jov9nraK4tWfXnG5oC12swJJv220JhwS6Mug1NHmAFn9c9HBY6gKY37NXPHPtggp038hrOEE7LnfTy+DDD0bdBTlPut8CD6kFNgXuFOo4GWxlFg8xFsBxRd0Ta5WipJDdHhEeTpZC5W1wBBY4fdwRdJPWvwJxMMoaRtaZh/U8IRRG4O7FFZnKjxL4aqdk5Xbz6RvC/yHDNwW8pwrahdB5LSyd11V2pojG0u+wvmM6O894jHCcSv8HMtVlkrli6KH0WRleKlnYx41CtyLeS5qPcQnLcx5sAesyPoNC5vLla5ulY8wh7g==; 5:aKpVfZMvxNYUH63CPEfTcwIQOtFnMcDD2H4kwj4hKm95XBgUzSr2bvq5B2+f8Jn6f6nSQ0PxOJEQYQHt8J+E4cO+jjGaA+dabAZZlHE/1jIPCOcW8+bsXahaKKyBIQyOlahcibeJw9+gx3rTn5i9yEYF5gnv9jijWBAqyp3vckU=; 24:aE8NE2s6orJqqrixugGJt1sJ2NkQhYgw3iArdoWJK0CqzKoO3cFnXXbm9/mDnysdPIhgAZavED3szvNVj7q+gaOlqcHKY+vanu1LYgbFsO0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB616; 7:qwgO325yLS/94NvI7sC8ee2ZIbZZYg8GqZTg0dJ+aAnOq/4Q3kRmgvG8ufbh4zooNAP6gZyKrVQUgtfHXN+Ce9cAYMCsQO0TB0DdW2l23dM6hX+GoEoKx1y80rv/p0svcJ/HNvUcMaQ7+tTYbcDvMpaa4U25N9Tm9xIgODHbCXhyP5HZWR9GAQZMFe1DR/+/UUIpdhznmQ01Xrqyc5LhYSILDI+J/BAQNBY7eKL7AYXTUkDTpA31p4cEXMYbIeRQ X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jul 2018 20:01:43.4638 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: af9dcccd-1a43-4ea7-23f9-08d5e37b4bd8 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB616 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-06_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807060224 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2018 20:01:48 -0000 > 1. It's unclear in what context files are used (loader, userspace, > and/or kernel). Some files in directories are built in multiple > contexts, but not others, and the contexts aren't clear from the > pathnames. That lead(s) to some confusion. For crypto review you Originally all this was only for the loader. But then the need for a veriexec userland tool that would verify manifests before feeding the kernel was brought up. A subset of libve is needed for that. The Makefile.libsa.inc in both libbearssl and libve show what get's used by libsa - for loader. Of libve only vets.c (trust store) and the openpgp/ code (optionally) is needed for userland. > really want clarity. It is almost certainly better to break this into > several pieces. I.e., the mechanical build system changes to import > bearssl can be separated out; you could maybe add loader-only > verification code next, then bring in the kernel pieces, then > userspace (as separate reviews). You know this work better than I do; > how you choose to split it is up to you. But I would encourage > smaller pieces. Yes, the initial review was bigger than I'd expected - beyond the point at which a gui is helpful. I'm open to alternate arrangements - the current diff is a minimal re-org to fit into the new stand/ environment and present the work so others can provide feedback. > 2. A lot of the responses to my questions or comments are "JunOS does > (or has done) it this way." Those are great rationales for Juniper > continuing to use the existing design in its commercial product! But > this isn't JunOS, and booting JunOS is useless to FreeBSD. If all you Perhaps I've not made myself clear. Junos is a FreeBSD based OS, it's booting requirements are in some respects more complicated than a typical FreeBSD install - so it serves as a useful example. I shoud also point out that we always provide the kernel with an md_image for its initial rootfs - and that md_image is verified by the loader - obviating the need for any of this stuff in the kernel itself. Everything needed to get mac_veriexec initialized and enforced is in that md_image. If that's not done, then someone would need to consider adding code to kernel to verify init, and the rc scripts etc etc. > want to do with the changes is boot JunOS, I don't see any reason to > include it in FreeBSD. If your concern is that the implementations No, we could skip upstreaming this completely - but other vendors who also use FreeBSD have expressed interest. > will diverge slightly, well, they will. That's sort of the nature of That doesn't concern me at all. > being a downstream commercial product of FreeBSD. For anything > removed in FreeBSD (i.e., obsolete SHA1 support, or even RSA/ECDSA Sorry, if you want to support signature other methods you are welcome to add them. Many of those vendors interested in this work face the same limitations we do - needing to use US Govt approved algorithms. Perhaps you could enumerate some of the alternatives you'd support. You've veto'd pretty much everything here, so what do you think the modern world needs? Eg. X.509 is horrible - everyone agrees, but what is the alternative that offers the same flexibility? RSA and ECDSA are old fasioned? What are the proposed alternatives? and what libraries implement them that are small enough to incorporate into the loader? This project has been on my todo list for a decade, but was not viable until BearSSL showed up last year. OpenSSL was simply too big - the loader stops working somewhere around 500K (based on my experiments yesterday) and the OpenSSL code required is 3M+ --sjg