From owner-svn-src-head@freebsd.org Thu Aug 23 22:50:12 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACE69109A567; Thu, 23 Aug 2018 22:50:12 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4E4E18BA90; Thu, 23 Aug 2018 22:50:12 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2A7B6875; Thu, 23 Aug 2018 22:50:12 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7NMoCZn013898; Thu, 23 Aug 2018 22:50:12 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7NMoCQh013897; Thu, 23 Aug 2018 22:50:12 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201808232250.w7NMoCQh013897@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Thu, 23 Aug 2018 22:50:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338282 - head/usr.sbin/bsdinstall/scripts X-SVN-Group: head X-SVN-Commit-Author: allanjude X-SVN-Commit-Paths: head/usr.sbin/bsdinstall/scripts X-SVN-Commit-Revision: 338282 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Aug 2018 22:50:12 -0000 Author: allanjude Date: Thu Aug 23 22:50:11 2018 New Revision: 338282 URL: https://svnweb.freebsd.org/changeset/base/338282 Log: bsdinstall/zfsboot: Enable new UEFI+GELI support After r336252 it is no longer necessary to have a separate bootpool when booting from an encrypted disk with UEFI. This change also switches the EFI System Partition contents from the 800 KB boot1.efifat to a new 200 MB filesystem created with newfs_msdos and uses loader.efi directly, instead of boot1.efi. PR: 228916 Reviewed by: dteske MFC after: 1 month Relnotes: yes Sponsored by: Klara Systems Differential Revision: https://reviews.freebsd.org/D12315 Modified: head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Thu Aug 23 22:35:14 2018 (r338281) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Thu Aug 23 22:50:11 2018 (r338282) @@ -185,9 +185,11 @@ FSTAB_FMT="%s\t\t%s\t%s\t%s\t\t%s\t%s\n" # # Command strings for various tasks # +COPY='cp "%s" "%s"' CHMOD_MODE='chmod %s "%s"' DD_WITH_OPTIONS='dd if="%s" of="%s" %s' ECHO_APPEND='echo "%s" >> "%s"' +ECHO_OVERWRITE='echo "%s" > "%s"' GELI_ATTACH='geli attach -j - -k "%s" "%s"' GELI_ATTACH_NOKEY='geli attach -j - "%s"' GELI_DETACH_F='geli detach -f "%s"' @@ -211,6 +213,7 @@ KLDLOAD='kldload %s' LN_SF='ln -sf "%s" "%s"' MKDIR_P='mkdir -p "%s"' MOUNT_TYPE='mount -t %s "%s" "%s"' +NEWFS_ESP='newfs_msdos -F %s -L "%s" "%s"' PRINTF_CONF="printf '%s=\"%%s\"\\\n' %s >> \"%s\"" PRINTF_FSTAB='printf "$FSTAB_FMT" "%s" "%s" "%s" "%s" "%s" "%s" >> "%s"' SHELL_TRUNCATE=':> "%s"' @@ -841,18 +844,34 @@ zfs_create_diskpart() # 2. Add small freebsd-boot and/or efi partition # if [ "$ZFSBOOT_BOOT_TYPE" = "UEFI" -o "$ZFSBOOT_BOOT_TYPE" = "BIOS+UEFI" ]; then - # - # Enable boot pool if encryption is desired - # - [ "$ZFSBOOT_GELI_ENCRYPTION" ] && ZFSBOOT_BOOT_POOL=1 - f_eval_catch $funcname gpart \ "$GPART_ADD_ALIGN_LABEL_WITH_SIZE" \ - "$align_small" efiboot$index efi 200M $disk || + "$align_small" efiboot$index efi 200M \ + $disk || return $FAILURE - f_eval_catch $funcname gpart "$GPART_BOOTCODE_PARTONLY" \ - /boot/boot1.efifat 1 $disk || - return $FAILURE + + f_eval_catch $funcname mkdir "$MKDIR_P" \ + "$BSDINSTALL_TMPETC/esp" || return $FAILURE + f_eval_catch $funcname newfs_msdos "$NEWFS_ESP" "16" \ + "EFISYS" "/dev/${disk}p1" || + return $FAILURE + f_eval_catch $funcname mount "$MOUNT_TYPE" "msdosfs" \ + "/dev/${disk}p1" \ + "$BSDINSTALL_TMPETC/esp" || + return $FAILURE + f_eval_catch $funcname mkdir "$MKDIR_P" \ + "$BSDINSTALL_TMPETC/esp/efi/boot" || + return $FAILURE + f_eval_catch $funcname cp "$COPY" "/boot/loader.efi" \ + "$BSDINSTALL_TMPETC/esp/efi/boot/$ZFSBOOT_ESP_NAME" || + return $FAILURE + f_eval_catch $funcname echo "$ECHO_OVERWRITE" \ + "$ZFSBOOT_ESP_NAME" \ + "$BSDINSTALL_TMPETC/esp/efi/boot/startup.nsh" || + return $FAILURE + f_eval_catch $funcname umount "$UMOUNT" \ + "$BSDINSTALL_TMPETC/esp" || + return $FAILURE fi if [ "$ZFSBOOT_BOOT_TYPE" = "BIOS" -o "$ZFSBOOT_BOOT_TYPE" = "BIOS+UEFI" ]; then @@ -1574,6 +1593,20 @@ arm64) : ${ZFSBOOT_PARTITION_SCHEME:=GPT} fi ;; +esac + +# +# The EFI loader installed in the ESP (EFI System Partition) must +# have the expected name in order to load correctly. +# +[ "$ZFSBOOT_ESP_NAME" ] || case "${UNAME_m:-$( uname -m )}" in + arm64) ZFSBOOT_ESP_NAME=BOOTaa64.efi ;; + arm) ZFSBOOT_ESP_NAME=BOOTarm.efi ;; + i386) ZFSBOOT_ESP_NAME=BOOTia32.efi ;; + amd64) ZFSBOOT_ESP_NAME=BOOTx64.efi ;; + *) + f_dprintf "Unsupported architecture: %s" $UNAME_m + f_die esac #