From owner-freebsd-current@freebsd.org Thu Apr 12 00:33:20 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2341DF9ECB6 for ; Thu, 12 Apr 2018 00:33:20 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 8C4236D797; Thu, 12 Apr 2018 00:33:19 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 291F09774; Thu, 12 Apr 2018 00:33:19 +0000 (UTC) Subject: Re: GELI with UEFI supporting Boot Environments goes to HEAD when? To: Warner Losh Cc: Oliver Pinter , Tommi Pernila , "[ScaleEngine] Allan Jude" , freebsd-current , Warner Losh References: <0e75a2ba-9a59-8301-a678-68a822025bd6@metricspace.net> <9df63df2-9d61-4106-f360-347411869b41@metricspace.net> From: Eric McCorkle Openpgp: preference=signencrypt Autocrypt: addr=eric@metricspace.net; prefer-encrypt=mutual; keydata= mDMEWQXo2BYJKwYBBAHaRw8BAQdAYZJt/w5CCUvp4v5Mssy0JwiO21sDxKfa27YLD5uQVc60 JEVyaWMgTWNDb3JrbGUgPGVyaWNAbWV0cmljc3BhY2UubmV0PoiZBBMWCABBAhsDBQkB4TOA BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEE6eoVp0R+Jx2/f0Df5CP6Oqs6upgFAlkF6gcC GQEACgkQ5CP6Oqs6upiK5gEA2rdFpRnPct2O6IWIIkiiDSxVcQumGJNLpl5+wvjcOgsA/iHL kDE4v0RLg6w8b8KWzSJVFtim9Zoff66iUzkEVNQNtChFcmljIE1jQ29ya2xlIDxlcmljX21j Y29ya2xlQGtleWJhc2UuaW8+iJYEExYIAD4WIQTp6hWnRH4nHb9/QN/kI/o6qzq6mAUCWQXq AQIbAwUJAeEzgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDkI/o6qzq6mC1TAP49VcmC wwa0/X/jU8EeLCjFQL+3U1UvKKRaN7tvt8U76QD+IzjI3LoSWzc3F/Zqu+8NE/LSbzTbFezC f0VUJiuEhgu0K0VyaWMgTWNDb3JrbGUgPGVyaWNtY2NvcmtsZUBwcm90b25tYWlsLmNvbT6I lgQTFggAPhYhBOnqFadEficdv39A3+Qj+jqrOrqYBQJZLrJoAhsDBQkB4TOABQsJCAcCBhUI CQoLAgQWAgMBAh4BAheAAAoJEOQj+jqrOrqYAGsBANlpTq+GF+7N9o5iVkDwuuO7ZBFZlxsO CdA/dIhh3oBCAQC2ipgR/mE6eab1akzRa5PsEAHA/z3bDxLYtCZzCBXdBrg4BFkF6NgSCisG AQQBl1UBBQEBB0BXtYyAeWPqTL7aosi48FCkwH7+w17y3wMv2kCTLStqPgMBCAeIfgQYFggA JhYhBOnqFadEficdv39A3+Qj+jqrOrqYBQJZBejYAhsMBQkB4TOAAAoJEOQj+jqrOrqY2H8A /1tdtmFg6evmfC6Hf4+kTd76Dj+Kb7DfDyGrcYDy8cmuAQCGwHh+Za5U1zptnKCSgvKcjBgS EuvfTgXZTaIXaZOnBA== Message-ID: <5ba11024-e99b-86e1-48b7-125fb80b4001@metricspace.net> Date: Wed, 11 Apr 2018 20:33:14 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NWudzlHR0FtwPcMk3NqvOKi5FpG39QoiP" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2018 00:33:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NWudzlHR0FtwPcMk3NqvOKi5FpG39QoiP Content-Type: multipart/mixed; boundary="lr8kB5RO0udJItiOegEozSjEkCObf6cXi"; protected-headers="v1" From: Eric McCorkle To: Warner Losh Cc: Oliver Pinter , Tommi Pernila , "[ScaleEngine] Allan Jude" , freebsd-current , Warner Losh Message-ID: <5ba11024-e99b-86e1-48b7-125fb80b4001@metricspace.net> Subject: Re: GELI with UEFI supporting Boot Environments goes to HEAD when? References: <0e75a2ba-9a59-8301-a678-68a822025bd6@metricspace.net> <9df63df2-9d61-4106-f360-347411869b41@metricspace.net> In-Reply-To: --lr8kB5RO0udJItiOegEozSjEkCObf6cXi Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable I'm in the middle of moving to a new apartment right now. It's going to be a bit before I can get to this. On 04/11/2018 20:31, Warner Losh wrote: > OK. I've pushed in the main part of it. The additional work I have > shouldn't affect any of this stuff.=C2=A0 I was going to look at what p= art(s) > of your open reviewed needed to be redone tomorrow and send you > feedback, but if you wanted to get a start before then, I'm happy to > answer questions. All the rest of my work is going to be selecting the > root partition when we're told to us a specific partition, so will be > very constrained. >=20 > Warner >=20 > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle > wrote: >=20 > I think the thing to do at this point is to wait for the current wo= rk on > loader.efi to land, then adapt my patches to apply against that wor= k. >=20 > On 04/11/2018 15:06, Warner Losh wrote: > > Still reviewing the code. I'm worried it's too i386 specific and = it > > conflicts with some work I'm doing. I'll have a list of actionabl= e > > critiques this week. > > > > Warner > > > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter > > > >> > > wrote: > > > >=C2=A0 =C2=A0 =C2=A0Hi! > > > >=C2=A0 =C2=A0 =C2=A0Is there any update regarding the rebase or th= e inclusion to base > >=C2=A0 =C2=A0 =C2=A0system? > >=C2=A0 =C2=A0 =C2=A0On 3/28/18, Eric McCorkle > >=C2=A0 =C2=A0 =C2=A0>> wrote: > >=C2=A0 =C2=A0 =C2=A0> I'll do another rebase from head just to be = sure > >=C2=A0 =C2=A0 =C2=A0> > >=C2=A0 =C2=A0 =C2=A0> On March 28, 2018 3:23:23 PM EDT, Warner Los= h > >=C2=A0 =C2=A0 =C2=A0= >> wrote: > >=C2=A0 =C2=A0 =C2=A0>>It's on my list for nexr, finally. I have an= alternate patch for > >=C2=A0 =C2=A0 =C2=A0>>loader.efi > >=C2=A0 =C2=A0 =C2=A0>>from ESP, but i don't think it will affect t= he GELI stuff. I have some > >=C2=A0 =C2=A0 =C2=A0>>time > >=C2=A0 =C2=A0 =C2=A0>>slotted for integration issues though. > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>>I am quite mindful of the freeze dates.... I= =C2=A0 have some uefi boot > >=C2=A0 =C2=A0 =C2=A0>>loader > >=C2=A0 =C2=A0 =C2=A0>>protocol changes that I need to get in. > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>>Warner > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>>On Feb 21, 2018 11:18 PM, "Tommi Pernila" > >=C2=A0 =C2=A0 =C2=A0>> wrote: > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>>> Awesome, thanks for the update and the wor= k that you have done! > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0>>> Now we just need some more reviewers eyes = on the code :) > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0>>> Br, > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0>>> Tommi > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0>>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle= > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>>wrote: > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0>>>> FYI, I just IFC'ed everything, and the cu= rrent patches > are still > >=C2=A0 =C2=A0 =C2=A0>>fine. > >=C2=A0 =C2=A0 =C2=A0>>>> > >=C2=A0 =C2=A0 =C2=A0>>>> Also, the full GELI + standalone loader h= as been deployed > on one of > >=C2=A0 =C2=A0 =C2=A0>>my > >=C2=A0 =C2=A0 =C2=A0>>>> laptops for some time now. > >=C2=A0 =C2=A0 =C2=A0>>>> > >=C2=A0 =C2=A0 =C2=A0>>>> On 02/21/2018 18:15, Eric McCorkle wrote:= > >=C2=A0 =C2=A0 =C2=A0>>>> > The GELI work could be merged at this p= oint, though it > won't be > >=C2=A0 =C2=A0 =C2=A0>>usable > >=C2=A0 =C2=A0 =C2=A0>>>> > without an additional patch to enable l= oader-only > operation.=C2=A0 The > >=C2=A0 =C2=A0 =C2=A0>>>> > patches are currently up for review: > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > This is the order in which they'd need = to be merged: > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > https://reviews.freebsd.org/D12732 > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > This one changes the efipart device.=C2= =A0 Toomas Soome > identified > >=C2=A0 =C2=A0 =C2=A0some > >=C2=A0 =C2=A0 =C2=A0>>>> > problems, which I have addressed.=C2=A0= He has not > re-reviewed it, > >=C2=A0 =C2=A0 =C2=A0>>however. > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > https://reviews.freebsd.org/D12692 > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > This adds some crypto code needed for G= ELI.=C2=A0 It simply > adds new > >=C2=A0 =C2=A0 =C2=A0>>code, > >=C2=A0 =C2=A0 =C2=A0>>>> > and doesn't conflict with anything. > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > https://reviews.freebsd.org/D12698 > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > This adds the EFI KMS interface code, a= nd has the EFI > loader pass > >=C2=A0 =C2=A0 =C2=A0>>keys > >=C2=A0 =C2=A0 =C2=A0>>>> > into the keybuf interface. > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > I can't post the main GELI driver until= those get > merged, as it > >=C2=A0 =C2=A0 =C2=A0>>depends > >=C2=A0 =C2=A0 =C2=A0>>>> > on them.=C2=A0 It can be found on the g= eli branch on my > github freebsd > >=C2=A0 =C2=A0 =C2=A0>>>> > repository, however. > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > Additionally, you need this patch, whic= h allows > loader.efi to > >=C2=A0 =C2=A0 =C2=A0>>function > >=C2=A0 =C2=A0 =C2=A0>>>> > when installed directly to the ESP: > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > https://reviews.freebsd.org/D13497 > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > On 02/20/2018 22:56, Tommi Pernila wrot= e: > >=C2=A0 =C2=A0 =C2=A0>>>> >> Hi Eric, > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> could you provide a brief update how t= he work is going? > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> Br, > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> Tommi > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> On Nov 16, 2017 04:29, "Eric McCorkle"= > > >=C2=A0 =C2=A0 =C2=A0> > >=C2=A0 =C2=A0 =C2=A0>>>> >> >>> > >=C2=A0 =C2=A0 =C2=A0wrote: > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0Right, so basically= , the remaining GELI patches > are against > >=C2=A0 =C2=A0 =C2=A0>>>> loader, and > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0most of them can go= in independently of the work > on removing > >=C2=A0 =C2=A0 =C2=A0>>boot1. > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0There's a unanimous= consensus on getting rid of > boot1 which > >=C2=A0 =C2=A0 =C2=A0>>>> includes its > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0original author, so= that's going to happen. > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0For GELI, we have t= he following (not necessarily > in order): > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0a) Adding the KMS i= nterfaces, pseudo-device, and > kernel > >=C2=A0 =C2=A0 =C2=A0>>keybuf > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0interactions > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0b) Modifications to= the efipart driver > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0c) boot crypto > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0d) GELI partition t= ypes (not strictly necessary) > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0Then there's the GE= LI driver itself.=C2=A0 (a) and (c) are > >=C2=A0 =C2=A0 =C2=A0good to > >=C2=A0 =C2=A0 =C2=A0>>>> land, (b) > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0needs some more wor= k after Toomas Soome pointed out a > >=C2=A0 =C2=A0 =C2=A0>>legitimate > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0problem, and (d) ac= tually needs a good bit more > code (but > >=C2=A0 =C2=A0 =C2=A0>>again, > >=C2=A0 =C2=A0 =C2=A0>>>> it's > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0more cosmetic).=C2=A0= Additionally, the GELI driver > will need > >=C2=A0 =C2=A0 =C2=A0>>further > >=C2=A0 =C2=A0 =C2=A0>>>> mods to > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0efipart to be writt= en (nothing too big).=C2=A0 But we > could go > >=C2=A0 =C2=A0 =C2=A0>>ahead > >=C2=A0 =C2=A0 =C2=A0>>>> with (a) > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0and (c), as they've= already been proven to work. > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0I'd wanted to have = this stuff shaped up sooner, > but I'm > >=C2=A0 =C2=A0 =C2=A0>>>> preoccupied with > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0the 7th RISC-V work= shop at the end of the month. > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0Once this stuff is = all in, loader should handle > any GELI > >=C2=A0 =C2=A0 =C2=A0>>volumes it > >=C2=A0 =C2=A0 =C2=A0>>>> >>=C2=A0 =C2=A0 =C2=A0finds, and it shoul= d Just Work once boot1 is gone. > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> >> > >=C2=A0 =C2=A0 =C2=A0>>>> > _______________________________________= ________ > >=C2=A0 =C2=A0 =C2=A0>>>> > freebsd-current@freebsd.org > > >=C2=A0 =C2=A0 =C2=A0 > mailing list > >=C2=A0 =C2=A0 =C2=A0>>>> > https://lists.freebsd.org/mailman/listi= nfo/freebsd-current > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0>>>> > To unsubscribe, send any mail to "freeb= sd-current-unsubscribe@ > >=C2=A0 =C2=A0 =C2=A0>>>> freebsd.org " > >=C2=A0 =C2=A0 =C2=A0>>>> > > >=C2=A0 =C2=A0 =C2=A0>>>> > >=C2=A0 =C2=A0 =C2=A0>>> > >=C2=A0 =C2=A0 =C2=A0> > >=C2=A0 =C2=A0 =C2=A0> -- > >=C2=A0 =C2=A0 =C2=A0> Sent from my Android device with K-9 Mail. P= lease excuse my brevity. > >=C2=A0 =C2=A0 =C2=A0> ____________________________________________= ___ > >=C2=A0 =C2=A0 =C2=A0> freebsd-current@freebsd.org > > > > >=C2=A0 =C2=A0 =C2=A0mailing list > >=C2=A0 =C2=A0 =C2=A0> https://lists.freebsd.org/mailman/listinfo/f= reebsd-current > > >=C2=A0 =C2=A0 =C2=A0 > > >=C2=A0 =C2=A0 =C2=A0> To unsubscribe, send any mail to > >=C2=A0 =C2=A0 =C2=A0"freebsd-current-unsubscribe@freebsd.org > > >=C2=A0 =C2=A0 =C2=A0 >" > >=C2=A0 =C2=A0 =C2=A0> > > > > >=20 >=20 --lr8kB5RO0udJItiOegEozSjEkCObf6cXi-- --NWudzlHR0FtwPcMk3NqvOKi5FpG39QoiP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTp6hWnRH4nHb9/QN/kI/o6qzq6mAUCWs6pSgAKCRDkI/o6qzq6 mMN8AQDOsBdY5bwjSG2EbESTxAbZkK64DhrLcX+JHMhX7HTGIQD/YPQOiflSkFzd SbkGcDKKl+zaKvUUGtL7yBHYEUxYOgw= =pUWJ -----END PGP SIGNATURE----- --NWudzlHR0FtwPcMk3NqvOKi5FpG39QoiP--