From owner-svn-src-all@freebsd.org Mon Mar 9 09:06:27 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68BC525CA8D; Mon, 9 Mar 2020 09:06:27 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48bXQS40rhz3GCg; Mon, 9 Mar 2020 09:06:24 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1583744781; bh=8MKmO+VM/8SnFbOW28x72f4duXiCZkyCB2fk2t6aZZY=; h=X-UI-Sender-Class:Date:From:Cc:Subject:In-Reply-To:References; b=e70uCJSDdfqPpa3iaLs08bnBk2v7S/cjY0hBRd4+3+LqtfihM1Kkp7PC2Y0LqS0Xq gO231t0rB/cTfjjL4rkJ731/OJRinHMq8lABv6/9O0lHA22/tEKM6gK50VT+9nlcNA Xh28McIPbuW2GzkgDoMpV8sLdu2nBpcAB+MvU9Hg= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from freyja ([79.192.162.249]) by mail.gmx.com (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MNKhm-1izm3b15sw-00Ol5K; Mon, 09 Mar 2020 10:06:21 +0100 Date: Mon, 9 Mar 2020 10:06:18 +0100 From: "O. Hartmann" Cc: "Simon J. Gerraty" , svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 st... Message-ID: <20200309100614.560b808e@freyja> In-Reply-To: <20200309070540.7b3c9ce6@freyja> References: <202003081742.028HghCd086246@repo.freebsd.org> <20200309070540.7b3c9ce6@freyja> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:7ktbZT3bJgHTC1eTFhMlaoK4lIzRJdcSv0qyJqZkGgF20HcGbGS ogGCf2GKyrSvatbAu88teX5+XUtJbLrLRVkxr62nd3GPe+iC+RFjOX6hOa3ZI08Klf7itWv nrB9jbtuIY/kqwTgSnBqLr+QK5jDBIFLRlY7rmO+xIXskvXpAxnz8Bf3igG4A3B3x1p+9EC UubK31ckz7C0NNYwScLyQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:s0VYplo92D4=:GeXM0vOOdXpml49TPGJhb6 2AvIrSHXi0IQs6iWUTUNg+RYQ5LLd2ElJCD0yCpYnXUI+eLyg4l0TY0SJ4mbED8Yfzoeez2UA 08ne4O1Acz7NQ1lLWisSb+pC+fEv7Py1pe82makerPYt5jf6hFVUMGKb8Tnmpg25iDGp7ybv7 w+ru9D3EeAy1tOnJN5ytl0NadtLbbesuHbKhmhXKH9siOp81ml9FWCo7Fg6TEnRevvSn/VGUF 4t60pPjFIn/TDE2SLnaar7hoyBCHWokpjICZyfxYMtC/euLdy3A7v9ZVbuyVj7AYQPSd/UW8Q SDA1IdO4Bk5Hgv+NzBVK7rYzbrXgZTduKappyXF9YkeiQcpvE0H5LKCP1j+PeLfZ9GtlIBMBh 9+cA/X7DsUpA9EnaOjd4K8oG2uKkDvZpmjhHBt8QC7ijTH/+le9DaepAKguh9uhsAVVTpXiFR y54gUwnNGXcSX/s2Z47Sx7RWp5W7PNkJD3GLORPC9V0C5FEn855NIXjKQ90u9y3Kc/Wv9QCW+ dMqMKfuDiyEkKqO9YUK0V4LU83h0qCbjZOUWbdMgvah78ClNgo5G83B5Lhquz82a1dtpiySaR WWGkR8qqUG9U6X4TrH5WGh7cGf4b3CloMvC0UmDJPDDdVwakf1T+MId2pwRezYgar/U1yrtjW JXXEO3UBlewR4RpUYIqbD8Pb8g95NioobnACYQY/gg9n6QnbSzwS4/d28Qfw6V5Evy2crp8Pq PMKwiAT/xFlRRHj+XqHfXELAy8b0iInytHODdB9w/Bx6pnVpZFmO1r5AhSHJyUwBhGY/7lhWr Ok8w7qf3W61E+ngZGN1YY0ye2Zm3OGw2ZAyzJMbSUcqYnEmbzXhiyRzorl8fFaPB6h4Nx7XUe eAD8iydXYITg66rqsfC4ugQn4xVOc0hU+LlNxUfk1ssfjXIF8nqwt0sAk4on0RkbOcmxbEwrl nFMtnFq1PC43j8xoEnHuJ+3lXqMyNdWhaqzT5QOe++N72hPTJGI3y/OREBowk1RfqQ1+9nNMz n8OT+7lEiGzUPXtwofbtdq+pJ8haXrrrTsZ16HGQjoNlNIPWveapwb3+CPjqLGdCb8HUuOWNc xJAH7i0mS7Tdy7uj0NwcUGL3ByijOTEs0EoUebri/zooLBPCWY5N1dKRr7FgUCW/3sOAk/NXa XlgOFb9YD6zyi65M6QNJ6lotP+aTYZSwZhRksIvptZ61C858aHrkhvUNKL5h3DUffPw1B4fx5 nRuTANgdVTs0ccNK2 X-Rspamd-Queue-Id: 48bXQS40rhz3GCg X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=e70uCJSD; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.17.21) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [0.70 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; RECEIVED_SPAMHAUS_PBL(0.00)[249.162.192.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[walstatt.org]; NEURAL_HAM_LONG(-0.99)[-0.995,0]; NEURAL_SPAM_MEDIUM(0.72)[0.721,0]; IP_SCORE(-1.13)[ip: (-6.68), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.17), country: DE(-0.02)]; DKIM_TRACE(0.00)[gmx.net:+]; MISSING_TO(2.00)[]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[21.17.227.212.list.dnswl.org : 127.0.3.1]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2020 09:06:27 -0000 On Mon, 9 Mar 2020 07:05:46 +0100 "O. Hartmann" wrote: > On Sun, 8 Mar 2020 17:42:43 +0000 (UTC) > "Simon J. Gerraty" wrote: > > > Author: sjg > > Date: Sun Mar 8 17:42:42 2020 > > New Revision: 358744 > > URL: https://svnweb.freebsd.org/changeset/base/358744 > > > > Log: > > veloader use vectx API for kernel and modules > > > > The vectx API, computes the hash for verifying a file as it is read. > > This avoids the overhead of reading files twice - once to verify, th= en > > again to load. > > > > For doing an install via loader, avoiding the need to rewind > > large files is critical. > > > > This API is only used for modules, kernel and mdimage as these are t= he > > biggest files read by the loader. > > The reduction in boot time depends on how expensive the I/O is > > on any given platform. On a fast VM we see 6% improvement. > > > > For install via loader the first file to be verified is likely to be= the > > kernel, so some of the prep work (finding manifest etc) done by > > verify_file() needs to be factored so it can be reused for > > vectx_open(). > > > > For missing or unrecognized fingerprint entries, we fail > > in vectx_open() unless verifying is disabled. > > > > Otherwise fingerprint check happens in vectx_close() and > > since this API is only used for files which must be verified > > (VE_MUST) we panic if we get an incorrect hash. > > > > Reviewed by: imp,tsoome > > MFC after: 1 week > > Sponsored by: Juniper Networks > > Differential Revision: https://reviews.freebsd.org//D23827 > > > > Modified: > > head/lib/libsecureboot/h/libsecureboot.h > > head/lib/libsecureboot/h/verify_file.h > > head/lib/libsecureboot/tests/tvo.c > > head/lib/libsecureboot/vectx.c > > head/lib/libsecureboot/verify_file.c > > head/share/mk/src.opts.mk > > head/stand/common/bootstrap.h > > head/stand/common/interp_forth.c > > head/stand/common/interp_simple.c > > head/stand/common/load_elf.c > > head/stand/common/load_elf_obj.c > > head/stand/common/misc.c > > head/stand/common/module.c > > head/stand/efi/loader/arch/i386/i386_copy.c > > head/stand/efi/loader/copy.c > > head/stand/efi/loader/loader_efi.h > > head/stand/efi/loader/main.c > > head/stand/ficl/loader.c > > head/stand/i386/libi386/i386_copy.c > > head/stand/i386/libi386/libi386.h > > head/stand/i386/loader/chain.c > > head/stand/libofw/libofw.h > > head/stand/libofw/ofw_copy.c > > head/stand/loader.mk > > head/stand/mips/beri/loader/arch.c > > head/stand/powerpc/kboot/main.c > > head/stand/uboot/lib/copy.c > > head/stand/uboot/lib/libuboot.h > > head/stand/userboot/userboot/copy.c > > head/stand/userboot/userboot/libuserboot.h > > > > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org= " > [... deleted ...] > > > buildworld seems to be broken on this commit: > > [...] > --- all_subdir_stand --- > --- lstd.o --- > /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function= call, > expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { > ~~~~~~~~~~~ ^ > /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' dec= lared > here int verify_file(int, const char *, off_t, int, const char *); > ^ > 1 error generated. > [...] > > Building host is CURRENT, FreeBSD 13.0-CURRENT #118 r358695: Fri Mar 6 > 12:48:00 CET 2020 amd64: > > kind regards, > > oh > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org" The problem reported seems to occur when WITH_BEARSSL=3DYES is enabled in /etc/src.conf.