Date: Thu, 26 Mar 2015 17:04:00 -0700 From: Xin Li <delphij@delphij.net> To: John-Mark Gurney <jmg@funkthat.com>, Pedro Arthur <bygrandao@gmail.com> Cc: "<freebsd-hackers@freebsd.org>" <freebsd-hackers@freebsd.org> Subject: Re: GELI support on /boot folder Message-ID: <55149E70.30608@delphij.net> In-Reply-To: <20150319013231.GR51048@funkthat.com> References: <CAKN1MR54TCWZa_wSLAe63fxVF6248yr_aKkg-T0WtxHzaiLkyw@mail.gmail.com> <20150319013231.GR51048@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/18/15 18:32, John-Mark Gurney wrote: > If we go thise route, I'd ask why we don't put loader into the > gptboot instead of using the existing shim to load loader... Then > the project would be to add GELI decryption to loader which could > then be used w/ MBR in the limited sense of loading kernel and > modules, though boot/loader would still have to be on an > unencrypted partition... > > I hope others who know the boot process better will inform us why > this is a good or bad idea... If we make changes to loader more often, it could be a bad idea because merging both parties would make it harder for those who develop loader changes. Additionally, it may be desirable to keep different copies of loaders in different "boot environment" datasets, it's more convenient for debugging: let's say one developer decided to make some changes to ZFS support of loader, and that's installed to a new boot environment, then they can try it out without making a usable boot disk at hand before hand. Once the zfsloader is proven to be working (we still have zfsloader.old or a different boot environment available), we would have much more confident that the system will boot after a gptzfsboot update because they share the same code. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD) iQIcBAEBCgAGBQJVFJ5rAAoJEJW2GBstM+ns2o8P/jdBS5VfnD2N+sKXyE7d7cmE nHzJVLA1TgkH7EdEwyzxpi/wv6LDmnsXDKAeS2iYU9T5v888XWpltJYo6Iq43h7j 5m7Y+BlMaLUlZl+IbmI07z8qrc4eYjsDKfzRiDuVTXMuW6AY5yfi+Ainmi0TbpyY KmQF5Xk/iQMUaK2S6Br3dckPnffxbaABaUUOLDwEVGwlorjsjw6pM2ckHWoSxzV6 ITE5mwhuAhE3JL/YUS0zhXD4y6ya62V4WOUbxQvivw0NHoqZ0RZhSistC5bPP5+Z JiNMVJx7NIrBYTXOpuUztpCs05QS88NF+AnMo2jtwZ78DRQFAvZAlKIV5+wAF2ZO pSTRFVir+MXM9mS4sLtg/0CViQ5V7VMPXeXP/9fHErWrSrGcM3sa4cUxI4/vfIeh cfu2MEV6+7G0anxu4x4El8epGOrK0r+oOyF2/LiiZ5fvsGLisTD8JgJvHk3g2Dh2 62ud004lTaq/ZamlLDq4gjO013MoVDVdLltfE526Fl2nL1y+loHSEnV3xflkFbfO INevkg39Oo2/Nl7d0vkJJwp3p53jhmQHKC7XBYZ4Taz5GWjJws9MUCZlD7IzlpfR ZS7Eomcu9S1bQdVxJX4kdaJEyWpmHrvLc5gye7wTM1E3evRjTinoNLDhIk2amUwb Y5kuXgSGxaJhqpjxaDal =5WOr -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55149E70.30608>