From owner-freebsd-arch@freebsd.org Thu Oct 19 17:03:04 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE905E40D06 for ; Thu, 19 Oct 2017 17:03:04 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id ACDFA7144F for ; Thu, 19 Oct 2017 17:03:04 +0000 (UTC) (envelope-from sjg@juniper.net) Received: by mailman.ysv.freebsd.org (Postfix) id AA9FAE40D05; Thu, 19 Oct 2017 17:03:04 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8845E40D04 for ; Thu, 19 Oct 2017 17:03:04 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0108.outbound.protection.outlook.com [104.47.33.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 517727144D for ; Thu, 19 Oct 2017 17:03:02 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WhDTaBJRKlFjUq2fwlRaCphHJGTzMU6h1imuXE7x5oo=; b=NwLKIY4tezw2fJbWzwh+0hq6lzrFij/ep3JkJN6SEX7luiVn4Ts+eiROaZG9wo2JpCdQofbtV2wNO1L+sgZvr8WVq+67HIKjTamJHTBvLaUAWtNsy5saDodHrU1RjIxL8Di3U4PhXopfvKEpohU5op4UDF0E5SB2/j0ZJVyTUnM= Received: from BLUPR05CA0081.namprd05.prod.outlook.com (10.141.20.51) by BN6PR05MB3602.namprd05.prod.outlook.com (10.174.235.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.2; Thu, 19 Oct 2017 17:03:00 +0000 Received: from BY2NAM05FT029.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::206) by BLUPR05CA0081.outlook.office365.com (2a01:111:e400:855::51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.156.4 via Frontend Transport; Thu, 19 Oct 2017 17:03:00 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; bsdimp.com; dkim=none (message not signed) header.d=none;bsdimp.com; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by BY2NAM05FT029.mail.protection.outlook.com (10.152.100.166) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.20.77.16 via Frontend Transport; Thu, 19 Oct 2017 17:02:59 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 19 Oct 2017 10:02:47 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v9JH2lV2011774; Thu, 19 Oct 2017 10:02:47 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 5EFAD385568; Thu, 19 Oct 2017 10:02:47 -0700 (PDT) To: Warner Losh CC: "freebsd-arch@freebsd.org" , Subject: Re: boot1.efi future In-Reply-To: References: Comments: In-reply-to: Warner Losh message dated "Tue, 17 Oct 2017 17:18:24 -0600." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <44306.1508432567.1@kaos.jnpr.net> Date: Thu, 19 Oct 2017 10:02:47 -0700 Message-ID: <44307.1508432567@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(346002)(376002)(39860400002)(2980300002)(199003)(24454002)(189002)(23726003)(6916009)(97736004)(2950100002)(5660300001)(7126002)(8676002)(305945005)(81166006)(81156014)(356003)(8936002)(229853002)(47776003)(46406003)(50226002)(69596002)(77096006)(7696004)(478600001)(68736007)(2810700001)(53416004)(9686003)(106466001)(107886003)(53936002)(105596002)(54906003)(55016002)(76506005)(316002)(86362001)(117636001)(6266002)(97876018)(6246003)(4326008)(50466002)(189998001)(97756001)(2906002)(16586007)(76176999)(50986999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR05MB3602; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT029; 1:qX92UeBTZ82ZKrUIqsu8TVlcVF0GMiAvm5g7pvbZWw5y3sNsyzRE7T9qAJ7/xlgr7oHIM5yuVqPrb3GE/Kn1TjRhQ3PgUb8hcs2ig5y+NIonsXlak0aCHahDSLinRy6i X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e2ca0164-077c-4a3a-4e70-08d5171340be X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254171)(4534019)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199)(201703131423094); SRVR:BN6PR05MB3602; X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3602; 3:kkyvAih7S1jkvsChIeTHTvVY0tWpE3H7/M0LA5ypY94YA4fk9TMu5lYnVKCq+xhIFB6LEwt5CAQVP5HuHFU+qlk7RcfLAEdD8m9ewmZfI+fRa3ncYMe1nNbaY6IR5gfflBgNXqwgm+llh1QUYYZ3nzSUy9VUxu/qa5nwwnRnyqilZcrrfDNebj/fzviYT2mQmtUAz9yY/VWoMFdioOEG+RRcoMKOz/GaVoouhC7myVQn2/gJ0rqgjbdnBacX57XzXRusAjx3brz5RBJAjlugG7MsKZaJkJXVE/PxzCJbBqA1lpy5WhOynR4nkLuQ6+i6efYHNhWwXEJ1sS0kd3a+gcEdTvCqCnlOsfCzsfGlPvI=; 25:o7u3UO7DooIHlfkFS4iRk2OLRiHaMg7dKUJUf2Z4DQqaARQc9mwBbccVKoilNSzEJeWNtS7MTYEBaqYg+5TQVQ7Ky9nV+G8y5VZRuPH1cbQai9rzYoo5ZiL7Z1g4SvRX6KK/aHN/6l90lwKbxwJD7Os1lEc/tIMoNukM1SOjhxGIBYOBOEilMtAXchJqwLq8JGk9TEbulOLhjDcWz/84KA+I6usEFr3xTfE7SKTNTV6XEhcIcbzURp027XlQjqKqvkzRFI9IzLUbesRUQiU0bti4KSCFwUjpnbJBAYIqZdDhvM4oG2tjA+cgU6owV6DO+JZ6YBwWbKDMQpLrri5r6g== X-MS-TrafficTypeDiagnostic: BN6PR05MB3602: X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3602; 31:KTDPN+XAV333U555rQAEWzb79CUdgm69KGSAixnrboogGrIUR23UWirCYfLlwaRUIhSFFwRzU9X8Mmw9iZURDw/qcxQIgS3Rs/yJC6ydwId5u0gMkWHdhbimDly3L+Qe5wuBD2rAVHq3eZiEtagMPpMevTrT/MXhUoqJlbq3ycVRhal4QiTU0egYWjo/TVC9ChA34u2YGTeVhvbHEmybdrsVFwg2L8cGEWqrefKqfig=; 20:eo7PpIYnrenZyAM2rVy9VoFwxuE0Z4KQBBUWkLof/Vb4YuFKGSlmzXz0ZkuXhPPa13cXp7eJjFoBPq3gqyPffCwMoY6dUXZ+Jg1s6fqgvQ0U7SzksEybN/lkq6cTpsPBioLuT8BuJfiaKW4Zv9V7CvOmOv2FavwbHsECUbKRjfmFDF6we9kFJ5EsHHGj9dvZHiyRvGqq36Tr53LKtvlsKRxR8C3YjF8QcxELueChWRjwHELa2K0pc/US/fJZloEY+YUogw0Pf0R15gzbjpy+bCZCkxD+g96sYeOoC8nrU/q630cUXcvjgP043V+WGr/nCwCs4ldPDsmYMOoxPtv2lZ+p5kCjWyN952+hrOZgMY3vLP4fbGD3XZqU9rypVtOpi+WtsmoZrBejSnIK2L5AqiRktc8vN1SiG7+OzLvxrQAao7jxmHeOZa8zQFkbMAvRlSFw71yuifLaaGKsTZoOSXNGjBkBaTatMkVp3nEwhvJ/l4mIi8MGeQ9IfsaXwTwp X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93003095)(3002001)(10201501046)(6055026)(6041248)(20161123558100)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR05MB3602; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR05MB3602; X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3602; 4:hwKbmt0DyolUecU/hdM7R0MKP8QCuyxebvDOdTR69QujMnSQ0Q8SCL9Hnn2iQEmwAE9e4sqNyWXIr4DAUw+imMKv92C7djNdXxMWYQMziHmyLfAAuyvtLwll5gQX4ZwtJbLvj0Hp1GVDcfvQNcMtzeBTHg6xVPczyfH0zkG9tGs1KLk0e2N95zPnXWwAM6OPZs7TzSzQNp1QMnFP+VLHyu/BYMxe3R44OjGu9/0L//4CUAMUmlEfZ8ZeSIqYlLVe X-Forefront-PRVS: 0465429B7F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR05MB3602; 23:ht5NkJ1AJUH3HgJH9J+Mi0JPh69DDJlpcv0UecL4c?= =?us-ascii?Q?IzvPwAt41ZUQ4FtQjWCZlL0VoXMuGrjiYY3G0DAJk9a7zGWYBkawY9TRY1Xb?= =?us-ascii?Q?Q11OgC+VX1XShJNfA/iLKXSZjAVZCadJW+b9Psu8Q4dnr+rYoOPMSlwgYQH0?= =?us-ascii?Q?HFL/da6jPpxP1D0gb9WiEJRriJ12uo4Sj6uj5QMi743vgt+NdWuTOSjTUfTh?= =?us-ascii?Q?M724ZzNbGq1Tw0RBTg5g8178eKe4A9nHn/AZzz36R3V8Ti+uocXaP2q6IooS?= =?us-ascii?Q?fdFY/tNtkYnKI9PQxvwX99UqHhi2cx5VDCp554U9RNQVJZ4e8xic5DMEjkT1?= =?us-ascii?Q?geHpry7EzOa0OrnubqxE4XmSDPTh6HwKwB6RtckRA1fFsUlw581vjvzplP7w?= =?us-ascii?Q?gDWxtit5c0ZzNNOX5z2hg77iGhFfpr3BdfkvVKiWnZ/jvrIeKCxvmnorbMO0?= =?us-ascii?Q?IIoPyWus3vptiTbbymolgcIHfig6ITIUJkWycFjpnjFkM3LEMsPZvb/KmUS4?= =?us-ascii?Q?w2wzfknrmeae+20g0FDiw6j/svt8IhhwA82uY092HzRe8F+CYmyoDflPkHTf?= =?us-ascii?Q?scllU+XlbZ270FTcx0dKk7KFIvdnlEoNM+FZ+umx05iJAB9qlI2FCRK3m/fX?= =?us-ascii?Q?p+DFpI4DQsc5nb0hD9DiEURyiGrGFOgSwvR5BpBBk5R0doN/kcjXm+OuSnub?= =?us-ascii?Q?YjWNsXakAcets6avY57Scf4jBlaMTFOGi2IeJXibuVF7v+kJkorAQBSI24Ms?= =?us-ascii?Q?UBqbXQe3IkyA+LKqLpoXu306fj3/jbWHVRA8hL1dvSFJWWVOxSLHQWSvyf4m?= =?us-ascii?Q?xTDCarGL197qPj5JmznjB+0539KaZpvLmNKR2RmpVUTSUx9av2i/21MoIbPU?= =?us-ascii?Q?4lhiRkEIIEXMBF27wNIutFzLTfBoM0CDNeBxFb2HSSH+dDzqdueCI26ERou1?= =?us-ascii?Q?+q37VSbV2J9bVuQ5889412G7bxerg4hS/zO+BpbNhePgcWo6uP9pu6gIE0ME?= =?us-ascii?Q?KWzE3eLx8GnPeFRatM1fKhM7aK9r92ncLrhhcw4EHdruMK2GW/SBoKeqpFID?= =?us-ascii?Q?b7vZrAXkFZwOh5YKJYkst+nm5ypFW7WzAgxxP/7B4SqY2EVkdYzQHFwuus2t?= =?us-ascii?Q?ny1hTXZOhkslYnHabk7oH7FPkXz1exrCYXnUe5VgZ5fb4h8KZ7ZfG6sSQm0W?= =?us-ascii?Q?bs0LHqXEZ8Bez5VzTY6Uwelozra/eFbtP5TgsnXrjXzSzeHZLu2b6B9JM9K2?= =?us-ascii?Q?cObMGliMQUic+Ifd80=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3602; 6:QCh9iU2Sdfh9/0QlLBPcbs6TONuTVeEqolGkr72wgW7GKdProCfyHGIQk1A1lf1UItvTXYM0kQ2PwSvXAu84WYQsEqt4awAssLK6GDl/jT/5jFnUM17+EkxXlIsyGY5MKgqie4vTpWzC3QLW98BPZFECvbbaAMG+bj42dHoVR5S+brphOpcRVHZtL+JFnB72axFkDAn5zNFxC8EImvqCJ6oio3aXP1TaKrf5FBl+mwyYHQIn911uyZ39bqeckWSjkvrBBaHscf5PrwD5q2M8GPF31O+exC4F4rohdX7IaVcF5e8qV/IBJd95mcQmyc9IZjzPVp38xx9z6dp26aXqnA==; 5:ZoNyW/tygBGiooo7FUaBm2F2go9mDJNUB4J4Rkgys3hPffKucnqWjYMvSSB54AS3DNPItZEnzWKwnED3rJDgu+rsZ+TbtljqxWVuhnsLo0W/6unHpInR6RVxvytk9GZWL36vYc+4E/nqMHu5dU9DfcJwEHayYwsBS5/Nf7DpwWY=; 24:BNwwS6zmXJAVwEMWfBLfy83aeZhClVlO4eRgfBsbJDKqXD9vlbll5yZeTki9Jw9IhSPpDMLPTf6SEGepo1Gve+rpAxgv09EZ6wqJG1Pi+jg=; 7:3s7nLYKxDBuK2Y+kY3q8o6Mp4EZ7WB+mBwoGJU8bPdKZji4btp3pa/Xc6tv9nA6e5/8f1PC3chmjyzhekApPXuVuNS8KehMJNtLOwp8Ldbx19fSRHILC0x1wemTHWcqAG3vyFGoSZ2BQQek80f+YG/irSMumm0fGTe4fjPHD0eXQM0FirdBCQqjvWiDzYbJ+opqffZuAY1XKeraTCW1O3trr01a4eAL9SngjhzgIVro= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2017 17:02:59.8480 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e2ca0164-077c-4a3a-4e70-08d5171340be X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3602 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 17:03:05 -0000 Warner Losh wrote: > There's lots of details to get right before we can make the final switch, > but I think it's in the interest of the project to do so. Just one comment that may or may not be relevant depending on the overal plan. I've implemented verification in the freebsd loader, along the lines previously mentioned, for us this pretty much closes the secure-boot gap - loader verifies kernel and its initial rootfs so init and etc/rc. Which then gets us to mac_veriexec. >From that pov the initial boot bits can change as you like without affecting the above. Is that the plan? It only matters I guess in terms of the effort to upstream - assuming there is interest from other embedded vendors. Thanks --sjg